Skip to main content
This is the complete integration, start to finish. When you’re done, your AI app can take a purchase your agent proposes, collect the user’s card without touching it, receive one-time credentials, and complete the checkout. What you’ll build: one backend endpoint that creates sessions, one frontend surface that collects the card, and one backend callback that reads the result and reports the outcome.
Prefer zero frontend code? The REST checkout walkthrough does the same flow with hosted card entry and nothing but cURL.

Prerequisites (all self-serve)

  1. Sign up at dashboard.prava.space and create an API key; you get pk_test_* + sk_test_* instantly (Quickstart has the details).
  2. Add your app’s domain to allowed domains in the dashboard.
  3. Install the SDK: npm install @prava-sdk/core.
Building with an AI coding agent? Install the prava-sdk-integration skill and your agent knows this whole flow, with ready-made templates:

Step 1 — Backend: create a session

Your server pins the order and returns the session to your frontend. The secret key never leaves the server.
Full request schema: Create Session. Sessions expire after 15 minutes: create them when the user is ready to pay, not earlier.

Step 2 — Frontend: collect the card

Mount Prava’s PCI-compliant iframe in your page. The raw card number never touches your DOM, JavaScript, or servers.
The user enters the card and approves with a passkey (Touch ID / Face ID) inside the iframe. Prava handles the authentication, mandate registration (recording the user’s permission to pay), and tokenization (swapping the real card for one-time credentials); none of that is your code. Every option and callback: Collect Card Details.

Step 3 — Backend: get the credentials and check out

After collection, poll the payment result. When a line item reaches awaiting_result it carries the one-time credentials.
Use these exactly like normal card details at the merchant’s checkout: your agent fills the payment form, or your backend calls the merchant’s payment API. They’re single-use, merchant-locked, and amount-scoped, so use them promptly.

Step 4 — Backend: report the outcome

Always close the loop, whether the checkout succeeded or failed:
This updates transaction records and relays the outcome to the card network; the payment result’s status becomes completed. Details: Report Status.

Step 5 — Test it

Run the whole flow in sandbox with a test card. See Testing in Sandbox for the checklist and what behaves differently.

Ship it

Go-live checklist

Swap to live keys, verify domains, and what needs Prava’s sign-off.

Errors reference

Every code you might hit along this flow, with recovery steps.