Skip to main content


Affirm Merchant Help

POST vs. GET method

In the Affirm transaction process after the user confirms their loan, we redirect the user from the domain to the page URL you specified in user_confirmation_url. When redirecting the user, we also send you a checkout token, which you will need to authorize the charge, via an HTTP request either in the request body or the query string of the request.

"merchant": {
    "user_confirmation_url":        "",
    "user_cancel_url":              "",
    "user_confirmation_url_action": "POST", // or "GET"
    "name":                          "External Company Name"

Required url

The customer goes to this URL after they confirm their loan.

A checkout_token is sent to this URL in the POST request. Use the checkout_token to authorize the charge before the customer is redirected to the order confirmation page.

Analytics tags and other query string parameters can be persisted here.


Required url

The customer goes to this URL if they exit the loan application process for any reason. Set this URL to your checkout payment page.

Analytics tags and other query string parameters can be persisted here.


Optional string

Accepted values are GET and POST. Default is POST. Learn more.

Optional string

If you have multiple sites operating under a single Affirm account, you can override the external company/brand name that the customer sees. This affects all references to your company name in the Affirm UI.

You choose how we send the checkout token by setting the user_confirmation_url_action parameter in the checkout object.

  • Setting it to POST sends the checkout token in the body of the HTTP request (default setting)
  • Setting it to GET sends the checkout token in the query string of the HTTP request

When deciding between the 2 options, consider the following:

  • HTTP requests pass data, via either the body or the query string, for several reasons including form information (checkout data), tracking (UTM parameters), queries (searches)
  • POST data sent in the request body won’t appear in a web browser’s navigation bar while GET data sent through the query string will appear in the navigation bar.
  • Best practices for HTTP requests are to use POST requests if the request will affect a change on the receiving end and to use GET requests when retrieving data that doesn’t cause changes on the receiving end
  • GET requests are easier to implement, particularly for high latency sites
  • GET requests will allow customers to refresh the page at user_confirmation_url without being asked to confirm their resubmission

So, the use of POST requests is usually due to a combination of best practices, security, and aesthetics.

  • Was this article helpful?