Get started with Flow
Last updated: October 15, 2025
Set up your client-side and server-side configuration to integrate with Checkout.com's payment gateway and enable payments on your website.
Information
If you only want to accept a specific payment method with Flow, see the payment method's Flow documentation.
The customer lands on your checkout page.
You perform a server-side request to create a payment session.
You use the payment session data on the client-side to mount Flow.
Flow displays the available payment methods to the customer. If the customer's chosen payment method requires additional customer data, Flow captures this from them.
When the customer selects Pay, Flow performs a payment request and handles any additional actions. For example, additional actions required for 3D Secure (3DS) authentication, or a third-party payment page redirect.
If the customer selects the option to save their card for faster checkout, we create a Remember Me profile for them and save their card to it. The customer can reuse their saved cards in future transactions.
You receive a webhook notifying you of the payment status.

Make sure you have a test account with Checkout.com.
Create a public key and a secret key in the Dashboard, with the following key scopes:
- Public key –
payment-sessions:pay
andvault-tokenization
- Secret key –
payment-sessions
To receive webhooks for the payment events that may be raised throughout the steps, set up your webhook receiver.
When the customer is ready to pay, send a server-side request to securely create a PaymentSession
object. This object contains the information required to handle all steps of the payment flow.
Information
Some payment methods require specific fields. For more information, see each payment method's Flow documentation.
To create a new PaymentSession
, call the Request a Payment Session endpoint with your secret key.
Information
You can enable Remember Me to allow customers to save their card details during checkout. The next time the customer shops at any merchant that has Remember Me enabled, we display their saved card details.
post
https://api.checkout.com/payment-sessions
1{2"amount": 1000,3"currency": "GBP",4"reference": "ORD-123A",5"display_name": "Online shop",6"billing": {7"address": {8"country": "GB"9}10},11"customer": {12"name": "Jia Tsang",13"email": "[email protected]"14},15"success_url": "https://example.com/payments/success",16"failure_url": "https://example.com/payments/failure"17}
1{2"id": "ps_2Un6I6lRpIAiIEwQIyxWVnV9CqQ",3"payment_session_secret": "pss_9823241e-2cec-4c98-b23d-7b29ow4e2e34",4"payment_session_token": "YmFzZTY0:eyJpZCI6InBzXzJVbjZJNmxScElBaUlFd1FJeXhXVm5WOUNxUSIsImFtb3VudCI6MTAwMCwibG9jYWxlIjoiZW4tR0IiLCJjdXJyZW5jeSI6IkdCUCIsInBheW1lbnRfbWV0aG9kcyI6W3sidHlwZSI6ImNhcmQiLCJjYXJkX3NjaGVtZXMiOlsiVmlzYSIsIk1hc3RlcmNhcmQiLCJBbWV4Il19XSwicmlzayI6eyJlbmFibGVkIjp0cnVlfSwiX2xpbmtzIjp7InNlbGYiOnsiaHJlZiI6Imh0dHBzOi8vYXBpLnNhbmRib3guY2hlY2tvdXQuY29tL3BheW1lbnQtc2Vzc2lvbnMvcHNfMlVuNkk2bFJwSUFpSUV3UUl5eFdWblY5Q3FRIn19fQ==",5"_links": {6"self": {7"href": "https://api.sandbox.checkout.com/payment-sessions/ps_2Un6I6lRpIAiIEwQIyxWVnV9CqQ"8}9}10}
The payment session response determines which payment methods can be displayed to the customer, depending on the following:
- The customer's device
- The customer's region
- The payment methods activated for your account
To request to activate additional payment methods, contact your account manager or request support.
You can install the @checkout.com/checkout-web-components
package via npm:
1npm install @checkout.com/checkout-web-components --save
Alternatively, you can load the package directly via a script:
1<script src="https://checkout-web-components.checkout.com/index.js" />
Note
To remain PCI compliant, only ever load the script directly from https://checkout-web-components.checkout.com
. Do not download or host the script yourself, or include it in a bundle.
If you use the template, you must set up your own server.
1<!doctype html>2<html lang="en">3<head>4<meta charset="utf-8" />5<meta name="viewport" content="width=device-width, initial-scale=1.0" />6<title>Checkout Web Components: Flow Component</title>7<link rel="stylesheet" href="./style.css" />8</head>910<body>11<div id="successToast" class="toast success">12<span>The payment was successful</span>13</div>1415<div id="failedToast" class="toast failed">16<span>The payment failed, try again</span>17</div>1819<form>20<div class="container">21<div id="flow-container"></div>22</div>23<span id="error-message"></span>24<span id="successful-payment-message"></span>25</form>2627<script src="https://checkout-web-components.checkout.com/index.js"></script>2829<script src="app.js"></script>30</body>31</html>
The client side initializes an instance of CheckoutWebComponents
with configuration information and the payment session data retrieved earlier.
1// Insert your public key here2const publicKey = '{YOUR_PUBLIC_KEY}';34const checkout = await CheckoutWebComponents({5paymentSession,6publicKey,7environment: 'sandbox',8});
You can use the following configuration options to instantiate an instance of CheckoutWebComponents
:
JavaScript key | Description |
---|---|
| Enables you to customize the visual appearance of the |
| Enables you to customize the options for the individual Flow components. For example, you can change the position of the cardholder field in the |
| Sets the environment that the library should point to and send requests to. This can be one of:
|
| Sets the customer's locale. Explicitly setting this value overrides the |
required | The response from the |
required | Your public API key, prefixed with |
| Enables you to provide custom text translations for natively supported languages, or add custom text for locales and languages not natively supported by Flow. To learn how to add translations, see Add localization to your Flow integration. |
You can use CheckoutWebComponents
to create a flow
object. flow
contains a dynamic list of all payment methods available for the payment session you passed into CheckoutWebComponents
.
1const flowComponent = checkout.create('flow');
Mount Flow to your website using the flow.mount()
method. The method takes an Element selector or an Element as an argument. For example, #flow-container
or document.getElementById(#flow-container)
, respectively.
1flowComponent.mount('#flow-container');
Note
You cannot embed Flow within an iframe or onto a Shadow DOM.
You can use Flow to handle payment methods that require a redirect (asynchronous payments) and those that do not (synchronous payments).
Depending on the payment outcome, some payment methods and 3D Secure authentication flows redirect the customer to a success or failure URL on your website.
Checkout.com sends a webhook to your server notifying you of changes to the payment's status. Wait for the webhook callback before you initiate your order fulfillment process.
For payments submitted with Flow, the PaymentSession
ID is returned in the webhook payload's data.metadata.cko_payment_session_id
field.
Optionally, you can retrieve the payment result from your server. Call the Get payment details endpoint and provide the cko-payment-id
from the URL as the {id}
path parameter. For example:
1https://example.com/success?cko-payment-id=pay_mbabizu24mvu3mela5njyhpasd
Payment methods that do not require a redirect raise an onPaymentCompleted
event when the payment is successfully completed. You can use this to notify the customer of the payment status.
1const checkout = await CheckoutWebComponents({2paymentSession,3publicKey,4onPaymentCompleted: async (_self, paymentResponse) => {5// Handle synchronous payments6await handlePayment(paymentResponse.id);7},8});
The event returns the payment ID in the paymentResponse.id
field. To retrieve the payment result from your server, call the Get payment details endpoint and provide the payment ID as the {id}
path parameter.
Use test cards to simulate different payment flows and ensure your integration is set up correctly and behaving as expected.
Information
Ensure that you test each payment method that you want to offer to your customers.
You can check the status of a payment from the Payments > Processing > All payments page in the Dashboard.
If you have a Content Security Policy (CSP) on your website, Checkout.com requires the following directives:
1connect-src, https://*.checkout.com2frame-src, https://*.checkout.com3script-src, https://*.checkout.com4img-src, https://*.checkout.com