The /checkout/cst endpoint lets you mint a Customer Session Token (CST) — a short-lived JWT that authenticates your customer through their checkout experience. You must mint a CST before initiating any checkout flow (hosted or embedded).

📘 Full request/response schemas are available in the API Reference.

🔒 How It Works

A CST is scoped to a single customer session and expires after 24 hours. It links your cart to a verified customer identity, which Diddo uses to authenticate the session on the checkout side.

You mint a CST by sending a POST request to /checkout/cst with your Diddo API key in the Authorization header.

🚀 Endpoint

POST /checkout/cst — Mint a Customer Session Token

🧭 Request Examples

1. Guest Checkout (no customer data)

Pass an empty body to treat this as an anonymous guest session:

json

JavaScript implementation:

javascript

2. Prefilled Customer Info

If you have customer data available (e.g. a logged-in or returning customer), pass it in the request body. Diddo will use it to pre-fill the checkout form for a more seamless experience:

json

JavaScript implementation:

javascript

All fields are optional — pass only what you have.

⚠️

You must pass your DIDDO_API_KEY in the Authorization header as a Bearer token. Without it, you will receive a 401 Unauthorized response.

📦 Response

The endpoint returns a single field containing your CST:

json

Store this token securely — you'll need it in the next step to initiate checkout.

👉

Ready to send your customer to checkout? See Hosted Checkout Flow for hosted redirect and WebView integration, or Checkout SDK to embed checkout directly in your web app.