Klarna Docs - Authorization callback.

Authorization callback.

To improve conversion rates, you can get an authorization token through a server-side callback.

When Klarna approves a customer, you receive an authorization token that lets you place an order. While you would typically receive authorization_token on the client side via the Javascript SDK, you can also get it from the server in a callback to a specific URL.

By using server-side authorization callbacks, you can create an order in case of any client-side communication issues.

Payment methods that require complex customer interactions, for example switching between banking apps, are vulnerable to front-end communication issues. If communication breaks down, a valid authorization_token issued by Klarna payments may not reach the client, making placing an order impossible.

This can lead to the customer being charged without the payment getting registered in your checkout. Such errors can affect your store's conversion rates if the customer believes they have completed an order but don't receive a confirmation from your side.

Klarna payments authorization callback diagram

Klarna payments authorization callback diagram.

When initiating a payment, include a URL in the authorization field of the merchant_urls object. Klarna payments calls this URL after a successful authorization.

JSON
 ….
    "merchant_urls": {
        "confirmation": "https://...",
        "notification": "https://...",
        "push": "https://..."
        "authorization": "https://..."
    },
    ...

A sample merchant_urls object in the create_session request including the URL for receiving the callback in the authorization field.

Klarna calls the URL provided in authorization once the session is authorized.

JSON
{
  "authorization_token": "1eddf502-f3a0-45bf-b1fd-f2e3a2758200",
  "session_id": "e4b81ca2-0aae-4c16-bcb2-29a0a088a35b"
}

A sample callback request from Klarna.

You must provide the callback URL over HTTPS. To be able to authenticate that Klarna sent the callback, we recommend that you generate a one-time token only for this specific payment session.

This lets you authenticate Klarna as the origin of the call made to you after a successful authorization.

JSON
{
    "merchant_urls": {
        "authorization": "https://example.com/authCallbackEndpoint&secretToken=b37cda64-a6d8-11ec-b909-0242ac120002"
    }
}

The value b37cda64-a6d8-11ec-b909-0242ac120002 passed in the request can be generated by the integrator for every new session.

  • The request you receive has a 2-second timeout (2-second connect timeout, 2-second read timeout).
  • The callback is delivered to the callback URL on a best-effort basis. Specifically, any 2xx (for example, 204) response of your server to Klarna's callback is considered successful. Any other response triggers a retry of up to 5 calls in total.
  • For responses other than 2xx, Klarna may send back the same callback multiple times.
  • If the receiver of the callback decides not to place an order, your customer may go through another authorization process. In that case, Klarna may send another callback with a different authorization token.