How to process a 7-day card preauthorization

Introduction

This how-to guide will show you how to preauthorize funds on a card for 7 days and then debit the payment.

Prerequisites

A ClientId and an API key – if you don’t have these, contact Sales to get access to the Mangopay Dashboard
A User object created for your end user, and their associated Wallet
A registered card (Visa, Mastercard, CB, or AMEX), which is VALID or registered less than 24 hours ago, to make the payments
The URL of a page on your platform to return the end user to after authentication

The preauthorization feature allows you to reserve funds on a card so they can be captured later. It’s a two-step process:

Preauthorize the funds to hold them for a defined period
Make the capture of the funds before the end of the hold period

This guide focuses on the 7-day preauthorization feature.

Learn more about preauthorizations

1. Secure the funds

Create a preauthorization to request to hold funds for 7 days.

Make the request

POST /v2.01/{ClientId}/preauthorizations/card/direct

1 {
2     "AuthorId": "user_m_01HWAR82HD4D8CQ67J02YMKM82",
3     "DebitedFunds": {
4         "Currency": "EUR",
5         "Amount": 10000
6     },
7     "Billing": {
8         "FirstName": "Alex",
9         "LastName": "Smith",
10         "Address": {
11             "AddressLine1": "6 rue de la Cité",
12             "AddressLine2": "Appartement 3",
13             "City": "Paris",
14             "Region": "Île-de-France",
15             "PostalCode": "75004",
16             "Country": "FR"
17         }
18     },
19     "Shipping": {
20         "FirstName": "Alex",
21         "LastName": "Smith",
22         "Address": {
23             "AddressLine1": "6 rue de la Cité",
24             "AddressLine2": "Appartement 3",
25             "City": "Paris",
26             "Region": "Île-de-France",
27             "PostalCode": "75004",
28             "Country": "FR"
29         }
30     },
31     "Culture": "EN",
32     "CardId": "204068248",
33     "SecureModeReturnURL": "http://example.com",
34     "IpAddress": "036b:fb18:4568:4031:76a9:2aac:13c7:3cf0",
35     "BrowserInfo": {
36         "AcceptHeader": "text/html, application/xhtml+xml, application/xml;q=0.9, /;q=0.8",
37         "JavaEnabled": true,
38         "Language": "FR-FR",
39         "ColorDepth": 4,
40         "ScreenHeight": 1800,
41         "ScreenWidth": 400,
42         "TimeZoneOffset": 60,
43         "UserAgent": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_6_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148",
44         "JavascriptEnabled": true
45     }
46 }

In the information returned, make sure you keep the Id of the Preauthorization for the next steps.

API response

1 {
2     "Id": "205734378",
3     "Tag": null,
4     "CreationDate": 1696847591,
5     "AuthorId": "204068024",
6     "DebitedFunds": {
7         "Currency": "EUR",
8         "Amount": 10000
9     },
10     "RemainingFunds": {
11         "Currency": "EUR",
12         "Amount": 10000
13     },
14     "AuthorizationDate": null,
15     "Status": "CREATED",
16     "PaymentStatus": "WAITING",
17     "ExpirationDate": null,
18     "PayInId": null,
19     "ResultCode": null,
20     "ResultMessage": null,
21     "SecureMode": "DEFAULT",
22     "CardId": "204068248",
23     "SecureModeReturnURL": "http://example.com?preAuthorizationId=205734378",
24     "SecureModeRedirectURL": "https://api.sandbox.mangopay.com:443/Redirect/ACSWithoutValidation?token=1fd1781c9a404280acbb94fa48d40a3f&mgpsecureid=1fd1781c9a404280acbb94fa48d40a3f",
25     "SecureModeNeeded": true,
26     "PaymentType": "CARD",
27     "ExecutionType": "DIRECT",
28     "StatementDescriptor": null,
29     "Culture": "EN",
30     "SecurityInfo": {
31         "AVSResult": "NO_CHECK"
32     },
33     "MultiCapture": true,
34     "BrowserInfo": {
35         "AcceptHeader": "text/html, application/xhtml+xml, application/xml;q=0.9, /;q=0.8",
36         "JavaEnabled": true,
37         "Language": "FR-FR",
38         "ColorDepth": 4,
39         "ScreenHeight": 1800,
40         "ScreenWidth": 400,
41         "TimeZoneOffset": 60,
42         "UserAgent": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_6_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148",
43         "JavascriptEnabled": true
44     },
45     "IpAddress": "036b:fb18:4568:4031:76a9:2aac:13c7:3cf0",
46     "Billing": {
47         "FirstName": "Alex",
48         "LastName": "Smith",
49         "Address": {
50             "AddressLine1": "6 rue de la Cité",
51             "AddressLine2": "Appartement 3",
52             "City": "Paris",
53             "Region": "Île-de-France",
54             "PostalCode": "75004",
55             "Country": "FR"
56         }
57     },
58     "Shipping": {
59         "FirstName": "Alex",
60         "LastName": "Smith",
61         "Address": {
62             "AddressLine1": "6 rue de la Cité",
63             "AddressLine2": "Appartement 3",
64             "City": "Paris",
65             "Region": "Île-de-France",
66             "PostalCode": "75004",
67             "Country": "FR"
68         }
69     },
70     "Requested3DSVersion": null,
71     "Applied3DSVersion": "V2_1"
72 }

Redirect the user to 3DS protocol (if required)

Redirect the user to the SecureModeRedirectURL value to complete strong customer authentication, unless it is null. If SecureModeRedirectURL is null, this means that 3DS is not required and no redirection is needed.

You can also use the SecureModeNeeded boolean to determine this redirection behavior.

For more information on how to handle 3DS redirection, see Steps 4, 6, and 7 of the How to process a card payment guide.

2. Capture the funds

Once the Preauthorization PaymentStatus is WAITING, you can capture the funds with a preauthorized pay-in.

The preauthorized pay-in must be:

For an amount equal to or less than the preauthorized amount (full or partial capture)
Done within 6.5 days of a successful authorization

Set up webhook notifications for the following EventType in order to be notified when it is possible or too late to make a pay-in against a preauthorization:

PREAUTHORIZATION_PAYMENT_WAITING
PREAUTHORIZATION_PAYMENT_EXPIRED

In the following calls, use the Id of the Preauthorization obtained previously as the PreauthorizationId.

Make a full capture

Use the Create a Preauthorized PayIn endpoint and make sure the Amount value of the DebitedFunds is equal to the preauthorized funds.

POST /v2.01/{ClientId}/payins/preauthorized/direct

1 {
2    "DebitedFunds": {
3        "Currency": "EUR",
4        "Amount": 10000
5    },
6    "Fees": {
7        "Currency": "EUR",
8        "Amount": 0
9    },
10    "CreditedWalletId": "204089031",
11    "PreauthorizationId": "205734378"
12 }

If the preauthorized pay-in is successful, the corresponding preauthorization is updated accordingly: it’s PaymentStatus changes to VALIDATED as there are no RemainingFunds left to be captured.

Use the View a Preauthorization endpoint to see this:

API response

1 {
2     "Id": "205734378",
3     "Tag": null,
4     "CreationDate": 1696847591,
5     "AuthorId": "204068024",
6     "DebitedFunds": {
7         "Currency": "EUR",
8         "Amount": 10000
9     },
10     "RemainingFunds": {
11         "Currency": "EUR",
12         "Amount": 0
13     },
14     "AuthorizationDate": 1696847611,
15     "Status": "SUCCEEDED",
16     "PaymentStatus": "VALIDATED",
17     "ExpirationDate": 1697409211,
18     "PayInId": "205736202",
19     "ResultCode": "000000",
20     "ResultMessage": "Success",
21     "SecureMode": "DEFAULT",
22     "CardId": "204068248",
23     "SecureModeReturnURL": "http://example.com?preAuthorizationId=205734378",
24     "SecureModeRedirectURL": null,
25     "SecureModeNeeded": true,
26     "PaymentType": "CARD",
27     "ExecutionType": "DIRECT",
28     "StatementDescriptor": null,
29     "Culture": "EN",
30     "SecurityInfo": {
31         "AVSResult": "NO_CHECK"
32     },
33     "MultiCapture": true,
34     "BrowserInfo": {
35         "AcceptHeader": "text/html, application/xhtml+xml, application/xml;q=0.9, /;q=0.8",
36         "JavaEnabled": true,
37         "Language": "FR-FR",
38         "ColorDepth": 4,
39         "ScreenHeight": 1800,
40         "ScreenWidth": 400,
41         "TimeZoneOffset": 60,
42         "UserAgent": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_6_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148",
43         "JavascriptEnabled": true
44     },
45     "IpAddress": "036b:fb18:4568:4031:76a9:2aac:13c7:3cf0",
46     "Billing": {
47         "FirstName": "Alex",
48         "LastName": "Smith",
49         "Address": {
50             "AddressLine1": "6 rue de la Cité",
51             "AddressLine2": "Appartement 3",
52             "City": "Paris",
53             "Region": "Île-de-France",
54             "PostalCode": "75004",
55             "Country": "FR"
56         }
57     },
58     "Shipping": {
59         "FirstName": "Alex",
60         "LastName": "Smith",
61         "Address": {
62             "AddressLine1": "6 rue de la Cité",
63             "AddressLine2": "Appartement 3",
64             "City": "Paris",
65             "Region": "Île-de-France",
66             "PostalCode": "75004",
67             "Country": "FR"
68         }
69     },
70     "Requested3DSVersion": null,
71     "Applied3DSVersion": "V2_1"
72 }

Make a partial capture

Use the Create a Preauthorized PayIn endpoint and specify the portion of the preauthorized funds you want to capture.

POST /v2.01/{ClientId}/payins/preauthorized/direct

1 {
2    "DebitedFunds": {
3        "Currency": "EUR",
4        "Amount": 500
5    },
6    "Fees": {
7        "Currency": "EUR",
8        "Amount": 0
9    },
10    "CreditedWalletId": "204089031",
11    "PreauthorizationId": "205734378"
12 }

If the preauthorized pay-in is successful, the corresponding preauthorization is updated accordingly:

The RemainingFunds equals the initial preauthorized funds minus de pay-in DebitedFunds and Fees.
The PaymentStatus remains as WAITING, allowing you to make another capture for the remaining funds.

You can View a Preauthorization to see these details.

API response - View a Preauthorization

1 {
2     "Id": "205734378",
3     "Tag": null,
4     "CreationDate": 1696847591,
5     "AuthorId": "204068024",
6     "DebitedFunds": {
7         "Currency": "EUR",
8         "Amount": 5000
9     },
10     "RemainingFunds": {
11         "Currency": "EUR",
12         "Amount": 5000
13     },
14     "AuthorizationDate": 1696847611,
15     "Status": "SUCCEEDED",
16     "PaymentStatus": "WAITING",
17     "ExpirationDate": 1697409211,
18     "PayInId": "205736202",
19     "ResultCode": "000000",
20     "ResultMessage": "Success",
21     "SecureMode": "DEFAULT",
22     "CardId": "204068248",
23     "SecureModeReturnURL": "http://example.com?preAuthorizationId=205734378",
24     "SecureModeRedirectURL": null,
25     "SecureModeNeeded": true,
26     "PaymentType": "CARD",
27     "ExecutionType": "DIRECT",
28     "StatementDescriptor": null,
29     "Culture": "EN",
30     "SecurityInfo": {
31         "AVSResult": "NO_CHECK"
32     },
33     "MultiCapture": true,
34     "BrowserInfo": {
35         "AcceptHeader": "text/html, application/xhtml+xml, application/xml;q=0.9, /;q=0.8",
36         "JavaEnabled": true,
37         "Language": "FR-FR",
38         "ColorDepth": 4,
39         "ScreenHeight": 1800,
40         "ScreenWidth": 400,
41         "TimeZoneOffset": 60,
42         "UserAgent": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_6_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148",
43         "JavascriptEnabled": true
44     },
45     "IpAddress": "036b:fb18:4568:4031:76a9:2aac:13c7:3cf0",
46     "Billing": {
47         "FirstName": "Alex",
48         "LastName": "Smith",
49         "Address": {
50             "AddressLine1": "6 rue de la Cité",
51             "AddressLine2": "Appartement 3",
52             "City": "Paris",
53             "Region": "Île-de-France",
54             "PostalCode": "75004",
55             "Country": "FR"
56         }
57     },
58     "Shipping": {
59         "FirstName": "Alex",
60         "LastName": "Smith",
61         "Address": {
62             "AddressLine1": "6 rue de la Cité",
63             "AddressLine2": "Appartement 3",
64             "City": "Paris",
65             "Region": "Île-de-France",
66             "PostalCode": "75004",
67             "Country": "FR"
68         }
69     },
70     "Requested3DSVersion": null,
71     "Applied3DSVersion": "V2_1"
72 }

If the registered card CardType is CB_VISA_MASTERCARD, you can make as many partial captures as needed until you reach the preauthorized amount.

If you know that you won’t use the remaining preauthorized funds before the end of the hold period, you can release the funds manually to free them for the user (see Step 3).

Once the hold period is over:

If at least one capture was made, the Preauthorization’s PaymentStatus changes to VALIDATED.
If no capture was made, the Preauthorization’s PaymentStatus changes to EXPIRED.

3. Release manually unused funds (recommended)

You can manually close the preauthorization hold period before the ExpirationDate to release the preauthorized funds for the user. If you don’t do this, the funds will be released at the ExpirationDate

Validate a partially used preauthorization

If at least one preauthorized pay-in has been made to capture funds (partial capture), you can release the remaining preauthorized funds by changing the PaymentStatus to VALIDATED.

PUT /v2.01/{ClientId}/preauthorizations/{PreauthorizationId}

1 {
2    "PaymentStatus": "VALIDATED"
3 }

Once this is done, no more captures can be made against the preauthorization.

Cancel an unused preauthorization

If no preauthorized pay-in has been made to capture the funds, you can release the remaining funds by changing the PaymentStatus to CANCELED.

PUT /v2.01/{ClientId}/preauthorizations/{PreauthorizationId}

1 {
2    "PaymentStatus": "CANCELED"
3 }

Once a preauthorization has been validated or canceled, no more captures can be made against it.

Guide

Learn more about 7-day preauthorization

Endpoint

The Preauthorization object

How to

Learn how to process a card payment