Checkout & Payments

how ai assisted purchases flow through forter agentic orchestration to your backend when a customer purchases through an ai shopping agent (like chatgpt or google gemini), forter handles the entire checkout process—from cart creation to payment processing—and delivers completed orders directly to your existing fulfillment system how it works checkout lifecycle customer initiates purchase — a customer tells an ai agent they want to buy a product from your catalog forter validates the order — we verify product availability, calculate shipping options, and compute taxes payment is processed — the ai platform collects payment details securely; forter processes the transaction through your configured payment provider order is delivered to you — the completed order is sent to your backend via platform integration or webhook from your perspective, agentic orders appear alongside your regular orders—same fulfillment process, same customer service workflow what you need to configure payment & fraud configuration forter implements the full agentic commerce protocol (acp) so you don't need to however, you choose who handles payment processing and fraud validation option a merchant side payment handling (default recommended) what happens forter creates orders in your system with payment references you process payments through your existing payment provider you handle fraud checks through your existing rules what you configure in forter portal integration credentials (shopify admin api token, sfcc ocapi credentials, or custom webhook url) tax nexus regions for sales tax calculation payment settings is validate=true , is authorize=false , is capture=false (default) best for most merchants who want to maintain control over payment processing and use existing payment infrastructure option b forter side payment handling (optional) what happens forter validates orders for fraud before creating them in your system forter authorizes/captures payments via forter payment orchestration orders are created in your system with completed payment status what you configure in forter portal validation api key — forter fraud detection credentials (contact your forter representative) payment api key — forter payment orchestration credentials (contact your forter representative) payment settings is validate=true , is authorize=true , is capture=true (or false for manual capture) supported payment providers stripe, adyen, braintree, or custom psp best for merchants who want forter to handle end to end fraud detection and payment processing what forter always handles (regardless of option) implementation of the full openai agentic commerce protocol pci compliance and secure card tokenization (on separate pci domain) order state management and session handling order delivery to your backend (via platform api or webhook) tax nexus specify the us states where you have tax nexus forter calculates sales tax only for states where you're registered state and county rate lookups category specific rules (clothing exemptions, food rates) tax holiday detection (back to school, etc ) order delivery completed orders are delivered to your backend based on your integration method shopify integration forter creates orders as draft orders in shopify via the admin api orders appear in shopify admin > orders can be auto completed or manually reviewed before finalization uses the same shopify admin api access token configured for catalog sync sfcc integration forter creates orders directly in sfcc via ocapi basket/order apis orders appear in merchant tools > ordering > orders uses the same ocapi client id/secret configured for catalog sync custom integration — three merchant endpoints for custom backends, forter calls three separate post endpoints during the checkout lifecycle each request includes an event envelope and agent context endpoint authentication forter supports two authentication methods (both can be enabled simultaneously) bearer token authorization bearer {webhook secret} hmac sha256 payload signing {your store name} signature hmac sha256={hex digest} configure which methods to enable in the forter portal under merchant platform 1\ account endpoint ( event type "account login" ) — non fatal looks up whether a customer exists if it fails, checkout continues // request { "event" { "id" "evt abc", "type" "account login", "timestamp" "2026 02 09t12 00 00z" }, "agent" { "source" "openai", "platform" "chatgpt instant checkout" }, "email" "customer\@example com", "phone" "+14155551234" } // response { "success" true, "account id" "cust 123", "reference id" "ref abc", "status" "active" } 2\ cart endpoint ( event type "cart created" | "cart updated" ) — fatal prices items, returns shipping options and totals all prices in dollars (decimal), not cents // request { "event" { "id" "evt def", "type" "cart created", "timestamp" "2026 02 09t12 00 00z" }, "agent" { "source" "openai", "platform" "chatgpt instant checkout" }, "reference id" "ref abc", "currency id" "usd", "items" \[{ "product id" "sku 001", "quantity" 2 }], "buyer" { "email" "customer\@example com", "first name" "john", "last name" "doe" }, "recipient" { "shipping id" "standard", "first name" "john", "last name" "doe", "address" { "line one" "123 main st", "city" "san francisco", "region id" "ca", "country id" "us", "postal code" "94102" } } } // response { "success" true, "reference id" "ref abc", "items" \[{ "product id" "sku 001", "quantity" 2, "price" 29 99, "effective price" 29 99, "subtotal" 59 98 }], "shipping options" \[ { "id" "standard", "title" "standard shipping", "description" "5 7 business days", "price" 5 99 } ], "totals" { "subtotal" 59 98, "discount" 0, "tax" 4 80, "shipping" 5 99, "total" 70 77 } } 3\ checkout endpoint ( event type "order created" ) — fatal creates the order and processes payment includes a payment block with provider, token, and card metadata // request { "event" { "id" "evt ghi", "type" "order created", "timestamp" "2026 02 09t12 00 00z" }, "agent" { "source" "openai", "platform" "chatgpt instant checkout" }, "reference id" "ref abc", "account id" "cust 123", "currency id" "usd", "items" \[{ "product id" "sku 001", "quantity" 2, "price" 29 99, "effective price" 29 99, "subtotal" 59 98 }], "buyer" { "email" "customer\@example com", "first name" "john", "last name" "doe", "phone" "+14155551234", "address" { "line one" "123 main st", "city" "san francisco", "region id" "ca", "country id" "us", "postal code" "94102" } }, "recipient" { "shipping id" "standard", "first name" "john", "last name" "doe", "address" { "line one" "123 main st", "city" "san francisco", "region id" "ca", "country id" "us", "postal code" "94102" } }, "payment" { "provider" "stripe", "token" "tok visa 4242", "card" { "brand" "visa", "last4" "4242", "exp month" 12, "exp year" 2027 } }, "totals" { "subtotal" 59 98, "discount" 0, "tax" 4 80, "shipping" 5 99, "total" 70 77 } } // response { "success" true, "order id" "ord 12345" } reference id flow any endpoint can return a reference id in its response forter passes this id to all subsequent endpoint calls, allowing you to correlate the account lookup, cart, and order in your system for full endpoint specifications and examples, see custom integration guide docid\ ntmq78zxvpnasxhkcjkpi \ \## portal configuration configure these settings in the forter portal to enable checkout and payment processing \### 1 basic store information \| field | description | required | \| | | | \| store title | your store name (shown in ai platforms) | yes | \| store url | your store homepage | yes | \| logo url | url to your store logo | optional | \| currency | primary currency (e g , usd, eur, gbp) | yes | \### 2 store policies \| field | description | required | \| | | | \| terms of service url | link to your terms | yes | \| privacy policy url | link to your privacy policy | yes | \| return policy url | link to your return policy | yes | \| return window (days) | number of days for returns | optional | \### 3 integration credentials choose based on your integration method shopify integration \| field | description | required | \| | | | \| shop domain | your myshopify com domain | yes | \| admin api access token | from shopify custom app | yes | sfcc integration \| field | description | required | \| | | | \| sfcc instance url | your sfcc instance | yes | \| site id | your site identifier | yes | \| ocapi client id | from ocapi settings | yes | \| ocapi client secret | from ocapi settings | yes | custom integration \| field | description | example | required | \| | | | | \| account endpoint url | customer account lookup | `"https //store com/api/account"` | optional | \| cart endpoint url | cart pricing and shipping | `"https //store com/api/cart"` | yes | \| checkout endpoint url | order creation | `"https //store com/api/checkout"` | yes | \| webhook secret | secret for bearer token and/or hmac signing | auto generated or custom | yes | \| authentication | enable bearer token auth | toggle on/off | recommended | \| payload signing | enable hmac sha256 payload signing | toggle on/off | optional | \| order status url | template for order tracking | `"https //store com/orders/{order id}"` | optional | \### 4 payment & fraud settings default (merchant side handling) \| field | description | default | \| | | | \| enable forter validation | forter fraud validation | `false` | \| enable forter authorization | forter payment authorization | `false` | \| enable forter capture | forter payment capture | `false` | optional (forter side handling) \| field | description | required | \| | | | \| validation api key | forter fraud validation credentials | yes (if enabled) | \| payment api key | forter payment orchestration credentials | yes (if enabled) | \| enable forter validation | forter fraud validation | set to `true` | \| enable forter authorization | forter payment authorization | set to `true` | \| enable forter capture | forter payment capture | `true` or `false` | \<! !\[forter portal payment settings]\( /assets/forter portal payment settings png) not created yet > \### 5 tax configuration \| field | description | example | required | \| | | | | \| tax nexus regions | us states where you collect sales tax | `\["ca", "ny", "tx"]` | yes (us merchants) | note for shopify merchants, shopify's tax engine handles all tax calculations based on your shopify tax settings forter uses shopify's calculated taxes automatically \<! !\[forter portal tax nexus configuration]\( /assets/forter portal tax nexus config png) not created yet > \ \## fraud protection fraud protection depends on your payment handling configuration \### merchant side fraud validation (default) when you handle payments on your side (default configuration) \ you run fraud checks through your existing fraud prevention tools \ forter creates orders in your system with payment references \ you validate and process payments according to your existing rules \### forter side fraud validation (optional) when you enable forter side payment handling \ every transaction is protected by forter identity intelligence \ risk assessment — each order is evaluated for fraud risk before payment is processed \ behavioral analysis — forter analyzes patterns across billions of transactions to identify suspicious activity \ configurable actions — set rules for automatic approval, decline, or manual review based on risk scores \ agentic purchases have different risk patterns than traditional e commerce—forter's models are trained to distinguish legitimate ai assisted purchases from fraud \ \## order management \### viewing agentic orders agentic orders flow into your existing systems based on your integration \ shopify integration — orders appear in shopify admin > orders (as draft orders) \ sfcc integration — orders appear in merchant tools > ordering > orders \ custom integration — orders delivered to your webhook endpoint as json payloads orders include metadata indicating they originated from an ai shopping agent \### returns and refunds handle returns through your normal process the order payload includes all necessary customer and shipping information for standard return workflows \### reporting the forter dashboard provides visibility into agentic commerce \ transaction volume — checkout sessions and completed orders \ conversion rates — from session creation to order completion \ error rates — failed checkouts and payment declines \<! !\[forter portal order monitoring dashboard]\( /assets/forter portal order monitoring png) not created yet > \ \## api endpoints the checkout flow is implemented via the \[openai agentic commerce protocol]\(https //developers openai com/commerce/specs/checkout) \| step | endpoint | purpose | \| | | | \| 1 create session | `post /checkout sessions` | initialize checkout with cart items | \| 2 select fulfillment | `post /checkout sessions/{id}` | add shipping address, select shipping option; tax is calculated | \| 3 tokenize payment | `post /agentic commerce/delegate payment` | securely tokenize payment credentials (pci domain) | \| 4 complete order | `post /checkout sessions/{id}/complete` | finalize order with payment token, process payment, proxy to backend | \| 5 check status | `get /checkout sessions/{id}` | retrieve order status | \| 6 cancel session | `post /checkout sessions/{id}/cancel` | cancel an in progress session | for complete endpoint documentation, see the api reference in the public documentation \ \## pci compliance forter handles all payment card data in a pci dss level 1 compliant environment payment tokenization occurs on a separate pci compliant domain (`{site id} agentic pci checkouttools com`) your servers never receive or store raw card numbers—you remain outside of pci scope \ \## related documentation \ \[quickstart guide]\( /getting started/quickstart md) — step by step integration setup \ \[catalog & inventory]\(catalog md) — connect your product data \ \[faq]\( /resources/faq md) — common questions