All requests made by Bolt to your ecommerce Merchant API will be signed to ensure the authenticity of our requests. Your implementation should always verify the signature to make sure that it’s always Bolt calling your endpoint.
Bolt signs the payload and includes the HMAC signature in the request header X-Bolt-Hmac-Sha256. There are two ways to verify the payload with this signature.
If you are creating orders through the frontend rather than through the pre-auth endpoint, the order creation can be interrupted by a disrupted internet connection during checkout or by a customer’s browser crashing.
To handle orphaned transactions, make sure that the pending transaction hook is capable of converting an existing cart order_reference into an order.
Webhook failure notifications provide you a means of tracking and resolving a crucial part of your Bolt integration. By default, Bolt does not notify merchants when a web hook failure occurs. Webhook failure email notifications must be activated on a per-user basis.