Reserve Funds in a Card

Separate the authorization and capture to create a charge now, but capture your funds later.

Web
Android
iOS

Reserving funds on a one-time use card allows you to authorize the availability of funds for a card, but delay the capture of funds for when the service is completed. For example, a hotel can authorize a payment prior to the arrival of the passenger, and then capture the funds upon departure and completion of the service. It also allows changing the amount of the original authorization in case the order changes due to the shipment, taxes or tipping.

When a payment is authorized, the bank guarantees the availability of the amount, and will retain it in the customer’s card for 7 days. If the payment is not captured within that time, it will be automatically cancelled and the funds will be released.

An example of what you will integrate is shown below:

How does it work?

You can reserve funds from a one-time use card. To do so, you should:

  1. Obtain a one-time payment token.
  2. Start a pre-authorization with Kushki.
  3. Kushki will attempt pre-authorization with the card’s issuing entity.
  4. If the response is positive, the merchant will be able to choose between 2 options to be executed before the authorization deadline expires:
  • Capture an amount: In the event that a charge is to be made on the customer’s card.
  • Cancel authorization: In the event that the authorization is to be cancelled and the funds on the card are to be released.

The flow that you will integrate is shown below:

Flujo auth y captura EN

1. Obtain a one-time payment token

The front end is responsible for collecting the user’s card details securely, generating a token for such information through Kushki’s servers, and sending that information to the back end to start the pre-authorization process.

You have two options to integrate: Checkout and Kushki.js.

Cajita

Kushki has payment forms ready to collect card information securely. You can use any of our versions:

  • Cajita: our first version of the payment form. Not customizable.
  • Kajita: is the second version, which allows you to add customizations from your Administration Console and even have several versions of Kajita, one for each payment method, for example.

Create and customize your Kajitas

Kushki allows you to create your Kajitas from the Administration Console. Click here to learn how to create and customize a Kajita.

Set up Kajita

Embed kushki-checkout.js script in your payment page by adding it to the <head> of your HTML file. Always load kushki-checkout directly from cdn.kushkipagos.com. Never embed the script in a bundle or package, nor host a copy of it.

<head>
<title>Checkout</title>
<script src="https://cdn.kushkipagos.com/kushki-checkout.js"> </script>
</head>

Add Cajita to your website

Cajita needs a place to live on your page. Enter the following code in your website’s <body>, where you want the payment form to be displayed.

For Kajita (v.2):

<form id="my-form"" action="/confirm" method="post">
<input type="hidden" name="cart_id" value="123">
</form>

For Cajita (v.1)

<form id="payment-form" action="/confirm" method="post">
<input type="hidden" name="cart_id" value="123">
</form>

Remember to configure the action of the action form according to the corresponding endpoint in your back end, to obtain the token.

Then, add the script tag.

For the Kajita (v.2) You can obtain this script from your Administration Console as explained here.

<script type="text/javascript">
var kushki = new KushkiCheckout({
kformId: "HmJXukKb5",
form: "my-form",
publicMerchantId: "${publicCfredentialId}",// Reemplaza esto por tucredencial pública
amount: {
subtotalIva: 0,
iva: 0,
subtotalIva0: 1000,
}
});
</script>

For v.1 (Cajita), add the following script, making sure the form has loaded:

<script type="text/javascript">
var kushki = new KushkiCheckout({
form: "payment-form",
merchant_id: "8291028192001", // Reemplaza esto por tu public merchant id
amount: "14.99",
currency: "USD",
payment_methods:["credit-card"], // Podrás habilitar más medios de pago.
inTestEnvironment: true, // Configurado en modo prueba
});
</script>

This will create a predesigned form on your website to accept payments.

Kushki.js

Use Kushki.js if you need more control over the “look & feel” or appearance of your payment form.

Set up Kushki.js

Option 1 - CDN

Use the following script tag at the end of the <body> of your payment page.

<script src="https://cdn.kushkipagos.com/kushki.min.js"></script>
Option 2 - NPM

Install the package from npm.

npm install --save @kushki/js

Then import it into your code using the following code.

import { Kushki } from “@kushki/js”;
Set up Kushki object

Add the following code to your application

const kushki = new Kushki({
merchantId: 'public-merchant-id', // Your public merchant id
inTestEnvironment: true,
});

Collect User Information and Send it to your Back End

First, embed the form in your payment page adding the required fields. You can design it in the way that best suits you.

For example:

<form id="payment-form">
<input placeholder="Card Number" type="text" name="number">
<input placeholder="Full Name" type="text" name="name">
<input placeholder="MM" type="text" name="expiry_month">
<input placeholder="YY" type="text" name="expiry_uear">
<input placeholder="CVC" type="text" name="cvc">
<button id="submit">Pay $49.99</button>
</form>

And, for the moment the user submits the form, add the token request and take it to your back end.

kushki.requestToken({
amount: '49.99',
currency: "USD",
card: {
name: form.name,
number: form.number,
cvc: form.cvv,
expiryMonth: form.expiry_month,
expiryYear: form.expiry_year,
},
}, (response) => {
if(response.code){
console.log(response);
// Submit your code to your back-end
} else {
console.error('Error: ',response.error, 'Code: ', response.code, 'Message: ',response.message);
}
});

2. Pre-authorization

The back end is responsible for using the collected token to make a pre-authorization request and then, in case it is approved, to make a capture or cancellation request, depending on the case.

When the user submits the form, your front end sends a token to an endpoint that you specified previously. Using this token, you must make a call to our pre-authorization endpoint to start the charge.

  • Python
  • Javascript
  • PHP
import http.client
conn = http.client.HTTPSConnection("api-uat.kushkipagos.com")
payload = "{\"token\":\"QZPnSP1000000b3MG3062555GhIrcYt5\",\"amount\":{\"subtotalIva\":0,\"subtotalIva0\":600,\"ice\":0,\"iva\":0,\"currency\":\"USD\"},\"fullResponse\":true}"
headers = { 'content-type': "application/json" }
conn.request("POST", "/card/v1/preAuthorization", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
import request from 'request';
const options = {
method: 'POST',
url: 'https://api-uat.kushkipagos.com/card/v1/preAuthorization',
headers: {'content-type': 'application/json'},
body: {
token: 'QZPnSP1000000b3MG3062555GhIrcYt5', // Replace this with the received token
amount: {subtotalIva: 0, subtotalIva0: 600, ice: 0, iva: 0, currency: 'USD'},
fullResponse: true
},
json: true
};
request(options, (error, response, body) => {
if (error) throw new Error(error);
console.log(body);
});
<?php
$client = new http\Client;
$request = new http\Client\Request;
$body = new http\Message\Body;
$body->append('{"token":"QZPnSP1000000b3MG3062555GhIrcYt5","amount":{"subtotalIva":0,"subtotalIva0":600,"ice":0,"iva":0,"currency":"USD"},"fullResponse":true}');
$request->setRequestUrl('https://api-uat.kushkipagos.com/card/v1/preAuthorization');
$request->setRequestMethod('POST');
$request->setBody($body);
$request->setHeaders(array(
'content-type' => 'application/json'
));
$client->enqueue($request)->send();
$response = $client->getResponse();
echo $response->getBody();

3. Kushki verifies pre-authorization

Kushki will validate the availability of funds with the card’s issuing entity. Once Kushki’s response is obtained, save the ticketNumber since this will be the identifier for later capture and also cancellation.

4.1. Capture (optional)

Capture the amount you define according to the authorized amount by calling our capture endpoint, using the ticketNumber obtained in the pre-authorization.

  • Python
  • Javascript
  • PHP
import http.client
conn = http.client.HTTPSConnection("api-uat.kushkipagos.com")
payload = "{\"ticketNumber\":\"319228478889680318\",\"amount\":{\"currency\":\"PEN\",\"subtotalIva\":0,\"iva\":0,\"subtotalIva0\":600,\"ice\":0},\"fullResponse\":true}"
headers = { 'content-type': "application/json" }
conn.request("POST", "/card/v1/capture", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
var request = require("request");
var options = {
method: 'POST',
url: 'https://api-uat.kushkipagos.com/card/v1/capture',
headers: {'content-type': 'application/json'},
body: {
ticketNumber: '319228478889680318',
amount: {currency: 'PEN', subtotalIva: 0, iva: 0, subtotalIva0: 600, ice: 0},
fullResponse: true
},
json: true
};
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log(body);
});
<?php
$client = new http\Client;
$request = new http\Client\Request;
$body = new http\Message\Body;
$body->append('{"ticketNumber":"319228478889680318","amount":{"currency":"PEN","subtotalIva":0,"iva":0,"subtotalIva0":600,"ice":0},"fullResponse":true}');
$request->setRequestUrl('https://api-uat.kushkipagos.com/card/v1/capture');
$request->setRequestMethod('POST');
$request->setBody($body);
$request->setHeaders(array(
'content-type' => 'application/json'
));
$client->enqueue($request)->send();
$response = $client->getResponse();
echo $response->getBody();

4.2 Cancel authorization (Optional)

If you need to cancel an authorization you can do so by calling our charge cancellation endpoint, using the ticketNumber obtained in the authorization.

  • Python
  • Javascript
  • PHP
import http.client
conn = http.client.HTTPSConnection("api-uat.kushkipagos.com")
payload = "{\"fullResponse\":true,\"amount\":{\"subtotalIva\":10000,\"subtotalIva0\":0,\"ice\":0,\"iva\":0,\"currency\":\"COP\"}}"
headers = { 'content-type': "application/json" }
conn.request("DELETE", "/v1/charges/1528188291221", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
var request = require("request");
var options = {
method: 'DELETE',
url: 'https://api-uat.kushkipagos.com/v1/charges/1528188291221',
headers: {'content-type': 'application/json'},
body: {
fullResponse: true,
amount: {subtotalIva: 10000, subtotalIva0: 0, ice: 0, iva: 0, currency: 'COP'}
},
json: true
};
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log(body);
});
<?php
$client = new http\Client;
$request = new http\Client\Request;
$body = new http\Message\Body;
$body->append('{"fullResponse":true,"amount":{"subtotalIva":10000,"subtotalIva0":0,"ice":0,"iva":0,"currency":"COP"}}');
$request->setRequestUrl('https://api-uat.kushkipagos.com/v1/charges/1528188291221');
$request->setRequestMethod('DELETE');
$request->setBody($body);
$request->setHeaders(array(
'content-type' => 'application/json'
));
$client->enqueue($request)->send();
$response = $client->getResponse();
echo $response->getBody();

Test your Integration

You can use some test cards in test mode to ensure that your integration is ready. Use them adding any CVC, zip code and a future expiration date.

  • Approved transaction : 5451951574925480
  • Transaction declined during token request (front end): 4574441215190335
  • Transaction declined in authorization: 4349003000047015
  • Transaction declined in capture: 4547004841271012