SDK
The Stitch Terminal SDK enables POS systems and merchant-facing applications to connect to payment terminals and process in-person payments through Stitch. You create a session on a terminal, the customer completes the payment on the device, and the SDK returns the outcome.
Supported languages
All language bindings share the same concepts, flows, and security model. They differ only in API style, for example callbacks versus async/Task.
| Language | Target | Documentation |
|---|---|---|
| Java | Java 17+ | Java SDK |
| .NET | .NET 8+ | .NET SDK |
| .NET Framework | .NET Framework 4.7.2+ | .NET Framework SDK |
Terminal types
The SDK supports two types of payment terminal. They differ in how the terminal connects to Stitch, which affects how a payment is processed (see How payments flow below).
| VIPA terminals | Android terminals | |
|---|---|---|
| What it is | A terminal running the VIPA payment platform (e.g. a Verifone P630-VIPA) | A terminal running as a Stitch Android terminal (e.g. a Verifone P630-Android) |
| Connection to Stitch | Through the SDK on your POS | Directly from the terminal |
| Connection type | Serial (USB) or TCP/IP | Serial (USB) or TCP/IP (token-authenticated) |
The distinction is the terminal's software platform rather than the manufacturer. The same hardware model is often available in both a VIPA and an Android variant. The Android variant works like any other Stitch Android terminal, with none of the VIPA-specific behaviour.
How payments flow
The SDK call you make is the same for both terminal types: createSession / StartSessionAsync. What differs is which component talks to Stitch to process the payment.
VIPA terminals
The VIPA terminal handles card acceptance (tap / insert / swipe, EMV, PIN) but does not connect to Stitch on its own. The SDK, running inside your POS application, processes the payment with Stitch on the terminal's behalf. The SDK is required for VIPA terminals.
Android terminals
A Stitch Android terminal is a full payment device that connects to Stitch itself. The SDK initiates the session and observes progress, while the terminal processes the payment directly with Stitch.
How card data stays secure
In both flows, sensitive card data is captured and protected inside the payment terminal, which is certified secure hardware (PCI-PTS, with P2PE support). The full card number and the cardholder PIN never leave the terminal in the clear. The card number is masked and the PIN is encrypted in hardware before any data is transmitted.
Your application (the POS, the SDK, and your backend) only ever receives masked card details: the first and last 4 digits of the card number, plus expiry, network, and issuer. This is sufficient to display on a receipt and reconcile, but cannot be used to reconstruct the card number.
| Data | Payment terminal | Your POS / SDK | Stitch |
|---|---|---|---|
| Full card number | Yes | No | Routing only (secure) |
| Cardholder PIN | Yes | No | Verified securely |
| Card track data | Yes | No | - |
| Masked card number (first + last 4) | Yes | Yes | Yes |
| Expiry / network / issuer | Yes | Yes | Yes |
Because the protection lives in the certified terminal and in Stitch's secure backend rather than in your application code, the security model is the same regardless of which language binding you use or how the terminal connects.