Table of Contents
If you’re building an MCP app or an Apps SDK app for ChatGPT, you’ve probably hit the payments wall. The discovery and interaction parts work beautifully. Your MCP server communicates with the LLM, the LLM communicates with the user, and widgets render cleanly. However, the moment a user attempts to pay, the flow is interrupted.
You either redirect them to an external checkout (and lose context) or attempt to integrate payment collection directly into your MCP app (which adds development time and inherits PCI-DSS scope, a 6-12 month certification process you almost certainly don’t want).
Cashfree Here is a payment connector built specifically for MCP and Apps SDK architectures. It handles order creation, payment method selection, secure collection, and confirmation – all rendering inside the chat widget. Your app stays out of PCI scope. Here’s how it works.
How MCP App Payments Are Different
A traditional app has three layers: the frontend (iOS, Android, web), the backend APIs, and the payment integration. You’ve probably spent years optimising this stack. MCP apps have a fundamentally different architecture:
| Layer | What It Does |
| Chat Interface | ChatGPT, Claude, Gemini – where your users are |
| Business MCP Server | Your backend – tells the LLM what’s available, handles business & UI logic |
| MCP Tools | Specialised functions – payments, bookings, inventory |
| MCP Resources | The UI layer – renders visuals inside the chat widget |
Cashfree Here plugs into this architecture as a connector: it provides both a tool (for order creation and payment processing) and a resource (for rendering the payment UI within the chat widget). You wire it into you rexisting MCP server for your MCP Apps or ChatGPT app, and the entire payment flow: UI, security, and orchestration is handled by the connector.
Three Problems You’d Hit Building This Yourself
1. PCI-DSS in a Chat Widget
Card payments require PCI-DSS compliance. In a traditional app, your payment aggregator’s SDK or hosted checkout page handles this. But in an MCP app, there’s no standard way to render a secure checkout page. The entire interaction occurs within chat widgets within a larger conversation. You need secure iframes embedded within the chat interface itself to collect and transmit card data over certified networks. Building this means getting your MCP app PCI-DSS certified. That’s a minimum of 6-12 months. Cashfree Here provides pre-certified secure elements that are rendered inside the chat widget. Your app never touches card data.
2. Context Preservation Across Payment Flows
When payment completes (or fails), or the user switches methods, the conversation needs to resume exactly where it left off. The LLM needs to know what happened so the user can reference the transaction later. Cashfree Here handles this with a three-way confirmation loop: upon payment completion, we simultaneously notify the user (via an in-chat widget with the receipt), the host LLM (to maintain context), and your backend (via a webhook for fulfilment). If a payment fails or the user retries, context is preserved.
3. Action Integrity (LLMs Cannot Pay)
This is critical: in an AI app, the LLM must never be able to execute a payment action. If a user types “yes, pay for it” and the LLM interprets that as a confirmation, you’ve got a serious problem – hallucinations and unintended actions could complete real transactions. Cashfree Here enforces action-based confirmations at the protocol level. The LLM can suggest payment actions, but only explicit user clicks (button taps) can trigger them. This is not configurable; it’s built into the connector.
Integration: The Actual Flow
Here’s what the integration looks like end-to-end. We’ll use a food ordering app as an example.
Step 1: Add Cashfree Here to your MCP configuration
Register Cashfree here as a tool and resource in your MCP server config. This makes the payment connector available to your app.
Step 2: Create an order when the user initiates payment
When the user clicks “Pay Now” in your chat widget, your MCP server calls the create_cashfree_order tool:
Tool: create_cashfree_order
Input: {
amount: 1250.00,
order_id: “ORD_12345”,
customer_details: {
customer_id: “CUST_789”,
customer_phone: “9876543210”
}
}
Output: {
encrypted_token: “cf_tok_xxx…”,
order_reference: “cf_order_abc123”
}
Step 3: Render payment options
Then the chat platform sends the encrypted token to Cashfree, rendering the cashfree here resource. Based on the customer’s history with your business, available payment methods, and order amount, the connector renders payment options in the chat widget: UPI Intent (shows available TPAPs like PhonePe, GPay, Paytm), QR Scan & Pay, and Cards (including tokenised cards saved in Cashfree Token Vault).
Step 4: Secure payment element
When the user selects a method, the connector renders the appropriate secure checkout element—all inside the chat widget. For UPI Intent, users see available TPAP apps and get redirected to their chosen app for authentication. For QR, a dynamic QR code displays in-chat. For cards, a PCI-DSS compliant secure iframe collects card details, with support for saved/tokenised cards and native OTP authentication (passkeys for 2FA coming soon). Important: these secure elements are hosted and managed entirely by Cashfree’s certified infrastructure. Neither ChatGPT nor Claude can access information shared within them.
Step 5: Handle the webhook
On payment completion, Cashfree Here sends confirmation to the user (in-chat receipt), the host LLM (context maintenance), and your backend (webhook for order fulfilment). You handle the webhook on your end for downstream processing. That’s the full integration.
What You Don’t Have to Build
For context on what this saves you: integrating payments into a native iOS app for the first time typically takes an engineering team 2–3 weeks. Building a PCI-compliant card collection from scratch takes 6-12 months of certification work. Cashfree Here gives you the full payment stack: secure UI, PCI compliance, tokenisation, multi-method support, context preservation, and action integrity as a connector you wire in.
Specifically, the connector handles: PCI-DSS compliant card collection via secure iframes (your app stays out of scope), card tokenisation via Cashfree Token Vault (no card data on your systems), encrypted token exchange between your MCP and the connector (no sensitive data in plain text), network isolation (payment processing runs on Cashfree’s isolated infrastructure, separate from the chat interface), and action-based confirmation enforcement (LLM can never trigger transactions).
Platform Notes
Cashfree Here works with both OpenAI’s Apps SDK and Anthropic’s MCP Apps. For ChatGPT, every published app goes through OpenAI’s approval process. For Claude, users connect MCPs directly in their environment, but apps don’t have access to information outside their respective widgets.
For Indian businesses specifically, OpenAI’s in-house payments (analogous to Apple Pay) aren’t available in India yet. Integrating with a payment connector is currently the only way to enable in-chat payments for Indian users.
Get Early Access
We’re rolling out Cashfree Here to access partners early. If you’re building an MCP app or Apps SDK app and need payments, we’d like to work with you.
Join the waitlist: [waitlist link]
If you have questions about the architecture or would like to discuss your integration, reach out to [contact]. We’ve been building this for the past several months and have opinions on what works and what doesn’t in AI commerce.
