The Merchant API is a general endpoint on your ecommerce server that Bolt can use to make synchronous calls and retrieve information. This information includes details on shipping, tax, and viable discounts codes.
www.mystore.com/boltpay/
).Repeat to set up your Merchant Sandbox environment.
Use our official API Reference to see request and response formats for each API type.
order.create
: Verifies that an order can be created before payment authorization.order.shipping_and_tax
: Retrieves shipping and tax options for a given order.discount.code.apply
: Applies any discounts entered in the Bolt Checkout.All requests sent from Bolt to your Merchant API are signed by HMAC to ensure authenticity. You must verify these request signatures using the Signing Secret found in your Merchant Dashboard > Developers > API > Keys.
$hmac_header = $_SERVER['X-Bolt-Hmac-Sha256'];
function verify_webhook($payload, $hmac_header) {
$computed_hmac = base64_encode(hash_hmac('sha256', $payload, BOLT_SIGNING_SECRET, true));
return ($computed_hmac == $hmac_header);
}
To send back specific errors in merchant api responses visit the error codes reference article.