All requests made by Bolt to your ecommerce Merchant API will be signed to ensure the authenticity of our requests. Your implementation should always verify the signature to make sure that it’s always Bolt calling your endpoint.
Bolt signs the payload and includes the HMAC signature in the request header X-Bolt-Hmac-Sha256. There are two ways to verify the payload with this signature.
If you are creating orders through the frontend rather than through the pre-auth endpoint, the order creation can be interrupted by a disrupted internet connection during checkout or by a customer’s browser crashing.
To handle orphaned transactions, make sure that the pending transaction hook is capable of converting an existing cart order_reference into an order.
The Merchant API is a general endpoint on your ecommerce server that Bolt can use to make synchronous calls and retrieve information. This information includes details on shipping, tax, and viable discounts codes.
Repeat to set up your Merchant Sandbox environment.
Use the Merchant API to handle shipping and tax information for your orders. This is required for multi-step checkout.
Reach out to your CSM to have split shipping and tax enabled for your merchant account.
order.shippingPOST request from your Merchant API.
Pre-authorization is a redesigned sequence that changes how Bolt works with cart and card authorizations. When a shopper select the Pay button in Bolt Checkout, there are two events which must happen for a successful order to occur.
Webhook failure notifications provide you a means of tracking and resolving a crucial part of your Bolt integration. By default, Bolt does not notify merchants when a web hook failure occurs. Webhook failure email notifications must be activated on a per-user basis.