Developers often need SDKs to integrate seamlessly with their specific stack, workflows, and project requirements. To accommodate this we provide the following:

• Modular Design: Our SDK is built with a modular architecture, allowing developers to include only the components they need. This minimizes unnecessary overhead and makes it easier to customize the SDK for different use cases.

• Optional Features: While providing robust defaults, the SDK allows developers to override configurations and selectively enable advanced features. We’ve moved some configurations out of our SDK instantiation down into our checkout flows to enable merchants who want one instance with multiple payment flows.

We understand that developers demand SDKs that perform efficiently in production environments. To meet these expectations, we’ve:

• Bundle size is, and continues to be, a top priority. With significant optimizations, v6 of our SDK is currently just 12% the size of v5, ensuring faster load times and a leaner integration experience.

• In v6, we decoupled the funding eligibility API that was embedded in to the v5 SDK, making it not only optional but also enabling developers to call it server-side, providing greater flexibility and reducing client-side dependencies.

• In v6, we’ve eliminated the use of iframes, significantly reducing DOM elements and enhancing overall performance and more SEO friendly integration experience.

Security is our top priority, and we understand the responsibility that comes with being a third-party library on your page, which is why we’ve designed our integration with robust safeguards to ensure your application and user data remain secure.

• For security-conscious merchants, our v6 SDK supports being sandboxed in your own iframe, providing an additional layer of isolation to ensure that no malicious JavaScript can ever compromise your site.

• Our v6 SDK supports versioned integration with Subresource integrity (SRI), allowing you to lock in a specific version with a hash value that can be validated by the browser. However, this approach comes with the trade-off of not receiving evergreen updates, meaning you'll need to manually update the SDK to access the latest features, improvements, and security patches.