> ## Documentation Index > Fetch the complete documentation index at: https://docs.mangopay.com/llms.txt > Use this file to discover all available pages before exploring further. # The Preauthorization object ### Description The Preauthorization object enables you to reserve funds on a card so they can be captured later. A preauthorization thus has two parts: * Authorization of the transaction, handled by the Preauthorization object * Capture of the funds, handled by the Preauthorized PayIn object The preauthorized funds can be captured within 6.5 days of a successful authorization. If you require a hold period of longer than 6.5 days, see the Deposit Preauthorization object. Note that preauthorizations may not be permitted by some issuers and for some card types. **Note – Multi-capture available with Visa, Mastercard, CB, and AMEX** Multiple partial captures of the preauthorized amount is possible on the card types: * `CB_VISA_MASTERCARD` * `AMEX` Further captures of the `RemainingFunds` can be made if the `PaymentStatus` is `WAITING`. There is no limit to the number of captures that can be made if each is valid. ### Attributes Max. length: 255 characters The unique identifier of the preauthorization. Max. length: 255 characters Custom data that you can add to this object.\ For preauthorizations, you can use this parameter to identify corresponding information regarding the user or transaction on your platform. The date and time at which the object was created. The unique identifier of the user at the source of the transaction. Information about the preauthorized funds. **Returned values:** The three-letter ISO 4217 code (EUR, GBP, etc.) of a supported currency (depends on feature, contract, and activation settings). The currency of the preauthorized funds. An amount of money in the smallest sub-division of the currency (e.g., EUR 12.60 would be represented as `1260` whereas JPY 12 would be represented as just `12`). Information about the remaining preauthorized funds. **Returned values:** The three-letter ISO 4217 code (EUR, GBP, etc.) of a supported currency (depends on feature, contract, and activation settings). The currency of the preauthorized funds. An amount of money in the smallest sub-division of the currency (e.g., EUR 12.60 would be represented as `1260` whereas JPY 12 would be represented as just `12`). The date and time at which successful authorization occurred. If authorization failed, the value is `null`. **Returned values:** `CREATED`, `SUCCEEDED`, `FAILED` The status of the authorization. **Returned values:** `WAITING`, `CANCELED`, `EXPIRED`, `VALIDATED` The status of the preauthorization object: * `WAITING` – The remaining preauthorized funds can be captured by making one or several preauthorized pay-ins. Pay-ins can only be made against a preauthorization with the `WAITING` status. * `CANCELED` – The preauthorization was canceled manually before any preauthorized pay-ins were made, or it was canceled automatically because the authorization failed. * `EXPIRED` – The hold period on the preauthorized funds has ended without any preauthorized pay-ins taking place. * `VALIDATED` – During the hold period: Indicates that all the preauthorized funds have been captured (`RemainingFunds` is zero) and no more preauthorized pay-ins can be made. After the hold period: Indicates that at least one capture was made during the hold period. The date and time at which the hold period ends and the preauthorized funds are released.\ At the expiration date, the preauthorization’s `PaymentStatus` changes to `EXPIRED` if no captures were made or `VALIDATED` if at least one capture was made. The unique identifier of the first preauthorized pay-in made against the preauthorization. The code indicating the result of the operation. This information is mostly used to handle errors or for filtering purposes. The explanation of the result code. **Default value:** DEFAULT The mode applied for the 3DS2 protocol for CB, Visa, and Mastercard. The options are: * `DEFAULT` – Requests an exemption to strong customer authentication (SCA), and thus a frictionless payment experience, if allowed by your Mangopay contract and accepted by the issuer. * `FORCE` – Requests SCA. * `NO_CHOICE` – Leaves the choice to the issuer whether to allow for a frictionless payment experience or to enforce SCA. The unique identifier of the Card object, obtained during the card registration process. Max. length: 255 characters The URL to which users are automatically returned after 3DS2 if it is triggered (i.e., if the `SecureModeNeeded` parameter is set to `true`). Max. length: 255 characters The URL to which to redirect the user to proceed to 3DS2 validation. **Caution:** This variable URL is specific to each payment. You must rely on the returned URL in full (host, path, and queries) and not hardcode any part of it. Whether or not the `SecureMode` was used. **Returned values:** `CARD`, `DIRECT_DEBIT`, `PREAUTHORIZED`, `BANK_WIRE` The type of pay-in. **Returned values:** `WEB`, `DIRECT`, `EXTERNAL_INSTRUCTION` The type of execution for the pay-in. Max. length: 10 characters; only alphanumeric and spaces Custom description to appear on the user’s bank statement along with the platform name. Different banks may show more or less information. See the Customizing bank statement references article for details. **Returned values:** One of the supported languages in the ISO 639-1 format: DE, EN, ES, FR, IT, NL, PL, PT. The language in which the payment page is to be displayed. Information regarding security and anti-fraud tools. The result of the Address Verification System check (only available for UK, US, and Canada). **Default value:** true Whether multiple captures are activated for the preauthorization. Information about the browser used by the end user (author) to perform the payment. The exact content of the HTTP accept headers as sent to the platform from the end user’s browser. Whether or not the end user’s browser has the ability to execute Java. Format: Two-letter language code (ISO 639-1 alpha-2) followed by two-letter country code (ISO 3166-1 alpha-2), separated by a hyphen (example: `en-US`; pattern:`^[a-zA-Z]{2}(-[a-zA-Z]{2})?$`) The language of the browser. The value representing the depth of the screen’s color palette for displaying images, in bits per pixel. Max. length: 6 characters The height of the screen in pixels. Max. length: 6 characters The width of the screen in pixels. The difference in minutes between the browser’s timezone and UTC. Max. length: 255 characters The exact content of the HTTP User-Agent header. Whether or not the end user’s browser has the ability to execute JavaScript. The IP address of the end user initiating the transaction, in IPV4 or IPV6 format. **Default value:** FirstName, LastName, and Address information of the Shipping object if any, otherwise the user (author). Information about the end user billing address. If left empty, the default values will be automatically taken into account. The first name of the user. Max. length: 100 characters The last name of the user. Information about the billing address. Max. length: 255 characters The first line of the address. Max. length: 255 characters The second line of the address. Max. length: 255 characters The city of the address. Max. length: 255 characters Required if `Country` is US, CA, or MX. The region of the address. Max. length: 255 characters The postal code of the address. The postal code can contain the following characters: alphanumeric, dashes, and spaces. Format: Two-letter country code ([ISO 3166-1 alpha-2 format](/api-reference/overview/data-formats)) The country of the address. **Default value:** FirstName, LastName, and Address information of the Billing object, if supplied, otherwise of the user (author). Information about the end user’s shipping address. The first name of the user. Max. length: 100 characters The last name of the user. Information about the shipping address. Max. length: 255 characters The first line of the address. Max. length: 255 characters The second line of the address. Max. length: 255 characters The city of the address. Max. length: 255 characters Required if `Country` is US, CA, or MX. The region of the address. Max. length: 255 characters The postal code of the address. The postal code can contain the following characters: alphanumeric, dashes, and spaces. Format: Two-letter country code ([ISO 3166-1 alpha-2 format](/api-reference/overview/data-formats)) The country of the address. **Returned values:** `V1`, `V2_1` The 3DS protocol version to be applied to the transaction. **Returned values:** `V1`, `V2_1` The 3DS protocol version applied to the transaction. **Returned values:** `VISA`, `MASTERCARD`, `CB`, `MAESTRO` The card network to use, as chosen by the cardholder, in case of co-branded cards. **Default value:** `ECommerce` **Allowed values:** `ECommerce`, `TelephoneOrder` The channel through which the user provided their card details, used to indicate mail-order and telephone-order (MOTO) payments: * `ECommerce` – Payment received online. * `TelephoneOrder` – Payment received via mail order or telephone order (MOTO). Information about the card used for the transaction. \ If the information or data is not available, `null` is returned. The 6-digit bank identification number (BIN) of the card issuer. The name of the card issuer. Format: Two-letter country code ([ISO 3166-1 alpha-2 format](/api-reference/overview/data-formats)) The country where the card was issued. **Returned values:** `DEBIT`, `CREDIT`, `CHARGE CARD`. The type of card product. The card brand. Examples include: `AMERICAN EXPRESS`, `DISCOVER`, `JCB`, `MASTERCARD`, `VISA`, etc. **Note:** The possible returned values are numerous and liable to evolve over time. The subtype of the card product. Examples include: `CLASSIC`, `GOLD`, `PLATINUM`, `PREPAID`, etc. **Note:** The possible returned values are numerous and liable to evolve over time. The unique reference generated for the profiling session, used by the fraud prevention solution to produce recommendations for the transaction using the profiling data. **Note:** Parameter not returned by the API. Profiling feature available on request – contact Mangopay via the Dashboard for more information. Information about the authentication result, based on the request made by Mangopay and the decision of the issuer regarding the type of authentication to be enforced (if applicable). Response values: `CHALLENGE`, `FRICTIONLESS`, `DIRECT_AUTHORIZATION` The type of authentication: * `CHALLENGE` – The issuer requested SCA to be enforced (for example, using 3DS). * `FRICTIONLESS` – The transaction was exempted from SCA because an exemption was granted by the issuer. * `DIRECT_AUTHORIZATION` – The transaction was sent to the issuer for authorization without any frictionless or challenge (for example, if SCA doesn't apply). A `null` value typically indicates that authentication was not requested (for example, because the request failed before being sent) or a decision was not received. ### Related resources Learn more about 7-day preauthorization