You can use the Payment Request API to launch Android payment apps from websites running inside a WebView. This works using the same JavaScript API already available in Chrome.
This feature is available starting in WebView version 136, which typically ships with Chrome 136.
Set up Payment Request in WebView host apps
To launch
Android payment apps
from WebView, the Payment Request API queries the system using Android intents.
To support this, the WebView host app must declare those intents in its
AndroidManifest.xml file.
By default, Payment Request is disabled in WebView.
Follow these steps to enable it using WebSettingsCompat from AndroidX WebKit
version 1.14.0 or higher:
Step 1: Add the AndroidX WebKit dependency
Kotlin (build.gradle.kts)
dependencies {
implementation("androidx.webkit:webkit:1.14.0")
}
Groovy (build.gradle)
dependencies {
implementation 'androidx.webkit:webkit:1.14.0'
}
Version catalog
[versions]
webkit = "1.14.0"
[libraries]
androidx-ktx = { group = "androidx.webkit", name = "webkit", version.ref = "webkit" }
Step 2: Import required classes
These classes let you access and configure WebView settings and check for feature support at runtime.
import android.webkit.WebSettings;
import android.webkit.WebView;
import androidx.webkit.WebSettingsCompat;
import androidx.webkit.WebViewFeature;
Step 3: Enable Payment Request in WebView code
This step turns on the Payment Request feature in your WebView and ensures the site can trigger it using JavaScript.
This step turns on the Payment Request feature in your WebView and ensures the site can trigger it using JavaScript.
Kotlin (Compose)
AndroidView(
factory = {
WebView(it).apply {
settings.javaScriptEnabled = true
if (WebViewFeature.isFeatureSupported(
WebViewFeature.PAYMENT_REQUEST)) {
WebSettingsCompat.setPaymentRequestEnabled(settings, true);
}
}
},
update = {it.loadUrl(url)
}
)
Java
WebView webView = findViewById(R.id.webview);
WebSettings webSettings = mWebView.getSettings();
webSettings.setJavascriptEnabled(true);
if (WebViewFeature.isFeatureSupported(
WebViewFeature.PAYMENT_REQUEST)) {
WebSettingsCompat.setPaymentRequestEnabled(webSettings, true);
}
Step 4: Add intent filters in AndroidManifest.xml
These filters let WebView discover and invoke Android payment apps using system intents:
<queries>
<intent>
<action android:name="org.chromium.intent.action.PAY"/>
</intent>
<intent>
<action android:name="org.chromium.intent.action.IS_READY_TO_PAY"/>
</intent>
<intent>
<action android:name="org.chromium.intent.action.UPDATE_PAYMENT_DETAILS"/>
</intent>
</queries>
Use the following intents in your AndroidManifest.xml to support key Payment
Request features:
org.chromium.intent.action.PAY: Lets the WebView invoke Android payment apps and receive payment responses. Learn more in the Android payment apps developer guide.org.chromium.intent.action.IS_READY_TO_PAY: Allows websites to check if the user has a supported payment method set up. Learn more in the Android payment app developers guideorg.chromium.intent.action.UPDATE_PAYMENT_DETAILS: Supports dynamic updates, such as when the user changes their shipping address or option in the payment app. Learn more in Providing shipping and contact information from an Android payment app.
Step 5: Rebuild and publish your app
After making these changes, rebuild your app and release an updated version to the Play Store.
Optional: Customize readiness checks
In addition to launching Android payment apps, the Payment Request API lets websites check if the user is ready to pay. For example, websites can detect if the user has a supported payment method set up.
Chrome includes a setting that allows users to enable or disable this check. WebView host apps can offer a similar toggle using:
WebSettingsCompat.setHasEnrolledInstrumentEnabled(WebSettings, boolean)
This setting is enabled by default (true). When active, it allows websites
running in WebView to detect if the user has an enrolled payment instrument.
Check for Payment Request support in JavaScript
After WebSettingsCompat.setPaymentRequestEnabled(webSettings, true) has been
called in Java or Kotlin, the window.PaymentRequest interface becomes
available in JavaScript. This can be used for feature detection on the webpage:
if (window.PaymentRequest) {
// Payment Request is available.
} else {
// Payment Request is not available.
}
When window.PaymentRequest is available, the webpage can continue to
initiate a payment transaction.
Integrate Android payment apps with Payment Request
To support Payment Request, Android payment apps must respond to specific system intents and handle payment data securely. These guides explain how to register payment methods, implement your payment service, and protect your app:
- Android payment apps developer guide: Build and configure your payment app, including how to handle intents and verify the calling app.
- Set up a payment method: Register your payment method and define its capabilities.
Secure your app against misuse
Any app can call the Android payment intents org.chromium.intent.action.PAY,
IS_READY_TO_PAY, and UPDATE_PAYMENT_DETAILS. WebView host apps can also
observe, initiate, and intercept Payment Request calls. Because WebView runs
inside the host app's process, it can't restrict how these intents are used.
Malicious apps can exploit this to launch oracle attacks.
In an oracle attack, a payment app unintentionally reveals information it
shouldn't. For example, an attacker might use IS_READY_TO_PAY to discover
which payment instruments the user has available.
You must build protections into your payment app to defend against this kind of misuse.
Use the following strategies to mitigate abuse:
- Throttle requests: Limit how often your app responds to
IS_READY_TO_PAY. For example, respond only once every 30 minutes. - Use encryption: Encrypt sensitive responses so only your trusted merchant servers can decrypt them. Always perform encryption and decryption on the server side.
- Restrict access: Maintain an allow list of trusted WebView host apps using their package names and SHA256 signing certificates. Learn more in the Android payment app developers guide.