SDKs (Web and Mobile) Integration Best Practices
Learn the best practices to follow before beginning with the SDK integration.
Android SDKs Best Practices
One-Time Token Per Attempt
Generate the checkout token or redirect URL on your backend per order attempt and pass it to the SDK only when the user is ready to pay. Never reuse old tokens across retries.
Handle All Three Callbacks
Handle success, error, and cancel explicitly in your app flow so users are never stuck in an ambiguous state. Reference: ExpressSDKCallback.kt
Server-Authoritative Order State
Use the SDK callback as a client signal only. Confirm final payment status on your backend via order-status API, webhook, or reconciliation before marking an order paid.
Never Log Sensitive Data
Do not log full tokens, customer identifiers, card/UPI details, or OTPs. Keep logs masked and environment-aware (debug vs release builds).
Separate Sandbox and Production
Use a strict config switch for sandbox and production environments. Never hardcode sandbox mode in release builds.
Lifecycle-Safe UI Integration
If a callback updates UI, guard against dead activity or fragment state. Route users to a robust order-status screen after payment.