Skip to content
Create account
 or
Sign in
The Stripe Docs logo
/
Create account
Sign in

Place an extended hold on an online card payment

Learn how to use extended authorisations to capture online card payments up to 30 days after authorisation.

Copy page

Extended authorisations have a longer authorisation validity period, which allows you to hold customer funds for longer than standard authorisation validity windows. For most card networks, the default authorisation validity period is 7 days for online payments and 2 days for in-person Terminal payments, whereas extended validity periods can go up to 30 days depending on the card network. For more information about authorisation validity windows, see place a hold on a payment method.

Availability

When you use extended authorisations, there are no regional restrictions. However, be aware of the following limitations:

  • They’re only available with Visa, Mastercard, American Express, and Discover.
  • Certain card brands have merchant category restrictions. Refer to the network availability table below.
  • This page describes extended authorisations for online card payments. For in-person card payments using extended authorisations, refer to the Terminal documentation.

IC+ Feature

We offer extended authorisations to users on IC+ pricing. If you’re on blended Stripe pricing and want access to this feature, contact us at support.stripe.com.

Availability by card network and merchant category

Every card network has different rules that determine which payments have extended authorisations available, and how long they’re valid. The following table shows the validity windows and transaction types that extended authorisation is available for using Visa, Mastercard, American Express, and Discover. However, we recommend that you rely on the capture_before field to confirm the validity window for any given payment because these rules can change without prior notice.

Card brandMerchant categoryExtended authorisation validity window

Visa

Hotel, lodging, vehicle rental, and cruise line

All other merchant categories*

30 days**

Mastercard (not including Maestro and Cirrus cards)All merchant categories30 days
American ExpressLodging and vehicle rental30 days***
DiscoverAirline, bus charter/tour, car rental, cruise line, local/suburban commuter, passenger transport including ferries, hotel, lodging, and passenger railway30 days

  • For other merchant categories, Stripe charges an additional 0.08% fee per transaction. The extended window only applies to Customer-Initiated Transactions and doesn’t apply to transactions with merchants in JP. ** The exact extended authorisation window for Visa is 29 days and 18 hours, to allow time for clearing processes.*** Although your validity window is extended to 30 days, you must capture the authorised funds no later than the end of your customer’s stay or rental.

    • Networks with limited support (beta)

    Recent changes to availability

    Best Practices

    Customers see their funds held longer when you use extended authorisations. Use clear statement descriptors to avoid increased disputes from unrecognised payments.

    You can use the custom_text field when creating a new CheckoutSession to display additional text on the checkout page to help meet compliance requirements.

    Compliance

    You’re responsible for your compliance with all applicable laws, regulations, and network rules when using extended authorisation. Consult the network specifications for the card networks that you plan to accept using this feature with to make sure your sales are compliant with the applicable rules, which vary by network. For instance, for many networks extended validity windows are only for cases where you don’t know the final amount that you’ll capture at the time of authorisation.

    The information provided on this page relating to your compliance with these requirements is for your general guidance, and is not legal, tax, accounting, or other professional advice. Consult a professional if you’re unsure about your obligations.

    Create a CheckoutSession

    Add a checkout button to your website that calls a server-side endpoint to create a Checkout Session.

    checkout.html
    <html>
  <head>
    <title>Buy cool new product</title>
  </head>
  <body>
    <!-- Use action="/create-checkout-session.php" if your server is PHP based. -->
    <form action="/create-checkout-session" method="POST">
      <button type="submit">Checkout</button>
    </form>
  </body>
</html>

    A Checkout Session is the programmatic representation of what your customer sees when they’re redirected to the payment form. You can configure it with options such as:

    You must populate success_url with the URL value of a page on your website that Checkout returns your customer to after they complete the payment. You can optionally also provide a cancel_url value of a page on your website that Checkout returns your customer to if they terminate the payment process before completion.

    Note

    Checkout Sessions expire 24 hours after creation by default.

    After creating a Checkout Session, redirect your customer to the URL returned in the response.

    To enable the extended authorisation feature, set request_extended_authorization to if_available.

    # This example sets up an endpoint using the Sinatra framework.
# Watch this video to get started: https://youtu.be/8aA9Enb8NVc.

require 'json'
require 'sinatra'
require 'stripe'

# Set your secret key. Remember to switch to your live secret key in production.
# See your keys here: https://dashboard.stripe.com/apikeys
Stripe.api_key = 
    'sk_test_BQokikJOvBiI2HlWgH4olfQ2'
    

post '/create-checkout-session' do
  session = Stripe::Checkout::Session.create({
    line_items: [{
      price_data: {
        currency: 'usd',
        product_data: {
          name: 'T-shirt',
        },
        unit_amount: 2000,
      },
      quantity: 1,
    }],
    payment_method_options: {
      card: {
        request_extended_authorization: 'if_available',
      },
    },
    mode: 'payment',
    # These placeholder URLs will be replaced in a following step.
    success_url: 'https://example.com/success',
    cancel_url: 'https://example.com/cancel',
  })

  redirect session.url, 303
end

    Rely on the capture_before field to confirm the validity window for a given payment. The validity window won’t change after the CheckoutSession is complete. To determine if the authorisation is extended after the CheckoutSession is complete, look at the extended_authorization.status field on the associated charge.

    {
  "id": "pi_xxx",
  "object": "payment_intent",
  "amount": 1000,
  "amount_capturable": 1000,
  "amount_received": 0,
  "status": "requires_capture",
  ...
  // if latest_charge is expanded
  "latest_charge": {
      "id": "ch_xxx",
      "object": "charge",
      "payment_method_details": {
        "card": {
          "amount_authorized": 1000,
          "capture_before": 1696524701,
          "extended_authorization": {
              "status": "enabled", // or "disabled"
          }
        }
      }
      ...
    }
  ...
}

    Test your integration

    Use the Stripe test cards below with any CVC and future expiry date to request extended authorisations while testing. If extended authorisations are available on payments for a given network while testing, they’re also available for live payments.

    Card brandNumberPayment method
    Visapm_card_visa
    Mastercardpm_card_mastercard
    Amexpm_card_amex
    Discoverpm_card_discover

    See also

    Was this page helpful?
    YesNo
    Need help? Contact Support.
    Join our early access programme.
    Check out our changelog.
    Questions? Contact Sales.
    LLM? Read llms.txt.
    Powered by Markdoc