Help customers complete payments securely by handling Klarna’s step-up authentication using the purchase journey. This guide breaks down how to integrate and respond when a step-up flow is triggered by Klarna’s Payment Authorize API.
When Klarna requires additional verification from the customer (e.g., login, authentication, or payment method selection), it returns a Payment Request in the response to the Payment Authorize API call.
The Acquiring Partner backend must detect this and return the necessary data points to Partners so they can start the Klarna’s purchase journey with the customers.
As shown in the below diagram, the high level flow is the following:
payment_request_id
payment_request_url
To support the step-up scenario, Acquiring Partners must define return URLs when calling the Payment Authorize API.
return_url
: if the Klarna purchase flow is launched in a web environment, Klarna will redirect the customer to this URL after the customer finishes their interaction with Klarna, either by approving or aborting the purchase flow. This could either be a URL from the Acquiring Partner who will handle the redirection logic or a URL collected from the Partner.app_return_url
: The customer may be redirected to a third party app (bank app) or the Klarna app during the Klarna purchase journey on mobile environments. This URL enables Klarna to return the customer back to the Partner’s mobile app.return_url
and app_return_url
are not mutually exclusive
In different scenarios, either or both of the return_url and app_return_url can be triggered:
Example 1: Only return_url
is triggered – Pure web flow
The customer starts the Klarna purchase flow in a web browser on a desktop. After approving the purchase, they are redirected to the return_url
.
Example 2: Only app_return_url
is triggered – App-to-app flow
The Partner’s native mobile app opens the Klarna purchase flow using a universal link. If the Klarna app is installed, the customer is taken directly into the Klarna app. After approval, they are redirected to the app_return_url
, returning them to the Partner's app.
Example 3: Both URLs are triggered – WebView flow with app handover
The Partner’s native mobile app starts the Klarna purchase flow in a System WebView. If the customer needs to authenticate via an external banking app, they’re handed back to the Partner's app using app_return_url
. They then resume the purchase flow in the WebView and, upon completion, are redirected to the return_url
.
app_return_url
is set up to register a URL scheme (e.g., yourapp://klarna) or universal link that resumes the payment flow.When Acquiring Partners are already asking for a suitable return_url
or app_return_url
from the Partner, it is advised to not ask for a second one as this would increase the minimal integration requirements for Klarna to work.
Acquiring Partners must include a step_up_config
object when calling Klarna’s Payment Authorize API, and specify the following parameters:
Parameter name | Description |
---|---|
Reference to the payment session or equivalent resource on the Acquiring Partner's side. Helps match Klarna payment requests with internal records. | |
Configuration properties for supporting step-up scenario. It contains:
|
Sample request
curl https://api-global.test.klarna.com/v2/accounts/{partner_account_id}/payment/authorize \
-H 'Authorization: Basic <API key>' \
-H 'Content-Type: application/json' \
-H 'Klarna-Interoperability-Token: eyJhbGciOiJIU...' \
-d '{
...
"step_up_config": {
"payment_request_reference": "acquiring-partner-request-reference-1234",
"customer_interaction_config": {
"method": "HANDOVER",
Whenever the step-up scenario is triggered, the Payment Authorize API response will contain
payment_request_id
: The unique Klarna identifier for the payment requestpayment_request_url
: A URL to launch the Klarna purchase journeySample response
{
"payment_transaction_response": {
"result": "STEP_UP_REQUIRED"
},
"payment_request": {
...
"state_context": {
"customer_interaction": {
"method": "HANDOVER",
"payment_request_id": "krn:payment:eu1:request:552603c0-fe8b-4ab1-aacb-41d55fafbdb4",
Acquiring Partners should extract and expose these parameters in their API response to the Partner system. This enables the Partner to:
{
"status": "pending",
"klarna": {
"payment_request_id": "krn:payment:eu1:request:552603c0-fe8b-4ab1-aacb-41d55fafbdb4",
"payment_request_url": "https://pay.test.klarna.com/eu/requests/6bbf6775-[...]/start"
}
}
Using an Acquiring Partner’s own redirect URL instead of sending Klarna’s payment_request_url
directly causes issues with app handover, Klarna SDK compatibility, and network reliability — ultimately harming user experience and lowering Klarna’s purchase conversion.
In some implementations, the Acquiring Partner might be returning a general-purpose redirect_url
under their domain for all payment methods. Partners then use this URL to trigger a client-side redirect to Klarna’s payment_request_url
.
{
"status": "pending",
"redirect_url": "https://acquiringpartner.com/payment/xxxxx"
}
However, this pattern is generally discouraged due to the following limitations:
Instead, expose Klarna’s payment_request_url
directly to the Partners:
{
"status": "pending",
"redirect_url": "https://pay.klarna.com/xxxxx"
}
Partners may have two options to start the Klarna purchase journey based on the parameters returned by Acquiring Partners:
payment_request_url
payment_request_id
.The Klarna purchase journey enables the customer to:
Phone collection in the Klarna purchase journey
After the customer finishes or aborts the Klarna purchase flow—whether on web or in the app—Klarna does the following:
return_url
and/or app_return_url
: Klarna redirects the customer to the return_url
and/or app_return_url
specified in the customer_interaction_config
object. As discussed above, either or both URLs may be triggered, and app_return_url can even be invoked in the middle of the purchase flow. Therefore, avoid adding any special logic or dependencies to these URLs.payment_token
(upon completion): Klarna issues a payment_token
to the Acquiring Partner, which is required to finalize the payment. This part will be covered in the following section – Monitor the payment request state.