Overview
Govifi Checkout is built around one server-side object: the hosted session. Your backend creates a session describing what’s being paid (amount, description, optional customer); the customer completes payment through a Govifi-rendered UI; your backend gets a signed webhook when the money moves.
The flow
Section titled “The flow”your server Govifi customer's browser─────────── ────── ──────────────────POST /v1/hosted-sessions (Cognito admin token, X-Payment-Account-Uid) → session created cs_xxx + client_secret → render checkout (hosted page OR <govifi-payment>) customer payscheckout_session.completed (signed webhook) ← payment confirmedTwo ways to render
Section titled “Two ways to render”| Hosted page | Embedded component | |
|---|---|---|
| Integration | Redirect to session.hosted_url | <govifi-payment> element in your page |
| Frontend code | None | One script tag (or npm package) |
| Look & feel | Govifi-styled, your branding | Themed to your site (accent, fonts, layout) |
| PCI scope | SAQ-A | SAQ-A — card fields live in an isolated iframe |
Both render the same session, support the same payment methods (card, ACH, Apple Pay), and fire the same webhooks. Start hosted to get live fast; move to embedded when you want the checkout inside your own pages.
Credentials you’ll use
Section titled “Credentials you’ll use”- Cognito admin token — server-side only. Creates, updates, and expires
sessions; sent as
Authorization: Bearer <cognito-access-token>with theX-Payment-Account-Uidheader. The same token that authenticates the platform API. - Session credential (
client_secret,cs_…_secret_…) — minted per session and safe for the browser. The component sends it as a Bearer token on every call (read config, quote fee, confirm). Scoped to one session, short-lived, and locked to your registered origins. There are no per-account API keys (no publishable key, no secret key).
Next: get your credentials.