Checkout.com API
Checkout.com provides a unified payment processing API covering card acquiring, alternative payment methods, fraud management, and payouts — targeting high-growth and enterprise merchants globally.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
PCI DSS Level 1 certified. Public/secret key separation for client vs server contexts. Webhook signatures (HMAC-SHA256) prevent spoofed event injection. OAuth 2.0 available for platform delegation. SOC2 and ISO27001 certified.
⚡ Reliability
Best When
You are a high-growth fintech or enterprise merchant that needs global acquiring, high authorization rates, and flexible payment infrastructure with developer-friendly APIs.
Avoid When
You need a large ecosystem of pre-built integrations, or are a small merchant without the volume to justify enterprise payment infrastructure.
Use Cases
- • Automated payment acceptance agents handling card authorization, capture, and void lifecycle management
- • Payout agents disbursing funds to cards (push-to-card) or bank accounts for gig economy and marketplace platforms
- • Fraud management agents consuming Checkout.com risk scores and 3DS outcomes to make real-time accept/decline decisions
- • Multi-currency payment routing agents optimizing authorization rates across different acquiring connections
- • Reconciliation and reporting agents consuming payment analytics and settlement data via the Reporting API
Not For
- • Very small merchants needing simple self-service setup without a sales/compliance process
- • Use cases requiring extensive open-source ecosystem or third-party plugin libraries — Checkout.com has fewer integrations than Stripe
- • Pure cryptocurrency payment processing — Checkout.com focuses on fiat payments
Interface
Authentication
Secret API key for server-side requests (sk_...); public key for client-side tokenization (pk_...). OAuth 2.0 available for platform use cases. Separate sandbox and production keys. API keys scoped to specific processing channels in some configurations.
Pricing
Pricing negotiated based on volume, business type, and regions. Monthly minimums may apply. Sandbox access is self-service; production requires account approval and compliance review.
Agent Metadata
Known Gotchas
- ⚠ Response code 20000 (soft decline) indicates the card issuer declined but a retry may succeed — agents must implement intelligent retry logic with appropriate delays rather than treating all declines as final
- ⚠ 3DS2 flows return a status of 'Pending' requiring a redirect or iframe challenge — fully automated agents cannot handle 3DS without a user-facing component
- ⚠ Webhook event ordering is not guaranteed — payment_captured may arrive before payment_approved in rare cases; agents should reconcile by payment ID
- ⚠ Sandbox behavior for 3DS, fraud scores, and alternative payment methods differs from production — thorough production testing required before go-live
- ⚠ Payment action IDs (for captures, refunds, voids) are separate from the payment ID — agents must capture and store action IDs from webhook notifications for downstream operations
Alternatives
Full Evaluation Report
Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Checkout.com API.
Scores are editorial opinions as of 2026-03-06.