Direct Checkout
Server-side webhook (optional)
Authorization flow
- User successfully completes an Affirm checkout & confirms their loan.
- A webhook request to an optional, self-hosted webhook endpoint URL is initiated by the Affirm API servers
- The HTTP POST request to the webhook endpoint URL contains the checkout_token in the request form, and has an "event" of "confirmed".
- Your webhook endpoint reads the request form and temporarily stores this checkout_token.
- Your webhook endpoint sends a POST request to the Affirm API authorization endpoint (/api/v2/charges/) with the saved checkout_token.
- Your webhook endpoint expects a response from the Affirm API with the charge information
- Your webhook endpoint validates that the authorized amount is equal to the order total and that the Order_ID matches the order
- If the amount and order_id are valid, your webhook endpoint stores the 'id' from the returned charge object. This Charge ID is attached to the order; and is used to uniquely identify the order. All future charge actions require this identifier.
- Order is created.
- Customer is presented with order confirmation page/message.
Trigger: When the customer has confirmed the loan. This is the last step of the Affirm checkout flow, and should subsequently trigger charge authorization.
{ "checkout_token": "XVCZEXIR8NSJC5GK", "event_timestamp": "2017-09-27T06:25:31.316430", "created": "2017-09-27T06:24:35.787108", "event": "confirmed" }