Authorization flow

1. User successfully completes an Affirm checkout & confirms their loan.
2. A webhook request to an optional, self-hosted webhook endpoint URL is initiated by the Affirm API servers
3. The HTTP POST request to the webhook endpoint URL contains the checkout_token in the request form, and has an "event" of "confirmed".
4. Your webhook endpoint reads the request form and temporarily stores this checkout_token.
5. Your webhook endpoint sends a POST request to the Affirm API authorization endpoint (/api/v2/charges/) with the saved checkout_token.
6. Your webhook endpoint expects a response from the Affirm API with the charge information
7. Your webhook endpoint validates that the authorized amount is equal to the order total and that the Order_ID matches the order
8. If the amount and order_id are valid, your webhook endpoint stores the 'id' from the returned charge object. This Charge ID is attached to the order; and is used to uniquely identify the order. All future charge actions require this identifier.
9. Order is created.
10. Customer is presented with order confirmation page/message.

{
    "checkout_token": "XVCZEXIR8NSJC5GK",
    "event_timestamp": "2017-09-27T06:25:31.316430",
    "created": "2017-09-27T06:24:35.787108",
    "event": "confirmed"
}