Skip to main content

Checkout

Checkout sessions separate the authenticated merchant session creation from the public buyer actions.

Authentication

There are two secure ways to create a session:

  • Your backend: use a secret key with the checkout_sessions.create scope.
  • Official MuPag widget: use a publishable key with the checkout_sessions.create scope.

Never expose a secret key in the browser. A publishable key can only access operations explicitly allowed for frontend use.

Flow

  1. Your backend or the official widget creates the session with POST /v1/checkout-sessions.
  2. The frontend uses the public session endpoints to pick a method, apply a coupon and pay.
  3. The final status is confirmed by session reads and webhook events.

Key fields

  • success_url and cancel_url
  • items
  • customer_id or customer_data
  • allowed_payment_methods
  • affiliate_code and coupon_id when relevant

Use checkout when you need a cart-oriented payment experience with item detail and buyer-side interaction.

Did this page unblock the next step?

Feedback stays inside the docs flow and should never include customer or card data.