📍 Bolt Help / Core Products / Checkout / Custom Cart Checkout / Bolt Checkout Direct API Integration Guide / How to Set Up Pre-Authorization

How to Set Up Pre-Authorization

Implement a pre-authorization flow by creating an order in your ecommerce platform before starting the authorization process. This prevents capturing funds on orders that have failed for various reasons.

How to Create & Authorize an Order

The order.create Merchant Callback API is called after a shopper has selected Pay and directly before Bolt process with payment authorization.

  1. Implement order_create Merchant Callback API on your server.
  2. Respond to Bolt’s order.create POST request from your Merchant Callback API.
  3. Verify the authenticity of the request by confirming that it originated from Bolt.

PHP Example

<?php
require(dirname(__FILE__) . '/init_example.php');

$client = new \BoltPay\ApiClient([
    'api_key' => \BoltPay\Bolt::$apiKey,
    'is_sandbox' => \BoltPay\Bolt::$isSandboxMode
]);

$requestJson = file_get_contents('php://input');
$requestData = json_decode($requestJson);
$baseUrl = $exampleData->getBaseUrl();
$response = [
    'status' => 'success',
    'message' => 'Order create was successful.',
    'order_received_url' => $baseUrl . '/example/order_confirmation.php',
    'display_id' => @$requestData->order->cart->display_id
];

header('Content-Type: application/json');
http_response_code(200);
echo json_encode($response);

Test the Endpoint

Pre-Auth Flow

  1. Create an order in a pending state. The transaction must still undergo Bolt’s fraud review.
  2. Listen for a Bolt webhook informing whether this order has been accepted or denied.

Without Pre-Auth Flow

NOTE

Bolt recommends setting up a Pre-Authorization flow.

  1. Create an order upon receiving a pending webhook or from the frontend success callback.
  2. Verify one of the following based on your setup:
    • If you respond to Bolt with an order_received_url (confirmation page), then Bolt will attempt to redirect the user to that URL, when the order is complete.
    • If you choose not to respond with an order_received_url, you may instead accomplish the redirect through frontend callbacks.
    • If the card authorization fails after a successful pre-auth request, Bolt will send a webhook to inform that this order has failed card authorization.
📖On This Page
Go to Advanced Search
Filter by Section
Filter by Topic