📍 Bolt Help / Products / Ignite 🔥 / API Implementation / Endpoints / Get Existing Merchant Account
Get Existing Merchant Account
Merchant-hosted API that allows Bolt to validate whether a shopper has an existing merchant account using their email address

A merchant-hosted API endpoint that Bolt uses when authenticating a shopper to determine whether an account exists within your store.

Overview

Bolt uses this API during the shopper login, registration, and checkout user flows prior to displaying the Login Modal to a shopper.

sequenceDiagram participant Shopper participant Merchant Frontend participant Merchant Backend participant Bolt Embed.js participant Bolt Backend Shopper->>Bolt Embed.js: Shopper enters email Bolt Embed.js->>Bolt Backend: Lookup shopper email Bolt Backend->>Bolt Embed.js: Shopper has a valid existing Bolt Account Bolt Backend->>Bolt Embed.js: Shopper has existing Bolt Account Bolt Embed.js->>Bolt Backend: Merchant Account exists? Bolt Backend-->>Merchant Backend: Check Merchant for existing Account Merchant Backend-->>Bolt Backend: True || False note over Bolt Backend: Sends shopper SMS or email OTP Bolt Backend->>Bolt Embed.js: Displays Login Modal

Request Payload

Bolt will send a POST Request with the following payload which includes shopper’s email address.

{
  "event": "account.get",
  "data": {
    "email": "robert.weir@example.com"
  }
}

Response

Using the shopper’s email address, merchants should query their shopper database to determine whether an existing shopper account exists within their sytem. Bolt expects a 200 response with “success” or “failure” response in following format:

{
  "status": "success"
}

Request Verification

All requests sent from Bolt are signed by HMAC to ensure authenticity. You must verify these request signatures using the Signing Secret found in your Merchant Dashboard > Developers > API > Keys.

$hmac_header = $_SERVER['X-Bolt-Hmac-Sha256'];

function verify_webhook($payload, $hmac_header) {
  $computed_hmac = base64_encode(hash_hmac('sha256', $payload, BOLT_SIGNING_SECRET, true));
  return ($computed_hmac == $hmac_header);
}