Before production intents can settle against Adyen, a tenant admin configures Checkout credentials and the adyen_manual_capture rail. Paybond resolves merchant account, API keys, and HMAC secrets server-side from this configuration — agents and SDK clients never supply Adyen credentials.
This guide covers operator setup for Adyen, analogous to Configure settlement rails and Configure Shopify settlement.
Scope
Paybond v1 supports BYO Adyen merchant Checkout with manual capture.
Console workspace
Open Configuration → Settlement (/console/configuration/settlement) as a tenant admin.
From here you should be able to:
- Save an Adyen Checkout destination (merchant account, optional store, test/live environment)
- Enter write-only API key and webhook HMAC secret (never redisplayed after save)
- Confirm readiness (API key ready / HMAC ready / stored payment method ready / environment badges)
- Enable the
adyen_manual_capturerail when prerequisites are satisfied
Supported Adyen rail
| Rail | What it settles | Requirement |
|---|---|---|
adyen_manual_capture | Checkout payment with manualCapture; Harbor captures or cancels after evidence evaluation | Active Adyen destination with webhook HMAC for CAPTURE / CANCELLATION finality |
Step 1 — Create Checkout credentials in Adyen
In the Adyen Customer Area for your company:
- Create or select a merchant account (test first).
- Generate a Checkout API key (
X-API-Key) for server-to-server payments. - For live, note the company live URL prefix used by Checkout live hosts.
- Create a standard webhook and copy the HMAC key (hex).
Register Paybond webhook URLs (ports 443 / 8443 / 8843 as required by Adyen):
- Live:
https://api.paybond.ai/webhooks/live/adyen(or/webhooks/adyen) - Sandbox tenant test traffic:
https://api.paybond.ai/webhooks/sandbox/adyen
Enable at least AUTHORISATION, CAPTURE, CAPTURE_FAILED, and CANCELLATION. Also enable CHARGEBACK when you want bound chargebacks to freeze disputable intents (see Chargebacks below). REFUND remains optional for observation.
Step 2 — Save the destination in Console
In Configuration → Settlement:
- Enter merchant account (and optional store).
- Choose test or live environment. Sandbox tenants are restricted to test.
- For live, enter the company live URL prefix.
- Paste the API key, HMAC secret, and (for live funding) a stored payment method id or paymentMethod JSON, then save.
Secrets and the stored payment method are write-only. After save, the console shows masked merchant details and ready badges only — not decrypted keys or PM ids.
Funding instrument
Live Adyen funding uses the stored payment method vaulted on the tenant's Adyen destination. Save it in Console Settlement alongside the API key and HMAC secret before enabling adyen_manual_capture for live.
Security boundary
Agents must not hold Adyen API keys, HMAC secrets, or stored payment methods. Destinations are tenant-owned and configured only by tenant admins in Console Settlement.
HMAC verification
A destination HMAC secret is required for live webhook ingest — not optional. Paybond verifies Adyen notification signatures against the secret you vaulted in Console Settlement and rejects live webhooks with a missing or invalid HMAC.
After you rotate the HMAC key in Adyen Customer Area, re-save the destination secret in Console Settlement immediately so verification stays aligned.
CLI readiness (paybond adyen)
After paybond login, use the Kit CLI to read settlement-config readiness (no secret upsert via CLI):
terminal
paybond adyen ready
paybond adyen doctor
paybond adyen doctor --format jsonadyen readychecksadyen_manual_captureinallowed_rails, destination present, API key and HMAC configured, vaulted stored payment method, live URL prefix when live, and surfaces the paid-plan gate message when live destinations are blocked.adyen doctorexpands ready with expected webhook URLs (/webhooks/live/adyenand/webhooks/sandbox/adyen), sandbox/live mismatch hints against the signed-in principal, and a pointer to Console destination upsert.- Never pass
--live-prefix,--api-key,--hmac-secret,--merchant-account, or--environmentonpaybond adyenargv (rejected; visible in process listings). Upsert those in Console → Settlement write-only fields.
Step 3 — Enable adyen_manual_capture
Once readiness reports an active destination:
- Enable Adyen manual capture in allowed rails.
- Optionally set it as the default rail.
- Save routing.
Harbor rejects creates on this rail when no active Adyen destination exists for the tenant.
Step 4 — Async terminal settlement
Unlike Stripe Connect capture on HTTP success alone, Adyen capture and cancel are asynchronous:
- Evidence evaluation moves the intent to
evidence_submitted. - Settlement confirm requests Adyen capture or cancel and waits for confirmation.
- The intent stays in
evidence_submitteduntil Paybond receives successfulCAPTURE/CANCELLATIONwebhooks and finalizes toreleased/refunded.
Stuck pending modifications
When capture or cancel webhooks lag, Paybond reconciles pending modifications against Adyen. Cases that still need an operator appear under Settlements → Exceptions in the console (same queue as Stripe and Shopify rails).
Chargebacks
When an Adyen CHARGEBACK webhook can be matched to a tenant intent (and its prior authorization), Paybond freezes automated settlement for that intent while it is still in funded or evidence_submitted. An operator then resolves the case through the dispute workflow.
If the webhook cannot be matched (for example the authorization payment reference was never stored), Paybond does not auto-freeze — it stays an observation signal for manual review. Stripe chargeback webhooks work the same way: observation only, never an automatic dispute. Details: Disputes and evidence evaluation.