Overview
A merchant-hosted API endpoint that Bolt uses after a shopper has authenticated via the Bolt Login Modal. Bolt provides the shopper’s Bolt Account data which may be used to either create a new account (if no account exists in your system for that email address) or enrich an existing shopper account with the shopper’s Bolt Account data.
Request Detail
HTTP Method: POST
Request Verification:
Requests sent from Bolt are signed by HMAC to ensure authenticity. You must verify these request signatures using the Signing Secret found in your Merchant Dashboard > Developers > API > Keys.
$hmac_header = $_SERVER['X-Bolt-Hmac-Sha256'];
function verify_webhook($payload, $hmac_header) {
$computed_hmac = base64_encode(hash_hmac('sha256', $payload, BOLT_SIGNING_SECRET, true));
return ($computed_hmac == $hmac_header);
}
Request Payload:
{
"event": "account.create_complete",
"data": {
"account_details": {
"addresses": [
{
"first_name": "Jerome",
"last_name": "Garcia",
"company": "Warlocks & Co",
"street_address1": "535 Mission St, Ste 1401",
"street_address2": "c/o Shipping Department",
"locality": "San Francisco",
"postal_code": "94105",
"region": "CA",
"country_code": "US",
"email": "jerry@example.com",
"phone": "+14155550199",
"is_default": true
}
],
"payment_methods": [
{
".tag": "credit_card",
"billing_address": {
".tag": "id",
"id": "D4g3h5tBuVYK9"
},
"network": "visa",
"bin": "411111",
"last4": "1004",
"expiration": "2029-03",
"token": "a1B2c3D4e5F6G7H8i9J0k1L2m3N4o5P6Q7r8S9t0"
}
],
"profile": {
"first_name": "Jerome",
"last_name": "Garcia",
"email": "jerrye@example.com",
"phone": "+14155550199"
}
},
"customer_data_id": "5FEB9028D"
}
}
Merchant Response Details
Using the shopper’s email address, merchants should query their shopper database to determine whether an existing shopper account exists within their sytem. If no shopper account exists, they should create a new account with the data provided by Bolt. Otherwise, if a shopper account already exists, merchants may enrich their shopper account data with the profile, address, and payment data provided by Bolt.
Expected Response Format
{
"status": "success"
}