POST vs. GET method


In the Affirm transaction process after the user confirms their loan, we redirect the user from the domain to the page URL you specified in user_confirmation_url. When redirecting the user, we also send you a checkout token, which you will need to authorize the charge, via an HTTP request either in the request body or the query string of the request.

Convert from POST to GET

You choose how we send the checkout token by setting the user_confirmation_url_action parameter in the checkout object.

  • Setting it to POST sends the checkout token in the body of the HTTP request (default setting)
  • Setting it to GET sends the checkout token in the query string of the HTTP request

When deciding between the 2 options, consider the following:

  • HTTP requests pass data, via either the body or the query string, for several reasons including form information (checkout data), tracking (UTM parameters), queries (searches)
  • POST data sent in the request body won't appear in a web browser's navigation bar while GET data sent through the query string will appear in the navigation bar.
  • Best practices for HTTP requests are to use POST requests if the request will affect a change on the receiving end and to use GET requests when retrieving data that doesn't cause changes on the receiving end
  • GET requests are easier to implement, particularly for high latency sites
  • GET requests will allow customers to refresh the page at user_confirmation_url without being asked to confirm their resubmission

So, the use of POST requests is usually due to a combination of best practices, security, and aesthetics.

Switching from POST to GET is a simple three step process.

Step 1:

On your checkout page that calls affirm.checkout(checkoutObject)

a) If you do not have user_confirmation_url_action set in the merchant configuration object, you can add user_confirmation_url_action: GET to the object

b) If you already have user_confirmation_url_action set, change the value from POST to GET

Step 2:

Adjust the page you use for your user_confirmation_url to support HTTP GET requests. The checkout token will be an additional parameter in the query string

Step 3:

Test your checkout flow!