Klarna Docs - Authorization Callback

Authorization Callback

How to use merchant_urls.authorization URL field to receive the authorization token server-side and improve conversion rates

When the consumer is successfully approved by Klarna, you will receive an authorization token in return which gives you the ability to place an order towards Klarna. (For more details, read authorizing a payment). While you would generally receive the authorization token on the frontend through the Web SDK, it is also possible to receive the authorization token as a callback to a certain URL.

Supporting authorization callbacks helps ensure our partners can create an order even if there are frontend communication issues.

Payment methods that require complex customer interactions, like switching between banking apps, are vulnerable to frontend communication issues. A valid authorization token can be issued by Klarna Payments, but due to a broken communication chain the partner's frontend never receives it to place the order. This can lead for certain payment methods to money being deducted from a customer's account without the payment being registered on the merchant side or to lower conversion rate when consumer believe they have completed their order without acknowledgement on the partner side.

When creating the Klarna Payments session, you need to pass a URL in the authorization field of merchant_urls object. This URL will be called by Klarna Payments after a successful authorization.

The create_session call would look something like this:

    "merchant_urls": {
        "confirmation": "https://...",
        "notification": "https://...",
        "push": "https://..."
        "authorization": "https://..." //URL for receiving the callback

Klarna will call the URL provided in the authorization once the session has been authorized. The callback request from Klarna will have the following format:

  "authorization_token": "1eddf502-f3a0-45bf-b1fd-f2e3a2758200",
  "session_id": "e4b81ca2-0aae-4c16-bcb2-29a0a088a35b"

The URL provided must be over HTTPS, but to be able to authenticate that the callback comes from Klarna, it is advised to generate a one time token that you will only use for this specific payment session.

This lets you validate that the call made to you on successful authorization is only made by Klarna.

    "merchant_urls": {
        "authorization": "https://example.com/authCallbackEndpoint&secretToken=b37cda64-a6d8-11ec-b909-0242ac120002" //The value passed here b37cda64-a6d8-11ec-b909-0242ac120002 could be something that is generated by the integrator for every new session. 
  • The request you receive will have a 2 second timeout (2 sec connect timeout, 2 sec read timeout)
  • The callback will be delivered on the callback URL on a best effort basis. Specifically, any 2xx (e.g. 204) response of your server to our callback is considered successful. Any other response will trigger a retry of up to 5 calls in total.
  • In the above case, Klarna may send back the same callback multiple times if we do not receive a successful response from your server
  • If the receiver of the callback decides to not place an order, the customer may go through another authorization process. When that happens, Klarna may send another callback with a different authorization token.