> Beta:
> UI extensibility for payments extensions is currently in invite-only beta, and Shopify will need to enable the beta for your extension.
UI extensibility enables Partners to define additional fields required for processing credit cards with payments extension. Partners can then collect all essential information upfront, such as an installments payment plan, directly on the checkout page before a payment is initiated. This improvement simplifies the checkout process and offers a smoother buyer experience.
## What you'll learn
> Note:
> This document builds upon the [credit card payments extension tutorial](/docs/apps/build/payments/credit-card/use-the-cli), which you may refer to as needed for additional guidance.
In this tutorial, you'll learn how to do the following tasks:
- Create a Checkout UI extension
- Create a credit card payments extension with extensibility
- Explore the payment, refund, void, reject and capture session flows, and how to implement them yourself
- Submit your payments extension for review
## Requirements
- Install [Shopify CLI](/docs/api/shopify-cli)
- Create a [Shopify Partner account](https://www.shopify.com/partners) and apply to [become a payments partner](/docs/apps/build/payments/payments-extension-review#payments-partner-application-review)
- Create a [development store](/docs/api/development-stores)
- Create an [encryption certificate](/docs/apps/build/payments/credit-card/manage-encryption-certificates)
## Step 1: Scaffold an app
To build an extensible credit card payments extension, you will need to create a new credit card app or use an existing credit card app with extensibility features turned on by Shopify.
If you opt to create a new app, begin by using the [Shopify CLI](/docs/apps/build/scaffold-app) to set up your app. As a first step, we recommend deploying a skeleton app to establish a base for customization.
## Step 2: Create a Checkout UI extension
> Caution:
> Your Checkout UI extension should not request scopes that enable network access. For more details on the restrictions applicable to access scopes, please refer to the [restrictions](/docs/apps/build/payments/credit-card/with-extensibility#restrictions) section.
After creating your app, generate a Checkout UI extension and deploy your app to Shopify. This extension will be used to collect additional information that's required to process a payment.
1. Use the Shopify CLI to [scaffold](/docs/api/checkout-ui-extensions#scaffolding-extension) a Checkout UI extension for your app.
2. Name your extension and choose to work in TypeScript React.
> Note:
A sample extension, written in Typescript React, is shown below in the [Sample Checkout UI Extension](/docs/apps/build/payments/credit-card/with-extensibility#sample-checkout-ui-extension) section. Please make sure to use the extension target and APIs as shown in the example.
3. After you generate the extension, [deploy](/docs/api/shopify-cli/app/app-deploy) your app to [Shopify Partners](https://www.shopify.com/partners). This will allow you to link the Checkout UI extension with your payments app extension in the next section.
4. Navigate to your app in Shopify Partners (Apps > Your App).
## Step 3: Create a payments extension
Your Shopify app becomes a payments app after you've created and configured your payments extension.
1. Run the following command to start generating your payments extension:
2. When prompted, choose your organization and create a new app.
3. When prompted for **Type of extension**, select **Payments App Extension > Credit Card** and name your extension.
## Step 4: Configure your payments app extension
Configuration of an extensible credit card payments app extension is similar to a [Credit Card payments app extension](/docs/apps/build/payments/credit-card/use-the-cli).
Your payments app extension configures the following fields:
| Field
| Description |
| ------------- | ------------- |
| `payment_session_url`
Required | The URL that receives payment and order details from the checkout. |
| `refund_session_url`
Required | The URL that refund session requests are sent to. |
| `capture_session_url`
Required | The URL that capture session requests are sent to. This is only used if your payments app supports merchant manual capture. |
| `void_session_url`
Required | The URL that void session requests are sent to. This is only used if your payments app supports merchant manual capture or void payments. |
| `confirmation_callback_url`
Optional | The URL that confirm session requests are sent to. This URL is required if your payments app supports 3-D Secure authentication. |
| `supported_countries`
Required | The countries where your payments app is available. Includes list of [ISO 3166 (alpha-2) country codes](https://www.iso.org/iso-3166-country-codes.html) where your app is available for merchants to install. |
| `supports_moto`
Required | Enables Mail Order/Telephone Order (MOTO), allowing merchants to manually process transactions using a customer's credit card information. The `moto` attribute in payment method data is only available in API version 2024-07 and later. |
| `supports_3ds`
Required | 3-D Secure support is mandated in some instances. For example, you must enable the 3-D Secure field if you plan to support payments in countries which have mandated 3-D Secure. |
| `supported_payment_methods`
Required | The [payment methods](https://github.com/activemerchant/payment_icons/blob/master/db/payment_icons.yml) (for example, Visa) that are available with your payments app. |
| `supports_installments`
Required | Enables installments |
| `supports_deferred_payments`
Required | Enables deferred payments |
| `merchant_label`
Required | The name for your payment provider extension. This name is displayed to merchants in the Shopify admin when they search for payment methods to add to their store. Limited to 50 characters. |
| `test_mode_available`
Required | Enables merchants using your payments app to test their setup by simulating transactions. To test your app on a development store, your payment provider in the Shopify admin must be set to test mode. |
| `api_version`
Required | The Payments Apps GraphQL API version used by the payment provider app to receive requests from Shopify. You must use the same API version for sending GraphQL requests. You can't use the unstable version of the API in production. API versions are updated in accordance with Shopify's general API versioning timelines. |
| `multiple_capture`
Optional, Closed Beta | Enables merchants using your payment provider app to partially capture an authorized payment multiple times up to the full authorization amount. This is used only if your payments app supports merchant manual capture. |
| `encryption_certificate_fingerprint`
Required | The certificate that Shopify uses to generate the ephemeral key and encrypt the credit card information of the customer. Refer to [manage encryption certificates](/docs/apps/build/payments/credit-card/manage-encryption-certificates) section to learn more. |
| `ui_extension_handle`
Required | The UI extension that will be used to render your payments app in checkout. This value can only be a UI extension linked to this specific payments app.|
| `checkout_payment_method_fields`
Required | The fields your payments app will accept from buyers in checkout (for example, installment details, payment plan). Each field is composed of a key name, as well as the data type, that restricts the input the buyer can provider. |
> Note:
> The `UI Extension` and `UI Extension Field Definitions` attributes are new app extension configurations. You’ll want to select the UI extension you created in **Create a Checkout UI Extension** as the value for the UI Extension field.
The UI extension generated in [Create a Checkout UI extension](/docs/apps/build/payments/credit-card/with-extensibility#step-2-create-a-checkout-ui-extension) will determine what fields, validation, and form submission behavior is presented to buyers during checkout.
### UI Extension
This is where you link the checkout extension you previously built with your new payment app extension to tie them together.
| Property name | Description |
| ------------- | ---------------------------------------------------------------------------------- |
| `ui_extension_handle`
Required | The UI extension that will be used to render your payments app in checkout. This value can only be a UI extension linked to this specific payments app.|
### UI Extension Field Definitions
Specify the fields your UI extensions should collect to ensure the payment method validates and receives the correct data from the front end.
| Property name | Description |
| ------------- | ---------------------------------------------------------------------------------- |
| `checkout_payment_method_fields`
Required | The fields your payments app will accept from buyers in checkout (for example, installment details, payment plan). Each field is composed of a key name, as well as the data type, that restricts the input the buyer can provider. |
```
[[extensions.checkout_payment_method_fields]]
key = "bank_name"
type = "string"
required = true
[[extensions.checkout_payment_method_fields]]
key = "account_number"
type = "string"
required = false
```
## Step 5: Submit your payments extension for review
After you've finished your draft, you can submit your payments extension for review in order to test or use your extension. You can use this same process to submit new versions of your payments extension. Any changes that are made after publishing need to be approved by Shopify as a new version of the payments extension.
### Deploy your extension
To get your extension ready for review, you can create and release an app version with the `deploy` command.
1. Navigate to your app directory.
2. Run the following command:
An app version created using Shopify CLI contains the following:
- The app configuration from the local [configuration file](/docs/apps/build/cli-for-apps/app-configuration). If the `include_config_on_deploy` [flag](/docs/apps/build/cli-for-apps/app-configuration#build) is not set or `false`, the configuration from the active app version will be used instead.
- The local version of the app's CLI-managed extensions. If you have an extension in your deployed app, but the extension code doesn't exist locally, then the extension isn't included in your app version.
- The latest drafts of dashboard-managed extensions.
Releasing an app version replaces the current active version that's served to stores with your app installed. It might take several minutes for app users to be upgraded to the new version.
> Tip:
If you want to create a version, but want to avoid releasing it to users, then run the `deploy` command with a `--no-release` flag.
### Submit the app version for review
Follow these steps to submit your app version for review:
1. From the Partner Dashboard, go to **[Apps](https://partners.shopify.com/current/apps)**.
2. Select your app from the list.
3. Click **Versions**.
4. Select the version that you want to submit for review.
5. Click **Submit for review**.
### Release your app version
After Shopify has reviewed and approved the app version you can release it to merchants.
1. From the Partner Dashboard, go to **[Apps](https://partners.shopify.com/current/apps)**.
2. Click **Release** to release the new app version to users.
## Step 6: Test your payments app with a store
Once this version has been released, follow these steps to install your app on your development store:
1. From the app splash page, enter an account name.
2. Select **Ready** > **Unstable** and click **Submit**.
3. In the banner, click **Return to Shopify**.
5. Enable test mode.
5. Click **Activate**.
6. You can select `Resolve` to complete the payment, or `Reject` to cancel and go back.
## Explore the payment processing flows
The payments app functions similarly to the credit card payment method, allowing you to gather additional information from the buyer at the outset to facilitate payment processing. The primary distinction is that Checkout UI extension data is included in the `start_payment_session` body.
Outlined below is a comprehensive diagram depicting the potential flow for processing an extensible credit card payment. It's important to note that the pending state is optional; you can directly proceed to either resolve or reject the payment if there is no need to place it in a pending state. For further details on processing credit card payments, please refer to this [resource](/docs/apps/build/payments/credit-card/use-the-cli).
Once we start the payment session with your payments app, that initiation will also contain the metadata in a shape similar to what was specified within the field definitions. A [sample payment session payload](/docs/apps/build/payments/credit-card/with-extensibility#payment-session) of what is to be expected can be seen below.
### Payment session
Payments with payments apps are processed asynchronously. When the buyer completes their checkout, a request will be sent from Shopify to the *Payment session URL* defined in [Configure your payments app extension](/docs/apps/build/payments/credit-card/with-extensibility#step-4-configure-your-payments-app-extension), with the checkout and payment details. The Payments app should respond with HTTP 2xx to indicate that the payment session was started, and should begin processing the extensible credit card payment at this point.
The new metadata we are passing through payment session would be contained within the `payment_method` request parameters under `attributes`:
### Payment session with localized fields
For certain countries that require additional fields on orders, `localized_fields` are included in the payload inside the `transaction_metadata` object. In the case of Brazil, `localized_fields` contains the CPF value. As a result of this, payment app developers won't need to manually add a CPF field to the payments app.
> Note:
> Make sure you're using the `2024-07` version or higher in your payments app extension to access this feature.
#### Resolve
After the payments app has responded to the initial start payment session request, it should begin processing the payment. Since this is an asynchronous process, the payments app will be performing the next step independently, through the [`paymentSessionResolve`](/docs/api/payments-apps/latest/mutations/paymentSessionResolve) mutation on the [Payments Apps GraphQL API](/docs/api/payments-apps). This mutation will resolve the payment session, indicating that the payment was successful.
After this, the payment will be marked as resolved in Shopify.
#### Reject
If a payment was unsuccessful for any reason, then payments app must use the [`paymentSessionReject`](/docs/api/payments-apps/latest/mutations/paymentSessionReject) mutation.
#### Error
This section describes the [reasons](/docs/api/payments-apps/latest/enums/PaymentSessionStateRejectedReason) you can use to reject a payment session.
### Refund Session
The refund flow begins with an HTTP `POST` request sent from Shopify to the payments app's refund session URL. Shopify must receive an HTTP `201` (Created) response for the refund session creation to be successful. For more information about refund sessions and how to reject or resolve refund sessions, refer to [Explore refund sessions](/docs/apps/payments/credit-card/build-credit-card-app?framework=remix#explore-refund-sessions).
Example request body:
#### Resolve
After the app has successfully processed the refund request, it's resolved by using the `refundSessionResolve` mutation. The `id` argument corresponds to the `gid` of the refund.
Example GraphQL mutation:
After this, the refund will be marked as resolved in Shopify.
#### Reject
If the app can't process a refund, then it needs to reject it. You should only reject a refund in the case of final and irrecoverable errors. Otherwise, you can attempt to process the refund again.
The refund is rejected using the [`refundSessionReject`](/docs/api/payments-apps/latest/mutations/refundSessionReject) mutation.
As part of the rejection, a reason why the refund was rejected must be included as part of `RefundSessionRejectionReasonInput`.
### Capture Session
A capture can only be performed when the payment initiated by Shopify has a `kind` property with a value of `authorization`. With an `authorization`, the app places a hold on funds and then replies to Shopify's capture request.
The capture flow begins with an HTTP POST request sent from Shopify to the payments app's capture session URL. You can read more about capture sessions and how to reject or resolve capture sessions [here](docs/apps/payments/credit-card/build-credit-card-app?framework=remix#explore-capture-sessions).
Example request body:
#### Resolve
After the app has successfully processed the capture request from Shopify, it's resolved using the [`captureSessionResolve`](/docs/api/payments-apps/latest/mutations/captureSessionResolve) mutation on the [Payments Apps GraphQL API](/docs/api/payments-apps).
Example GraphQL mutation:
After this, the capture will be marked as resolved in Shopify.
#### Reject
If you don't want to process a capture request, then you should reject it. You might want to reject a capture if authorization has expired or if you suspect that the request is fraudulent or high risk. You should only reject a capture in the case of final and irrecoverable errors. Otherwise, you should re-attempt to resolve the capture.
The app rejects a capture using the [`captureSessionReject`](/docs/api/payments-apps/latest/mutations/captureSessionReject) mutation.
As part of the rejection, you need to include a reason why the capture was rejected as part of `CaptureSessionRejectionReasonInput`.
Example GraphQL mutation:
### Void Session
A void can only be performed when the payment initiated by Shopify has a `kind` property with a value of `authorization`.
The void flow begins with an HTTP `POST` request sent from Shopify to the payments app's void session URL. You can read more about void sessions and how to reject or resolve void sessions [here](docs/apps/payments/credit-card/build-credit-card-app?framework=remix#explore-void-sessions).
Example request body:
#### Resolve
After the app has successfully processed the void request, it is resolved using the [voidSessionResolve](/docs/api/payments-apps/2023-07/mutations/voidSessionResolve) mutation on the [Payments Apps GraphQL API](/docs/api/payments-apps).
Example GraphQL mutation:
After this, the void will be marked as resolved in Shopify.
#### Reject
If your app can't process a void request, then you should reject it. You should only reject a void in the case of final and irrecoverable errors. Otherwise, you can attempt to resolve the void again.
You can reject a void using the [voidSessionReject](/docs/api/payments-apps/2023-07/mutations/voidSessionReject) mutation. As part of the rejection, you need to include a reason why the void was rejected as part of `VoidSessionRejectionReasonInput`.
Example GraphQL mutation:
## Sample Checkout UI Extension
> Note:
> Make sure you're using the `2024-04` version or higher of `checkout-ui-extensions-react` in your `package.json` that contains the `useApplyPaymentMethodAttributesChange` and `PaymentMethodAttributesUpdateChange` types. Regenerate your lockfile with these versions, or manually upgrade `@shopify/ui-extensions*` using yarn/npm.
Here is a sample of what a Checkout UI extension could look like for a Credit Card payments app with extensibility (this would be within your `Checkout.tsx` file of your Checkout UI extension):
> Note:
> You must also specify the extension point you are rendering to (you can use `purchase.checkout.payment-option-item.hosted-fields.render-after`) in the `shopify.extension.toml` file. The [standardAPI](/docs/api/checkout-ui-extensions/unstable/targets) is a good starting point to see what is available for your checkout extension. A list of available components can be found [here](https://shopify.dev/docs/api/checkout-ui-extensions/unstable/components).
### BIN Range Configuration
As part of the extensibility features, we have exposed the BIN number entered by buyers to the Checkout UI extension in order for the extension to be able to make decisions on what to display based on this number. To get the BIN number entered for the credit card on checkout the following code can be used:
## Known limitations
As we are still building some features. There are currently some limitations within the system that we're still working on. They are as follows:
- App deployments from the partners UI dashboard only pickup Checkout UI extensions if they have previously been deployed & released. If you want to use the partner dashboard UI to deploy new versions of your app. Make sure you have previously deployed & released the corresponding Checkout UI extension from the CLI first.
## Restrictions
- Payments extensions using Checkout UI extensions should not request scopes enabling network access. This will result in the extension being rejected during review. Instead of fetching data using an external network call, consider storing the data using [Metafields](https://shopify.dev/docs/apps/custom-data/metafields) for your app & accessing the same later.
- Companion app:
- If access to order data is needed for any reason, a companion app may be used to request and gain access to the data from the merchant by requesting read_all_orders scope for that app. The only scopes that payments app extension should not request for are `write_checkout_extension_payments` and `write_payment_sessions`.
- If the companion app is using web pixels, you will need to request access to the consent feature to ensure that the pixel fires consistently. Please ask partner manager to get you the access.
## Tutorial Complete!
Congratulations! You set up a credit card payments extension with UI extensibility.