Basic Setup


The device needs to be non-rooted and run at least Android 4.1 (Jelly Bean / API Level 16) for MPSDK to work.

There are two ways to set up the framework on Android
  1. Using a Dependency Manager

  2. Importing Through Android Studio

Using a Dependency Manager

With this option, you will be getting paymentSDK straight from the repository using JitPack.

First of all, you need to create your project in the Android studio. Then you add the following code to your build.gradle file:

repositories {
     maven { url "" }
 dependencies {
     compile 'com.github.wirecard:paymentSDK-Android:2.7.1'

Some of our consumers prefer an alternative version of MPSDK which does not feature the card scanner capability (i.e. scanning the card information using the phone’s camera).

If that’s you, add this dependency instead:

dependencies {
    compile 'com.github.wirecard:paymentSDK-Android:2.7.1-cardScannerDisabled'
Importing in Android Studio

After you download the MPSDK package from our GitHub repository, use the Android Studio’s Import .JAR/.AAR Package option located in File → New → New Module.

Then, add the MPSDK module as a dependency to your build.gradle file as shown in the example:

dependencies {
   compile project(':paymentsdk')
External Libraries

Our SDK uses various 3rd party libraries which you will need to include in your build.gradle file. These should be kept at their latest stable versions:

dependencies {
       compile ''
       compile 'com.zapp.library:merchant:1.1.0'
       compile 'org.iban4j:iban4j:3.2.1'
       compile '' //only for card and PayPal payments
       compile 'com.squareup.retrofit2:retrofit:2.3.0'
       compile 'com.squareup.retrofit2:converter-gson:2.3.0'
       compile 'com.squareup.okhttp3:logging-interceptor:3.8.0'
       compile('com.squareup.retrofit2:converter-simplexml:2.3.0') {
         exclude module: 'stax'
         exclude module: 'stax-api'
         exclude module: 'xpp3'

cardIOEnabledCompile 'io.card:android-sdk:5.5.1'

// iban validator
compile 'org.iban4j:iban4j:3.2.1'
// ocr
compile ''
// tracker
compile 'org.piwik.sdk:piwik-sdk:2.0.0'

Including io.card:android-sdk is optional when using the alternative MPSDK version (without the card scanner feature).

It is important that you adjust to the latest version of the support library.

AndroidManifest Setup

MPSDK requires these permissions to function:

<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />

If you plan on using the card scanner feature, you will need to:

  • add these permissions

    <uses-permission android:name="android.permission.VIBRATE" />
    <uses-permission android:name="android.permission.CAMERA" />
  • add this activity into your AndroidManifest file

    <activity android:name="de.wirecard.paymentsdk.ui.activity.CardScannerActivity" />

    If you do not require the card scanner capability in your app, you can safely omit this step.

    For card and PayPal payments, also add:

    <activity android:name="de.wirecard.paymentsdk.ui.activity.CustomTabsActivity"
    android:launchMode="singleTop" android:screenOrientation="portrait">
        <action android:name="android.intent.action.VIEW" />
        <category android:name="android.intent.category.DEFAULT" />
        <category android:name="android.intent.category.BROWSABLE" />
        <data android:host="web.result" android:scheme="paymentsdkdemo" />

If you are using Proguard, you will need to add the following rules into your file:

Rules for Proguard
 -dontwarn org.simpleframework.**
 -dontwarn io.card.**
 -dontwarn okhttp3.**
 -dontwarn okio.**
 -dontwarn retrofit2.**
 -dontwarn de.wirecard.paymentsdk.**

 -keepattributes Signature
 -keepattributes Exceptions
 -keepattributes JavascriptInterface
 -keepattributes *Annotation*

 -keep class org.simpleframework.** { *; }
 -keep interface org.simpleframework.** { *; }

 -keep class okhttp3.** { *;}

 -keep class okio.** { *; }
 -keep interface okio.** { *; }

 -keep class retrofit2.** { *; }

 -keep class io.card.**
 -keepclassmembers class io.card.** {

 -keep class de.wirecard.paymentsdk.** { *; }
 -keep interface de.wirecard.paymentsdk.** { *; }

If you are using the alternative version without the card scanner feature, you can leave out this part:

 -keep class io.card.**
 -keepclassmembers class io.card.** {


The device cannot be jail-broken and must run at least iOS 7 for paymentSDK to work. It is recommended to use the latest stable version of Xcode.

Download the pod at our GitHub repository and add it to your Podfile:

pod 'paymentSDK'
Authentication by Signature

When a payment goes through, there’s a lot of data to be exchanged between various endpoints. Payment information changes hands between your system (the merchant), the consumer’s device, and Wirecard Processing Gateway. To ensure that this information is not tampered with, we need to put safeguards in place.

We do this by employing a digital signature, which is used for all messages targeting the Wirecard Payment Gateway. This signature is a mathematical cipher, which - if validated - proves that the message was created by a known sender and was not altered while being transmitted.

Secret Key

You will use your Secret Key when generating the digital signature mentioned above.

The Secret Key is only used in server-side code for either:

  • generating the server request signature

  • validating the server response signature

If you did not receive your Secret Key at the time you were setting up your merchant account with us, please contact Merchant Support and ask for Secret Key generation.

We ask you to never share your Secret Key with anyone, or store it inside your application or phone. This is crucial to ensure the security of your transactions.

Signature v2

You will be generating the signature on your own server’s backend, as it is the only place where you will store your Secret Key.

See Signature v2 for more information.

Note that when generating the signature for MPSDK, you can leave out payload fields related to Payment Page (redirect_url, custom_css_url, ip_address). This means that you only use the mandatory fields:

Signature v2 Payload Example (for MPSDK)
Signature v1 (DEPRECATED)

Although we link the Signature v1 documentation here, it is now considered the legacy version. For all intents and purposes, if you haven’t used MPSDK before, use Signature v2.

Signature v1 docs link here .

3D Secure

3D Secure flow & implementation is handled implicitly by MPSDK. There is only the on-demand option to omit the 3D Secure protocol (it is activated by default for merchants). For a detailed flow, see this link.

Custom URL: