Help customers complete payments securely by handling Klarna’s step-up authentication using the purchase journey. This guide breaks down how to integrate and respond when a step-up flow is triggered through the Klarna SDK.
When Klarna requires additional verification from the customer (e.g., login, authentication, or payment method selection), it returns a Payment Request in response to the Payment Authorize API call which the Klarna SDK needs to trigger the purchase journey.
As shown in the below diagram, the high level flow is the following:
initiate JavaScript function attached to the Klarna Payment button is triggered.STEP_UP_REQUIRED and a payment_request_idinitiate function returns a promise resolving to the the paymentRequestId object.The step-up flow for tokenization is similar to that for one-time payments; the key difference is the type of token received at the end—customer_token for tokenization and payment_token for one-time payments.
To support the step-up scenario, Acquiring Partners must define return URLs when calling the Payment Authorize API.
return_urlAPI: if the Klarna purchase flow is launched in a web environment, Klarna will redirect the customer to this URL after the customer finishes their interaction with Klarna, either by approving or aborting the purchase flow. This could either be a URL from the Acquiring Partner who will handle the redirection logic or a URL collected from the Partner.app_return_urlAPI: The customer may be redirected to a third party app (bank app) or the Klarna app during the Klarna purchase journey on mobile environments. This URL enables Klarna to return the customer back to the Partner’s mobile app.return_url and app_return_url are not mutually exclusive
In different scenarios, either or both of the return_url and app_return_url can be triggered:
Example 1: Only return_url is triggered – Pure web flow
The customer starts the Klarna purchase flow in a web browser on a desktop. After approving the purchase, they are redirected to the return_url.
Example 2: Only app_return_url is triggered – App-to-app flow
The Partner’s native mobile app opens the Klarna purchase flow using a universal link. If the Klarna app is installed, the customer is taken directly into the Klarna app. After approval, they are redirected to the app_return_url, returning them to the Partner's app.
Example 3: Both URLs are triggered – WebView flow with app handover
The Partner’s native mobile app starts the Klarna purchase flow in a System WebView. If the customer needs to authenticate via an external banking app, they’re handed back to the Partner's app using app_return_url. They then resume the purchase flow in the WebView and, upon completion, are redirected to the return_url.
app_return_url is set up to register a URL scheme (e.g., yourapp://klarna) or universal link that resumes the payment flow.When Acquiring Partners are already asking for a suitable return_url or app_return_url from the Partner, it is advised to not ask for a second one as this would increase the minimal integration requirements for Klarna to work.
Acquiring Partners must include a step_up_config object when calling Klarna’s Payment Authorize APIAPI, and specify the following parameters:
| Parameter name | Description | 
|---|---|
| Reference to the payment session or equivalent resource on the Acquiring Partner's side. Helps match Klarna payment requests with internal records. | |
| Configuration properties for supporting step-up scenario. It contains: 
 | 
Sample request
curl https://api-global.test.klarna.com/v2/accounts/{partner_account_id}/payment/authorize \
  -H 'Authorization: Basic <API key>' \
  -H 'Content-Type: application/json' \
  -H 'Klarna-Interoperability-Token: eyJhbGciOiJIU...' \
  -d '{
        ...
        "step_up_config": {
          "payment_request_reference": "acquiring-partner-request-reference-1234",
          "customer_interaction_config": {
            "method": "HANDOVER",When step-up is required, the Payment Authorize API response includes a payment_request_idAPI that must be passed to the frontend SDK:
{
  "payment_transaction_response": {
    "result": "STEP_UP_REQUIRED"
  },
  "payment_request": {
    ...
    "state_context": {
      "customer_interaction": {
        "method": "HANDOVER",
        "payment_request_id": "krn:payment:eu1:request:..."The initiate function from the Klarna Payment button instance will return a promise that resolve to an object with the paymentRequestId:
Sample code
const buttonConfig = {
  initiate: () => {
    // call to Klarna Payment Authorize API returns STEP_UP_REQUIRED
    return { paymentRequestId: "krn:payment:eu1:request:5eb1.." }
  },
  initiationMode: "DEVICE_BEST",  // Device-optimized payment initiation
}
// Render and mount the button with the assigned configuration
paymentPresentation.paymentButton.component(buttonConfig).mount("#klarna-button-container");The initiationModeis a parameter which controls how the Klarna Purchase Journey is launched (redirect / modal window) on different devices (mobile/desktop/native):
| initiationMode | Description | 
|---|---|
| 
 | Automatically selects the best way to launch the Klarna Purchase Journey depending on the device - this is the default and recommended value: 
 Note: for this initiationMode, areturn_urlis required in thestep_up_configobject when calling the Payment Authorize API. | 
| 
 | The Klarna Purchase Journey is triggered on the same page. The customer never leaves the page. The Klarna Purchase Journey is open in a pop-up if possible and fallback to fullscreen iframe if necessary. | 
| 
 | The customer will be redirected to the Klarna Purchase Journey. Note: for this initiationMode, areturn_urlis required in thestep_up_configobject when calling the Payment Authorize API. | 
The Klarna Purchase Journey enables the customer to:

Phone collection in the Klarna Purchase Journey
After the customer finishes or aborts the Klarna purchase flow—whether on web or in the app—Klarna does the following:
return_url and/or app_return_url: Klarna redirects the customer to the return_url and/or app_return_url specified in the customer_interaction_config object. As discussed above, either or both URLs may be triggered, and app_return_url can even be invoked in the middle of the purchase flow. Therefore, avoid adding any special logic or dependencies to these URLs.customer_token and/or payment_token (upon completion): Klarna issues a customer_token to the Acquiring Partner for use in future authorizations. If a purchase is involved, a payment_token is also issued and must be used to finalize the current payment. Details on how to retrieve the tokens are covered in the  section "Monitor the state."The KlarnaPayment SDK interface enables Acquiring Partners to register event handlers to follow the different stages of the purchase and provide the best user experience to consumers.
| Event handler | Purpose | 
|---|---|
| 
 | Detect when the customer has accepted the purchase. During a redirection flow the complete handler will trigger once your page has loaded on the success page. Pending updates are triggered even if the event handler is registered after the page has loaded to avoid need for polling. | 
| 
 | Detect whenever the customer aborts the Klarna purchase journey. | 
| 
 | Detect errors during the payment request lifecycle. If the error event handler is defined, all errors will be emitted to it instead of thrown upwards. | 
These event handlers allow you to access various properties of the ongoing paymentRequest as defined in the below table. This access allows developers to handle payment requests with greater precision and awareness of the payment’s current state.
| Parameter | Definition | 
|---|---|
| Unique identifier of this payment request | |
| Current state of the payment request | |
| The previous state of the payment request | |
| The reason field may be used to determine why the payment request is in its current state. | |
| State specific context for the ongoing state. The paymentTokenwill be stored in this object once the payment request reaches the stateCOMPLETED | 
Sample code:
Use Klarna Web SDK events only to enhance user experience, not to trigger authorization
Frontend events are generally unreliable due to browser and system limitations. Listen to Klarna Web SDK events to improve the customer experience—such as displaying clear error messages when a purchase is aborted or disabling page interactions while payment authorization is in progress.
Never use Klarna Web SDK events to trigger payment authorization. Instead, always rely on webhooks to receive the payment token and authorize the payment after the customer approves the purchase.