All requests made by Bolt to your ecommerce Merchant API will be signed to ensure the authenticity of our requests. Your implementation should always verify the signature to make sure that it’s always Bolt calling your endpoint.
Bolt signs the payload and includes the HMAC signature in the request header X-Bolt-Hmac-Sha256. There are two ways to verify the payload with this signature.
Creating orders through the frontend (rather than through a pre-auth endpoint) can occasionally prevent an order from linking to a Bolt ID. This disconnect is typically caused by internet disruptions, browser crashes, and similar occurrences on the shopper’s end.
To handle unlinked transactions, make sure that the pending transaction hook is capable of converting an existing cart order_reference into an order.
Webhook failure notifications provide you a means of tracking and resolving a crucial part of your Bolt integration.