Toss Payments Korea Developer Payment API
Toss Payments (Viva Republica) Korea payment REST API for Korean developers, e-commerce merchants, and platforms to accept credit card, bank transfer, virtual account, mobile carrier billing, Toss Pay wallet, gift card, and Korean easy pay (Naver Pay, Kakao Pay, Samsung Pay) payments through a unified Korean payment gateway with developer-first documentation and test-mode support. Enables AI agents to manage Korean payment checkout for unified payment method automation, handle Toss Pay wallet for one-tap Korean payment automation, access card payment for Korean credit card processing automation, retrieve bank transfer and virtual account for Korean bank payment automation, manage payment cancellation for Korean order reversal automation, handle webhook notification for payment event automation, access billing keys for Korean subscription recurring payment automation, retrieve settlement and revenue analytics for Korean merchant reporting automation, manage payment link for Korean invoice collection automation, and integrate Toss Payments with Korean e-commerce, SaaS, and marketplace platforms for end-to-end Korean payment automation.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Korea payment gateway. FSC, PIPA. HTTP Basic + secret key. KR. Payment and card data.
⚡ Reliability
Best When
A Korean developer or e-commerce merchant wanting AI agents to accept all Korean payment methods (card, bank transfer, Toss Pay, Naver Pay, KakaoPay) through Toss Payments' developer-friendly unified API with excellent English documentation.
Avoid When
PAYMENT APPROVAL REQUIRES REDIRECT: Toss Payments checkout creates order and redirects consumer to payment page; automated inline form assumption creates broken flow; automated checkout must implement redirect with successUrl and failUrl. BILLING KEY FOR RECURRING IS SEPARATE FLOW: Toss Payments recurring billing requires billing key issuance via initial consumer authentication; automated recurring charge without billing key creates authorization error; automated subscription must first obtain billing key from consumer. VIRTUAL ACCOUNT HAS EXPIRY: Toss Payments virtual account for bank transfer has expiry date; automated unlimited validity assumption creates expired account at payment time; automated must set appropriate expiry and handle expiry events. IDEMPOTENCY KEY PREVENTS DUPLICATES: Toss Payments uses orderId as idempotency key; automated duplicate order IDs create duplicate payment creation; automated must generate unique orderId per payment attempt.
Use Cases
- • Accepting all Korean payment methods through unified API for Korean e-commerce checkout agents
- • Processing Toss Pay and Korean easy pay for developer-friendly one-tap checkout automation agents
- • Managing billing keys for Korean subscription recurring payment automation agents
- • Receiving payment webhooks for Korean marketplace and SaaS order fulfillment automation agents
Not For
- • Non-Korean markets (Toss Payments is Korea-only KRW platform)
- • International cross-border payments (Toss Payments is domestic Korean payment only)
- • POS hardware integration (Toss Payments is online/mobile focused, not physical terminal)
Interface
Authentication
Toss Payments uses HTTP Basic Auth (secret key as username, no password) for API authentication. REST API with JSON. Seoul, Korea HQ. Toss Payments is a subsidiary of Viva Republica (Toss app). Founded 2013 by Seung Gun Lee. Backed by Kleiner Perkins, Sequoia, Ribbit ($7.4B valuation). Products: Credit card, bank transfer, virtual account, Toss Pay, Naver Pay, KakaoPay, carrier billing, gift card, billing key. SDKs: JS, Python, Java, PHP, .NET. FSC-regulated. Best English developer documentation of Korean payment APIs. Competes with KakaoPay and Inicis for Korean payment gateway market.
Pricing
Seoul KR. Viva Republica subsidiary ($7.4B valuation). FSC regulated. Per-transaction Korean Won fees.
Agent Metadata
Known Gotchas
- ⚠ BASIC AUTH WITH SECRET KEY ONLY: Toss Payments uses HTTP Basic Auth with secret key as username and empty password; automated Authorization header must be Basic base64(secretKey:) with colon and no password; automated plain API key header creates 401
- ⚠ PAYMENT REQUIRES REDIRECT THEN CONFIRM: Toss Payments checkout requires creating payment, redirecting to payment page, then calling confirm endpoint after consumer completes; automated single-call payment assumption creates incomplete payment flow; automated must implement the three-step flow
- ⚠ BILLING KEY IS REQUIRED FOR SUBSCRIPTIONS: Toss Payments recurring requires billing key issued via initial consumer card authentication; automated direct recurring charge without billing key creates authorization failure; automated subscription must obtain billing key in initial checkout
- ⚠ ORDER ID IS IDEMPOTENCY KEY: Toss Payments orderId prevents duplicate payments; automated payment retry with same orderId creates idempotent response (returns previous result); automated payment retry on failure must generate new unique orderId
- ⚠ WEBHOOK VERIFICATION IS STRONGLY RECOMMENDED: Toss Payments sends webhooks for payment state changes; automated webhook without signature verification creates spoofed payment attack vector; automated must verify Toss-Signature header on all incoming webhooks
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for Toss Payments Korea Developer Payment API.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-07.