Integrate Kushki.js in 15 minutes: payments on your site without touching card data
A step-by-step guide to building a secure checkout with Kushki.js, client-side tokenization and PCI scope reduced to SAQ A.
April 10, 2026
·8 minKushki.js is Kushki's official JavaScript library for client-side tokenization. By using it, card data never reaches your servers — your application's PCI scope is reduced to SAQ A, the simplest of all.
Prerequisites
- Active Kushki account (sandbox or production)
- Your account's public key
- A backend capable of making HTTPS requests to the Kushki API
1. Installation
You can load Kushki.js from our CDN or install it via npm. We recommend the CDN for projects where bundle size matters.
Always load Kushki.js from cdn.kushki.com. Don't self-host it — doing so would take you out of SAQ A and expand your PCI scope.
2. Tokenization
Kushki.js exposes the requestToken() method which receives card data and returns a single-use token valid for 15 minutes. The token is generated in the user's browser; your servers never see the PAN.
3. Execute the charge
With the token in hand, your backend calls Kushki API's POST /charges endpoint using your private key. The token is securely exchanged for a real transaction.
4. Confirm with webhooks
Never trust the frontend result to update an order's status. Always listen for the payment.succeeded or payment.failed webhook in your backend to update state reliably.
An integration without webhooks is an incomplete integration. Payments can succeed seconds after the user's browser times out.
— — Integrations Team, Kushki