📍 Bolt Help / Products / Checkout / Bolt Checkout Direct API Integration Guide / How to Set Up Pre-Authorization How to Set Up Pre-Authorization Learn how to create and test pre-authorization order flows. Page Contents Click to expand. Implement a pre-authorization flow by creating an order in your ecommerce platform before starting the authorization process. This prevents capturing funds on orders that have failed for various reasons. How to Create & Authorize an Order The order.create Merchant Callback API is called after a shopper has selected Pay and directly before Bolt process with payment authorization. Implement order_create Merchant Callback API on your server. Respond to Bolt’s order.create POST request from your Merchant Callback API. Verify the authenticity of the request by confirming that it originated from Bolt. PHP Example <?php require(dirname(__FILE__) . '/init_example.php'); $client = new \BoltPay\ApiClient([ 'api_key' => \BoltPay\Bolt::$apiKey, 'is_sandbox' => \BoltPay\Bolt::$isSandboxMode ]); $requestJson = file_get_contents('php://input'); $requestData = json_decode($requestJson); $baseUrl = $exampleData->getBaseUrl(); $response = [ 'status' => 'success', 'message' => 'Order create was successful.', 'order_received_url' => $baseUrl . '/example/order_confirmation.php', 'display_id' => @$requestData->order->cart->display_id ]; header('Content-Type: application/json'); http_response_code(200); echo json_encode($response); Test the Endpoint Pre-Auth Flow Create an order in a pending state. The transaction must still undergo Bolt’s fraud review. Listen for a Bolt webhook informing whether this order has been accepted or denied. Without Pre-Auth Flow NOTE Bolt recommends setting up a Pre-Authorization flow. Create an order upon receiving a pending webhook or from the frontend success callback. Verify one of the following based on your setup: If you respond to Bolt with an order_received_url (confirmation page), then Bolt will attempt to redirect the user to that URL, when the order is complete. If you choose not to respond with an order_received_url, you may instead accomplish the redirect through frontend callbacks. If the card authorization fails after a successful pre-auth request, Bolt will send a webhook to inform that this order has failed card authorization.