> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dodopayments.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Adyen - Connect & Raw Card API Access

> Generate the API key, merchant account, and HMAC-signed webhook you need to connect Adyen as your own processor with Bring Your Own Processor (BYOP).

<Note>
  This guide applies when you connect **Adyen** as your own processor through [Bring Your Own Processor (BYOP)](/features/byop). [Talk to us](mailto:founders@dodopayments.com) if you need help.
</Note>

## Enable raw card data access

Before Dodo can route payments through Adyen, your Adyen account needs **raw card data access** enabled. Adyen gates this behind PCI DSS compliance. Because **Dodo Payments handles the raw card data on your behalf** and is **PCI DSS Level 1 compliant**, you provide **Dodo Payments' Attestation of Compliance (AOC)** to Adyen — you don't need your own certification.

<Card title="Dodo Payments PCI DSS Attestation of Compliance (AOC)" icon="file-shield" href="https://pub-2a89184e4c954b599464449d23f506bb.r2.dev/dodo-payments-pci-dss-aoc.pdf">
  Download Dodo Payments' current AOC and submit it to Adyen support to enable raw card data access.
</Card>

Contact Adyen support to request raw card access for your merchant account, attaching the AOC above.

## What you'll need

To connect Adyen in **Settings → BYOP**, gather three values from your Adyen Customer Area:

| Value                | Where it comes from                    |
| -------------------- | -------------------------------------- |
| **API key**          | Developers → API credentials           |
| **Merchant Account** | Your Adyen merchant account identifier |
| **HMAC key**         | Generated when you set up the webhook  |

<Info>
  Adyen keeps **test** (`ca-test.adyen.com`) and **live** (`ca-live.adyen.com`) credentials separate. Generate credentials in the environment that matches the mode you're configuring in Dodo.
</Info>

## Step 1: Generate an API key

<Steps>
  <Step title="Open API credentials">
    In the Adyen Customer Area, go to **Developers → API credentials**. You need the **Manage API credentials** or **Merchant admin** role.
  </Step>

  <Step title="Select your credential">
    Choose the **Payments** tab and select your credential username (it looks like `ws_123456@Company.YourCompanyAccount`).
  </Step>

  <Step title="Generate the key">
    Go to **Server settings → Authentication**, open the **API key** tab, and select **Generate API key**.
  </Step>

  <Step title="Copy it immediately">
    Copy and store the key securely; you can't copy it again after leaving the page. A newly generated key is active immediately, and the previous key keeps working for 24 hours.
  </Step>
</Steps>

## Step 2: Find your merchant account

Your **merchant account** is the account identifier Adyen uses to process your transactions. It's shown in the account selector at the top of the Customer Area (for example, `YourCompany_ECOM`). You'll paste this into the **Merchant Account** field in Dodo.

## Step 3: Set up the webhook and HMAC key

Dodo generates a **Webhook Endpoint** URL when you save the Adyen connection. Add it as a webhook in Adyen and generate an HMAC key. You need the **Merchant admin** or **Merchant technical integrator** role.

<Steps>
  <Step title="Create a webhook">
    In the Customer Area, go to **Developers → Webhooks** and select **Create new webhook**. From the list, select **Add** for the **Standard webhook** type.
  </Step>

  <Step title="Configure the webhook">
    * Enter a **Description**.
    * Toggle **Enabled** to activate it.
    * Under **Server configuration**, paste the **Webhook Endpoint** URL that Dodo generated into the **URL** field (it must be HTTPS and publicly accessible).
  </Step>

  <Step title="Generate the HMAC key">
    Under **Security**, in the **HMAC Key** section, select **Generate** to create a new HMAC key. Copy it and store it securely; you won't be able to copy it again later. Then select **Save configuration**.
  </Step>

  <Step title="Paste the HMAC key into Dodo">
    Back in **Settings → BYOP**, paste the HMAC key into the **Webhook Signing Secret** field to finish the connection.

    <Card title="Set up BYOP" icon="shuffle" href="/features/byop">
      Follow the full Bring Your Own Processor setup flow.
    </Card>
  </Step>
</Steps>

<Tip>
  After saving, use **Verify connection** in Dodo to run a test call against Adyen and confirm your API key, merchant account, and HMAC key are valid before you go live.
</Tip>

## Frequently asked questions

<AccordionGroup>
  <Accordion title="What is the HMAC key for?">
    Adyen signs every webhook with an HMAC signature so the receiver can verify the notification's integrity and origin. Dodo uses the HMAC key you provide to validate webhooks from your Adyen account.
  </Accordion>

  <Accordion title="I lost my API key or HMAC key, what now?">
    Neither can be retrieved after creation. Generate a new API key under **Developers → API credentials**, or a new HMAC key in the webhook settings, then update the value in **Settings → BYOP**.
  </Accordion>

  <Accordion title="Do test and live use the same credentials?">
    No. Generate credentials in the matching environment, test (`ca-test.adyen.com`) or live (`ca-live.adyen.com`), and configure them in the corresponding mode in Dodo.
  </Accordion>
</AccordionGroup>

## References

* [Adyen: API credentials](https://docs.adyen.com/development-resources/api-credentials/)
* [Adyen: Configure and manage webhooks](https://docs.adyen.com/development-resources/webhooks/configure-and-manage)
