Use Cases
/
Validate Order
Last updated

Validate order

This page describes how to validate an order before completion using Kustom Checkout (KCO).

Use cases

Kustom Checkout (KCO) provides a callback mechanism for merchants to validate orders before finalization. This is useful for various scenarios:

  • Out of stock validation: Verify item availability before purchase.
  • Delivery limitations: Ensure products can ship to the provided address.
  • Order number generation: Generate internal order IDs for tracking.
  • Blacklisted consumers: Prevent sales to specific customers or addresses.
  • Discount coupon validation: Validate discount codes to prevent misuse.
  • Cart validation: Prevent fraudulent purchases by comparing the KCO order with the internal cart.

How it’s done

Order validation flowchart

Order configuration

Include the optional merchant_urls.validation property in order configuration. Use HTTPS for the validation URI.

All communication with the validation URI is encrypted. Use HTTPS for this URI.

  "merchant_urls": {
    "terms": "https://merchant.com/toc",
    "checkout": "https://merchant.com/checkout?kustom_order_id={checkout.order.id}",
    "confirmation": "https://merchant.com/confirmation?kustom_order_id={checkout.order.id}",
    "push": "https://merchant.com/push?kustom_order_id={checkout.order.id}",
    "validation": "https://merchant.com/validation?kustom_order_id={checkout.order.id}"
  }

Respond to KCO’s POST request

A POST request is sent to the merchant_urls.validation endpoint when the user clicks "buy now." The request body contains the order details.

You do not need to fetch the order from KCO; all information is included in the POST request body.

The system expects a response within 3 seconds. If no response is received and require_validate_callback_success: false, the order is automatically approved. If require_validate_callback_success: true, a 10-second timeout triggers order failure.

  • Approve: Respond with HTTP status 200 OK.
  • Deny: Respond with HTTP status 303 See Other, including a Location header to a custom page explaining the rejection reason.

The rejection page should be hosted by you and should provide clear reasons for the purchase denial.

Cards and 3D Secure

An HTTP 200 OK response does not guarantee order completion if the payment involves 3D Secure authentication. Kustom retains a card reservation even if the validation callback is responded to with HTTP 303 (deny purchase) after the authentication step. Order completion occurs only after the final authentication step.

Previous page
Next page