Receive one-click payments with authorization and capture

Separate the authorization and capture on subscribed cards to create a charge now and capture funds later

Web
Android
iOS
This functionality is available for the following models:

☑ Acquirer
☑ Aggregator

Receive OneClick payments using the authorization and capture scheme enable secure storage of your customer’s card data, guaranteeing fund availability on the customer’s card for a maximum of 7 days for debit cards and 28 days for credit cards. If the payment is not captured at that time, the held funds will be released by the issuing bank back to the cardholder.

Flow

The flow you will integrate will be as follows:

Auth y captura bajo demanda EN

1. Create card enrollment

The first step in generating OneClick payments with the authorization and capture scheme is to enroll your customer’s card. To perform the enrollment, follow the instructions given in the relevant article Generate one click payments.

If the subscription is successful, you will receive thesubscriptionId. The next step will be to make an authorization request from your back-end and then proceed with capture or unsubscription requests as needed, depending on the case.

2. Authorize the charge

With the subscriptionId of your card received in the previous step, you will need to make a call to our authorization endpoint to initiate the reservation of a given amount.

  • Javascript
  • Python
  • PHP
var request = require("request");
var options = {
method: 'POST',
url: 'https://api-uat.kushkipagos.com/subscriptions/v1/card/1574693127852000/authorize',
headers: {'content-type': 'application/json'},
body: {
amount: {ice: 0, iva: 0, subtotalIva: 0, subtotalIva0: 6000, currency: 'MXN'},
name: 'John',
lastName: 'Doe',
email: 'johnD@kushkipagos.com',
orderDetails: {siteDomain: 'tuebook.com',
shippingDetails: {name: 'John Doe', phone: +593988734644, address: 'Calle 13 Avenida 39 40', city: 'Guadalajara', region: 'Jalisco', country: 'México', zipCode: 170402},
billingDetails: {name: 'John Doe', phone: +593988734644, address: 'Calle 13 Avenida 39 40', city: 'Guadalajara', region: 'Jalisco', country: 'México', zipCode: 170402}
},
fullResponse: true
},
json: true
};
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log(body);
});
import http.client
conn = http.client.HTTPSConnection("api-uat.kushkipagos.com")
payload = "{\"amount\":{\"ice\":0,\"iva\":0,\"subtotalIva\":0,\"subtotalIva0\":6000,\"currency\":\"MXN\"},\"name\":\"John\",\"lastName\":\"Doe\",\"email\":\"johnD@kushkipagos.com\",\"orderDetails\":{\"siteDomain\":\"tuebook.com\",\"shippingDetails\":{\"name\": \"John Doe\",\"phone\":\"+593988734644\",\"address\":\"Calle 13 Avenida 39 40\",\"city\":\"Guadalajara\",\"region\":\"Jalisco \",\"country\":\"México\",\"zipCode\":\"170402\"},\"billingDetails\":{\"name\":\"John Doe\",\"phone\":\"+593988734644\",\"address\":\"Calle 13 Avenida 39 40\",\"city\": "Guadalajara","region": "Jalisco","country": "México","zipCode": \"170402\"}},\"fullResponse\":true}
headers = { 'content-type': "application/json" }
conn.request("POST", "/subscriptions/v1/card/1574693127852000/authorize", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
$client = new http\Client;
$request = new http\Client\Request;
$body = new http\Message\Body;
$body->append('{"amount":{"ice":0,"iva":0,"subtotalIva":0,"subtotalIva0":6000,"currency":"MXN"},"name":"John","lastName":"Doe","email":"johnD@kushkipagos.com","orderDetails": {"siteDomain":"tuebook.com","shippingDetails":{"name":"John Doe","phone":"+593988734644","address":"Calle 13 Avenida 39 40","city": "Guadalajara","region":"Jalisco","country":"México","zipCode":"170402"},"billingDetails":{"name": "John Doe","phone":"+593988734644","address":"Calle 13 Avenida 39 40","city": "Guadalajara","region":"Jalisco","country":"México","zipCode": "170402"}},"fullResponse":true}');
$request->setRequestUrl('https://api-uat.kushkipagos.com/subscriptions/v1/card/1574693127852000/authorize');
$request->setRequestMethod('POST');
$request->setBody($body);
$request->setHeaders(array(
'content-type' => 'application/json'
));
$client->enqueue($request)->send();
$response = $client->getResponse();
echo $response->getBody();

3. Kushki verifies authorization

Kushki will validate the availability of funds with the card issuer. Once you have received Kushki’s response, save theticketNumber as this will be the identifier for later capture as well as cancellation.

4. Capture or release funds

4.1. Performs capture (Optional)

Once you are required to collect the funds from the card, capture the amount you define according to the authorized by calling our capture endpoint for subscriptions OneClick, using the subscriptionId of the card and ticketNumber obtained in the authorization.

  • Javascript
  • Python
  • PHP
var request = require("request");
var options = {
method: 'POST',
url: 'https://api-uat.kushkipagos.com/subscriptions/v1/card/123442221212/capture',
headers: {'content-type': 'application/json'},
body: {
ticketNumber: '319228478889680318',
amount: {currency: 'MXN', subtotalIva: 0, iva: 0, subtotalIva0: 6000, ice: 0},
fullResponse: true
},
json: true
};
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log(body);
});
import http.client
conn = http.client.HTTPSConnection("api-uat.kushkipagos.com")
payload = "{\"ticketNumber\":\"319228478889680318\",\"amount\":{\"currency\":\"MXN\",\"subtotalIva\":0,\"iva\":0,\"subtotalIva0\":6000,\"ice\":0},\"fullResponse\":true}"
headers = { 'content-type': "application/json" }
conn.request("POST", "/subscriptions/v1/card/123442221212/capture", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
$client = new http\Client;
$request = new http\Client\Request;
$body = new http\Message\Body;
$body->append('{"ticketNumber":"319228478889680318","amount":{"currency":"MXN","subtotalIva":0,"iva":0,"subtotalIva0":6000,"ice":0},"fullResponse":true}');
$request->setRequestUrl('https://api-uat.kushkipagos.com/subscriptions/v1/card/123442221212/capture');
$request->setRequestMethod('POST');
$request->setBody($body);
$request->setHeaders(array(
'content-type' => 'application/json'
));
$client->enqueue($request)->send();
$response = $client->getResponse();
echo $response->getBody();

4.2. Void authorization (optional)

If you need to void an authorization for funds to be released to the cardholder, you can do so by calling our void of collections enpoint, using the ticketNumber obtained in the authorization.

  • Javascript
  • Python
  • PHP
var request = require("request");
var options = {
method: 'DELETE',
url: 'https://api-uat.kushkipagos.com/v1/charges/1528188291221',
headers: {'content-type': 'application/json'},
body: {
fullResponse: true,
amount: {subtotalIva: 1000, subtotalIva0: 0, ice: 0, iva: 0, currency: 'MXN'}
},
json: true
};
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log(body);
});
import http.client
conn = http.client.HTTPSConnection("api-uat.kushkipagos.com")
payload = "{\"fullResponse\":true,\"amount\":{\"subtotalIva\":1000,\"subtotalIva0\":0,\"ice\":0,\"iva\":0,\"currency\":\"MXN\"}}"
headers = { 'content-type': "application/json" }
conn.request("DELETE", "/v1/charges/1528188291221", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
$client = new http\Client;
$request = new http\Client\Request;
$body = new http\Message\Body;
$body->append('{"fullResponse":true,"amount":{"subtotalIva":1000,"subtotalIva0":0,"ice":0,"iva":0,"currency":"MXN"}}');
$request->setRequestUrl('https://api-uat.kushkipagos.com/v1/charges/1528188291221');
$request->setRequestMethod('DELETE');
$request->setBody($body);
$request->setHeaders(array(
'content-type' => 'application/json'
));
$client->enqueue($request)->send();
$response = $client->getResponse();
echo $response->getBody();

Test your integration

There are test cards you can use in the UAT environment to make sure your integration is ready. Use them with any CVV, zip code and future expiration date.

  • Approved Transaction: 5451951574925480
  • Declined transaction on token request (front-end): 4574441215190335
  • Transaction declined on authorization: 4349003000047015
  • Transaction declined on capture: 4547004841271012

Prepare Your Certification

Take into consideration the following guidelines to pass the technical certification (required to obtain production credentials):

  • Tax calculations are correct.
  • Do not store sensitive card data in your database (full card number, CVV, etc.).
  • On-screen messages according to Kushki responses.
  • Save and record all Kushki responses (required in case support is needed).
  • The Kushki logo must be visible to the customer. You can find our logo in various formats here.
  • Make sure you submit all the required data specified in the API reference.

If you are using Kushki.js, also consider the following:

  • The cardholder’s name is required.
  • The card number field is required.
  • The card number field accepts only numbers.
  • The card number field accepts a maximum of 16 digits (may be fewer).
  • The CVV field is required
  • The CVV field accepts only numbers.
  • The CVV field allows a maximum of 4 digits and a minimum of 3.
  • The CVV field must be of password type.
  • The expiration date is required.
  • The expiration date must accept only future dates.
  • The payment button is disabled after the first click.
  • The Kushki logo must be visible to the customer. You can find our logo in various formats here. -Make sure to send your customer-payer’s contact information (contactDetails), along with the billing ( orderDetails -> billingDetails)and shipping information (if your business model requires it: orderDetails -> shippingDetails),within the request to make the charge. You can find an example of the JSON Body for the charge in API reference.