The Merchant API is a general endpoint on your ecommerce server that Bolt can use to make synchronous calls and retrieve information. This information includes details on shipping, tax, and viable discounts codes.
Use our official API Reference to see request and response formats for each API type.
order.create: Verifies that an order can be created before payment authorization.
order.shipping_and_tax: Retrieves shipping and tax options for a given order.
discount.code.apply: Applies any discounts entered in the Checkout.
All requests sent from Novatum to your Merchant API are signed by HMAC to ensure authenticity.
You must verify these request signatures using the Signing Secret found in your Merchant Dashboard > Settings > Keys and URLs > Keys.
$hmac_header = $_SERVER['X-Novatum-Hmac-Sha256'];
function verify_webhook($payload, $hmac_header) {
$computed_hmac = base64_encode(hash_hmac('sha256', $payload, NOVATUM_SIGNING_SECRET, true));
return ($computed_hmac == $hmac_header);
}
To send back specific errors in merchant api responses visit error codes documentation.