Tickets - Login


  • How to Verify Webhooks

    All requests made by Bolt to your ecommerce Merchant API will be signed to ensure the authenticity of our requests. Your implementation should always verify the signature to make sure that it’s always Bolt calling your endpoint.

    Bolt signs the payload and includes the HMAC signature in the request header X-Bolt-Hmac-Sha256. There are two ways to verify the payload with this signature.

  • How to Link Abandoned Transactions

    If you are creating orders through the frontend rather than through the pre-auth endpoint, the order creation can be interrupted by a disrupted internet connection during checkout or by a customer’s browser crashing.

    To handle orphaned transactions, make sure that the pending transaction hook is capable of converting an existing cart order_reference into an order.

  • Environment Details

    API & Webhooks

    About Keys

    API Key Used for calling Bolt API from your backend server
    Publishable Key Embedded on your website and used by Bolt to identify your website
    Signing Secret Used for signature verification on requests received from bolt