3. Authorize

When the customer presses the buy/continue* submit button on your checkout page, you call our Javascript SDK to authorize the order at Klarna and receive an authorization token in return. The authorization token gives you the flexibility to authorize and place the order in separate steps. 

*If you have a

  • single-page checkout, you call authorize when the consumer presses the buy button
  • multiple-page checkout, you call authorize when the consumer presses the continue/review order button

Placing the final order can then be done either immediately, or on a separate page. This is entirely up to you.


3.1 Authorize the order

Call authorize in the JavaScript SDK. In this call, you may also pass the billing (and optionally shipping) address. Klarna will use all information that has been collected during this session when authorizing the order.

  payment_method_category: "pay_over_time"
}, {
  purchase_country: "US",
  purchase_currency: "USD",
  locale: "en-US",
  billing_address: {
    given_name: "John",
    family_name: "Doe",
    email: "john@doe.com",
    title: "Mr",
    street_address: "Lombard St 10",
    street_address2: "Apt 214",
    postal_code: "90210",
    city: "Beverly Hills",
    region: "CA",
    phone: "333444555",
    country: "US"
  shipping_address: {
    given_name: "John",
    family_name: "Doe",
    email: "john@doe.com",
    title: "Mr",
    street_address: "Lombard St 10",
    street_address2: "Apt 214",
    postal_code: "90210",
    city: "Beverly Hills",
    region: "CA",
    phone: "333444555",
    country: "US"
  order_amount: 10,
  order_tax_amount: 0,
  order_lines: [{
    type: "physical",
    reference: "19-402-USA",
    name: "Battery Power Pack",
    quantity: 1,
    unit_price: 10,
    tax_rate: 0,
    total_amount: 10,
    total_discount_amount: 0,
    total_tax_amount: 0,
    product_url: "https://www.estore.com/products/f2a8d7e34",
    image_url: "https://www.exampleobjects.com/logo.png"
  customer: {
    date_of_birth: "1970-01-01",
    gender: "male"
 }, function(res) {

There is no need to provide fields that have already been provided previously during the session, unless the content in those fields has changed. That said, providing the same data again will not break anything. Best practice is to call authorize using a full request (like in the example above) to be sure the most up to date content is being authorized. 

User interaction during the authorize call

When authorizing the order, Klarna conducts a full risk assessment. Therefore, from the point where you call authorize until you receive the callback you must:

  1. Avoid sending another authorize call (e.g. disable the buy button from being clicked again)
  2. Show to the consumer that the order is being processed (e.g. by showing a loading spinner)
  3. Prevent consumer from changing order or billing details (e.g. lock the input fields on your page)

The callback is typically received within seconds, but may take up to a minute or so in case a consumer sign-up is required when the user interacts with the widget.

3.2 Act on the callback from the authorize call

When the widget has processed the authorization, the callback will be executed. 

The callback function parameter is an object containing the following properties

  • approved (true/false) - the authorization result, approved or denied
  • show_form (true/false) - whether the Klarna Widget should be displayed or hidden
  • authorization_token - a token which allows you to place the order via a server side call, only returned if the authorization was approved
  • error - contains details of potential error messages

Order approved

If approved: true, then Klarna has approved the authorization of credit for this order.

   authorization_token: "b4bd3423-24e3", 
   approved: true, 
   show_form: true

The authorization_token allows you to complete the order by the server side place order call. The token is valid for 60 minutes. During this time, the authorization is guaranteed. In case the place order is performed beyond the expiry, Klarna will try to re-authorize the order but cannot guarantee a successful outcome.

  • Best practice tip: You may store the authorization_token in a hidden form field and submit it to the backend with the "buy" / "Place order" form submit button.


Order not approved

If approved: false, Klarna cannot approve the purchase. There are now two options

More information needed

show_form: true and e.g error: { invalid_fields: ["billing_address.email"] } } the widget will display an error message to the consumer, asking them to correct it before you re-authorize the order. You may use the error message in the callback object to highlight a particular entry field (in this case the customers email address) on your page. 

Customer interaction aborted

If show_form: true and no error is included in the callback, the customer has aborted a required interaction in the widget i.e. the credit signup flow. In this case you should continue to show Klarna's options as the customer might want to make another attempt at completing the purchase with Klarna. 

Order declined

If show_form: falsethe order is declined. The widget should be hidden and the user should select another payment method. 

Read more about your options to handle declines in the section about use of form true/false


With an authorization_token, it is possible to create tokens for recurring charges or directly place an order using the order endpoint.
The token endpoint is called to tokenize the payment method and create the chargeable customer token. The server call includes the authorization_token in the URL and a successful registration for a token would return a customer_token id. The customer token can then be used in order to charge the customer without the customer being present.

3.3 Create Customer Token

After having obtained an authorization token instead of placing the order you can use the authorization token to create a customer token.
There is no need to charge the customer at this point, the customer token can be created, stored, and charged at a later stage. 

POST /payments/v1/authorizations/{authorizationToken}/customer-token
Authorization: Basic pwhcueUff0MmwLShJiBE9JHA==
Content-Type: application/json

  "purchase_country": "SE",
  "locale": "sv-SE",
  "billing_address" : {
    "given_name": "Doe",
    "family_name": "John",
    "email": "direct_debit@klarna.com",
    "phone": "01895808221",
    "street_address": "Stårgatan 1",
    "postal_code": "12345",
    "city": "Ankeborg",
    "country": "SE"
  "description": "MySaaS subscription",
  "intended_use": "subscription",
  "merchant_urls": {
    "confirmation": "string"

The response will contain a redirect URL to which the user should be redirected. The user will bounce through Klarna and be redirected to the confirmation URL provided in the API calls.

HTTP/1.1 200 OK

Content-Type: application/json
Klarna-Correlation-Id: e19dc121-1276-419d-882a-c343d58fb9aa

  "id": "0b1d9815-165e-42e2-8867-35bc03789e00",
  "redirect_url": "string"

3.4 Release Authorization

After creating a token the authorized amount can be released if it the authorization token won’t be used to place an order immediately. Releasing the authorized amount will free up the available purchase amount for this customer. Realising the authorized amount is done by performing a Delete operation. Additional reading can be found here.

Example request:

DELETE /payments/v1/authorizations/{authorizationToken}
Authorization: Basic pwhcueUff0MmwLShJiBE9JHA==
Content-Type: application/json
{ }

Example response:

HTTP/1.1 204 No Content

Content-Type: application/json
Klarna-Correlation-Id: e19dc121-1276-419d-882a-c343d58fb9aa

{ }

What's next?

Using the authorization token, you will now call the server side REST API to place the order