Pre-authorisations (API)


A pre-authorisation is used to seek authorisation for a transaction and reserve the funds on the customer’s account, in cases where the final amount to be debited from the customer is not known at time of authorisation. By default, the funds reserved by pre-authorisations are typically settled within 24 hours, but if required, they can be deferred for up to 31 days. If the transaction is not settled within this time-frame, we will automatically cancel the transaction and the funds will be released back into the customer’s bank account.



Pre-authorisations are most useful when employed in the following scenarios:




You can only process pre-authorisations with Mastercard and Visa-branded cards.
Mastercard Europe have mandated that Mastercard and Maestro transactions processed with certain European acquiring banks must be flagged as either pre-authorisation or final authorisation. Such transactions are subject to acquirer-specific conditions.


Failure to adhere to these conditions may incur a fine from Mastercard.
For full terms and conditions, please contact your acquiring bank.



Processing pre-authorisations

Default behaviour

By default, authorisations are processed as final authorisations in cases where a distinction is required by the participating acquirer. You can change this default behaviour to submit pre-authorisations, by contacting our Support Team. Alternatively, you can override the default behaviour on a transaction-by-transaction basis by following the instructions below.


If you are not sure whether your site has been configured to process pre-authorisations or final authorisations, click here to learn how to check using MyST.


You will need to update the payload submitted within your JWT to include the additional field authmethod, with value “PRE”, as shown below. When submitted, this overrides the default settings on your account.


The authmethod field can only be submitted in THREEDQUERY and AUTH requests.


If a value for the authmethod field is submitted to the acquirer during authorisation, it will always be returned within the response.


Request example

The following payload example includes the authmethod field to override the account’s default setting to process a pre-authorisation: