sumup
Guide for building SumUp payment integrations that cover both terminal (card-present) and online (card-not-present) checkout flows using SumUp SDKs and APIs. Use when implementing or debugging SumUp checkout creation, payment processing, reader pairing, Card Widget integrations, Cloud API reader checkouts, or authorization setup with API keys/OAuth and Affiliate Keys.
What this skill does
# SumUp Checkout Integrations Knowledge and APIs can change. Always prefer the latest SumUp docs in markdown format over stale memory. - Docs root: `https://developer.sumup.com/` - LLM entrypoint: `https://developer.sumup.com/llms.txt` - Markdown page format example: `https://developer.sumup.com/terminal-payments/cloud-api/index.md` Use this skill to implement end-to-end SumUp checkouts for: - Terminal payments (native mobile SDKs, Cloud API for Solo, or Payment Switch) - Online payments (Card Widget and API-orchestrated checkout flow) ## Quick Decision Tree ```text Need to accept a payment? ├─ In-person (card-present) → terminal │ ├─ Native mobile app + direct reader flow → terminal/mobile (iOS SDK or Android Reader SDK) │ ├─ Non-native POS/backend controls Solo reader → terminal/platform-agnostic (Cloud API) │ └─ Legacy app handoff to SumUp app explicitly required → terminal/legacy-lightweight (Payment Switch) └─ Online (card-not-present) → online ├─ Fastest secure integration, hosted/embedded UI acceptable → online/low-complexity (Card Widget) └─ Custom orchestration and async lifecycle handling required → online/custom (Checkouts API + 3DS + webhooks) ``` ## Start Here 1. Classify the requested flow: - `terminal`: in-person card-present payment - `online`: e-commerce/web/app card-not-present payment - `hybrid`: both (for example, web checkout + in-store Solo) 2. Pick integration path: - `terminal/mobile`: iOS SDK or Android Reader SDK - `terminal/platform-agnostic`: Cloud API with Solo readers - `terminal/legacy-lightweight`: Payment Switch - `online/low-complexity`: Card Widget - `online/custom`: Checkouts API + 3DS + webhooks 3. Confirm credentials and environment: - API key or OAuth access token - Affiliate Key for card-present flows - Merchant code and currency alignment - Sandbox merchant account for non-production testing 4. Ask for missing critical inputs before implementation: - integration channel (mobile SDK, Cloud API, Card Widget, or API-orchestrated) - target market/currency and merchant code - auth model (API key vs OAuth) - webhook endpoint and idempotency strategy - existing constraints (legacy compatibility, migration, PCI scope) 5. Apply the implementation pattern from `references/checkout-playbook.md`. 6. Use `references/README.md` and open only the single most relevant entrypoint for the request. ## Non-Negotiable Rules - Keep secret API keys and OAuth client secrets server-side only. - Never handle raw PAN/card data directly. - Create online checkouts server-to-server. - Prefer Card Widget and SDK-provided checkout experiences to avoid handling raw card details. - For card-present integrations, include the Affiliate Key and ensure app identifiers match the key setup. - Avoid Payment Switch unless the user explicitly requests it or has a hard legacy constraint. - Use unique transaction references (`checkout_reference`, `foreignTransactionId`, or equivalent) to prevent duplicates and improve reconciliation. - Do not use endpoints marked as deprecated. - Prefer endpoints that accept `merchant_code` as an explicit parameter when equivalent alternatives exist. - Treat webhook events as notifications only; verify state through API reads. - After a widget/client callback reports success, always verify final checkout state on the backend before confirming order/payment success. ## Implementation Workflow 1. Set up auth and merchant context. 2. Create checkout request with unique reference and correct currency. 3. Complete checkout via chosen channel: - terminal SDK checkout call - Cloud API reader checkout - Card Widget - direct checkout processing flow 4. Handle async outcomes: - SDK callback / activity result / event stream - 3DS `next_step` redirect flow - webhook delivery + API verification 5. Return normalized result (status, transaction identifiers, retry guidance). ## Required Response Contract Every solution should state: 1. Chosen integration path and why. 2. End-to-end sequence (server, client, webhook/async verification). 3. Exact endpoint set, confirming no deprecated endpoints and preference for `merchant_code`-accepting endpoints. 4. Failure and retry handling (timeouts, duplicate refs, webhook retries). 5. Test plan for success, deliberate failure, and reconciliation checks. ## Validation Checklist - Test and capture both successful payment and deliberate failure case (`amount = 11` in test mode). - Verify behavior for duplicate transaction references. - Verify timeout/session expiry behavior in the selected checkout path. - Verify webhook retries and idempotent processing. - Verify reconciliation fields are stored (checkout id, transaction id/code, merchant code, reference). ## References - Use `references/README.md` to pick the right reference file. - Each reference file includes its own canonical markdown docs URL. Prefer that URL over stale memory.
Related in Backend & APIs
jfrog
IncludedInteract with the JFrog Platform via the JFrog CLI and REST/GraphQL APIs. Use this skill when the user wants to manage Artifactory repositories, upload or download artifacts, manage builds, configure permissions, manage users and groups, work with access tokens, configure JFrog CLI servers, search artifacts, manage properties, set up replication, manage JFrog Projects, run security audits or scans, look up CVE details, query exposures scan results from JFrog Advanced Security, manage release bundles and lifecycle operations, aggregate or export platform data, or perform any JFrog Platform administration task. Also use when the user mentions jf, jfrog, artifactory, xray, distribution, evidence, apptrust, onemodel, graphql, workers, mission control, curation, advanced security, exposures, or any JFrog product name.
cupynumeric-migration-readiness
IncludedPre-migration readiness assessor for porting NumPy to cuPyNumeric. Use BEFORE substantial porting work begins when the user asks whether code will scale on GPU, whether they should migrate to cuPyNumeric, which NumPy patterns transfer cleanly, what must be refactored before porting, or mentions pre-port assessment, scaling analysis, or refactor planning. Inspect the user's source code, look up NumPy usage, cross-reference the cuPyNumeric API support manifest, and distinguish distributed-scaling-friendly patterns from blockers such as unsupported APIs, scalar synchronization, host round-trips, Python/object-heavy control flow, shape/data-dependent branching, and in-place mutation hazards. Produce a verdict of READY, LIGHT REFACTOR, SIGNIFICANT REFACTOR, or NOT RECOMMENDED, with concrete refactor pointers.
alibabacloud-data-agent-skill
IncludedInvoke Alibaba Cloud Apsara Data Agent for Analytics via CLI to perform natural language-driven data analysis on enterprise databases. Data Agent for Analytics is an intelligent data analysis agent developed by Alibaba Cloud Database team for enterprise users. It automatically completes requirement analysis, data understanding, analysis insights, and report generation based on natural language descriptions. This tool supports: discovering data resources (instances/databases/tables) managed in DMS, initiating query or deep analysis sessions, real-time progress tracking, and retrieving analysis conclusions and generated reports. Use this Skill when users need to query databases, analyze data trends, generate data reports, ask questions in natural language, or mention "Data Agent", "data analysis", "database query", "SQL analysis", "data insights".
token-optimizer
IncludedReduce OpenClaw token usage and API costs through smart model routing, heartbeat optimization, budget tracking, and native 2026.2.15 features (session pruning, bootstrap size limits, cache TTL alignment). Use when token costs are high, API rate limits are being hit, or hosting multiple agents at scale. The 4 executable scripts (context_optimizer, model_router, heartbeat_optimizer, token_tracker) are local-only — no network requests, no subprocess calls, no system modifications. Reference files (PROVIDERS.md, config-patches.json) document optional multi-provider strategies that require external API keys and network access if you choose to use them. See SECURITY.md for full breakdown.
resend-cli
IncludedUse this skill when the task is specifically about operating Resend from an AI agent, terminal session, or CI job via the official resend CLI: installing/authenticating the CLI, sending/listing/updating/cancelling emails, batch sends, domains and DNS, webhooks and local listeners, inbound receiving, contacts, topics, segments, broadcasts, templates, API keys, profiles, or debugging Resend CLI/API failures. Trigger on mentions of Resend CLI, `resend`, `resend doctor`, `resend emails send`, `resend domains`, `resend webhooks listen`, `resend emails receiving`, or agent-friendly terminal automation.
alibabacloud-odps-maxframe-coding
IncludedUse this skill for MaxFrame SDK development and documentation navigation on Alibaba Cloud MaxCompute (ODPS). Helps answer MaxFrame API, concept, official example, and supported pandas API questions; create data processing programs; read/write MaxCompute tables; debug jobs (remote or local); and build custom DPE runtime images. Trigger when users mention MaxFrame, MaxCompute with MaxFrame, ODPS table processing, DPE runtime, MaxFrame docs/examples, DataFrame/Tensor operations, or GPU runtime setup. Works for both English and Chinese queries about Alibaba Cloud data processing with MaxFrame.