**Last updated**: 30 October 2025 | [**Change log**](/products/checkout/android/changelog/)

# Android SDK

Take payments with our [certified PCI-SSF compliant](https://listings.pcisecuritystandards.org/documents/SSF_At-a-Glance.pdf) Android SDK, and qualify for SAQ-A - the lowest PCI compliance level.

Create your own uniquely styled and branded checkout form by integrating our SDK into your native app.

Read more about the Checkout SDK and the supported payment journeys [here](/products/checkout).

Note
Make yourself familiar with our [API principles](/products/reference/api-principles) to ensure a resilient integration.

Important
Please ensure you integrate the SDK as advised in our documentation or you might be subject to additional PCI compliance and won't meet the SAQ-A compliance level.

## How does it work?

We are securing your customer's payment details by creating a session. You can then either apply the session directly in the [Payments API](/products/payments/card-payment) or [create a token](/products/verified-tokens/create-verified-token) for use with our Modular APIs.

### What is a session?

A `session` is a unique identifier for your customer's payment details, generated by our SDK.

## Get our SDK

Note
The minimum supported `API level` for our Android SDK is `24` (Android 7.0 Nougat).

To get our SDK, include the Gradle, [Maven](https://search.maven.org/search?q=g:com.worldpay.access%20and%20a:access-checkout-android) or Local AAR library configuration below.

Gradle

```
implementation 'com.worldpay.access:access-checkout-android:4.2.1'
```

Maven

```
<dependency>
  <groupId>com.worldpay.access</groupId>
  <artifactId>access-checkout-android</artifactId>
  <version>4.2.1</version>
</dependency>
```

Local AAR

```
// In your top-level build.gradle file
allprojects {
    repositories {
        //...
        flatDir {
            dirs 'libs'
        }
    }
}
```

#### Local AAR library

If you're using the Local AAR library to get the SDK, copy the library file into your `<app>/libs` folder, where `<app>` is the name of the base folder containing all your app files. Then add the `flatDir` repository to the top-level `build.gradle` using the code in the Local AAR library sample above.

You can then add the SDK's AAR file as a Gradle dependency to your app-level dependency list using the code below:


```
implementation (name:'access-checkout-android-4.2.1', ext:'aar')
implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.6.21"
```

And here's a link to our Access Checkout [Android SDK GitHub repo](https://github.com/Worldpay/access-checkout-android).

## Additional security measures

#### Obfuscate your app code

We highly recommend that you shrink and obfuscate your app code to reduce your app size and also make it more difficult for anyone to reverse-engineer your code. To enable shrinking and code obfuscation, you can follow the guidance on the [official Android Developer page](https://developer.android.com/build/shrink-code).

#### Verify integrity of the SDK using Gradle

You can verify the integrity of the SDK with the [dependency verification](https://docs.gradle.org/current/userguide/dependency_verification.html) feature of Gradle.

Run the command below at the root of your Gradle project to generate in the `gradle` directory a `verification-metadata.xml` file which is used by Gradle to verify dependencies.


```
./gradlew --write-verification-metadata sha256

# Alternatively you can run the same command to generate hashes using sha512
./gradlew --write-verification-metadata sha512
```

This file contains a checksum for every library defined in your project, with every checksum generated by Gradle by default.

It instructs Gradle to verify the integrity of all libraries using the checksums defined in the file. During the `build` phase, it will calculate a new checksum for each library and if it doesn't match the checksum defined in the file, the build will fail.

For this reason, you must manually verify that the checksums populated in `verification-metadata.xml` for `access-checkout-android-4.2.1.aar` and `access-checkout-android-4.2.1.module` match the checksums that we have published our library with:


```
# sha256
access-checkout-android-4.2.1.aar: a065b54fa10c4e074a45ca8540c04e9255a72ee3d9882c4ff704ec515a0543fb
access-checkout-android-4.2.1.module: 0e60c8e2800e80b3a840dd68f9d2495f7e8497cecaf69729e8518dcf43ce3423

# sha512
access-checkout-android-4.2.1.aar: 4956a68eac0740d5da52d21a7f4ac6e418b737e7f9922aa7c474e0edc3007d31d04b28a296d6ecfae92ba2cdbdbdd7dc2878f4f3586744f1611cb81d801e3b1c
access-checkout-android-4.2.1.module:7f3723b9b18967e35a65dd4ff65137cd0824089a27a71af9490414e00450d899ead870a084a0abe65b8cd9d641a10e20b9f250304dc7cc9eb5fddd35bb9b0fa2
```

## What to do next

Payments API
Enterprise

SMB (Worldpay eCommerce)

[**Create a session to pay with a card**](/products/checkout/android/card-only)

1. [Submit card details to create a `session`](/products/checkout/android/card-only).
2. Apply the session in the [payment request](/products/payments/card-payment).


[**Create a session for CVC only and pay with a stored token**](/products/checkout/android/cvc-only)

1. [Submit the CVC to create a session](/products/checkout/android/cvc-only).
2. Apply the `sessions.cvc` and stored token in the [payment request](/products/payments/use-a-stored-card).


Modular APIs
Enterprise

See our guides on how to create sessions you can use to take a payment:

Note
For one-time payments, you would need to [delete the token](/products/tokens#deleting-tokens) after you take the payment.

[**Create a session to pay with a card**](/products/checkout/android/card-only)

1. [Submit card details to create a session](/products/checkout/android/card-only).
2. Create a [verified token](/products/verified-tokens/create-verified-token).
3. [Take a payment](/products/card-payments/authorize-a-payment) with this token.


[**Create sessions to pay with a card and CVC**](/products/checkout/android/card-and-cvc)

1. [Submit card details and CVC to create two separate sessions](/products/checkout/android/card-and-cvc).
2. Create a [verified token](/products/verified-tokens/create-verified-token) with your CARD `session`.
3. Use your CVC `session` and verified token in our `card/checkout` payment instrument to [take a payment](/products/card-payments/authorize-a-payment).


[**Create a session for CVC only and pay with a stored token**](/products/checkout/android/card-and-cvc#create-a-session-for-cvc-only)

1. [Submit the CVC to create a session](/products/checkout/android/cvc-only).
2. Use your cvc `session` and stored verified token in our `card/checkout` payment instrument to [take a payment](/products/card-payments/authorize-a-payment).