Klarna Docs - Authorization callback

Authorization callback

To improve conversion rates, you should get an authorization token through a server-side callback.

When Klarna approves a customer, you receive an authorization token that lets you place an order. While you would typically receive authorization_token as a response to the authorize() call, you are required to implement the server-side callback to a specific URL to receive the authorization_token and session_id in the backend.

By using server-side authorization callback, you can create an order in case of any client-side communication issues.

Payment methods that require complex customer interactions, for example switching between banking apps, are vulnerable to front-end communication issues. If communication breaks down, a valid authorization_token issued by Klarna payments may not reach the client, making placing an order impossible.

This can lead to the customer being charged without the payment getting registered in your checkout. Such errors can affect your store's conversion rates if the customer believes they have completed an order but don't receive a confirmation from your side.

Klarna payments authorization callback diagram

Klarna payments authorization callback diagram.

When initiating a payment, include a URL in the authorization field of the merchant_urls object. Klarna payments calls this URL after a successful authorization.

JSON
 ….
    "merchant_urls": {
        "confirmation": "https://...",
        "notification": "https://...",
        "push": "https://..."
        "authorization": "https://..."
    },
    ...

A sample merchant_urls object in the create_session request including the URL for receiving the callback in the authorization field.

Klarna calls the URL provided in authorization once the session is authorized.

JSON
{
  "authorization_token": "1eddf502-f3a0-45bf-b1fd-f2e3a2758200",
  "session_id": "e4b81ca2-0aae-4c16-bcb2-29a0a088a35b"
}

A sample callback request from Klarna.

You must provide the callback URL over HTTPS. To be able to authenticate that Klarna sent the callback, we recommend that you generate a one-time token only for this specific payment session.

This lets you authenticate Klarna as the origin of the call made to you after a successful authorization.

JSON
{
    "merchant_urls": {
        "authorization": "https://example.com/authCallbackEndpoint&secretToken=b37cda64-a6d8-11ec-b909-0242ac120002"
    }
}

The value b37cda64-a6d8-11ec-b909-0242ac120002 passed in the request can be generated by the integrator for every new session.

  • The request you receive has a 2-second timeout (2-second connect timeout, 2-second read timeout).
  • The callback is delivered to the callback URL on a best-effort basis. Specifically, any 2xx (for example, 204) response of your server to Klarna's callback is considered successful. Any other response triggers a retry of up to 3 calls in total.
  • For responses other than 2xx, Klarna may send back the same callback multiple times.
  • If the receiver of the callback decides not to place an order, your customer may go through another authorization process. In that case, Klarna may send another callback with a different authorization token.