Skip to main content

SDK

The Stitch Terminal SDK enables POS systems and merchant-facing applications to connect to payment terminals and process in-person payments through Stitch. You create a session on a terminal, the customer completes the payment on the device, and the SDK returns the outcome.

Supported languages

All language bindings share the same concepts, flows, and security model. They differ only in API style, for example callbacks versus async/Task.

LanguageTargetDocumentation
JavaJava 17+Java SDK
.NET.NET 8+.NET SDK
.NET Framework.NET Framework 4.7.2+.NET Framework SDK

Terminal types

The SDK supports two types of payment terminal. They differ in how the terminal connects to Stitch, which affects how a payment is processed (see How payments flow below).

VIPA terminalsAndroid terminals
What it isA terminal running the VIPA payment platform (e.g. a Verifone P630-VIPA)A terminal running as a Stitch Android terminal (e.g. a Verifone P630-Android)
Connection to StitchThrough the SDK on your POSDirectly from the terminal
Connection typeSerial (USB) or TCP/IPSerial (USB) or TCP/IP (token-authenticated)
note

The distinction is the terminal's software platform rather than the manufacturer. The same hardware model is often available in both a VIPA and an Android variant. The Android variant works like any other Stitch Android terminal, with none of the VIPA-specific behaviour.

How payments flow

The SDK call you make is the same for both terminal types: createSession / StartSessionAsync. What differs is which component talks to Stitch to process the payment.

VIPA terminals

The VIPA terminal handles card acceptance (tap / insert / swipe, EMV, PIN) but does not connect to Stitch on its own. The SDK, running inside your POS application, processes the payment with Stitch on the terminal's behalf. The SDK is required for VIPA terminals.

Android terminals

A Stitch Android terminal is a full payment device that connects to Stitch itself. The SDK initiates the session and observes progress, while the terminal processes the payment directly with Stitch.

How card data stays secure

In both flows, sensitive card data is captured and protected inside the payment terminal, which is certified secure hardware (PCI-PTS, with P2PE support). The full card number and the cardholder PIN never leave the terminal in the clear. The card number is masked and the PIN is encrypted in hardware before any data is transmitted.

Your application (the POS, the SDK, and your backend) only ever receives masked card details: the first and last 4 digits of the card number, plus expiry, network, and issuer. This is sufficient to display on a receipt and reconcile, but cannot be used to reconstruct the card number.

DataPayment terminalYour POS / SDKStitch
Full card numberYesNoRouting only (secure)
Cardholder PINYesNoVerified securely
Card track dataYesNo-
Masked card number (first + last 4)YesYesYes
Expiry / network / issuerYesYesYes

Because the protection lives in the certified terminal and in Stitch's secure backend rather than in your application code, the security model is the same regardless of which language binding you use or how the terminal connects.

Network requirements

A TCP/IP integration - where the POS application and payment terminal are separate devices on the store LAN - requires the firewall rules below. USB and serial connections do not require additional network rules.

Two connections are involved:

  1. POS to terminal (store LAN) - Your application supplies the terminal's IP address in the SDK configuration. The SDK opens a WebSocket to the terminal to start and monitor payment sessions.
  2. Terminal to Stitch (internet) - The terminal initiates outbound HTTPS requests to Stitch to authorise and settle payments. Your POS does not need direct internet access to Stitch for this flow.

Firewall rules

Allow the following traffic at each network boundary:

Network boundarySourceDestinationPortProtocolInitiated by
Store LANPOS applicationPayment terminal13276WebSocketPOS (via SDK)
Internet egressPayment terminalapi.stitch.money443HTTPS / TLSTerminal

No VPN is required. Allow outbound HTTPS from the terminal to api.stitch.money by hostname - static IP allowlists are not needed.

note

Port and connectivity requirements may vary by terminal model and firmware. Contact your Stitch onboarding team to confirm rules for your deployment.