**Last updated**: 30 October 2025 | [**Change log**](/access/products/checkout/android/changelog/)

# Create a session to pay with a card

Use our Android SDK to secure your customer's card details within the UI components by creating a `session`.

Full sample integration
You can see an example of the session generation [here](https://github.com/Worldpay/access-checkout-android/tree/master/demo-app/src/main/java/com/worldpay/access/checkout/sample).

## Set your views

When you create your checkout form, you must add the views that your customers use to enter their card details and set unique identifiers for each of them.

As part of our SDK, we provide a UI Component dedicated to capturing your customer's card details to minimize your exposure to PCI Data.

You must use this component if you want to qualify for the lowest level of PCI compliance (SAQ-A).

Here's an example of how you would set your view configurations.


```xml
<?xml version="1.0" encoding="utf-8"?>
<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
              android:layout_width="match_parent"
              android:layout_height="match_parent" >

    <!-- layout style attributes omitted -->
    <AccessCheckoutEditText android:id="@+id/pan" />

    <!-- layout style attributes omitted -->
    <AccessCheckoutEditText android:id="@+id/expiryDate" />

    <!-- layout style attributes omitted -->
    <AccessCheckoutEditText android:id="@+id/cvc" />

    <!-- layout style attributes omitted -->
    <Button android:id="@+id/submit_button" />

</LinearLayout>
```

## Reference your views

You must now reference your view configurations. Use the same unique view identifiers [as above](#set-your-views).

Here's an example of how you would reference your view configurations.

Kotlin

```java
package com.worldpay.access.checkout.sample.code

// android library imports omitted

class MainActivity : AppCompatActivity() {

    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)

        val panAccessCheckoutView: AccessCheckoutEditText = findViewById<AccessCheckoutEditText>(R.id.card_flow_text_pan)
        val cvcAccessCheckoutView: AccessCheckoutEditText = findViewById<AccessCheckoutEditText>(R.id.card_flow_text_cvc)
        val expiryDateAccessCheckoutView: AccessCheckoutEditText = findViewById<AccessCheckoutEditText>(R.id.card_flow_text_expiryDate)
        val submit: Button = findViewById<Button>(R.id.submit_button)
    }

}
```

Java

```java
package com.worldpay.access.checkout.sample.code

// android library imports omitted

public class MainActivity extends AppCompatActivity {

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);

        AccessCheckoutEditText panAccessCheckoutView = findViewById<AccessCheckoutEditText>(R.id.card_flow_text_pan);;
        AccessCheckoutEditText cvcAccessCheckoutView = findViewById<AccessCheckoutEditText>(R.id.card_flow_text_cvc);
        AccessCheckoutEditText expiryDateAccessCheckoutView = findViewById<AccessCheckoutEditText>(R.id.card_flow_text_expiryDate);
        Button submit = findViewById<Button>(R.id.submit_button);
    }

}
```

## Validate card details

You can optionally validate your customer's card details. You can find instructions [here](/access/products/checkout/android/card-validator).

## Create a session

### Implementing callbacks

The SDK converts the customer's card details from the UI components. The SDK then retrieves the `session` by invoking a callback to the
implementation class of the `SessionResponseListener` interface.

You must create a class that implements our `SessionResponseListener` interface.

Your implementation receives notifications once the session request is complete.

You get the `session` as a `Map<SessionType, String>` or the exception as a `AccessCheckoutException` in case of an error.

Here is an example implementation of the `SessionResponseListener` interface.

Kotlin

```java
package com.worldpay.access.checkout.sample.code

import com.worldpay.access.checkout.client.api.exception.AccessCheckoutException
import com.worldpay.access.checkout.client.session.listener.SessionResponseListener
import com.worldpay.access.checkout.client.session.model.SessionType

class MySessionResponseListener: SessionResponseListener {

    override fun onSuccess(sessionResponseMap: Map<SessionType, String>) {
        //TODO: handle the session response here
    }

    override fun onError(error: AccessCheckoutException) {
        //TODO: handle the exception here
    }

}
```

Java

```java
package com.worldpay.access.checkout.sample.code

import com.worldpay.access.checkout.client.api.exception.AccessCheckoutException;
import com.worldpay.access.checkout.client.session.listener.SessionResponseListener;
import com.worldpay.access.checkout.client.session.model.SessionType;

public class MySessionResponseListener implements SessionResponseListener {

    @Override
    public void onSuccess(Map<SessionType, String> sessionResponseMap) {
        //TODO: handle the session response here
    }

    @Override
    public void onError(AccessCheckoutException error) {
        //TODO: handle the exception here
    }

}
```

### Initialize the AccessCheckoutClient

You must now initialize the `AccessCheckoutClient` using the `AccessCheckoutClientBuilder`.

To do this, you must provide your `baseUrl`, `checkoutId` and other parameters. See the table below for more information.

Here's an example of how you would initialize the SDK with the mandatory parameters and configurations.

Kotlin

```java
package com.worldpay.access.checkout.sample.code

// android library imports omitted

import com.worldpay.access.checkout.client.session.AccessCheckoutClientBuilder
import com.worldpay.access.checkout.client.session.AccessCheckoutClient
import com.worldpay.access.checkout.client.session.model.SessionType

class MainActivity : AppCompatActivity() {

    private val baseUrl = "TARGET_BASE_URL"
    private val checkoutId = "YOUR_CHECKOUT_ID"

    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)

        // reference views code ommited

        val sessionResponseListener = MySessionResponseListener()

        val accessCheckoutClient = AccessCheckoutClientBuilder()
                .baseUrl(baseUrl)
                .checkoutId(checkoutId)
                .context(this)
                .sessionResponseListener(sessionResponseListener)
                .lifecycleOwner(this)
                .build()
    }

}
```

Java

```java
package com.worldpay.access.checkout.sample.code

// android library imports omitted

import com.worldpay.access.checkout.client.session.AccessCheckoutClientBuilder;
import com.worldpay.access.checkout.client.session.AccessCheckoutClient;
import com.worldpay.access.checkout.client.session.listener.SessionResponseListener;
import com.worldpay.access.checkout.client.session.model.SessionType;

public class MainActivity extends AppCompatActivity {

    private String baseUrl = "TARGET_BASE_URL";
    private String checkoutId = "YOUR_CHECKOUT_ID";

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);

        // reference views code ommited

        SessionResponseListener sessionResponseListener = new MySessionResponseListener();

        final AccessCheckoutClient accessCheckoutClient = new AccessCheckoutClientBuilder()
                .baseUrl(baseUrl)
                .checkoutId(checkoutId)
                .context(this)
                .sessionResponseListener(sessionResponseListener)
                .lifecycleOwner(this)
                .build();
    }

}
```

Important
When using the SDK with **AndroidX Lifecycle 2.3.0** and above, the call to `build()` must be done on the **main UI thread**. This is due to changes to the LifecycleRegistry class used by the SDK which now enforces this constraint.

### Mandatory parameters

| Parameter | Description |
|  --- | --- |
| `baseUrl` | For testing use: `https://try.access.worldpay-bsh.securedataplatform.com/`For live use: `https://access.worldpay-bsh.securedataplatform.com/` |
| `checkoutId` | Your unique checkout ID. |
| `sessionResponseListener` | The callback listener that returns your customer's `session`. |
| `context` | [Android Context](https://developer.android.com/reference/android/content/Context) |
| `lifecycle` | [Android LifecycleOwner](https://developer.android.com/reference/android/arch/lifecycle/LifecycleOwner) |


### Generate CARD session

You must pass the referenced UI components and the `SessionType.CARD` enum to the `generateSessions` method on the `AccessCheckoutClient` instance.

Here's an example of what you should do when your customer clicks the submit button.

Kotlin

```java
package com.worldpay.access.checkout.sample.code

// android library imports omitted

import com.worldpay.access.checkout.client.session.model.CardDetails
import com.worldpay.access.checkout.client.session.model.SessionType

class MainActivity : AppCompatActivity() {

    // fields ommitted

    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)

        val panAccessCheckoutView: AccessCheckoutEditText = findViewById<AccessCheckoutEditText>(R.id.card_flow_text_pan)
        val cvcAccessCheckoutView: AccessCheckoutEditText = findViewById<AccessCheckoutEditText>(R.id.card_flow_text_cvc)
        val expiryAccessCheckoutView: AccessCheckoutEditText = findViewById<AccessCheckoutEditText>(R.id.card_flow_text_expiryDate)
        val submit = findViewById<Button>(R.id.submit_button)

        // AccessCheckoutClient creation code ommitted

        submit.setOnClickListener {
            val cardDetails = CardDetails.Builder()
                .pan(panAccessCheckoutView)
                .expiryDate(expiryAccessCheckoutView)
                .cvc(cvcAccessCheckoutView)
                    .build()

            accessCheckoutClient.generateSessions(cardDetails, listOf(SessionType.CARD))
        }
    }

}
```

Java

```java
package com.worldpay.access.checkout.sample.code

// android library imports omitted

import com.worldpay.access.checkout.client.session.AccessCheckoutClient;
import com.worldpay.access.checkout.client.session.model.CardDetails;
import com.worldpay.access.checkout.client.session.model.SessionType;

public class MainActivity extends AppCompatActivity {

    // fields omitted

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);

        AccessCheckoutEditText panAccessCheckoutView = findViewById<AccessCheckoutEditText>(R.id.card_flow_text_pan);
        AccessCheckoutEditText cvcAccessCheckoutView = findViewById<AccessCheckoutEditText>(R.id.card_flow_text_cvc);
        AccessCheckoutEditText expiryAccessCheckoutView = findViewById<AccessCheckoutEditText>(R.id.card_flow_text_expiryDate);
        Button submit = findViewById<Button>(R.id.submit_button);

        // AccessCheckoutClient creation code omitted

        submit.setOnClickListener(view -> {
            CardDetails cardDetails = new CardDetails.Builder()
                    .pan(panAccessCheckoutView)
                    .expiryDate(expiryAccessCheckoutView)
                    .cvc(cvcAccessCheckoutView);

            accessCheckoutClient.generateSessions(cardDetails, Collections.singletonList(SessionType.CARD));
        });
    }

}
```

### Full code sample

Here's the full code sample of the steps above.

Kotlin

```java
package com.worldpay.access.checkout.sample.code

import android.os.Bundle
import android.widget.Button
import androidx.appcompat.app.AppCompatActivity
import com.worldpay.access.checkout.client.session.model.CardDetails
import com.worldpay.access.checkout.client.session.model.SessionType
import com.worldpay.access.checkout.sample.code.R

class MainActivity : AppCompatActivity() {

    private val baseUrl = "TARGET_BASE_URL"
    private val checkoutId = "YOUR_CHECKOUT_ID"

    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)

        val panAccessCheckoutView: AccessCheckoutEditText = findViewById<AccessCheckoutEditText>(R.id.card_flow_text_pan)
        val cvcAccessCheckoutView: AccessCheckoutEditText = findViewById<AccessCheckoutEditText>(R.id.card_flow_text_cvc)
        val expiryAccessCheckoutView: AccessCheckoutEditText = findViewById<AccessCheckoutEditText>(R.id.card_flow_text_expiryDate)
        val submit: Button = findViewById<Button>(R.id.submit_button)

        val sessionResponseListener = MySessionResponseListener()

        val accessCheckoutClient = AccessCheckoutClientBuilder()
                .baseUrl(baseUrl)
                .checkoutId(checkoutId)
                .context(this)
                .sessionResponseListener(sessionResponseListener)
                .lifecycleOwner(this)
                .build()

        submit.setOnClickListener {
            val cardDetails = CardDetails.Builder()
                .pan(panAccessCheckoutView)
                .expiryDate(expiryAccessCheckoutView)
                .cvc(cvcAccessCheckoutView)
                .build()

            accessCheckoutClient.generateSessions(cardDetails, listOf(SessionType.CARD))
        }
    }

}
```

Java

```java
package com.worldpay.access.checkout.sample.code

import android.os.Bundle;
import androidx.appcompat.app.AppCompatActivity;
import android.widget.Button;
import com.worldpay.access.checkout.sample.code.R;

import com.worldpay.access.checkout.client.session.AccessCheckoutClient;
import com.worldpay.access.checkout.client.session.model.CardDetails;
import com.worldpay.access.checkout.client.session.model.SessionType;
import com.worldpay.access.checkout.ui.AccessCheckoutEditText;

public class MainActivity extends AppCompatActivity {

    private String baseUrl = "TARGET_BASE_URL";
    private String checkoutId = "YOUR_CHECKOUT_ID";

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);

        AccessCheckoutEditText panAccessCheckoutView = findViewById<AccessCheckoutEditText>(R.id.card_flow_text_pan);
        AccessCheckoutEditText cvcAccessCheckoutView = findViewById<AccessCheckoutEditText>(R.id.card_flow_text_cvc);
        AccessCheckoutEditText expiryAccessCheckoutView = findViewById<AccessCheckoutEditText>(R.id.card_flow_text_expiryDate);
        Button submit = findViewById<Button>(R.id.submit_button);

        SessionResponseListener sessionResponseListener = new MySessionResponseListener();

        final AccessCheckoutClient accessCheckoutClient = new AccessCheckoutClientBuilder()
                .baseUrl(baseUrl)
                .checkoutId(checkoutId)
                .context(this)
                .sessionResponseListener(sessionResponseListener)
                .lifecycleOwner(this)
                .build();

        submit.setOnClickListener(view -> {
            CardDetails cardDetails = new CardDetails.Builder()
                    .pan(panAccessCheckoutView)
                    .expiryDate(expiryAccessCheckoutView)
                    .cvc(cvcAccessCheckoutView)
                    .build();

            accessCheckoutClient.generateSessions(cardDetails, Collections.singletonList(SessionType.CARD));
        });
    }

}
```

Caution
Do **not** validate the structure or length of the session resources. We follow HATEOS standard to allow us the flexibility to extend our APIs with non-breaking changes.

Important
The CARD `session` has a lifespan of **one minute** and you can use it **only once**. If you do not create a token within that time, you must create a new CARD `session` value.

br
**Next steps**

**Using the Payments API**

- Apply the session in the [payment request](/access/products/payments)


**Using our Modular APIs**

- Create a [verified token](/access/products/verified-tokens/create-verified-token)