P
Plugin
SumUp payment provider for Medusa v2.
@sumup/medusa-plugin
SumUp payment provider for Medusa v2.
This plugin lets a Medusa application create and manage SumUp online checkouts from the backend. It supports:
- Hosted Checkout, where the customer is redirected to SumUp's hosted payment page.
- Payment Widget, where the storefront mounts SumUp's card widget with the checkout created by Medusa.
- Refunds through SumUp transactions.
- Medusa's built-in payment webhook route for asynchronous status updates.
The plugin never handles raw card data directly. SumUp credentials remain on the Medusa backend.
Compatibility
- Medusa v2.15.x
- SumUp online checkout flows
Install
Configure Medusa
Register the plugin and payment provider in :
After the application starts, enable the provider for the relevant region in Medusa Admin. Per Medusa's payment-provider model, the resulting provider identifier is when the service identifier is and the configured provider is .
Configuration Options
| Option | Required | Description |
|---|---|---|
| Yes | SumUp API key or access token. Keep it server-side. | |
| Yes | SumUp merchant code that receives the payment. | |
| No | Default checkout mode: or . Defaults to . | |
| No | Backend webhook URL. For provider , use . | |
| No | Storefront URL used after redirect or Strong Customer Authentication flows. | |
| No | Default SumUp checkout description. | |
| No | SumUp SDK request timeout in milliseconds. | |
| No | SumUp SDK retry count. |
You can override , , , , and per payment session through provider data.
Hosted Checkout
With , the plugin creates a SumUp checkout with Hosted Checkout enabled. Medusa stores the returned in the payment-session data. The storefront should redirect the customer to that URL.
Use backend state as the source of truth. The storefront should not treat the redirect alone as proof of payment success.
Payment Widget
With , the plugin creates a SumUp checkout without Hosted Checkout enabled. Medusa stores the returned in the payment-session data. The storefront is then responsible for:
- Loading SumUp's widget SDK.
- Mounting the widget with the checkout ID.
- Asking the backend to re-check the payment state after widget success.
Minimal storefront snippets are available in examples/nextjs/README.md.
Webhooks
Medusa provides a built-in webhook listener route for payment providers at:
For this plugin, with service identifier and provider , the webhook URL is:
The plugin's implementation follows Medusa's payment-webhook flow: it receives the webhook payload, retrieves the checkout from SumUp, maps the result to a Medusa payment action, and returns the payment session reference back to Medusa.
What the Plugin Stores
The payment-session data returned by the provider includes:
- for hosted flows
- and when available
- and
Current Behavior and Limitations
- checks the remote SumUp checkout status rather than performing a separate authorization step.
- does not trigger a separate capture API call. It only succeeds once the SumUp checkout is already paid.
- If the amount or currency changes before payment, deactivates the old checkout and creates a replacement checkout.
- Refunds require a successful SumUp transaction.
- The plugin is built for SumUp online payments, not terminal or card-present flows.
Sandbox Checklist
- Verify one successful Hosted Checkout payment.
- Verify one successful Payment Widget payment.
- Verify at least one webhook-driven payment update.
- Verify one full refund and one partial refund.
- Test SumUp's deliberate failure path with amount .
- Verify expired or canceled checkouts map cleanly back into Medusa session state.
Examples
- Consumer storefront snippets: examples/nextjs/README.md
- Local end-to-end playground: examples/docker/README.md
Contributing
Maintainer and release workflow documentation lives in CONTRIBUTING.md.