Payment APIs & Developer Fintech 2026 — Stripe / Adyen / Toss Payments / PortOne / Square / Mollie / Lago Deep Dive

"Payments is not a solution, it is infrastructure. Infrastructure changes once every nine years." — Patrick Collison, Stripe Co-founder, Sessions 2024 keynote

As of May 2026, the payment API ecosystem has solidified into four camps rather than a single global standard: Global (Stripe) + Regional leaders (Adyen, Toss Payments, Razorpay, GMO PG) + Billing-only (Lago, Orb, Metronome) + Builder tooling (Bolt, Tier). A SaaS that wants to serve the United States, Korea, and Japan at the same time has to run at least three payment gateways, and once consumption pricing enters the picture a billing engine joins as a separate layer.

This post covers the positioning, API surface, pricing, limits, and "who should pick what" for 18 payment products in one place — useful for Korean developers going global, Japanese developers entering Korea, and B2B SaaS teams adopting usage-based pricing. Real code patterns included throughout.

1. The 2026 Payment API Map — Stripe / Regional / Billing / Builder

Payments is no longer "swipe a card once." A modern payment product spans:

Layer	Role	Representative products
Acquirer / PSP	Direct connection to card networks and banks, transaction processing	Stripe, Adyen, Worldpay, Fiserv
Aggregator	Bundles multiple PSPs behind one API	Toss Payments, PortOne, Razorpay, KOMOJU
Orchestration	Routing, retries, failover across PSPs	Spreedly, Primer, Gr4vy
Billing / Invoicing	Subscriptions, metering, invoice generation	Stripe Billing, Lago, Orb, Metronome, Maxio
Tax / Compliance	Tax calculation and filing, KYC	Stripe Tax, Avalara, TaxJar, Sovos
Identity / KYC	Identity verification, business onboarding	Stripe Identity, Persona, Onfido, Sumsub
Issuing	Card and account issuance	Stripe Issuing, Marqeta, Adyen Issuing

The 2026 market sits in four camps:

Global standard (Stripe): Number one by revenue, the de facto API standard, 47 countries supported. Atlas + Tax + Identity + Issuing extends it into a platform you can use to "spin up a company from scratch."
Regional leaders: Toss Payments + PortOne in Korea, Adyen in European enterprise, Razorpay in India, GMO PG + PAY.JP in Japan, Xendit in Southeast Asia. Their edge is local card network connectivity, wallets, and settlement accuracy.
Billing-only: Stripe Billing is the default, but as usage-based pricing gets complex, Lago (open source), Orb, Metronome, and OpenMeter form a separate market. The key idea: decouple billing from your PSP.
Builder tooling: A thin layer above payments — Bolt (one-click checkout), Tier (consumption-pricing SDK) — emerging in 2025–2026.

The first decision point is always "which market are you targeting?" A global English-speaking SaaS picks Stripe almost automatically. If more than 30% of revenue is Korea, you must add Toss Payments or PortOne. Japan needs its own dedicated gateway.

2. Stripe — Atlas + Tax + Identity + Issuing Expansion

Stripe started in 2010 with a famous "seven lines of code" payment API. By 2026 it has grown into a platform that handles much more than payments — it runs significant parts of company operations. The 2024 IPO rumors fizzled out (Stripe stayed private), and the 2025 valuation recovered to roughly $95B.

Core product lineup:

Payments: 100+ payment methods (cards, wallets, bank transfers), 47 countries, 2.9% + $0.30 per transaction (US baseline)
Billing: Subscriptions, usage-based pricing, invoice generation. In 2025 the usage_records API was redesigned as Meter Events
Tax: Automatic tax calculation and filing in 50+ countries; Korea and Japan added in 2025
Atlas: One-screen US incorporation (Delaware C-corp) + EIN + bank account + stock issuance for $500
Identity: KYC/KYB in 30 countries, ID + selfie verification at $1.50 per check
Issuing: Visa/Mastercard card issuance (virtual or physical) — the layer Brex and Ramp are built on
Capital: Revenue-based loans with AI-driven limit calculation
Climate: Auto-donates a slice of revenue to carbon removal
Connect: Marketplace payouts (eBay, Shopify, Lyft all use it)

Basic payment flow with the PaymentIntents API (2026 standard):

import Stripe from 'stripe'

const stripe = new Stripe(process.env.STRIPE_SECRET_KEY!, {
  apiVersion: '2026-01-15',
})

// 1) Create a PaymentIntent on the server
const intent = await stripe.paymentIntents.create({
  amount: 1999,           // $19.99 in cents
  currency: 'usd',
  automatic_payment_methods: { enabled: true },  // Cards + wallets shown automatically
  metadata: { order_id: 'ord_abc123' },
})

// 2) Client mounts the payment UI with client_secret
//    <Elements options={ clientSecret: intent.client_secret }>
//      <PaymentElement />
//    </Elements>

// 3) Handle webhooks after payment completes
export async function POST(req: Request) {
  const sig = req.headers.get('stripe-signature')!
  const body = await req.text()
  const event = stripe.webhooks.constructEvent(
    body,
    sig,
    process.env.STRIPE_WEBHOOK_SECRET!
  )
  if (event.type === 'payment_intent.succeeded') {
    await fulfillOrder(event.data.object)
  }
  return new Response('ok')
}

Three notable 2026 changes:

Stripe Tax adds Korea and Japan — As of November 2025, Korean VAT auto-filing and Japanese consumption-tax calculation are supported. Global SaaS can handle East-Asian taxes without external accountants.
Stripe Issuing officially launches in EU and UK — You can now build Brex/Ramp-style expense management startups in Europe.
Agent Commerce Protocol (ACP) beta — A new auth flow for AI agents transacting on a user's behalf, co-designed with Anthropic and OpenAI.

Stripe's weaknesses: Korean domestic cards are poorly supported (workaround via PayPal or run Toss alongside), Japan lacks PayPay and LINE Pay support, and pricing is expensive (Adyen is often cheaper at enterprise scale).

3. Adyen — The European Enterprise Standard

Adyen, founded in 2006 in the Netherlands, is Stripe's strongest enterprise competitor globally. Uber, Spotify, McDonald's, eBay, Microsoft, and Booking.com all process payments through Adyen.

What makes Adyen different:

Single-platform model: Card acquiring, processing, settlement, and risk management all under one roof. Stripe outsources some acquiring; Adyen does not.
Cheap interchange++ pricing: For transaction volumes above $10M/year, Adyen is typically 10–30% cheaper than Stripe.
Unified online + offline: In-store POS and online payments in the same console — the key reason McDonald's chose them globally.
Wide local payment method coverage: iDEAL (Netherlands), Bancontact (Belgium), MB Way (Portugal), Klarna (BNPL), and partial Korean card support.

The API is RESTful but has a steeper learning curve than Stripe. The standard flow is paymentMethods.json → payments.json → payments/details.json. All requests are JSON, all responses carry a pspReference transaction ID.

// Adyen Checkout API basic flow
import { Client, CheckoutAPI } from '@adyen/api-library'

const client = new Client({ apiKey: process.env.ADYEN_API_KEY!, environment: 'TEST' })
const checkout = new CheckoutAPI(client)

// 1) List available payment methods
const methods = await checkout.PaymentsApi.paymentMethods({
  merchantAccount: 'YourMerchantAccount',
  amount: { value: 1999, currency: 'USD' },
  countryCode: 'US',
  shopperLocale: 'en-US',
})

// 2) Submit a payment
const result = await checkout.PaymentsApi.payments({
  merchantAccount: 'YourMerchantAccount',
  amount: { value: 1999, currency: 'USD' },
  reference: 'order-abc-123',
  paymentMethod: { type: 'scheme', encryptedCardNumber: '...' },
  returnUrl: 'https://your-site.com/checkout/result',
})

// 3) Handle 3DS if challenged
if (result.resultCode === 'IdentifyShopper') {
  // Client performs the 3DS challenge
}

Adyen makes sense when you have more than 10,000 transactions per month, operate in multiple countries simultaneously, and need offline-online integration. For low volume or fast self-service signup, Stripe is the better choice by a wide margin.

4. Toss Payments — Korea's Standard

Toss Payments was created when Toss (Viva Republica) acquired LG U+'s payment business in 2020. By 2026 it is the default choice for Korean SaaS and e-commerce — over 80% of new Korean startups evaluate Toss Payments first.

Strengths:

Best developer experience in Korea: Korean-language docs, code samples, Postman collections, even KakaoTalk channel support
One SDK for KakaoPay, Naver Pay, Samsung Pay, Toss Pay — toggle once, no separate contracts
Free test environment: Reproduce all scenarios without real cards
Pricing: Standard cards 2.5–3.3%, wallets 2.2–3.0%, PayCo/KakaoPay +0.1–0.5%
Fast settlement: D+1 (next business day); some promos run D+0

Basic payment flow with the Toss Payments JavaScript SDK:

// Client side
import { loadTossPayments } from '@tosspayments/payment-sdk'

const tossPayments = await loadTossPayments(
  'live_ck_xxx' // client key
)

await tossPayments.requestPayment('Card', {
  amount: 50000,
  orderId: 'order_abc_123',
  orderName: 'Premium subscription 1 month',
  customerName: 'Hong Gildong',
  successUrl: 'https://example.com/success',
  failUrl: 'https://example.com/fail',
})

// Server side — confirm payment at successUrl
const response = await fetch('https://api.tosspayments.com/v1/payments/confirm', {
  method: 'POST',
  headers: {
    Authorization: `Basic ${btoa(process.env.TOSS_SECRET_KEY + ':')}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    paymentKey,
    orderId,
    amount: 50000,
  }),
})

Webhook signature verification has been mandatory since 2024 — verify the TossPayments-Signature header with your signing_key via HMAC-SHA256. For idempotency, send an Idempotency-Key header on every payment confirmation request.

Toss Payments weaknesses: it supports global card-issued payments but FX conversion and settlement require extra steps, so a global-leaning revenue mix will still need Stripe alongside it. Certain industries (adult, gambling, parts of fintech) face strict merchant onboarding.

5. PortOne (formerly Iamport) — Korea's Aggregator

PortOne (rebranded from Iamport in 2024) is the payment aggregator that wraps every Korean PSP behind a single SDK. One integration gives you Toss, KCP, Inicis, Danal, KakaoPay, Naver Pay, PayCo, SmilePay, credit cards, virtual accounts, mobile carrier billing, and even global payments (Stripe and PayPal pass-through).

Reasons to use PortOne:

Swap PSPs without touching code: Toss → KCP migration is a single environment variable
Multi-PSP routing: When PSP A is down, fall back to PSP B automatically
Unified dashboard: View and refund across PSPs from one screen
Fees: PortOne's own fee is ~30–50 KRW per transaction; PSP fees apply separately
2024 V2 API: TypeScript-first SDK with auto-generated OpenAPI types

// PortOne V2 SDK example
import * as PortOne from '@portone/browser-sdk/v2'

const response = await PortOne.requestPayment({
  storeId: 'store-xxx',
  channelKey: 'channel-xxx',  // channel determines the PSP (Toss/KCP/Inicis/etc.)
  paymentId: `payment-${crypto.randomUUID()}`,
  orderName: 'Premium subscription',
  totalAmount: 50000,
  currency: 'CURRENCY_KRW',
  payMethod: 'CARD',
})

// Verify on the server
const verification = await fetch(
  `https://api.portone.io/payments/${response.paymentId}`,
  { headers: { Authorization: `PortOne ${process.env.PORTONE_API_SECRET}` } }
)

PortOne's biggest value is multi-PSP negotiation leverage. As volume grows you can negotiate a lower fee at PSP A and route part of the traffic there. Conversely, if you only ever need one PSP, the PortOne layer is just overhead cost.

In 2026 PortOne added integrations with Japan's KOMOJU and Indonesia's Xendit, making it a default for Korean SaaS expanding across Southeast Asia.

6. KCP / Inicis / Danal — Korean Classic PSPs

The three giants of the Korean payment market before Toss took the lead:

KCP (Korea Cyber Payment): Founded 1999, NHN subsidiary. Covers cards, bank transfers, mobile carrier, gift cards. High adoption among large enterprises (Shinsegae, 11st, parts of Coupang).
Inicis (KG Inicis): Founded 1998, part of KG Group. One of the oldest PSPs, strong in conservative industries (public sector, education, finance).
Danal: Founded 1997, the leader in mobile carrier billing and well known for identity verification services.

API surfaces still reflect early-2010s design — key issuance, encryption, and callback URL setup are involved. JSP/PHP examples remain canonical, and modern TypeScript SDKs are scarce.

# Conceptual flow for Inicis result-callback verification
# The merchant shares P_MID, P_OID, P_AMT, P_TID with KCP and HMAC-verifies with a shared key
# Almost every Korean legacy PSP carries EUC-KR encoding legacy — be careful when converting to UTF-8

Working directly with KCP / Inicis / Danal:

For new projects, going through PortOne is almost always the better path
Direct integration only when an enterprise merchant policy requires holding the main-network key directly
Refund and partial-cancel APIs differ subtly per PSP, so an abstraction layer is mandatory

In 2026 all three are mid-renewal of their RESTful APIs, but the migration is slow — aggregators like PortOne retain a lot of value.

7. Square + Cash App — The Block Ecosystem

Square started in 2009 as Jack Dorsey's mobile card reader. After rebranding the parent to Block in 2021, it became an integrated payments + P2P (Cash App) + Bitcoin fintech group.

Square (B2B payments):

POS strength: Used by 800,000 restaurants and retailers across the US, Canada, UK, Australia, and Japan
Square Online: Free online store builder, a Shopify competitor
Square Reader: Sells card readers for $10–49, monetizes via processing fees
API: REST + GraphQL, OAuth 2.0, unified Subscriptions/Catalog/Inventory/Orders
Pricing: 2.6% + 10 cents in-person, 2.9% + 30 cents online

Cash App (P2P + B2C):

55 million active US users
Cash App Pay: At checkout, users scan a QR with their phone to pay (similar to Venmo)
Buy/sell/send Bitcoin
Not directly exposed to B2B; Square merchants enable it as an option

// Square Payments API example
import { Client, Environment } from 'square'

const client = new Client({
  accessToken: process.env.SQUARE_ACCESS_TOKEN,
  environment: Environment.Production,
})

const response = await client.paymentsApi.createPayment({
  sourceId: 'cnon:card-nonce-from-web-sdk',
  idempotencyKey: crypto.randomUUID(),
  amountMoney: { amount: 1999n, currency: 'USD' },
  locationId: 'L1234567890',
})

Square is strong for businesses with physical locations, while Stripe is strong for software companies. They rarely compete head-on, and using both (Square in-store, Stripe on the web) is common.

8. Mollie / Checkout.com / Braintree — Europe + PayPal Family

Mollie (Netherlands, founded 2004):

The European SMB favorite, 35 countries
Rich coverage of European methods: iDEAL, Bancontact, SOFORT, Klarna, Apple Pay, Google Pay
Clear and cheap pricing (iDEAL €0.29 per transaction)
RESTful API, very clean (rated second only to Stripe for developer experience)
Adyen acquisition rumors in 2024 came to nothing; Mollie stayed independent

Checkout.com (UK, founded 2012):

Enterprise focus — processes payments for Klarna, Wise, Sony
Interchange++ pricing, very cheap at scale
150 currencies, global acquiring licenses
2022 valuation peaked at $40B, repriced to $11B in 2024
Rich API surface but no self-service signup (sales contact required)

Braintree (PayPal subsidiary, founded 2007, acquired in 2013):

Unified SDK for PayPal, Venmo, and cards
Drop-in UI for fast integration
The standard pick when US SaaS / e-commerce wants to capture PayPal users
Fees: 2.59% + 49 cents (US cards)
Weakness: API design is from the early 2010s; GraphQL has been in beta and stalled

// Mollie Payments example — the cleanest European API
import { createMollieClient } from '@mollie/api-client'

const mollie = createMollieClient({ apiKey: process.env.MOLLIE_API_KEY! })

const payment = await mollie.payments.create({
  amount: { currency: 'EUR', value: '19.99' },
  description: 'Premium subscription',
  redirectUrl: 'https://example.com/return',
  webhookUrl: 'https://example.com/webhook',
  metadata: { orderId: 'order-abc-123' },
})

// Redirect the user to payment.getCheckoutUrl()

Where they sit: Mollie for European SMB, Checkout.com for European/Middle Eastern enterprise, Braintree for the US PayPal-friendly market. Korean teams rarely use any of them as primary; usually they appear as one of several enabled global options.

9. Razorpay — India's Payment Standard

Razorpay was founded in 2014 by IIT alumni — call it India's Stripe. By 2026 it holds roughly 40% of India's payment market.

What stands out:

UPI (Unified Payments Interface) is India's default: scan a QR for instant transfer, near-zero fees
GST handling baked in: Indian VAT auto-attached to invoices
Razorpay Capital: Revenue-based loans, a major funding channel for Indian startups
Fees: UPI free (< ₹2,000), cards 2%, international cards 3%
The API is very Stripe-like: Razorpay's founder has publicly cited Stripe as the model

import Razorpay from 'razorpay'

const razorpay = new Razorpay({
  key_id: process.env.RAZORPAY_KEY_ID!,
  key_secret: process.env.RAZORPAY_KEY_SECRET!,
})

// Create order
const order = await razorpay.orders.create({
  amount: 50000,   // 500 INR in paise
  currency: 'INR',
  receipt: 'order_rcptid_11',
})

// Client invokes Razorpay Checkout
// After payment, verify razorpay_payment_id, razorpay_signature

A Korean SaaS expanding into India cannot capture UPI with Stripe alone — Razorpay integration is essentially mandatory because over 70% of Indian payments flow through UPI.

10. Japan — GMO Payment Gateway / PAY.JP / KOMOJU / PayPay / LINE Pay

Japan has a completely different payment ecosystem from Korea.

GMO Payment Gateway:

Japan's largest PSP, listed on the Tokyo Stock Exchange (4784)
Core infrastructure for Nintendo, Rakuten, Mercari
Conservative API surface, Japanese-language documentation dominant, English docs sparse
Negotiable fees (large merchants get card fees as low as 1.5%)

PAY.JP:

Built by BASE (Japan's biggest e-commerce builder), pitched as "Japan's Stripe"
API intentionally resembles Stripe, JavaScript SDK well-organized
Clean for card payments; wallet coverage is weaker
Fees: 3.6% (flat)

KOMOJU:

The de facto standard for foreign SaaS entering Japan (Patreon, itch.io, Discord use it)
Bundles Japanese credit cards + konbini (convenience store) + bank transfer + PayPay + LINE Pay
English docs are complete; effectively the Japanese counterpart to Korea's PortOne
Tokyo-based, operated by Degica

PayPay:

SoftBank's QR payment app, 60 million active Japanese users
Direct API integration is hard; usually accepted through KOMOJU or GMO PG

LINE Pay:

Linked to LINE accounts; the Japanese deployment is operationally separate from Korea's LINE Pay
Scaled back parts of its Japanese business in 2024; in-store payments are being absorbed into PayPay

// KOMOJU API — the cleanest path for foreign SaaS accepting Japanese payments
import KomojuApi from 'komoju-node'

const komoju = new KomojuApi({
  secretKey: process.env.KOMOJU_SECRET_KEY!,
})

const session = await komoju.sessions.create({
  amount: 1980,           // 1,980 JPY
  currency: 'JPY',
  email: 'customer@example.jp',
  return_url: 'https://example.com/return',
  payment_types: ['credit_card', 'konbini', 'paypay', 'linepay'],
})

// Redirect user to session.session_url

Recommended Korean → Japan combo: KOMOJU (small ticket, foreigner-friendly) + GMO PG (high volume) in parallel. Japanese cards are increasingly enforcing 3DS, so 3DS2 SDK integration is becoming progressively more important.

11. Billing — Stripe Billing vs Lago vs OpenMeter vs Orb vs Metronome

For SaaS, billing (subscriptions + usage) is a domain separate from payments. The 2026 billing market has consolidated around six products.

Product	Operating model	Strengths	Weaknesses
Stripe Billing	SaaS, Stripe-locked	Tight payment integration, subscription standard	Weak for complex usage metering
Lago	Open source + Cloud	Self-hostable, free to start	Newer, some features still maturing
OpenMeter	Open source, CNCF	Usage metering specialist, Kafka-based	Separate tool needed for billing itself
Orb	SaaS	Strong on complex usage models, AI-company favorite	Expensive
Metronome	SaaS	Used by OpenAI, Anthropic, Databricks	Enterprise only
Maxio (formerly Chargify + SaaSOptics)	SaaS	B2B-focused, strong MRR/ARR reporting	Weaker on modern usage models

Stripe Billing — basic subscription model:

// 1) Create a Price (once)
const price = await stripe.prices.create({
  product: 'prod_premium',
  unit_amount: 1999,
  currency: 'usd',
  recurring: { interval: 'month' },
})

// 2) Create a subscription
const subscription = await stripe.subscriptions.create({
  customer: 'cus_xxx',
  items: [{ price: price.id }],
  payment_behavior: 'default_incomplete',
  expand: ['latest_invoice.payment_intent'],
})

// 3) Usage-based pricing — redesigned as Meter Events in 2025
await stripe.billing.meterEvents.create({
  event_name: 'api_request',
  payload: { stripe_customer_id: 'cus_xxx', value: '1' },
})

Lago's appeal (open source):

# Self-host with a single Docker Compose file
# https://github.com/getlago/lago
services:
  api:
    image: getlago/api:v1.x
    environment:
      DATABASE_URL: postgres://...
      REDIS_URL: redis://...

Lago delegates payment processing to Stripe / Adyen and only handles usage metering, invoice generation, and subscription management. That makes PSP swaps painless and is ideal for EU and Korean companies that need data sovereignty via self-hosting.

Where Orb and Metronome sit:

Both target "companies with very complex usage-based pricing"
OpenAI uses Metronome for token-level billing (billions of events per month)
Anthropic operates at similar scale and evaluates Orb / Metronome
Pricing is steep ($2,000–$10,000/month and up), but if your usage model is complex the ROI vs. building in-house is overwhelming

12. Consumption Pricing — Tier / Stripe Billing

The single biggest shift in SaaS pricing from 2023 to 2026 is the move from seat-based subscription to consumption-based. OpenAI (tokens), Snowflake (compute), Vercel (build minutes), and Cloudflare (requests) standardized the model, and by 2026 it has become the default for nearly all infrastructure SaaS.

Implementation challenges for consumption pricing:

Accurate metering: aggregate tens of thousands of events per second without loss
Deferred invoicing: aggregating a month of events at bill time loads the billing system
Budget alerts: protect users from surprise bills with 80% and 100% notifications
Mixing prepaid credits and postpaid billing: the canonical OpenAI model
Multi-unit invoices: API calls + storage GB + egress GB on one bill

Tier (open source) lets you add consumption pricing with a single SDK call.

// Tier SDK example (conceptual)
import { Tier } from 'tier'
const tier = new Tier()

// Report usage
await tier.report('org:acme', 'feature:api-calls', 100)

// Pricing model is declared in YAML
// plans:
//   premium:
//     features:
//       api-calls:
//         tiers:
//           - upto: 10000
//             price: 0
//           - upto: 100000
//             price: 0.001
//           - upto: inf
//             price: 0.0005

Stripe Billing's Meter Events (launched in 2025) solves the same problem inside Stripe.

// Fire a meter event on each API call
await stripe.billing.meterEvents.create({
  event_name: 'api_calls',
  payload: {
    stripe_customer_id: 'cus_xxx',
    value: '1',
  },
})

// Stripe aggregates automatically and generates the end-of-month invoice

The key insight for consumption pricing is that your event-collection infrastructure should be decoupled from your billing system. The pattern that has become standard: write events first to an analytics store (OpenMeter, Tinybird, ClickHouse), then let billing (Stripe/Lago/Orb) read from there.

13. Security — Webhook Verification / Idempotency Keys / SCA / 3DS2

80% of payment integration work is "the basic transaction flow." The other 20% is security and reliability — but that 20% causes 99% of incidents.

Webhook signature verification (Stripe example):

import { headers } from 'next/headers'

export async function POST(req: Request) {
  const sig = (await headers()).get('stripe-signature')!
  const body = await req.text()       // raw body, before JSON.parse
  let event
  try {
    event = stripe.webhooks.constructEvent(
      body,
      sig,
      process.env.STRIPE_WEBHOOK_SECRET!
    )
  } catch (err) {
    return new Response('Invalid signature', { status: 400 })
  }
  // event is now verified; proceed
}

The stripe-signature header has the format t=timestamp,v1=signature, and the Stripe SDK automatically verifies:

Timestamp is within 5 minutes (replay-attack protection)
HMAC-SHA256(body, secret) matches the signature
Comparison uses timing-safe compare

Idempotency-Key:

Guarantees the same result if the same request is sent twice. Supported by Stripe, Square, Razorpay, and Toss Payments.

const intent = await stripe.paymentIntents.create(
  { amount: 1999, currency: 'usd' },
  { idempotencyKey: `order-${orderId}-${attempt}` }
)

Key points: idempotency keys are valid for 24 hours, and sending a different payload with the same key throws an error. The standard pattern is: generate a UUID once and reuse it across retries.

SCA (Strong Customer Authentication):

EU PSD2 requirement, mandatory since 2021. Nearly every EU transaction needs two of:

Something you know (password, PIN)
Something you have (phone, security token)
Something you are (biometrics)

In practice 3DS2 (3D Secure 2.x) is the standard implementation. The card network scores transaction risk: some are frictionless (auto-pass), some require an OTP or biometric challenge.

// Creating a PaymentIntent triggers the SCA flow automatically
const intent = await stripe.paymentIntents.create({
  amount: 1999,
  currency: 'eur',
  payment_method_types: ['card'],
  // automatic_payment_methods handles SCA automatically
})

// The PaymentElement on the client renders the 3DS challenge modal

Korea uses identity verification (phone/PKI) instead of SCA for some transactions; Toss Payments and PortOne handle it in a one-line SDK call. Japan started phased 3DS2 mandates in 2025 (large merchants first).

14. Who Should Pick What — Global / Korea / Japan / B2B SaaS / Marketplaces

Finally, scenario-based recommendations.

Scenario	First choice	Secondary / supplementary	Billing
Global SaaS (English-speaking)	Stripe	Adyen (enterprise)	Stripe Billing
Korea-focused SaaS	Toss Payments or PortOne	Stripe (international cards)	Stripe Billing or Lago
Korea + Japan dual launch	PortOne (Korea) + KOMOJU (Japan)	Stripe (West)	Lago (decoupled)
Japan-focused	GMO PG + KOMOJU	Stripe (West)	Stripe Billing
India entry	Razorpay	Stripe (international cards)	Stripe Billing
European SMB	Mollie	Stripe	Stripe Billing
European enterprise	Adyen	Checkout.com	Stripe Billing or Orb
AI usage billing	Stripe (payments)	—	Metronome or Orb
Open source / self-host required	Stripe + Lago	—	Lago
Offline store + online	Square (US) / Adyen	Stripe (web only)	Stripe Billing
Marketplace (Uber, Etsy style)	Stripe Connect	Adyen for Platforms	Stripe Billing
B2B invoice-heavy	Stripe Billing	Maxio	Maxio
One-click checkout focus	Bolt + Stripe	PayPal + Braintree	Stripe Billing

Decision heuristics:

First question: Where does more than 50% of revenue come from? That country's standard PSP is your first choice.
Second question: Is usage-based billing core to the business? If yes, separate billing from PSP (Lago/Orb).
Third question: Volume under 10,000 transactions/month? If yes, start with self-service Stripe / Toss.
Fourth question: International expansion within 12 months? If yes, design Stripe in parallel from day one.

Most common mistakes:

Integrating multiple PSPs directly from the start. Start with an aggregator (PortOne, KOMOJU) and only switch to direct integration once volume justifies negotiation.
Starting usage-based billing on Stripe Billing. As the model gets complex the migration pain is large. If usage is core, consider Lago/Orb from day one.
Deferring webhook verification. The number-one cause of production incidents. Verify signatures from the very first integration.
Skipping idempotency keys. Network retries cause duplicate charges. Every payment API supports idempotency keys — always use them.

Payments are infrastructure, and infrastructure is expensive to migrate after a wrong choice (1–3% of revenue is typical). Picking the right scenario row above gets you halfway to success. The other half is treating webhooks, idempotency, and 3DS2 correctly from the start.

15. References

Stripe Documentation — https://docs.stripe.com/
Stripe API Reference — https://docs.stripe.com/api
Stripe Atlas — https://stripe.com/atlas
Stripe Tax — https://stripe.com/tax
Stripe Identity — https://stripe.com/identity
Stripe Issuing — https://stripe.com/issuing
Stripe Billing Meter Events — https://docs.stripe.com/billing/subscriptions/usage-based
Adyen Documentation — https://docs.adyen.com/
Adyen API Explorer — https://docs.adyen.com/api-explorer/
Toss Payments Developers — https://docs.tosspayments.com/
Toss Payments GitHub — https://github.com/tosspayments
PortOne Documentation — https://developers.portone.io/
PortOne V2 API — https://developers.portone.io/api/rest-v2
KCP (Korea Cyber Payment) — https://developers.kcp.co.kr/
KG Inicis Developer Center — https://manual.inicis.com/
Danal Payments — https://www.danalpay.com/
Square Developer — https://developer.squareup.com/
Cash App Pay — https://developers.cash.app/
Mollie Documentation — https://docs.mollie.com/
Checkout.com Documentation — https://www.checkout.com/docs
Braintree Documentation — https://developer.paypal.com/braintree/docs
Razorpay Documentation — https://razorpay.com/docs/
GMO Payment Gateway — https://www.gmo-pg.com/service/
PAY.JP Documentation — https://pay.jp/docs/
KOMOJU Documentation — https://docs.komoju.com/
PayPay for Developers — https://developer.paypay.ne.jp/
LINE Pay Developers — https://pay.line.me/developers/apis/onlineApis
Lago Open Source — https://github.com/getlago/lago
Lago Documentation — https://doc.getlago.com/
OpenMeter — https://openmeter.io/
Orb — https://www.withorb.com/
Metronome — https://metronome.com/
Maxio (Chargify + SaaSOptics) — https://www.maxio.com/
Tier — https://www.tier.run/
Bolt — https://www.bolt.com/
Standard Webhooks — https://www.standardwebhooks.com/
PCI DSS — https://www.pcisecuritystandards.org/
PSD2 / SCA — https://www.ecb.europa.eu/paym/intro/mip-online/2018/html/1803_revisedpsd.en.html
3D Secure 2 Spec — https://www.emvco.com/emv-technologies/3d-secure/