Bolt.new AI and Worldpay integration: Step-by-Step Guide 2025

To integrate Bolt.new with Worldpay, you don’t “connect Bolt to Worldpay”. What you actually do is: inside Bolt.new you scaffold a backend (Node/Express or similar), add REST calls to the official Worldpay API (the “Worldpay Online Payments API” or the “Worldpay JSON API”, depending on your account), store your API keys as environment variables in the Bolt.new sandbox, and expose endpoints that your Bolt UI or external systems can call. Bolt is simply the workspace where you write and test the integration; the integration itself is a standard HTTPS API integration using secret keys provided by Worldpay.

 

What the integration really is

 

You integrate by building code that calls Worldpay's REST endpoints from inside your Bolt.new backend. Worldpay provides endpoints for actions like creating a payment, capturing a payment, refunding, or tokenizing cards. You authenticate using your Service Key (server-side only) and optionally your Client Key (for frontend tokenization if your flow requires it). Bolt.new provides you with a runtime where you store those keys in environment variables and call the external API using fetch or axios.

• You never expose the Worldpay Service Key to the frontend — keep it in .env variables in Bolt.new's backend.
• You always use HTTPS requests to Worldpay’s real endpoints.
• If you need client-side card entry, you embed Worldpay’s “Hosted Payment Page” or their JS tokenization widget.

 

How to set it up in bolt.new (step-by-step, real and valid)

 

The steps below describe the only correct way to do this: by calling Worldpay’s documented REST API.

• Create a backend in Bolt.new (Node.js + Express is simplest).
• In your Bolt.new environment variables, add:
  WORLDPAY_SERVICE_KEY=your_real_service_key_here
• Use fetch or axios inside the backend to call Worldpay’s API.
• Expose an internal endpoint like /pay that your frontend can call.

 

Real, working example of creating a payment (Worldpay Online Payments API)

 

This uses the /orders endpoint from Worldpay’s JSON API. Replace placeholder values with your actual tokens and test card numbers from Worldpay’s docs.

 

// server.js
// Example Express backend inside Bolt.new
import express from "express";
import fetch from "node-fetch";

const app = express();
app.use(express.json());

app.post("/pay", async (req, res) => {
  try {
    // Example payload from frontend: amount, currency, token
    const { amount, currency, token } = req.body;

    const response = await fetch("https://api.worldpay.com/v1/orders", {
      method: "POST",
      headers: {
        "Authorization": process.env.WORLDPAY_SERVICE_KEY, // Service key only on server
        "Content-Type": "application/json"
      },
      body: JSON.stringify({
        amount: amount,
        currencyCode: currency,
        token: token,               // This token comes from client-side tokenization
        orderType: "ECOM"
      })
    });

    const data = await response.json();
    res.json(data);

  } catch (err) {
    res.status(500).json({ error: err.message });
  }
});

app.listen(3000, () => {
  console.log("Worldpay integration backend running on port 3000");
});

 

How to get the token above

 

Worldpay does not allow raw card numbers to touch your backend. The frontend must first request a temporary card token using your Worldpay Client Key. This depends on which product you use:

• If you use Hosted Payment Page (HPP), the token is returned after the hosted form flow.
• If you use Client-Side Tokenization JS, Worldpay provides a small JS library that produces a token you safely send to your backend.

You then send only the token to your Bolt backend endpoint (/pay).

 

Webhook handling (if you need async confirmation)

 

Worldpay calls your backend via HTTPS webhook to report events like payment captured, payment failed, dispute, etc. In Bolt.new, you add an Express route like /worldpay-webhook and log or process the JSON payload. You configure the webhook URL in the Worldpay Dashboard.

 

// Example webhook handling
app.post("/worldpay-webhook", async (req, res) => {
  // Always verify signature if enabled in your account
  console.log("Webhook event:", req.body);

  res.status(200).send("ok");  // Worldpay expects 200 OK
});

 

Production hardening after prototyping in bolt.new

 

After validating everything inside Bolt.new, you deploy the backend to your actual environment. You must:

• Use HTTPS.
• Store WORLDPAY_SERVICE_KEY and CLIENT\_KEY in a proper secrets manager (not in code).
• Enable Worldpay webhook signatures and verify them.
• Rotate keys regularly.

 

This is the complete, valid, real-world pattern: inside Bolt.new you write and test code that issues HTTPS requests to Worldpay’s official APIs using their documented authentication model. There is no special Bolt‑specific connector — you build a standard REST integration exactly as Worldpay intends.