Tickets - Login

verification

  • How to Verify Webhooks

    All requests made by Bolt to your ecommerce Merchant API will be signed to ensure the authenticity of our requests. Your implementation should always verify the signature to make sure that it’s always Bolt calling your endpoint.

    Bolt signs the payload and includes the HMAC signature in the request header X-Bolt-Hmac-Sha256. There are two ways to verify the payload with this signature.


  • How to Connect Unlinked Transactions

    Creating orders through the frontend (rather than through a pre-auth endpoint) can occasionally prevent an order from linking to a Bolt ID. This disconnect is typically caused by internet disruptions, browser crashes, and similar occurrences on the shopper’s end.

    To handle unlinked transactions, make sure that the pending transaction hook is capable of converting an existing cart order_reference into an order.


  • Environment Details

    Accounts

    Bolt provides two account environments: Sandbox and Production. Each environment includes a unique Merchant Dashboard. All transactions that flow through Bolt’s checkout can be found in your Merchant Dashboard.

    Each merchant account has a unique API Key and Signing Secret that Bolt uses to accurately verify and associate transactions with the account’s divisions.

    Divisions

    A Bolt merchant account can have one or many divisions. A division represents a uniquely configured instance of Bolt Checkout to fit a specific use case or workflow (e.g., storefront and back office). Division setup often includes enabling different features and creating separate webhooks for every division.

    Common Divisions

    • Pay by Link
    • Back Office
    • NetSuite ERP

    Each merchant division has a unique Publishable Key that is used to access your transaction data outside of the Bolt Merchant Dashboard.

    Collaborating with many developers across multiple sandboxes does not require multiple divisions. Simply add each URL to your Approved Domains list.

    Account Types

    Merchant account types are associated to individual processors. Because each processor has unique workflows and setup requirements, switching your payment processor requires setting up a new Bolt merchant account that aligns with the newly chosen processor.

    API & Webhooks

    About Keys

    KEY PURPOSE
    API Key Used for calling Bolt API from your backend server
    Signing Secret Used for signature verification on requests received from bolt
    Publishable Key Embedded on your website and used by Bolt to identify your website