Account linking

Enhance returning user experience and boost conversions with Klarna Account Linking by securely storing and updating customer tokens for seamless, persistent authentication.

Linking a customer’s Klarna account to their account on your platform helps increase conversion by enabling seamless, non-interactive authentication for future payments.

Many integration strategies rely on browser-side tracking, like cookies or device-based single sign-on, to recognize returning customers. However, these methods are increasingly unreliable:

  • Safari’s Intelligent Tracking Prevention (ITP) limits third-party cookies to 24 hours and deletes them after 7 days.
  • Firefox Enhanced Tracking Protection blocks third-party cookies by default.
  • Chrome will phase out third-party cookies entirely in 2025.
  • Device fingerprints are wiped when customers clear site data, use private browsing, or update their mobile OS.

To avoid these limitations, store Klarna’s long-lived customer_token securely on your backend. This token lets you reliably recognize returning customers, regardless of browser or device, and trigger a seamless Klarna flow without requiring them to log in again.

  1. Create a Klarna Payments session with intent set to buy_and_link. When the customer is already linked, include the stored customer_token inside the customer object.
  2. Initiate the Klarna Purchase Journey using the client_token returned in the create session response.
  3. Create the order after customer confirms the purchase. Save or update the customer_token returned in the create order response. Customers can opt out from account linking, so a customer_token might not be returned in certain sessions.

If the provided token is invalid or has been rotated, Klarna will return a new one. Always treat the token from the latest response as the source of truth.

TermDescription
Customer TokenA long-lived credential issued by Klarna that identifies a customer across payment requests. It enables a seamless, non-interactive experience.
Format:krn:partner:<region>:<env>:identity:customer-token:<id>
IntentA parameter that defines the purpose of the session.
Use buy_and_link to both complete a payment and link or refresh the customer token.

First‑time customers (no token)

Send a POST request without a token to create a Klarna payments session:

Sample request - without customer_token

Returning customers (token present)

Including a valid customer_token, allows Klarna to skip the login step and load the payment form in a ready-to-buy state.

Sample request - with customer_token

curl -X POST https://api.klarna.com/payments/v1/sessions \
  -u $KLARNA_USERNAME:$KLARNA_PASSWORD \
  -H 'Content-Type: application/json' \
  -H 'Idempotency-Key: 3bcdc404-9f4c-4cd0-9d63-2d1092f361dd' \
  -d '{
        "purchase_country": "DE",
        "purchase_currency": "EUR",
        "locale": "de-DE",
        "order_amount": 25900,
        "order_tax_amount": 4130,

EMD must be sent during the authorize() call, to allow Klarna’s risk engine to evaluate the data and trigger step‑up authentication.

If this is not possible due to the checkout’s structure or technical constraints, add EMD in the update the session call.

Packages for account‑takeover (ATO) signals:

EMD sample

JSON
"attachment": {
"body": "{\"customer_account_info\":[{\"account_registration_date\":\"2023-01-14\",\"account_last_modified\":\"2025-01-05\",\"number_of_failed_login_attempts_24h\":1}],\"marketplace_seller_info\":[{\"seller_id\":\"cust-123\",\"number_of_logins_24h\":4}] }",
"content_type": "application/vnd.klarna.internal.emd-v2+json"
},

Include only the fields you collect; omit or null otherwise. Device fingerprint and IP are captured automatically by Klarna.js and must not be added to EMD.

Once the customer confirms the purchase, create an order using the valid authorization_token.

Sample response

{
  "order_id": "12345678-1234-1234-1234-123456789abc",
  "redirect_url": "https://www.mystore.com/confirmation?order_id=12345678-1234…",
  "customer_token": "krn:partner:eu1:live:identity:customer-token:AbCdEfGh1234567"
}

Don't forget to store or update the token in your user database:

// pseudo‑code
if (order.customer_token) {
  const existing = await db.users.get(userId);
  if (existing.klarnaCustomerToken !== order.customer_token) {
    await db.users.update(userId, {
      klarnaCustomerToken: order.customer_token
    });
  }
}

Klarna may rotate tokens for security reasons. if a previously stored token is invalid or expired, Klarna will:

  • Ignore the invalid token silently.
  • Issue a new token in the create order response.

Always treat the returned customer_token as the source of truth and update your records accordingly.

Additional tokenization terms
Account Linking relies on Klarna’s tokenizable Shopping Solutions (Customer Tokens, Access Tokens, Payment Tokens). These tokens are governed by Klarna’s merchant add‑on Tokenization of Shopping Solutions.

By enabling Account Linking you acknowledge and accept those terms and in particular that the Merchant assumes full liability for any Merchant Account Takeover (ATO) fraud carried out with stored tokens.

The terms applicable to Account Linking are available here and are automatically accepted by you as a Merchant if you integrate and use Account Linking.