A merchant-hosted API endpoint that Bolt uses when authenticating a shopper to determine whether an account exists within your store.
Overview
Bolt uses this API during the shopper login, registration, and checkout user flows prior to displaying the Login Modal to a shopper.
Request Payload
Bolt will send a POST Request with the following payload which includes shopper’s email address.
{
"event": "account.get",
"data": {
"email": "robert.weir@example.com"
}
}
Response
Using the shopper’s email address, merchants should query their shopper database to determine whether an existing shopper account exists within their sytem. Bolt expects a 200 response with “success” or “failure” response in following format:
{
"status": "success"
}
Request Verification
All requests sent from Bolt are signed by HMAC to ensure authenticity. You must verify these request signatures using the Signing Secret found in your Merchant Dashboard > Developers > API > Keys.
$hmac_header = $_SERVER['X-Bolt-Hmac-Sha256'];
function verify_webhook($payload, $hmac_header) {
$computed_hmac = base64_encode(hash_hmac('sha256', $payload, BOLT_SIGNING_SECRET, true));
return ($computed_hmac == $hmac_header);
}