Skip to main content
This guide applies when you connect Adyen as your own processor through Bring Your Own Processor (BYOP). Talk to us if you need help.

Enable raw card data access

Before Dodo can route payments through Adyen, your Adyen account needs raw card data access enabled. Adyen gates this behind PCI DSS compliance. Because Dodo Payments handles the raw card data on your behalf and is PCI DSS Level 1 compliant, you provide Dodo Payments’ Attestation of Compliance (AOC) to Adyen — you don’t need your own certification.

Dodo Payments PCI DSS Attestation of Compliance (AOC)

Download Dodo Payments’ current AOC and submit it to Adyen support to enable raw card data access.
Contact Adyen support to request raw card access for your merchant account, attaching the AOC above.

What you’ll need

To connect Adyen in Settings → BYOP, gather three values from your Adyen Customer Area:
ValueWhere it comes from
API keyDevelopers → API credentials
Merchant AccountYour Adyen merchant account identifier
HMAC keyGenerated when you set up the webhook
Adyen keeps test (ca-test.adyen.com) and live (ca-live.adyen.com) credentials separate. Generate credentials in the environment that matches the mode you’re configuring in Dodo.

Step 1: Generate an API key

1

Open API credentials

In the Adyen Customer Area, go to Developers → API credentials. You need the Manage API credentials or Merchant admin role.
2

Select your credential

Choose the Payments tab and select your credential username (it looks like ws_123456@Company.YourCompanyAccount).
3

Generate the key

Go to Server settings → Authentication, open the API key tab, and select Generate API key.
4

Copy it immediately

Copy and store the key securely; you can’t copy it again after leaving the page. A newly generated key is active immediately, and the previous key keeps working for 24 hours.

Step 2: Find your merchant account

Your merchant account is the account identifier Adyen uses to process your transactions. It’s shown in the account selector at the top of the Customer Area (for example, YourCompany_ECOM). You’ll paste this into the Merchant Account field in Dodo.

Step 3: Set up the webhook and HMAC key

Dodo generates a Webhook Endpoint URL when you save the Adyen connection. Add it as a webhook in Adyen and generate an HMAC key. You need the Merchant admin or Merchant technical integrator role.
1

Create a webhook

In the Customer Area, go to Developers → Webhooks and select Create new webhook. From the list, select Add for the Standard webhook type.
2

Configure the webhook

  • Enter a Description.
  • Toggle Enabled to activate it.
  • Under Server configuration, paste the Webhook Endpoint URL that Dodo generated into the URL field (it must be HTTPS and publicly accessible).
3

Generate the HMAC key

Under Security, in the HMAC Key section, select Generate to create a new HMAC key. Copy it and store it securely; you won’t be able to copy it again later. Then select Save configuration.
4

Paste the HMAC key into Dodo

Back in Settings → BYOP, paste the HMAC key into the Webhook Signing Secret field to finish the connection.

Set up BYOP

Follow the full Bring Your Own Processor setup flow.
After saving, use Verify connection in Dodo to run a test call against Adyen and confirm your API key, merchant account, and HMAC key are valid before you go live.

Frequently asked questions

Adyen signs every webhook with an HMAC signature so the receiver can verify the notification’s integrity and origin. Dodo uses the HMAC key you provide to validate webhooks from your Adyen account.
Neither can be retrieved after creation. Generate a new API key under Developers → API credentials, or a new HMAC key in the webhook settings, then update the value in Settings → BYOP.
No. Generate credentials in the matching environment, test (ca-test.adyen.com) or live (ca-live.adyen.com), and configure them in the corresponding mode in Dodo.

References

Last modified on June 17, 2026