Search

Are you looking for test card numbers?

Would you like to contact support?

Point-of-sale icon

Pre-authorisation and authorisation adjustment

Pre-authorise a payment, adjust the authorised amount, and capture the payment.

In a basic payment flow, the payable amount from your payment request is authorised and then captured. But sometimes you may want to change the amount or extend the length of the authorisation before the payment is captured. You can enable this using the authorisation type pre-authorisation with your payment request. In this payment flow you can increase or decrease the authorised amount at a later stage, and then capture the payment. Such changes to a pre-authorised payment are called authorisation adjustments.

Authorisation adjustment is currently available for Discover, Mastercard, and Visa. Support is ultimately up to the issuer.

Use cases

There are several use cases for adjusting a pre-authorised amount:

  • Hospitality. For example, in a hotel:

    1. At check-in, the hotel pre-authorises payment of the room that the guest booked. At the same time, the hotel creates a shopper recognition token, to be able to apply late charges when necessary.
    2. During their stay, the guest incurs expenses at the hotel facilities. The hotel adds these expenses to the pre-authorised amount by adjusting the authorisation.
    3. At check-out, the hotel captures the final amount, or cancels the payment if the guest prefers to settle their bill with a different payment method.
    4. If necessary the hotel charges the guest after they have left, using the shopper recognition token for a new payment.
  • Tipping in regions and industries where it is customary that the guest adds a tip on the receipt after they have presented their card.

Authorisation types

For some card schemes, you can set card payment requests to be handled as either a pre-authorisation or a final authorisation.

  • Pre-authorisation: This is intended for use cases as described above, when you don't yet know the amount to be captured. It allows you to increase or decrease the initially authorised amount at a later point in time using the /adjustAuthorisation endpoint.
  • Final authorisation: Use this when the final amount is agreed up front and the transaction will definitely be captured in full. It's not possible to adjust the authorised amount.

By default, Adyen handles all card payment requests as final authorisations.

To set an authorisation type, you can either:

  • Define the default authorisation type at the merchant account level for all card transactions. See Configure your account.
  • Manually specify the authorisation type (PreaAuth or FinalAuth) in each payment request. See Pre-authorise a payment.

Asynchronous or synchronous adjustment

There are two ways to implement pre-authorisation:

  • With asynchronous authorisation adjustment, you refer to a payment using the PSP reference that you received in the response to your pre-authorisation request. In each authorisation adjustment request as well as in the final capture request, you only need to specify this first PSP reference.

    Asynchronous adjustment is easier to implement, but it is not immediately clear if the adjustment succeeded. You need to set up webhook notifications to receive updates and to know if the final amount was authorised before you capture the payment.

  • With synchronous authorisation adjustment, you pass an adjustAuthorisationData blob from one authorisation adjustment to the next, to enable us to keep track of the latest amount. You receive the first blob in the response to your pre-authorisation request. In your first authorisation adjustment request, you specify the blob you received for the pre-authorisation, and you receive a new blob in the response. In your next adjustment, you specify the blob that you received in the response for the previous adjustment, and so on.

    Synchronous adjustment requires one additional step to implement, because you need to keep track of the latest blob. The advantage is that you receive the adjustment result synchronously. In this way you immediately know if the final amount was authorised before you capture the payment.

    If at some stage you fail to pass the blob, the flow falls back to asynchronous adjustment and it is no longer possible to return to synchronous adjustment for that payment.

Before you begin

Before you configure and use pre-authorisation:

  1. Make sure that you have built an integration that can make a payment.
  2. Set up webhook notifications. You'll need to rely on notifications to know whether the capture succeeded. If you use asynchronous authorisation adjustment, you'll also need to rely on notifications for the authorisation adjustment result.
  3. Generate an API key. To adjust the authorisation and finalize the pre-authorised payment, you need to have an API key.

    If you are using cloud-based communications, you can use the existing API key you use for Terminal API calls.

Also be aware that you need to implement logic on your end, for example to decide when to use the pre-authorisation flow, and to calculate the amount when you make an authorisation adjustment.

Configure your account (Optional)

There are two aspects of your account that you may want to configure for pre-authorisation and authorisation adjustment:

  • Synchronous authorisation adjustment: To receive the initial adjustAuthorisationData blob with your pre-authorisation request and to subsequently receive the authorisation adjustment results synchronously, ask our POS Support Team to enable this.

  • Default authorisation type: If you only do pre-authorisation payment requests, you can ask our POS Support Team to set your default authorisation type to PreAuth so that you don't have to specify it in your payment requests.

    If you want to do both pre-authorisation payment requests and regular payment requests, we recommend you specify the authorisation type in all payment requests.

First step: Pre-authorise a payment

To start the pre-authorisation payment flow, make a PaymentRequest with an authorisation type of PreAuth:

  1. Make a POST request to a Terminal API endpoint, specifying:

    • PaymentRequest: The request body with:

      Parameter Required Description
      SaleData.SaleTransactionID -white_check_mark- An object with:
      • TransactionID: Your unique reference for this request.
      • TimeStamp: Date and time of the request in UTC format.
      SaleData.SaleToAcquirerData authorisationType=PreAuth: Indicates this is a pre-authorisation request. See Adding data elements to your request to learn how to format SaleToAcquirerData.
      PaymentTransaction.AmountsReq -white_check_mark- An object with:
      • Currency: The transaction currency.
      • RequestedAmount: The transaction amount.

    The following example shows how you would initiate pre-authorisation for a 150.00 EUR payment.

    For more information on the Terminal API request structure, refer to the Terminal API fundamentals.

    Pre-authorisation request
    {
      "SaleToPOIRequest":{
        "MessageHeader":{
          "ProtocolVersion":"3.0",
          "MessageClass":"Service",
          "MessageCategory":"Payment",
          "MessageType":"Request",
          "SaleID":"POSSystemID12345",
          "ServiceID":"0207111104",
          "POIID":"P400Plus-275688710"
        },
        "PaymentRequest":{
          "SaleData":{
            "SaleTransactionID":{
              "TransactionID":"27908",
              "TimeStamp":"2019-03-07T10:11:04+00:00"
            },
            "SaleToAcquirerData":"authorisationType=PreAuth"
          },
          "PaymentTransaction":{
            "AmountsReq":{
              "Currency":"EUR",
              "RequestedAmount":150.00
            }
          }
        }
      }
    }

    The customer presents their card to the payment terminal. The terminal collects the payment details and sends the request for the original amount to the Adyen payments platform for processing.

    If the pre-authorisation is succesful:

    • Approved is displayed on the terminal display.
    • The payment result contains:

      • POIData.POITransactionID.TransactionID: Transaction identifier for the payment, in the format Tender_reference.PSP_reference.
      • PaymentResult: Payment method data including:

        • AmountsResp: The AuthorizedAmount and Currency of the pre-authorised payment.

      • Response.Result: Success
      • Response.AdditionalResponse: Additional transaction data. You'll receive either a string of form-encoded key-value pairs or a Base64 string that you need to decode to get a JSON object. This includes:
        • posadditionalamounts.originalAmountValue: Original amount in minor units.
        • authorisedAmountValue: Authorised amount in minor units, which at this stage is equal to the original amount.
        • pspReference: The PSP reference of your pre-authorisation request.
        • adjustAuthorisationData: A URL-encoded blob. You only receive this if the synchronous flow is enabled for your account.

    The following example shows the response to a 150.00 EUR authorisation request.

    Pre-authorisation response - synchronous flow
    {
        "SaleToPOIResponse": {
            "PaymentResponse": {
                "POIData":
                    "POITransactionID": {
                        "TimeStamp": "2019-12-04T13:56:26.000Z",
                        "TransactionID": "8ha5001575467786000.8815754678001083"
                       }
                    {...},
                "SaleData": {...},
                "PaymentReceipt": [...],
                "PaymentResult": {
                    "AuthenticationMethod": [...],
                    "OnlineFlag": true,
                    "PaymentAcquirerData": {...},
                    "PaymentInstrumentData": {...},
                    "AmountsResp": {
                        "AuthorizedAmount": 150.00,
                        "Currency": "EUR"
                    }
                },
                "Response": {
                    "Result": "Success",
                    "AdditionalResponse": "...adjustAuthorisationData=BQABAQA+fbc==..."
                }
            },
            "MessageHeader": {...}
        }
    }
  2. Store the pspReference and the adjustAuthorisationData from the AdditionalResponse for later use when adjusting the authorisation or capturing the payment.
  3. Depending on how you formatted the SaleToAcquirerData, you may need to also URL decode the adjustAuthorisationData blob before supplying it in a subsequent authorisation adjustment request.

Optional step: Adjust the pre-authorisation

To modify the pre-authorised amount, make an authorisation adjustment request.

This step involves making a request to the Adyen backend directly. This is not a Terminal API request to either the terminal itself or the Cloud endpoint for the terminal.

  1. Make a POST request to the /adjustAuthorisation endpoint, specifying:

    • The request header with:

      Parameter Required Description
      content-type -white_check_mark- application/json
      x-api-key -white_check_mark- Your API key.
    • The request body with:

      Parameter Required Description
      originalReference -white_check_mark- The pspReference of the pre-authorisation request. You received this in the response to your pre-authorisation request.
      modificationAmount -white_check_mark- The currency and value of the new amount in minor units. This is the sum of the pre-authorised amount and the additional amount.
      If this is not the first authorisation adjustment, it's the sum of the pre-authorised amount plus all additional amounts.
      additionalData.industryUsage DelayedCharge
      reference Your reference to this payment modification, for use in your reconciliation process.
      merchantAccount -white_check_mark- The name of your merchant account that is used to process the payment.

    The following example shows how you would add a charge of 64.15 EUR to a pre-authorised amount of 150.00 EUR.

    Asynchronous authorisation adjustment request
    {
        "originalReference":"8815754678001083",
        "modificationAmount": {
            "currency":"EUR",
            "value":21415
        },
        "additionalData":{
            "industryUsage":"DelayedCharge"
        },
        "reference":"YOUR_MODIFICATION_REFERENCE",
        "merchantAccount":"YOUR_MERCHANT_ACCOUNT"
    }

    The /adjustAuthorisation response contains: 

    • pspReference: The PSP reference associated with this /adjustAuthorisation request. Note that this is different from the PSP reference associated with the pre-authorisation request.
    • response: [adjustAuthorisation-received]
    Asynchronous authorisation adjustment response
    {
      "pspReference": "881576235454101H",
      "response": "[adjustAuthorisation-received]"
    }
  2. Wait for the asynchronous notification. This informs you whether the new amount has been authorised.
  1. Make a POST request to the /adjustAuthorisation endpoint, specifying:

    • The request header with:

      Parameter Required Description
      content-type -white_check_mark- application/json
      x-api-key -white_check_mark- Your API key.
    • The request body with:

      Parameter Required Description
      originalReference -white_check_mark- The pspReference of the pre-authorisation request. You received this in the response to your pre-authorisation request.
      modificationAmount -white_check_mark- The currency and value of the new amount in minor units. This is the sum of the pre-authorised amount and the additional amount.
      If this is not the first authorisation adjustment, it's the sum of the pre-authorised amount plus all additional amounts.
      additionalData.adjustAuthorisationData The previous adjustAuthorisationData blob.
      For the first adjustment, that's the blob you received in the response to the pre-authorisation request. You may need to URL-decode that before you can use it.
      For the second adjustment, it's the blob you received in the response to the first adjustment, and so on. The blob you receive for an authorisation adjustment is not URL-encoded, so you don't need to decode it before you can use it.
      Always use the latest blob.
      reference Your reference to this payment modification, for use in your reconciliation process.
      merchantAccount -white_check_mark- The name of your merchant account that is used to process the payment.

    The following examples shows how you would add a charge of 64.15 EUR to a pre-authorised amount of 150.00 EUR.

    Synchronous authorisation adjustment request
    {
        "originalReference":"8815754678001083",
        "modificationAmount": {
            "currency":"EUR",
            "value":21415
        },
        "reference":"YOUR_MODIFICATION_REFERENCE",
        "additionalData":{
            "adjustAuthorisationData":"BQABAQA+fbc==..."
        },
        "merchantAccount":"YOUR_MERCHANT_ACCOUNT"
    }

    The /adjustAuthorisation response contains: 

    • additionalData.adjustAuthorisationData: The new blob, for the new authorised amount. This blob is not URL-encoded.
    • merchantReference: Your reference to this payment modification, for use in your reconciliation process.
    • pspReference: The PSP reference associated with this /adjustAuthorisation request. Note that this is different from the PSP reference associated with the pre-authorisation request.
    • response: Authorised. Indicates the new amount is authorised.
    Synchronous authorisation adjustment response
    {
        "additionalData": {
            "adjustAuthorisationData": "BQABAQArqht7L...",
            "merchantReference": "YOUR_MODIFICATION_REFERENCE"
        },
        "pspReference": "8535762347980628",
        "response": "Authorised"
    }
  2. Store the adjustAuthorisationData blob you received in the /adjustAuthorisation response. You will need this if you later adjust the authorisation again. This blob is not URL-encoded, so you can use it as-is.

Optional step: Extend the authorisation

To extend the authorisation period make an /adjustAuthorisation request with the same amount as the current balance on the authorisation. If you haven't adjusted the authorisation yet, this is the amount from the original pre-authorisation request. If you did adjust the authorisation, this is the amount from the last adjustment.

See Adjust the authorisation for instructions.

Last step: Finalize the pre-authorised payment

When you have made your last authorisation adjustment, you need to manually capture the payment to ensure the reserved funds are transferred to your account:

Always double-check that you have completed all authorisation adjustments for the payment before you capture it. Captures are done asynchronously, so it may seem that the payment hasn't been captured yet and that it's still possible to adjust the authorisation.

  1. Decide whether you are ready to capture the payment:

    • Are there any additional charges to be made?
      If yes, adjust the authorisation first (see Adjust the authorisation).

    • Does the customer want to settle the bill using a different payment method than the one used for the pre-authorisation?
      If yes, do not capture the payment. Instead, cancel the pre-authorisation:

      • Make a /cancel request specifying the pspReference of the original pre-authorisation. Refer to Cancel authorisation for more details.

  2. When you are ready to capture the payment, make a POST request to the /capture endpoint, specifying:

    • The request header with:

      Parameter Required Description
      content-type -white_check_mark- application/json
      x-api-key -white_check_mark- Your API key.
    • The request body with:

      Parameter Required Description
      originalReference -white_check_mark- The pspReference of the original pre-authorisation. You received this in the response to your pre-authorisation request.
      modificationAmount -white_check_mark- The currency and value of the final amount in minor units. This is the sum of the original, pre-authorised amount and all later adjustments.
      reference Your reference to this payment modification, for use in your reconciliation process.
      merchantAccount -white_check_mark- The name of your merchant account that is used to process the payment.
    Capture request
    {
        "originalReference":"8815754678001083",
        "modificationAmount":{
            "currency":"EUR",
            "value":21415
        },
        "reference":"YOUR_MODIFICATION_REFERENCE",
        "merchantAccount":"YOUR_MERCHANT_ACCOUNT"
    }
  3. When you receive the /capture response, note the following:

    • pspReference: The PSP reference associated with this /capture request. Note that this is different from the PSP reference associated with the pre-authorisation request.
    • response: [capture-received].
    • additionalData.merchantReference: Your reference to this payment modification, for use in your reconciliation process.
    Capture response
    {
        "additionalData": {
            "merchantReference": "YOUR_MODIFICATION_REFERENCE"
        },
        "pspReference": "8815762358979809",
        "response": "[capture-received]"
    }
  4. Wait for the asynchronous notification. This informs you whether the final amount has been captured.
    If the capture is successful, this notification contains:

    • eventCode: CAPTURE
    • originalReference: The pspReference of the pre-authorisation.
    • pspReference: The PSP reference associated with this /capture request.
    • success: true

    If success is false then your capture request failed. Review the reason you received in the notification, fix the issue, and submit the capture request again.

If you need to charge the guest for an additional amount after they have left, and you created a shopper profile (token) with your pre-authorisation request, you can apply these late charges in a recurring payment request using the token. See Recurring payments.

See also