{"title":"Best practices for web integrations","category":"default","creationDate":1756978800,"content":"<p>Follow these best practices to ensure your web Drop-in\/Components integration is secure, performant, and compliant.<\/p>\n<h2>Requirements<\/h2>\n<p>Before you begin, take into account the following requirements, limitations, and preparations.<\/p>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: left;\">Requirement<\/th>\n<th style=\"text-align: left;\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: left;\"><strong>Integration type<\/strong><\/td>\n<td style=\"text-align: left;\">Use these best practices to build your <a href=\"\/pt\/online-payments\/build-your-integration\/sessions-flow\/?platform=Web&amp;integration=Drop-in\">Web Drop-in<\/a> or <a href=\"\/pt\/online-payments\/build-your-integration\/sessions-flow\/?platform=Web&amp;integration=Components\">Web Components<\/a> integration.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Keep your integration up-to-date<\/h2>\n<p><a href=\"\/pt\/online-payments\/upgrade-your-integration#staying-up-to-date\">Staying up-to-date<\/a> on the latest version of Drop-in\/Components is crucial for new features, security updates, and compliance.<\/p>\n<h2>Handle web framework re-renders<\/h2>\n<p>Modern <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Learn_web_development\/Core\/Frameworks_libraries\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">frameworks<\/a> can re-render UI components, which can cause unexpected behavior in the checkout. To prevent this, initialize <code>AdyenCheckout<\/code> and mount your Components only once, when you are ready to display the payment methods.<\/p>\n<p>Some web frameworks might require some extra attention when using specific approaches.<\/p>\n<ul>\n<li><strong>React.StrictMode<\/strong>: this <a href=\"https:\/\/react.dev\/reference\/react\/StrictMode\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">leads to re-renders and re-executions<\/a> of effects and callbacks. Ensure that <code>AdyenCheckout<\/code> and Components are not initialized multiple times.<\/li>\n<li><strong>Custom hooks<\/strong>: you can encapsulate the initialization of <code>AdyenCheckout<\/code> in a custom hook. If you do, ensure your hook returns the instance of the Component that you mount in your UI. And most importantly, make sure that the mounting is executed only once, in the React component that consumes that hook.<\/li>\n<\/ul>\n<p>For example, when using a custom hook in React, ensure the component is not mounted multiple times on re-renders.<\/p>\n<div data-component-wrapper=\"code-sample\">\n    <code-sample :title=\"'Prevent multiple initializations with React custom hooks'\" :id=\"''\" :code-data=\"[{&quot;language&quot;:&quot;javascript&quot;,&quot;tabTitle&quot;:&quot;&quot;,&quot;content&quot;:&quot;import React, { useRef, useEffect } from 'react';\\nimport { useAdyenCheckout } from '.\\\/hooks\\\/useAdyenCheckout; \\\/\\\/ Replace with your hook's path.\\n\\nconst CheckoutPaymentForm = ({ adyenCheckoutProps }) =&gt; {\\n  const container = useRef(null);\\n  const { dropin } = useAdyenCheckout(adyenCheckoutProps);\\n\\n  useEffect(() =&gt; {\\n    \\\/\\\/ Ensure the container and the Drop-in instance are available.\\n    if (container.current &amp;&amp; dropin) {\\n      \\\/\\\/ Mount the Drop-in component to the container element a single time.\\n      \\\/\\\/ Watch out for re-renders and do not let it be mounted multiple times.\\n      dropin.mount(container.current);\\n    }\\n  }, [dropin]);\\n\\n  return &lt;div ref={container} \\\/&gt;;\\n};&quot;}]\" :enable-copy-link-to-code-block=\"true\" :code-sample-card-size=\"'fullsize'\"><\/code-sample>\n<\/div>\n<h2>Manage Server-Side Rendering (SSR)<\/h2>\n<p>Drop-in\/Components depend on browser APIs like <code>window<\/code> and <code>document<\/code>. If you use <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Glossary\/SSR\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">SSR<\/a>, make sure the code that creates an <code>AdyenCheckout<\/code> instance and mounts a Component is executed on the client side.<\/p>\n<h2>Securely implement a custom pay button<\/h2>\n<p>If you use a custom pay button in your integration, you need to take a few things into account.<\/p>\n<h3>Prevent multiple submissions<\/h3>\n<p>A shopper can trigger a payment in multiple ways, for example by selecting the <strong>Pay<\/strong> button, or by pressing the <strong>Enter<\/strong> key on their keyboard. To prevent multiple payments for the same order, you must disable your pay button as soon as a payment attempt has been made.<\/p>\n<p>You can detect when the payment flow is triggered by using:<\/p>\n<ul>\n<li><code>beforeSubmit<\/code> in your <code>AdyenCheckout<\/code> configuration for a <a href=\"\/pt\/online-payments\/build-your-integration\/sessions-flow?platform=Web\">Sessions flow integration<\/a>.<\/li>\n<li><code>onSubmit<\/code> in your <code>AdyenCheckout<\/code> configuration for an <a href=\"\/pt\/online-payments\/build-your-integration\/advanced-flow?platform=Web\">Advanced flow integration<\/a>.<\/li>\n<\/ul>\n<p>The <code>beforeSubmit<\/code> and <code>onSubmit<\/code> events are triggered when the pay button is selected.<\/p>\n<p>The following example shows how to use the <code>beforeSubmit<\/code> callback to track the payment status and prevent multiple submissions.<\/p>\n<div data-component-wrapper=\"code-sample\">\n    <code-sample :title=\"'Prevent multiple payments with Sessions flow'\" :id=\"''\" :code-data='[{\"language\":\"javascript\",\"tabTitle\":\"\",\"content\":\"let isPaymentInProgress = false;\\n\\nconst checkout = await AdyenCheckout({\\n  ...\\n  beforeSubmit: (state, component, actions) =&gt; {\\n    \\\/\\\/ If a payment is already in progress, reject the new submission.\\n    if (isPaymentInProgress) {\\n      actions.reject();\\n      return;\\n    }\\n\\n    isPaymentInProgress = true;\\n    actions.resolve(state.data);\\n  }\\n});\"}]' :enable-copy-link-to-code-block=\"true\" :code-sample-card-size=\"'fullsize'\"><\/code-sample>\n<\/div>\n<h3>Unsupported payment methods<\/h3>\n<p>The custom pay button is not supported for:<\/p>\n<ul>\n<li>PayPal<\/li>\n<li>Klarna<\/li>\n<li>Click to Pay<\/li>\n<\/ul>\n<p>For these payment methods, you must use the button provided by the Component.<\/p>\n<h2>Use HTTPS for your checkout<\/h2>\n<p>To protect sensitive payment data, host your Adyen checkout on a page that uses <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Glossary\/HTTPS\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">HTTPS<\/a>.<\/p>\n<p>In your live environment, you need to use HTTPS. It encrypts the connection between the shopper browser and your server, which prevents data interception and tampering. If you do not use HTTPS in production, it leads to security warnings and can cause payments to fail.<\/p>\n<p>For local development and testing, you can use HTTP. However, make sure you switch to HTTPS before you go live. Read about <a href=\"\/pt\/online-payments\/go-live-checklist#end-to-end-testing\">end-to-end online payments testing<\/a> for more information.<\/p>\n<h2>Avoid &lt;iframe> elements<\/h2>\n<p>We do not recommend integrating your checkout in an <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTML\/Reference\/Elements\/iframe\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">&lt;iframe&gt;<\/a> due to potential complexities. When an &lt;iframe> is hosted on a different domain than its parent, redirect payment flows doesn't work. This is because the &lt;iframe> can't redirect when the parent is a different domain. This restriction leads to failed transactions and a poor user experience. Some payment methods may also behave differently or require a specific configuration when used in an &lt;iframe>.<\/p>\n<p>If you must use an &lt;iframe>, host it on the same domain as the parent page.<\/p>\n<h2>Avoid WebViews<\/h2>\n<p>For native mobile apps, we recommend that you do not use <a href=\"https:\/\/en.wikipedia.org\/wiki\/WebView\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">WebViews<\/a> to display the checkout.<\/p>\n<p>WebViews are less secure and functional than native components and can cause performance issues, especially with payment methods that require redirects.<\/p>\n<p>Instead, you should implement native components, for example:<\/p>\n<ul>\n<li>Custom Tabs for Android<\/li>\n<li>SFSafariViewController for iOS.<\/li>\n<\/ul>\n<h2>Ensure browser compatibility<\/h2>\n<p>Our Drop-in\/Components are designed to work seamlessly with recent versions of all major browsers. To ensure the highest security standards and optimal performance we focus on modern browsers that receive regular security updates.<\/p>\n<h3>Supported desktop browsers<\/h3>\n<table>\n<thead>\n<tr>\n<th>Browser<\/th>\n<th>Version<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.google.com\/chrome\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Chrome<\/a><\/td>\n<td>80 or later<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.apple.com\/safari\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Safari<\/a><\/td>\n<td>15.4 or later<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.firefox.com\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Firefox<\/a><\/td>\n<td>74 or later<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.microsoft.com\/en-us\/edge\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Microsoft Edge<\/a><\/td>\n<td>80 or later<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/www.opera.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Opera<\/a><\/td>\n<td>67 or later<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>Supported mobile browsers<\/h3>\n<table>\n    <tr>\n        <th>Platform<\/th>\n        <th>Browser<\/th>\n        <th>Version requirement<\/th>\n    <\/tr>\n    <tr>\n        <td>\n<p>iOS<\/p>\n<\/td>\n        <td>\n<p>Safari or any browser using <a href=\"https:\/\/developer.apple.com\/documentation\/webkit\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">WebKit<\/a><\/p>\n<\/td>\n        <td>\n<p><a href=\"https:\/\/support.apple.com\/en-us\/108051\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">iOS 15.4<\/a> or later<\/p>\n<\/td>\n    <\/tr>\n    <tr>\n        <td rowspan=\"2\">Android<\/td>\n        <td>\n<p><a href=\"https:\/\/play.google.com\/store\/apps\/details?id=com.android.chrome\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Chrome<\/a><\/p>\n<\/td>\n        <td>\n<p>80 or later<\/p>\n<\/td>\n    <\/tr>\n    <tr>\n        <td>\n<p><a href=\"https:\/\/www.samsung.com\/us\/apps\/samsung-internet\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Samsung Internet<\/a><\/p>\n<\/td>\n        <td>\n<p>12 or later<\/p>\n<\/td>\n    <\/tr>\n<\/table>\n<h2>Understand cookie usage<\/h2>\n<p>Drop-in\/Components may set one cookie, <strong>_RP_UID<\/strong>, which is <a href=\"\/pt\/risk-management\/fraud-data-collection\/#data-collection-data\">generated by our internal risk management module<\/a>. This module is enabled by default and helps identify suspicious browsing or purchasing patterns. We do not recommend disabling it.<br \/>\nOther cookies, from adyen.com, may be present if you previously visited our websites and accepted cookies. To see only the cookies used by your integration, clear your browser data or use an incognito window for testing.<\/p>\n<h2>Account for interactions with browser extensions<\/h2>\n<p>We do not take responsibility for how Drop-in\/Components interact with browser extensions like ad blockers, cookie managers, or password managers. An improperly configured extension can block an &lt;iframe> or other elements required for payment methods to function correctly.<\/p>\n<h2>Enhance your integration with Adyen Uplift<\/h2>\n<p>We recommend that you use features of <a href=\"\/pt\/uplift\/\">Adyen Uplift<\/a> in your integration to increase payment conversion, simplify fraud management, and reduce the cost of payments.<\/p>\n<h2 id=\"client-side-resources\">Manage client-side resources<\/h2>\n<p>There are two ways to load the client-side resources for Web Drop-in\/Components:<\/p>\n<ul>\n<li><div data-component-wrapper=\"tag\">\n    <tag :variant=&quot;success&quot;>\n        Recommended\n    <\/tag>\n<\/div>\n Load through the <a href=\"https:\/\/www.npmjs.com\/package\/@adyen\/adyen-web\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Adyen Web npm package<\/a>.<\/li>\n<li><a href=\"#embed-script-and-stylesheet\">Embed the Adyen Web script and stylesheet into your HTML file<\/a>.<\/li>\n<\/ul>\n<p>Our integration guides for the <a href=\"\/pt\/online-payments\/build-your-integration\/sessions-flow\">Sessions<\/a> and <a href=\"\/pt\/online-payments\/build-your-integration\/advanced-flow\">Advanced<\/a> flows include the instructions for both options. If you decide to <a href=\"#embed-script-and-stylesheet\">embed the script and stylesheet into your HTML file<\/a>, there are additional considerations.<\/p>\n<h3 id=\"embed-script-and-stylesheet\">Embed the Adyen Web script and stylesheet into your HTML file<\/h3>\n<p>When embedding the script and stylesheet, make sure that the URL region matches with the region of your <a href=\"\/pt\/development-resources\/live-endpoints\">live endpoints<\/a> and the <code>environment<\/code> you configured for Drop-in\/Components in your <a href=\"\/pt\/online-payments\/build-your-integration\/advanced-flow\">Sessions<\/a>, or <a href=\"\/pt\/online-payments\/build-your-integration\/advanced-flow\">Advanced<\/a> flow integration.<\/p>\n<p>We also recommend to use <a href=\"#implement-subresource-integrity-hashes\">Subresource Integrity hashes<\/a> to ensure security.<\/p>\n\n<div id=\"tabzJqnd\">\n    <div data-component-wrapper=\"tabs\">\n        <tabs\n                        :items=\"[{&quot;title&quot;:&quot;v6.0.0&quot;,&quot;content&quot;:&quot;\\n&lt;table&gt;\\n&lt;thead&gt;\\n&lt;tr&gt;\\n&lt;th&gt;Environment&lt;\\\/th&gt;\\n&lt;th&gt;URL&lt;\\\/th&gt;\\n&lt;\\\/tr&gt;\\n&lt;\\\/thead&gt;\\n&lt;tbody&gt;\\n&lt;tr&gt;\\n&lt;td&gt;Test&lt;\\\/td&gt;\\n&lt;td&gt;https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;test&lt;\\\/strong&gt;.cdn.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.js &lt;br&gt; https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;test&lt;\\\/strong&gt;.cdn.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.css&lt;\\\/td&gt;\\n&lt;\\\/tr&gt;\\n&lt;tr&gt;\\n&lt;td&gt;Europe (EU) live&lt;\\\/td&gt;\\n&lt;td&gt;https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;live&lt;\\\/strong&gt;.cdn.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.js &lt;br&gt; https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;live&lt;\\\/strong&gt;.cdn.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.css&lt;\\\/td&gt;\\n&lt;\\\/tr&gt;\\n&lt;tr&gt;\\n&lt;td&gt;United States (US) live&lt;\\\/td&gt;\\n&lt;td&gt;https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;live-us&lt;\\\/strong&gt;.cdn.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.js  &lt;br&gt;   https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;live-us&lt;\\\/strong&gt;.cdn.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.css&lt;\\\/td&gt;\\n&lt;\\\/tr&gt;\\n&lt;tr&gt;\\n&lt;td&gt;Australia (AU) live&lt;\\\/td&gt;\\n&lt;td&gt;https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;live-au&lt;\\\/strong&gt;.cdn.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.js &lt;br&gt;  https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;live-au&lt;\\\/strong&gt;.cdn.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.css&lt;\\\/td&gt;\\n&lt;\\\/tr&gt;\\n&lt;tr&gt;\\n&lt;td&gt;Asia Pacific &amp;amp; Southeast (APSE) live&lt;\\\/td&gt;\\n&lt;td&gt;https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;live-apse&lt;\\\/strong&gt;.cdn.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.js &lt;br&gt;  https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;live-apse&lt;\\\/strong&gt;.cdn.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.css&lt;\\\/td&gt;\\n&lt;\\\/tr&gt;\\n&lt;tr&gt;\\n&lt;td&gt;India (IN) live&lt;\\\/td&gt;\\n&lt;td&gt;https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;live-in&lt;\\\/strong&gt;.cdn.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.js &lt;br&gt;  https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;live-in&lt;\\\/strong&gt;.cdn.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.css&lt;\\\/td&gt;\\n&lt;\\\/tr&gt;\\n&lt;\\\/tbody&gt;\\n&lt;\\\/table&gt;\\n&quot;,&quot;altTitle&quot;:null,&quot;oldTabId&quot;:&quot;v6.0.0_0_1&quot;,&quot;relation&quot;:&quot;&quot;},{&quot;title&quot;:&quot;v5.x.x or earlier&quot;,&quot;content&quot;:&quot;\\n&lt;table&gt;\\n&lt;thead&gt;\\n&lt;tr&gt;\\n&lt;th&gt;Environment&lt;\\\/th&gt;\\n&lt;th&gt;URL&lt;\\\/th&gt;\\n&lt;\\\/tr&gt;\\n&lt;\\\/thead&gt;\\n&lt;tbody&gt;\\n&lt;tr&gt;\\n&lt;td&gt;Test&lt;\\\/td&gt;\\n&lt;td&gt;https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;test&lt;\\\/strong&gt;.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.js &lt;br&gt; https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;test&lt;\\\/strong&gt;.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.css    &lt;br&gt; &lt;div class=\\&quot;sc-notice note\\&quot;&gt;&lt;div&gt; We are currently redirecting &lt;code&gt;adyen.js&lt;\\\/code&gt; and other asset requests to https&amp;#58;\\\/\\\/cdf6519016.cdn.adyen.com. &lt;\\\/div&gt;&lt;\\\/div&gt;&lt;\\\/td&gt;\\n&lt;\\\/tr&gt;\\n&lt;tr&gt;\\n&lt;td&gt;Europe (EU) live&lt;\\\/td&gt;\\n&lt;td&gt;https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;live&lt;\\\/strong&gt;.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.js &lt;br&gt; https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;live&lt;\\\/strong&gt;.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.css&lt;\\\/td&gt;\\n&lt;\\\/tr&gt;\\n&lt;tr&gt;\\n&lt;td&gt;United States (US) live&lt;\\\/td&gt;\\n&lt;td&gt;https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;live-us&lt;\\\/strong&gt;.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.js  &lt;br&gt;   https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;live-us&lt;\\\/strong&gt;.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.css&lt;\\\/td&gt;\\n&lt;\\\/tr&gt;\\n&lt;tr&gt;\\n&lt;td&gt;Australia (AU) live&lt;\\\/td&gt;\\n&lt;td&gt;https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;live-au&lt;\\\/strong&gt;.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.js &lt;br&gt;  https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;live-au&lt;\\\/strong&gt;.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.css&lt;\\\/td&gt;\\n&lt;\\\/tr&gt;\\n&lt;tr&gt;\\n&lt;td&gt;Asia Pacific &amp;amp; Southeast (APSE) live&lt;\\\/td&gt;\\n&lt;td&gt;https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;live-apse&lt;\\\/strong&gt;.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.js &lt;br&gt;  https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;live-apse&lt;\\\/strong&gt;.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.css&lt;\\\/td&gt;\\n&lt;\\\/tr&gt;\\n&lt;tr&gt;\\n&lt;td&gt;India (IN) live&lt;\\\/td&gt;\\n&lt;td&gt;https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;live-in&lt;\\\/strong&gt;.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.js &lt;br&gt;  https&amp;#58;\\\/\\\/checkoutshopper-&lt;strong&gt;live-in&lt;\\\/strong&gt;.adyen.com\\\/checkoutshopper\\\/sdk\\\/&lt;code&gt;version&lt;\\\/code&gt;\\\/adyen.css&lt;\\\/td&gt;\\n&lt;\\\/tr&gt;\\n&lt;\\\/tbody&gt;\\n&lt;\\\/table&gt;\\n&quot;,&quot;altTitle&quot;:null,&quot;oldTabId&quot;:&quot;v5.x.x_or_earlier_1_2&quot;,&quot;relation&quot;:&quot;&quot;}]\"\n            :should-update-when-url-changes='false'>\n        <\/tabs>\n    <\/div>\n<\/div>\n\n<h4 id=\"implement-subresource-integrity-hashes\">Implement Subresource Integrity hashes<\/h4>\n<p>We recommend that you implement <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/Security\/Subresource_Integrity\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Subresource Integrity (SRI)<\/a> to ensure that the files you are loading from Adyen have not been manipulated or tampered with by malicious actors.<\/p>\n<p>To use the SRI hash, you need to add an <code>integrity<\/code> attribute when specifying <code>&lt;script&gt;<\/code> or <code>&lt;link&gt;<\/code> elements. Browsers will also check for the <code>crossorigin<\/code> attribute to ensure that the origin allows <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/CORS\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Cross-Origin Resource Sharing (CORS)<\/a>.  If a browser detects that the file's hash does not match the specified hash, the browser will not load the resource. To know which browsers support SRI, refer to this <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/Security\/Subresource_Integrity#Browser_compatibility\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">browser compatibility list<\/a>.<\/p>\n<p>Adyen provides the SRI hash that you include as the integrity attribute. You can find the SRI hashes for all versions of our JavaScript and CSS files in our <a href=\"\/pt\/online-payments\/release-notes\">release notes<\/a>, under <strong>Updating to this version<\/strong>.<\/p>\n<p>For example, here is how you specify version 4.2.0 <code>adyen.js<\/code> and <code>adyen.css<\/code> resources:<\/p>\n<pre><code class=\"language-js\">&lt;script src=\"https:\/\/checkoutshopper-live.adyen.com\/checkoutshopper\/sdk\/4.2.0\/adyen.js\"\n   integrity=\"sha384-SGA+BK9i1sG5N4BTCgRH6EGbopUK8WG\/azn\/TeIHYeBEXmEaB+NT+410Z9b1ii7Z\"\n   crossorigin=\"anonymous\"&gt;&lt;\/script&gt;<\/code><\/pre>\n<pre><code class=\"language-js\">&lt;link rel=\"stylesheet\"\n  href=\"https:\/\/checkoutshopper-live.adyen.com\/checkoutshopper\/sdk\/4.2.0\/adyen.css\"\n  integrity=\"sha384-oT6lIQpTr+nOu+yFBPn8mSMkNQID9wuEoTw8lmg2bcrFoDu\/Ae8DhJVj+T5cUmsM\"\n  crossorigin=\"anonymous\"&gt;<\/code><\/pre>\n<h2>Test your integration<\/h2>\n<p>When you have a working online payments integration, test:<\/p>\n<ul>\n<li>In a <a href=\"\/pt\/online-payments\/go-live-checklist#end-to-end-testing\">secure context<\/a><\/li>\n<li>On real mobile devices<\/li>\n<\/ul>\n<p>For more information, read:<\/p>\n<ul>\n<li><a href=\"\/pt\/online-payments\/go-live-checklist#end-to-end-testing\">End-to-end testing documentation<\/a>, providing more general testing advice.<\/li>\n<li><a href=\"\/pt\/development-resources\/testing\/payments-and-modifications\/\">Testing payments and modifications documentation<\/a>, listing scenarios you can test your integration on.<\/li>\n<\/ul>\n<h2>See also<\/h2>\n<div class=\"see-also-links output-inline\" id=\"see-also\">\n<ul><li><a href=\"\/online-payments\/build-your-integration\/?platform=web\\&amp;integration=drop-in\"\n                        target=\"_self\"\n                        >\n                    Web Drop-in integration\n                <\/a><\/li><li><a href=\"\/online-payments\/build-your-integration\/?platform=web\\&amp;integration=components\"\n                        target=\"_self\"\n                        >\n                    Web Components integration\n                <\/a><\/li><li><a href=\"\/online-payments\/upgrade-your-integration\/\"\n                        target=\"_self\"\n                        >\n                    Upgrade your integration\n                <\/a><\/li><li><a href=\"\/online-payments\/release-notes\/\"\n                        target=\"_self\"\n                        >\n                    Drop-in\/Components release notes\n                <\/a><\/li><\/ul><\/div>\n","url":"https:\/\/docs.adyen.com\/pt\/online-payments\/web-best-practices","articleFields":{"description":"Follow these best practices to get the most out of your integration","type":"page","feedback_component":true,"filters_component":false,"decision_tree":"[]","page_id":"e93b666a-6add-4d4f-aa0a-561db7a87ec0","last_edit_on":"04-09-2025 11:40"},"algolia":{"url":"https:\/\/docs.adyen.com\/pt\/online-payments\/web-best-practices","title":"Best practices for web integrations","content":"Follow these best practices to ensure your web Drop-in\/Components integration is secure, performant, and compliant.\nRequirements\nBefore you begin, take into account the following requirements, limitations, and preparations.\n\n\n\nRequirement\nDescription\n\n\n\n\nIntegration type\nUse these best practices to build your Web Drop-in or Web Components integration.\n\n\n\nKeep your integration up-to-date\nStaying up-to-date on the latest version of Drop-in\/Components is crucial for new features, security updates, and compliance.\nHandle web framework re-renders\nModern frameworks can re-render UI components, which can cause unexpected behavior in the checkout. To prevent this, initialize AdyenCheckout and mount your Components only once, when you are ready to display the payment methods.\nSome web frameworks might require some extra attention when using specific approaches.\n\nReact.StrictMode: this leads to re-renders and re-executions of effects and callbacks. Ensure that AdyenCheckout and Components are not initialized multiple times.\nCustom hooks: you can encapsulate the initialization of AdyenCheckout in a custom hook. If you do, ensure your hook returns the instance of the Component that you mount in your UI. And most importantly, make sure that the mounting is executed only once, in the React component that consumes that hook.\n\nFor example, when using a custom hook in React, ensure the component is not mounted multiple times on re-renders.\n\n    \n\nManage Server-Side Rendering (SSR)\nDrop-in\/Components depend on browser APIs like window and document. If you use SSR, make sure the code that creates an AdyenCheckout instance and mounts a Component is executed on the client side.\nSecurely implement a custom pay button\nIf you use a custom pay button in your integration, you need to take a few things into account.\nPrevent multiple submissions\nA shopper can trigger a payment in multiple ways, for example by selecting the Pay button, or by pressing the Enter key on their keyboard. To prevent multiple payments for the same order, you must disable your pay button as soon as a payment attempt has been made.\nYou can detect when the payment flow is triggered by using:\n\nbeforeSubmit in your AdyenCheckout configuration for a Sessions flow integration.\nonSubmit in your AdyenCheckout configuration for an Advanced flow integration.\n\nThe beforeSubmit and onSubmit events are triggered when the pay button is selected.\nThe following example shows how to use the beforeSubmit callback to track the payment status and prevent multiple submissions.\n\n    \n\nUnsupported payment methods\nThe custom pay button is not supported for:\n\nPayPal\nKlarna\nClick to Pay\n\nFor these payment methods, you must use the button provided by the Component.\nUse HTTPS for your checkout\nTo protect sensitive payment data, host your Adyen checkout on a page that uses HTTPS.\nIn your live environment, you need to use HTTPS. It encrypts the connection between the shopper browser and your server, which prevents data interception and tampering. If you do not use HTTPS in production, it leads to security warnings and can cause payments to fail.\nFor local development and testing, you can use HTTP. However, make sure you switch to HTTPS before you go live. Read about end-to-end online payments testing for more information.\nAvoid &lt;iframe> elements\nWe do not recommend integrating your checkout in an &lt;iframe&gt; due to potential complexities. When an &lt;iframe> is hosted on a different domain than its parent, redirect payment flows doesn't work. This is because the &lt;iframe> can't redirect when the parent is a different domain. This restriction leads to failed transactions and a poor user experience. Some payment methods may also behave differently or require a specific configuration when used in an &lt;iframe>.\nIf you must use an &lt;iframe>, host it on the same domain as the parent page.\nAvoid WebViews\nFor native mobile apps, we recommend that you do not use WebViews to display the checkout.\nWebViews are less secure and functional than native components and can cause performance issues, especially with payment methods that require redirects.\nInstead, you should implement native components, for example:\n\nCustom Tabs for Android\nSFSafariViewController for iOS.\n\nEnsure browser compatibility\nOur Drop-in\/Components are designed to work seamlessly with recent versions of all major browsers. To ensure the highest security standards and optimal performance we focus on modern browsers that receive regular security updates.\nSupported desktop browsers\n\n\n\nBrowser\nVersion\n\n\n\n\nChrome\n80 or later\n\n\nSafari\n15.4 or later\n\n\nFirefox\n74 or later\n\n\nMicrosoft Edge\n80 or later\n\n\nOpera\n67 or later\n\n\n\nSupported mobile browsers\n\n    \n        Platform\n        Browser\n        Version requirement\n    \n    \n        \niOS\n\n        \nSafari or any browser using WebKit\n\n        \niOS 15.4 or later\n\n    \n    \n        Android\n        \nChrome\n\n        \n80 or later\n\n    \n    \n        \nSamsung Internet\n\n        \n12 or later\n\n    \n\nUnderstand cookie usage\nDrop-in\/Components may set one cookie, _RP_UID, which is generated by our internal risk management module. This module is enabled by default and helps identify suspicious browsing or purchasing patterns. We do not recommend disabling it.\nOther cookies, from adyen.com, may be present if you previously visited our websites and accepted cookies. To see only the cookies used by your integration, clear your browser data or use an incognito window for testing.\nAccount for interactions with browser extensions\nWe do not take responsibility for how Drop-in\/Components interact with browser extensions like ad blockers, cookie managers, or password managers. An improperly configured extension can block an &lt;iframe> or other elements required for payment methods to function correctly.\nEnhance your integration with Adyen Uplift\nWe recommend that you use features of Adyen Uplift in your integration to increase payment conversion, simplify fraud management, and reduce the cost of payments.\nManage client-side resources\nThere are two ways to load the client-side resources for Web Drop-in\/Components:\n\n\n    \n        Recommended\n    \n\n Load through the Adyen Web npm package.\nEmbed the Adyen Web script and stylesheet into your HTML file.\n\nOur integration guides for the Sessions and Advanced flows include the instructions for both options. If you decide to embed the script and stylesheet into your HTML file, there are additional considerations.\nEmbed the Adyen Web script and stylesheet into your HTML file\nWhen embedding the script and stylesheet, make sure that the URL region matches with the region of your live endpoints and the environment you configured for Drop-in\/Components in your Sessions, or Advanced flow integration.\nWe also recommend to use Subresource Integrity hashes to ensure security.\n\n\n    \n        \n        \n    \n\n\nImplement Subresource Integrity hashes\nWe recommend that you implement Subresource Integrity (SRI) to ensure that the files you are loading from Adyen have not been manipulated or tampered with by malicious actors.\nTo use the SRI hash, you need to add an integrity attribute when specifying &lt;script&gt; or &lt;link&gt; elements. Browsers will also check for the crossorigin attribute to ensure that the origin allows Cross-Origin Resource Sharing (CORS).  If a browser detects that the file's hash does not match the specified hash, the browser will not load the resource. To know which browsers support SRI, refer to this browser compatibility list.\nAdyen provides the SRI hash that you include as the integrity attribute. You can find the SRI hashes for all versions of our JavaScript and CSS files in our release notes, under Updating to this version.\nFor example, here is how you specify version 4.2.0 adyen.js and adyen.css resources:\n&lt;script src=\"https:\/\/checkoutshopper-live.adyen.com\/checkoutshopper\/sdk\/4.2.0\/adyen.js\"\n   integrity=\"sha384-SGA+BK9i1sG5N4BTCgRH6EGbopUK8WG\/azn\/TeIHYeBEXmEaB+NT+410Z9b1ii7Z\"\n   crossorigin=\"anonymous\"&gt;&lt;\/script&gt;\n&lt;link rel=\"stylesheet\"\n  href=\"https:\/\/checkoutshopper-live.adyen.com\/checkoutshopper\/sdk\/4.2.0\/adyen.css\"\n  integrity=\"sha384-oT6lIQpTr+nOu+yFBPn8mSMkNQID9wuEoTw8lmg2bcrFoDu\/Ae8DhJVj+T5cUmsM\"\n  crossorigin=\"anonymous\"&gt;\nTest your integration\nWhen you have a working online payments integration, test:\n\nIn a secure context\nOn real mobile devices\n\nFor more information, read:\n\nEnd-to-end testing documentation, providing more general testing advice.\nTesting payments and modifications documentation, listing scenarios you can test your integration on.\n\nSee also\n\n\n                    Web Drop-in integration\n                \n                    Web Components integration\n                \n                    Upgrade your integration\n                \n                    Drop-in\/Components release notes\n                \n","type":"page","locale":"pt","boost":18,"hierarchy":{"lvl0":"Home","lvl1":"Online payments","lvl2":"Best practices for web integrations"},"hierarchy_url":{"lvl0":"https:\/\/docs.adyen.com\/pt","lvl1":"https:\/\/docs.adyen.com\/pt\/online-payments","lvl2":"\/pt\/online-payments\/web-best-practices"},"levels":3,"category":"Online Payments","category_color":"green","tags":["practices","integrations"]}}