> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lite.sa/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a checkout session

> Creates a new hosted checkout session and returns a payment link and client
secret for use in the frontend SDK.




## OpenAPI

````yaml /openapi/payment-acceptance.json post /checkout/sessions
openapi: 3.1.0
info:
  title: lite - Payment Acceptance
  version: 1.0.0
servers:
  - url: https://api.lite.sa/v1
    description: Production
security:
  - ApiKeyAuth: []
  - BearerAuth: []
tags:
  - name: 3DS Authentication
    description: Standalone payer authentication via the 3DS standard
  - name: Hosted Checkout
    description: Create, manage and deploy hosted checkout pages
  - name: Server-to-Server Payments
    description: Direct payment API for server-side integrations
paths:
  /checkout/sessions:
    post:
      tags:
        - Hosted Checkout
      summary: Create a checkout session
      description: >
        Creates a new hosted checkout session and returns a payment link and
        client

        secret for use in the frontend SDK.
      operationId: lite.checkout.createSession
      parameters:
        - $ref: '#/components/parameters/x-correlation-id'
        - $ref: '#/components/parameters/x-idempotency-key'
      requestBody:
        $ref: '#/components/requestBodies/CreateCheckoutSession'
      responses:
        '201':
          $ref: '#/components/responses/SessionCreated'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '500':
          $ref: '#/components/responses/InternalServerError'
components:
  parameters:
    x-correlation-id:
      name: x-correlation-id
      in: header
      required: false
      description: >-
        Unique identifier for request tracing. Generated by the client or server
        if not provided.
      schema:
        type: string
        format: uuid
        example: 550e8400-e29b-41d4-a716-446655440000
    x-idempotency-key:
      name: x-idempotency-key
      in: header
      required: false
      description: >-
        Unique key for idempotent request processing. Duplicate requests with
        the same key are safely ignored.
      schema:
        type: string
        format: uuid
        example: baf6a8e2-0c89-46ef-9ca5-faa65b99bcd5
  requestBodies:
    CreateCheckoutSession:
      description: Create a new hosted checkout session
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/CreateCheckoutSessionRequest'
  responses:
    SessionCreated:
      description: Checkout session created successfully.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/CheckoutSessionResponse'
    BadRequest:
      description: >
        The request was invalid or malformed.


        Returned when:

        - Request validation fails (missing required fields, invalid field
        formats)

        - Payment details do not match the session (amount, currency, order
        reference mismatch)

        - The operation is not allowed given the current resource state
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    Unauthorized:
      description: |
        Authentication failed — missing or invalid token.

        Returned when:
        - The JWT bearer token is missing, expired, or has an invalid signature
        - The API key is missing or invalid
        - The authenticated session token is invalid
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    Forbidden:
      description: >
        Request blocked by security policy.


        Returned when:

        - A security threat is detected (SQL injection, XSS, NoSQL injection,
        LDAP injection, path traversal)

        - Header injection or suspicious headers are detected

        - The request payload exceeds the maximum allowed size

        - Geo-region validation fails (user country does not match client
        region)
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    InternalServerError:
      description: >
        An unexpected error occurred on the server.


        Returned when an unhandled exception or infrastructure failure prevents
        the request from being processed. Retry the request with exponential
        backoff.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
  schemas:
    CreateCheckoutSessionRequest:
      type: object
      description: Request body for creating a new checkout session
      required:
        - customer
        - amount
        - currency
        - redirect_urls
        - order
      properties:
        customer:
          $ref: '#/components/schemas/Customer'
        amount:
          type: integer
          minimum: 1
          description: Payment amount in minor units (e.g. 10000 for 100.00 SAR)
          example: 10000
        currency:
          type: string
          description: Currency code (ISO 4217)
          example: SAR
        redirect_urls:
          $ref: '#/components/schemas/RedirectUrls'
        expiry:
          type: integer
          minimum: 60
          maximum: 86400
          description: Session expiry in seconds (default 3600)
          example: 1800
        three_ds_required:
          type: boolean
          description: Whether 3DS authentication is required
          example: true
        order:
          $ref: '#/components/schemas/Order'
        metadata:
          type: object
          description: Additional metadata
          example:
            session_type: standard
        channel_id:
          type: string
          format: uuid
          description: Channel ID for the session
          example: 550e8400-e29b-41d4-a716-446655440000
    CheckoutSessionResponse:
      type: object
      description: Response returned after creating a checkout session
      required:
        - id
        - payment_link
        - client_secret
        - status
        - expires_on
        - order_id
        - amount
        - currency
        - customer
      properties:
        id:
          type: string
          format: uuid
          description: Unique checkout session identifier
          example: 550e8400-e29b-41d4-a716-446655440000
        payment_link:
          type: string
          format: uri
          description: URL for the hosted checkout page
          example: https://checkout.lite.sa/ses_a1b2c3d4e5f6
        client_secret:
          type: string
          description: Client secret for frontend SDK authentication
          example: cs_a1b2c3d4e5f6
        status:
          $ref: '#/components/schemas/CheckoutSessionStatus'
        expires_on:
          type: string
          format: date-time
          description: Session expiry timestamp
          example: '2026-05-18T12:00:00.000Z'
        order_id:
          type: string
          description: Order reference
          example: ORD-123456
        amount:
          type: integer
          description: Session amount in minor units
          example: 10000
        currency:
          type: string
          description: Currency code (ISO 4217)
          example: SAR
        customer:
          $ref: '#/components/schemas/Customer'
        order:
          $ref: '#/components/schemas/Order'
    ErrorResponse:
      type: object
      required:
        - error
      properties:
        error:
          type: object
          required:
            - code
            - message
            - timestamp
          properties:
            code:
              type: string
              description: Error code identifying the type of error
              example: PAYMENT_DETAILS_MISMATCH
            message:
              type: string
              description: Human-readable error description
              example: The request was invalid or malformed
            details:
              type: object
              description: Additional error details
            correlationId:
              type: string
              format: uuid
              description: Correlation ID for tracking the request
              example: 550e8400-e29b-41d4-a716-446655440000
            timestamp:
              type: string
              format: date-time
              description: Timestamp when the error occurred
              example: '2024-12-16T10:30:00.000Z'
    Customer:
      type: object
      description: Customer details
      properties:
        id:
          type: string
          description: Customer ID
          example: cust_a1b2c3d4e5f6
        email:
          type: string
          format: email
          description: Customer email
          example: donald.duck@duckworld.com
        first_name:
          type: string
          description: Customer first name
          example: Donald
        last_name:
          type: string
          description: Customer last name
          example: Duck
        phone_country_code:
          type: string
          description: Phone country code
          example: '+966'
        phone_number:
          type: string
          description: Phone number
          example: '555123456'
    RedirectUrls:
      type: object
      description: Redirect URLs for checkout session
      properties:
        success:
          type: string
          format: uri
          description: Redirect URL on successful payment
          example: https://example.com/success
        failure:
          type: string
          format: uri
          description: Redirect URL on failed payment
          example: https://example.com/failure
    Order:
      type: object
      description: Order details
      required:
        - reference
      properties:
        reference:
          type: string
          description: Order reference
          example: ORD-123456
        items:
          $ref: '#/components/schemas/OrderItems'
        shipping_address:
          $ref: '#/components/schemas/Address'
        billing_address:
          $ref: '#/components/schemas/Address'
        amount:
          type: integer
          description: Order amount in minor units
          minimum: 0
          example: 10000
        currency:
          type: string
          description: Currency code (ISO 4217)
          minLength: 3
          maxLength: 3
          pattern: ^[A-Z]{3}$
          example: SAR
        description:
          type: string
          description: Order description
          example: Order description
    CheckoutSessionStatus:
      type: string
      description: Session status
      example: Pending
      oneOf:
        - title: Pending
          const: Pending
          description: Session is active and awaiting payment
        - title: Completed
          const: Completed
          description: Session has been completed
        - title: Expired
          const: Expired
          description: Session has expired
        - title: Cancelled
          const: Cancelled
          description: Session was explicitly cancelled
    OrderItems:
      type: object
      description: Order line items
      properties:
        products:
          type: array
          description: Product line items
          items:
            $ref: '#/components/schemas/Product'
        vat:
          type: object
          description: VAT details
          properties:
            amount:
              type: integer
              description: VAT amount in minor units
              minimum: 0
              example: 750
        shipping:
          type: object
          description: Shipping details
          properties:
            amount:
              type: integer
              description: Shipping amount in minor units
              minimum: 0
              example: 1000
    Address:
      type: object
      description: Address information
      properties:
        name:
          type: string
          description: Contact name
          example: John Doe
        email:
          type: string
          format: email
          description: Email
          example: john@example.com
        street:
          type: string
          description: Street address
          example: 123 Main St
        city:
          type: string
          description: City
          example: Riyadh
        state:
          type: string
          description: State/region
          example: Riyadh Region
        zip:
          type: string
          description: Zip/postal code
          example: '12213'
        country:
          type: string
          description: Country code (ISO 3166 alpha-2)
          minLength: 2
          maxLength: 2
          pattern: ^[A-Z]{2}$
          example: SA
    Product:
      type: object
      required:
        - id
        - price
        - quantity
      properties:
        id:
          type: string
          description: Item ID
          example: prod_123
        name:
          type: string
          description: Item name
          example: T-Shirt
        price:
          type: integer
          minimum: 0
          description: Item price in minor units
          example: 5000
        quantity:
          type: integer
          minimum: 1
          description: Quantity
          example: 2
        metadata:
          type: object
          description: Item metadata
          example:
            color: Blue
            size: L
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: x-api-key
      description: API key for service-to-service or merchant authentication.
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: >-
        JWT Bearer token obtained from user authentication. Passed as
        Authorization: Bearer <token>.

````