How do I get Bolt API keys?

Create a merchant account, then open Administration → API in the dashboard. You need an API key (server), signing secret (webhook verification), and publishable key (client-side). See API keys.

What is the difference between sandbox and production?

Sandbox uses api-sandbox.bolt.com and merchant-sandbox.bolt.com. Production uses api.bolt.com and merchant.bolt.com. Keys and transactions do not cross environments. See Environments.

How do I integrate Bolt checkout with Shopify?

Start with the Shopify platform guide, then follow Shopify installation for dashboard and theme configuration. For checkout links, see Checkout Everywhere.

How do I integrate Bolt with BigCommerce?

Install the Bolt app from BigCommerce, then follow BigCommerce installation for scripts, webhooks, and theme updates.

What is Embeddable Checkout vs Bolt Checkout?

Bolt Checkout replaces your full checkout page on supported platforms. Embeddable Checkout adds Bolt payment fields and shopper accounts inside your custom UI. Compare Bolt Checkout and Embeddable Checkout.

How do I verify Bolt webhooks?

Use your signing secret to verify the HMAC signature on every inbound request before processing. See Verify webhooks.

How do I test payments without charging real cards?

Use sandbox with test cards. All transactions appear in the sandbox merchant dashboard. Your server creates a link via POST /v1/gaming/payment_links. The shopper completes checkout in a browser; you receive a webhook on success. Start at Gaming quickstart.

How do I onboard marketplace sellers with Bolt Connect?

Use Bolt Connect to onboard sellers and split payments. See Bolt Connect and Marketplace onboarding.

What authentication headers does the Bolt API require?

Outbound requests need X-Api-Key and X-Nonce. Client-side SDK initialization uses the publishable key. See Authentication.

How do AI coding tools read Bolt documentation?

Use llms.txt, llms-full.txt, per-page .md URLs, or the MCP server. See Docs for agents.

Where is the Bolt OpenAPI spec?

Main spec: https://assets.bolt.com/external-api-references/bolt.yml. Embeddable v1: embedded.yml. Tokenizer: tokenizer.yml.

What should I do when a Bolt API call returns 401 or 422?

401: Check API key and environment (sandbox vs production). Do not retry without fixing credentials. 422: Fix request parameters per the OpenAPI schema; do not retry the same payload. See Errors.