Authorize Cards
Now that the Card Present SDK is set up and a terminal is onboarded, you’re ready to authorize cards.
Verify a Card
Use the verify card function in order to verify that a card is valid. Note that this will not pre-authorize a card for any amount, it will simply verify that a card will not be declined due to being invalid, lost, or stolen. This function can only be used via the physical authorization flow.
Authorize a Card
There are two types of authorization supported by terminals; manual and physical. Manual authorization involves typing in the card data while physical authorization involves the terminal collecting the card data from a card interaction (chip, swipe, or tap).
| Event | Physical auth | Manual auth |
|---|---|---|
| Begin a transaction | Default “Pay Now” button in UI | Alternative key-in card button in UI |
| Prompt for tip | Depends on terminal’s tip config | |
| Prompt for card | Dip/swipe/tap card | Key the card info into the terminal |
| Process authorization | Terminal status of "Terminal is authorizing" | |
Spanning both physical and manual methods of authorizing a card is the store and forward method. This method is used when the Terminal is offline, and the deferred_authorization Terminal config is enabled.
Store and Forward
To properly implement store and forward, there are a couple risks which should be understood and mitigated:
- Lost authorizations
- Expired authorizations
- Declined authorizations
With store and forward, authorizations can very easily be lost, as offline authorizations are only stored on the Terminal until it goes online again. To protect against lost authorizations, implement the following:
- Encourage merchants to bring Terminals back online as soon as possible
- Limit the number and amount of authorizations which are allowed offline
- Implement robust offline authorization logging
Another risk with store and forward is the inability to obtain a valid authorization once the Terminal comes back online. Authorizations are generally valid for 7 days, and a buffer should be communicated to merchants. Implement the following to protect against expired offline authorizations:
- Encourage merchants to bring Terminals back online as soon as possible
- Communicate that if a Terminal remains offline for more than 5 days, any offline authorizations run the risk of expiring
- Implement a capture strategy for offline authorizations
- This strategy should consider the time of authorization and encourage/enforce capture well before the 7-day timeframe ends
Additionally, it is possible for a card issuer to decline an offline authorization when a Terminal goes back online. Issuers can also elect to only partially approve offline authorizations once they are forwarded.
Note
If the merchant elects to leverage the store and forward feature, they are liable for any offline authorizations which, for any reason, cannot be forwarded and successfully captured.
Physical Authorization
Create a trigger in your merchant-facing UI in order to begin an authorization. Note that simply initiating authorization does not require card info. For instance, your trigger could be a “Pay Now” button for a server to ring up a table, which will run the physical auth function.
The terminal will prompt the payer for tip information if tip.mode was set to prompt_on_terminal. If tip.mode was set to prompt_on_receipt or disabled, then this step will be skipped.
Next, the terminal will prompt the payer for a card, and once provided the Card Present SDK will provide a new Terminal status with Terminal is authorizing. If the authorization is successful, then the Card Present SDK will return a successful auth.
Manual Authorization
This authorization flow is the same as the physical authorization flow, except for the following:
- Your merchant-facing UI should have a separate trigger indicative of keying-in card information. For instance, a “Key in card to pay now” button.
- That trigger will initiate the Manual auth function.
Authorization Response
After the manual or physical authorization flow has been initiated, the Card Present SDK then authorizes the provided card information and returns a response. On a successful authorization, the Card Present SDK constructs a Payment Info and an Authorization Info object, which both get passed back to the delegate method:
| Payment Info | |
|---|---|
| Detail | Sub-Object Details |
| Payment method blob |
|
| Payer email | |
| Payment date | |
| Merchant receipt info | |
| Payer receipt info | |
| Authorization Info | |
| Detail | Sub-Object Details |
| Authorization Result |
|
| Amount | |
| Tip Amount | |
| Currency | |
| Authorization Code | |
| Offline? (boolean value) | |
| EMV information (for receipts) | |
Find the definitions of these results in the constants file of the Card Present SDK, and in the Classes section of the SDK documentation (found in the Card Present SDK package).
When the Card Present SDK responds with either approved or partially approved values for the authorization result, get the encoded payment method value from the payment info delegate.
Important
If the authorization was offline, store the encoded payment method along with the authorization amount and the merchant’s Account ID. Queue these to be processed via a POST /payments API request once the terminal is online again. Find more information in the deffered_authorization portion of the Configure a Terminal section.
Use Case: Complete 1 Transaction With 2 Cards
Oftentimes, customers will begin a payment with a gift card (or any other card with a balance limit) which does not have sufficient funds for the requested authorization amount. In these cases, a partial authorization will return, allowing the available balance on the card to be charged, but a remaining balance due.
Your platform should build out logic in your mobile app to handle splitting a single transaction into multiple payments to cover this use case.
To complete these kinds of transactions, prompt the merchant to run a second authorization for the remaining amount due.
You’ll now have 2 encoded payment methods, each to be used in seperate POST /payments requests for the authorized amounts. Take care to note the encoded payment method which returned with a partial authorization, and only capture the authorized amount via the API.
Note that the flat fee will be applied to each leg of the transaction, so these use cases are more expensive than completing a single transaction with a single card.
At this point, a Payment does not exist. You’ll need to use the encoded payment method in the Payments API in order to charge the authorized card.
Next Up: Process Payments
Begin processing payments with a encoded payment methods.
- Use encoded payment methods
- Capture Payments
- Manage payment operations
Questions? Need help? Visit our support page!