The Merchant API is a general endpoint on your ecommerce server that Bolt can use to make synchronous calls and retrieve information. This information includes details on shipping, tax, and viable discounts codes.
Use our official API Reference to see request and response formats for each API type.
All requests sent from Novatum to your Merchant API are signed by HMAC to ensure authenticity. You must verify these request signatures using the Signing Secret found in your Merchant Dashboard > Settings > Keys and URLs > Keys.
$hmac_header = $_SERVER['X-Novatum-Hmac-Sha256'];
function verify_webhook($payload, $hmac_header) {
$computed_hmac = base64_encode(hash_hmac('sha256', $payload, NOVATUM_SIGNING_SECRET, true));
return ($computed_hmac == $hmac_header);
}
To send back specific errors in merchant api responses visit error codes documentation.