For PartnersFor Acquiring Partners

Payment Authorization for Server-side integration

Integrate Klarna's Payment Authorize API for server-side, customer-initiated scenarios. This guide shows how to collect payment context, call the API, and handle all authorization outcomes including step-up flows.

Overview

Learn how to authorize a Payment Transaction with Klarna using a server-side-only integration when the customer is present during checkout. As an Acquiring Partner, you'll collect payment context from a Partner, call the authorizePaymentAPI endpoint, handle all authorization outcomes, manage step-up flows, and finalize the Payment Authorization.

Prerequisites

Before starting, complete the following steps:

  • Complete the Payment Presentation integration.

Then ensure you have:

  • A valid Partner Account onboarded with Klarna
  • Backend capability to receive and process Klarna webhooks
  • Partner-facing APIs capable of forwarding redirect URLs and Klarna data without modification

Integration overview

Once the customer selects Klarna at checkout and clicks the Pay button:

  1. 1.
    The Partner initiates Payment Authorization through the Acquiring Partner
  2. 2.
    The Acquiring Partner forwards the payment context to Klarna by calling the authorizePaymentAPI endpoint
  3. 3.
    Klarna evaluates the request and returns one of the following results:
    1. 3.1.
      APPROVED
    2. 3.2.
      DECLINED
    3. 3.3.
      STEP_UP_REQUIRED
  4. 4.
    The Acquiring Partner handles the result and returns the outcome to the Partner
  5. 5.
    If step-up is required, the customer completes the Klarna Purchase Journey
  6. 6.
    The Acquiring Partner finalizes the authorization and returns the final result
sequenceDiagram autonumber participant C as Customer participant P as Partner participant AP as Acquiring Partner participant K as Klarna Note over C,K: Payment Presentation integration (previous step) C->>P: Start checkout P->>AP: Initiate payment processing Note over P,AP: amount, currency, purchase_details, return_url, app_return_url Note over P,AP: klarna_network_session_token and klarna_network_data AP->>K: Call Payment Authorize API Note over AP,K: Forward payment context to Klarna Note over AP,K: step_up_config configured with HANDOVER K->>AP: Authorization result alt APPROVED/DECLINED AP->>P: Return success/failure indicator else STEP_UP_REQUIRED AP->>P: Return payment_request_url P->>C: Redirect customer to Klarna's Purchase Journey C->>K: Customer approves the purchase K-->>AP: Webhook Payment Request completed Note over AP,K: Receive klarna_network_session_token AP->>K: Finalize authorization Note over AP,K: Call Payment Authorize API with klarna_network_session_token K->>AP: Authorization result AP->>P: Return success/failure indicator end

Integration details

Step 1: Collect payment context from the Partner

Update the Partner-facing API to collect the following data points from the Partner for customer-initiated payment scenarios:

ParameterRequired (Acquiring Partner)Required (Partner)Description
amountYesYesTotal amount of the authorization, including tax and any available discounts.
currencyYesYesCurrency in ISO 4217 format.
supplementary_purchase_dataYesRecommendedAdditional details about the transaction to help reduce fraud risk and enhance transparency. Include this data to improve underwriting, fraud detection, and customer communication. Klarna processes and uses this data for fraud assessment and customer experience optimization.
supplementary_purchase_data.purchase_referenceYesRecommendedCustomer-facing payment reference displayed to customers on the Klarna app and other communications. Also included in settlement reports for reconciliation purposes. If you are an Acquiring Partner, this is the reference your Partner generated for their customer's payment.
supplementary_purchase_data.line_itemsYesRecommendedDetailed line item information of the purchase. This data is used for fraud detection and customer communication.
supplementary_purchase_data.customerYesRecommendedInformation about the customer based on their previous interactions with the Partner. These data points may be used by Klarna to simplify sign-up and during fraud assessment, as well as for underwriting purposes to provide an enhanced experience to returning customers.
supplementary_purchase_data.shippingYesRecommendedShipping information for the purchase. This data is used for fraud detection and customer communication. If the purchase contains multiple shipments with different recipients, provide one shipping object per shipment.
klarna_network_session_tokenYesConditionalEncodes Klarna Network Session Token context (prequalification, sign-in state, or approval). Required for finalization after customer authorization; optional on initial request.
klarna_network_dataYesRecommendedAdditional data to enable custom features or data exchange supported by your Integrating Partner. Klarna accepts this passthrough field in a structured JSON format and forwards it to relevant systems for interoperability. Data shared in this field may complement structured datapoints provided in supplementary_purchase_data. Treat this value as an opaque string; do not validate or infer its structure.
return_urlYesRecommendedPayment flow redirection URL. The customer will always be redirected to this URL on successful authorization. For web SDK with REDIRECT mode, the customer will also be redirected to this URL on failed authorization. Recommended for web flows.
app_return_urlYesRecommendedMobile application return URL (app scheme with no action deeplink). The customer will be redirected to this URL after third-party redirects or redirects to the Klarna Application. It is expected to open the integrating mobile application in its last state (no state changes or deeplink navigations). Recommended for mobile app flows.

Requirements

  • Use exact parameter names klarna_network_session_token and klarna_network_data in the Partner-facing API to ensure Partners can easily identify and use them.
  • Forward all parameters unmodified to Klarna.
  • Parameter validation must not be more restrictive than Klarna's authorizePaymentAPI.
  • Support all printable UTF-8 characters.
  • Supplementary purchase data handling:
    • Map your existing Partner-facing fields (line items, customer billing address, shipping, purchase reference) into supplementary_purchase_data when calling Klarna
    • Don't add new Partner-facing fields "just for Klarna" if you already have equivalent fields in your existing schema. Avoid forcing Partners to submit the same data twice using parallel structures
Do

Map your existing Partner-facing fields into supplementary_purchase_data when calling Klarna:

  • Line items: supplementary_purchase_data.line_items

  • Customer info: supplementary_purchase_data.customer

  • Shipping: supplementary_purchase_data.shipping

  • Purchase reference: supplementary_purchase_data.purchase_reference

Don't

Add new Partner-facing fields "just for Klarna" if you already have equivalents:

  • Don't introduce parallel structures like items and klarna_line_items

  • Don't force Partners to submit the same data twice

  • The two structures will diverge over time, causing maintenance issues

Supplementary purchase data scenarios

Acquiring Partners may receive supplementary purchase data (including line items, L2/L3 data for Card Network optimization, and transaction context) in one or both of the following ways:

  • Embedded in klarna_network_data: Forward as received without parsing or mapping
  • Provided as individual API fields: Map to the supplementary_purchase_data object when calling authorizePaymentAPI
flowchart LR Partner[Partner]:::tertiaryEntity LineItems[Line items,\nL2/L3 data,\netc]:::secondaryEntity KlarnaNetLeft[Klarna Network Data]:::secondaryEntity AP[Acquiring Partner's API]:::primaryEntity Supplementary[Supplementary\nPurchase Data]:::secondaryEntity KlarnaNetRight[Klarna Network Data]:::secondaryEntity Auth[Payment Authorization]:::primaryEntity %% Main flows Partner --> LineItems --> AP --> Supplementary --> Auth Partner --> KlarnaNetLeft --> AP --> KlarnaNetRight --> Auth

Step 2: Call the Payment Authorize API

The authorizePaymentAPI endpoint is used to authorize a Payment Transaction with Klarna, for both customer-initiated and Partner-initiated scenarios.

  • Call the authorizePaymentAPI endpoint and forward the complete payment context, including:
    • Amount and currency
    • Supplementary purchase data
    • Klarna parameters
    • Customer return URLs
  • Configure step_up_config with HANDOVER to allow Klarna to trigger customer interaction when required.

In the request to the authorizePaymentAPI endpoint, specify the following parameters:

SHELL
curl https://api-global.test.klarna.com/v2/accounts/{partner_account_id}/payment/authorize \
  -H 'Authorization: Basic <API key>' \
  -H 'Content-Type: application/json' \
  -H 'Klarna-Customer-Token: krn:partner:us1:test:identity:customer-token:ACZawkw7-2[...]' \
  -H 'Klarna-Network-Session-Token: krn:network:us1:test:session-token:eyJhbGciOiJIU[...]' \
  -d '{
        "currency": "USD",
        "supplementary_purchase_data": {
          "purchase_reference": "order-7f3a9b2e",
          "line_items": [
            {
              "name": "Wireless Bluetooth Headphones",

The customer_token can be obtained from the Payment Tokenization flow.

Step 3: Handle authorization results

When performing customer-initiated authorization through the authorizePaymentAPI endpoint, Klarna returns a payment_transaction_response object. The result field inside this object indicates the outcome and determines your next action.

The result has the following possible values:

ResultDescriptionNext steps
STEP_UP_REQUIREDAdditional customer interaction is needed to complete the authorization. A payment_request is created.Handle this result when Klarna requires additional customer interaction to complete authorization:
  • Read payment_request_url and klarna_network_response_data from the response.
  • Return the payment_request_url and klarna_network_response_data to the Partner without modification.
  • The Partner handles the step-up scenario and launches the Klarna Purchase Journey.
  • The customer (who must be present) completes the Klarna Purchase Journey.
  • Wait for step-up completion before finalizing the Payment Authorization.
  • Return URLs must be provided when calling authorizePayment to redirect the customer after they complete or stop the purchase journey.
APPROVEDThe authorization succeeded and a payment_transaction was created.The Payment Authorization is complete. Handle this result when Klarna authorizes the payment without requiring customer interaction.
  • Read and store the payment_transaction as well as klarna_network_response_data from the response if present.
  • Return the klarna_network_response_data to the Partner without modification if present.
  • Return a success response to the Partner.
  • Proceed with post-purchase operations (for example, capture or refund).
DECLINEDThe authorization was not approved and no transaction was created.Handle this result when Klarna does not approve the authorization.
  • Return a decline indicator to the Partner.
  • No payment_transaction is created.

Here's the high-level diagram of the Payment Authorization results and resources it produces:

The response schema is as follows:

JSON
{
  "payment_transaction_response": {
    "result": "STEP_UP_REQUIRED"
  },
  "payment_request": {
    "payment_request_id": "krn:payment:us1:request:552603c0-fe8b-4ab1-[...]",
    "payment_request_reference": "acquiring-partner-request-reference-1234",
    "amount": 11800,
    "currency": "USD",
    "state": "SUBMITTED",
    "expires_at": "2025-01-02T13:00:00Z",
    "created_at": "2025-01-01T12:00:00Z",

Return URLs for step-up scenario

Acquiring Partners must include return URLs in the step_up_config when calling authorizePaymentAPI to enable the step-up scenario.

These URLs, set inside the customer_interaction_config object, tell Klarna where to redirect the customer after they complete or stop the purchase journey.

return_url

If the Klarna Purchase Journey is launched in a web environment, Klarna redirects the customer to the return_url after they finish — whether they complete or stop the flow. This can be a URL managed by the Acquiring Partner (which handles redirection logic) or one collected directly from the Partner.

app_return_url

On mobile, the customer may be redirected to a third-party app (such as a bank app) or the Klarna app during the purchase journey. The app_return_url brings the customer back to the Partner's mobile app when this happens.

Partners must register a URL scheme (e.g., yourapp://klarna) or a universal link that resumes the payment flow. Klarna invokes this URL after the customer completes a native app-based step, such as biometric authentication or Klarna app login. Partners are expected to resume the mobile app in its last state without applying state changes or deep link navigations.

Interaction scenarios

The return_url and app_return_url are not mutually exclusive. Depending on the device and environment, either or both may be triggered:

ScenarioDescription
Pure web flowThe customer starts the purchase journey in a desktop browser. After completing the flow, Klarna redirects them to return_url.
App-to-app flowThe Partner's native app opens the purchase journey using a universal link. If the Klarna app is installed, the customer goes directly into it. After completion, Klarna redirects them to app_return_url.
WebView flow with app handoverThe Partner's native app starts the purchase journey in a System WebView. If the customer must authenticate via an external banking app, app_return_url returns them to the Partner's app mid-flow. They then resume in the WebView and, on completion, are redirected to return_url.

If the Acquiring Partner already collects a suitable return_url or app_return_url from the Partner, do not request a second one — this would increase the minimum integration requirements for Klarna to work.

Return authorization outcomes to the Partner

Map the Klarna authorization result to the Partner-facing API response according to the authorization outcome. The response may include a payment_request_url and/or a klarna_network_response_data parameter.

Requirements

  • payment_request_url MUST be returned directly to the Partner in an existing field and MUST NOT be wrapped or hidden behind Acquiring Partner-managed redirects.
  • Use exact parameter name klarna_network_response_data in the Partner-facing API to ensure Partners can easily identify and use the parameter. Treat this value as an opaque string; do not validate or infer its structure.

Below are examples of how Acquiring Partners can return the klarna_network_response_data parameter in their Partner-facing APIs depending on the authorization outcome.

JSON
{
  "payment_id": "pr_27234RBQD9NAKD032BN",
  "amount": 17800,
  "currency": "USD",
  "status": "open",
  "url": "https://pay.test.klarna.com/na/requests/6bbf6775-[...]/start",
  ...
  "additional_data": {
    "klarna_network_response_data": "{\"content_type\":\"vnd.klarna.network-data.v1+json\",\"content\":{\"operation\":\"payment_request\",\"response\":{\"result\":\"STEP_UP_REQUIRED\",\"payment_request\":{\"payment_request_id\":\"krn:payment:us1:request:552603c0-fe8b-4ab1-[...]\",\"payment_request_url\":\"https://pay.test.klarna.com/na/requests/6bbf6775-[...]/start\"}}}}"
  }
}

What happens next:

If the result is APPROVED, the Partner can redirect the customer to the confirmation page.

If the result is STEP_UP_REQUIRED, the Partner handles the step-up scenario and launch the Klarna Purchase Journey (see Step 4).

Avoid intermediate redirects

Acquiring Partners should expose Klarna's payment_request_url directly to Partners rather than routing through an Acquiring Partner-owned URL.

Using an intermediate redirect under the Acquiring Partner's domain causes the following issues:

IssueImpact
Reduced app handover successCross-domain redirects reduce the likelihood of a successful handover to the Klarna app, negatively impacting Klarna's purchase conversion rate.
Incompatibility with Klarna web SDK integrationNot compatible with Partners using the Klarna web SDK for pop-up flows on websites or app-to-app handoff in native mobile apps.
Network issuesFrontend redirects expose customers to network issues.

Step 4: Partner handles step-up scenario

When step-up is triggered, authorizePaymentAPI returns a STEP_UP_REQUIRED result along with a Payment Request containing the payment_request_url and klarna_network_response_data which the Partner needs in order to launch the Klarna Purchase Journey, either through a redirect or a pop-up experience.

The purchase journey allows the customer to authenticate with Klarna (via login, one-time passwords, etc.), choose a payment method, and accept the payment.

Phone collection in the Klarna purchase journey

Upon completion:

  • Klarna redirects the customer to the return_url in customer_interaction_config, except when a pop-up experience is used and the customer stops the flow.
  • Klarna issues a klarna_network_session_token to the Acquiring Partner to finalize the payment.

Step 5: Monitor step-up completion

This step only applies when the authorizePaymentAPI endpoint returns STEP_UP_REQUIRED.

To retrieve the required token(s), Klarna provides multiple integration methods. Subscribing to Klarna webhook events is required and may be combined with additional methods to improve resilience.

Using webhooks ensures reliable completion handling, particularly when the customer closes the browser before returning, network interruptions occur during redirects, or post-processing is required before notifying the customer.

The klarna_network_session_token represents the Klarna session context and must be included in the Klarna-Network-Session-Token header when calling the Payment Authorize API.

Partners can obtain this token through:

  • Step-up completion: Issued after a customer completes the Klarna Purchase Journey, used to finalize the Payment Authorization.
  • Customer token exchange or prequalification flows: Obtained through other Klarna mechanisms, enabling fresh authorization requests (for example, Partner-initiated payments using a Customer Token).

The klarna_network_session_token is valid for only 1 hour, so be sure to use it promptly.

Method: Subscribe to Klarna webhook events (required)

Subscribe to the payment.request.state-change.completed webhook event using the Klarna webhook guidelines. Klarna sends this event when the Payment Request reaches the COMPLETED state.

This event indicates that the customer has finished the step-up interaction and that the Acquiring Partner can proceed with finalizing the authorization.

Sample payload

JSON
{
  "metadata": {
    "event_type": "payment.request.state-change.completed",
    "event_id": "d9f9b1a0-5b1a-4b0e-9b0a-9e9b1a0d5b1a",
    "event_version": "v2",
    "occurred_at": "2024-01-01T12:00:00Z",
    "correlation_id": "2d1557e8-17c3-466c-924a-bbc3e91c2a02",
    "subject_account_id": "krn:partner:global:account:test:HGBY07TR",
    "recipient_account_id": "krn:partner:global:account:test:LWT2XJSE",
    "product_instance_id": "krn:partner:product:payment:ad71bc48-8a07-4919-[...]",
    "webhook_id": "krn:partner:global:notification:webhook:120e5b7e-abcd-4def-[...]",
    "live": false

Method: Read the Payment Request (optional/fallback)

As an alternative method, retrieve the Klarna token(s) by calling the readPaymentRequestAPI .

Once the Payment Request reaches the COMPLETED state, the token(s) are available in the state_context object of the Payment Request.

Sample payload

JSON
{
  "payment_request_id": "krn:payment:us1:request:552603c0-fe8b-4ab1-[...]",
  "state": "COMPLETED",
  "previous_state": "IN_PROGRESS",
  "state_context": {
    "klarna_network_session_token": "krn:network:us1:test:session-token:eyJhbGciOiJIU..."
  },
  "expires_at": "2025-02-26T17:25:34.534721775Z",
  "created_at": "2025-02-24T17:25:34.534721775Z",
  "updated_at": "2025-02-24T17:25:34.534721775Z",
  "payment_request_reference": "acquiring-partner-request-reference-1234",
  "amount": 11800,

Step 6: Finalize the step-up authorization

After receiving the klarna_network_session_token from webhook or polling, finalize the authorization by calling the Payment Authorize API again with the new token.

Finalization request

Call authorizePaymentAPI using:

  • The newly obtained klarna_network_session_token in the Klarna-Network-Session-Token request header
  • The same payment context (amount, currency, supplementary_purchase_data, klarna_network_data) used in the initial authorization
  • The same payment_transaction_reference to link the requests Example finalization request:
SHELL
curl https://api-global.test.klarna.com/v2/accounts/{partner_account_id}/payment/authorize \
  -H 'Authorization: Basic <API key>' \
  -H 'Content-Type: application/json' \
  -H 'Klarna-Network-Session-Token: krn:network:us1:test:session-token:eyJhbGciOiJIU...' \
  -d '{
        "currency": "USD",
        "supplementary_purchase_data": { ... },
        "klarna_network_data": "{\"content_type\":\"vnd.klarna.network-data.v1+json\",\"content\":{\"operation\":\"payment_request\",\"request\":{\"supplementary_purchase_data\":{...}}}",
        "request_payment_transaction": {
          "amount": 11800,
          "payment_option_id": "S0xBUk5BXzE3NzI3MjQ5MTQzMjk=",
          "payment_transaction_reference": "backend-transaction-ref-12345"

If the klarna_network_session_token has expired (1-hour validity) or the payment context doesn't match the initial authorization, the finalization call returns DECLINED.

Expected finalization response

When finalization succeeds, Klarna returns APPROVED with the payment transaction:

JSON
{
  "payment_transaction_response": {
    "result": "APPROVED",
    "payment_transaction": {
      "payment_transaction_id": "krn:payment:us1:transaction:791bbb7b-813a-[...]",
      "amount": 11800,
      "currency": "USD",
      "payment_pricing": {...},
      "payment_funding": {
        "type": "GUARANTEED",
        "state": "FUNDED"
      }

Step 7: Return final authorization outcomes to the Partner

Map the Klarna authorization result to the Partner-facing API response and return the klarna_network_response_data.

Requirements

  • Treat this value as an opaque string; do not validate or infer its structure.
  • Use exact parameter name klarna_network_response_data in the Partner-facing API to ensure Partners can easily identify and use the parameter
  • All returned data MUST be forwarded without modification. Below is an example of how Acquiring Partners can return the Klarna Network Response Data parameter in their Partner-facing APIs.
JSON
{
  "payment_id": "pr_27234RBQD9NAKD032BN",
  "amount": 17800,
  "currency": "USD",
  "status": "completed"
  ...
  "additional_data": {
    "klarna_network_response_data": "{\"content_type\":\"vnd.klarna.network-data.v1+json\",\"content\":{\"operation\":\"payment_request\",\"response\":{\"result\":\"APPROVED\",\"payment_transaction\":{\"payment_transaction_id\":\"krn:payment:us1:transaction:791bbb7b-813a-[...]\"}}}}"
  }
}

Next steps

After implementing Payment Authorization, explore these related topics:

Related articles

Payment Presentation for Server-side integration

Partner Accounts

Klarna Network Session Token

Payment Tokenization

Payment Authorization

API & SDK references

API

Authorize a payment transaction.

Read the state of a Payment Request