What was affected?
On 5 December 2025, we experienced a service disruption affecting Checkout and Payments API authentication between 08:47 and 09:12 UTC. During this period, merchants were unable to generate new authentication credentials required for these services.
The incident was caused by a global outage at Cloudflare, a major internet infrastructure provider. This outage affected our identity provider (Auth0), which relies on Cloudflare for DNS and endpoint protection. The disruption prevented our systems from communicating with Auth0 to issue and verify authentication tokens.
Our Server-to-Server integration (card.peachpayments.com) was unaffected by this incident, as it does not depend on the same authentication infrastructure.
What was the root cause?
Cloudflare experienced a significant outage broadly affecting their global HTTP traffic.
Auth0, our identity provider for merchant authentication, uses Cloudflare for both DNS resolution and endpoint protection. When Cloudflare’s services became unavailable, our checkout systems could not reach Auth0 to generate or verify the JSON Web Key Set (JWKS) credentials required for secure authentication.
This created a single point of failure: our authentication flow was entirely dependent on the availability of both Auth0 and its upstream provider, Cloudflare.
Impact to Merchants
During the incident window, merchants using Checkout or the Payments API experienced the following issues:
• Unable to generate new authentication credentials
• New payment transactions could not be initiated via affected services
• Existing authenticated sessions continued to function until token expiry
Merchants using our Server-to-Server integration (card.peachpayments.com) were not affected and could continue processing transactions normally throughout the incident.
Additionally, some payment methods and platforms experienced independent disruptions due to their own Cloudflare dependencies. Capitec Pay via the Payments API and Shopify integrations were temporarily unavailable as these partners experienced separate downstream impacts from the same Cloudflare outage.
Additionally users that did not have an active dashboard session were unable to log-in and perform dashboard operations.
Once service was restored, all pending operations resumed normally with no data loss.
Immediate response
Upon detecting the outage, our engineering team immediately attempted to route authentication traffic directly to Auth0’s regional endpoints, bypassing Cloudflare’s infrastructure. While this mitigation was being deployed, Cloudflare resolved the underlying issue, restoring full service.