Place an extended hold on an online card payment

Learn how to use extended authorisations to capture online card payments up to 30 days after authorisation.

Extended authorisations have a longer authorisation validity period, which allows you to hold customer funds for longer than standard authorisation validity windows. For most card networks, the default authorisation validity period is 7 days for online payments and 2 days for in-person Terminal payments, whereas extended validity periods can go up to 30 days depending on the card network. For more information about authorisation validity windows, see place a hold on a payment method.

Availability

When you use extended authorisations, there are no regional restrictions. However, be aware of the following limitations:

They’re only available with Visa, Mastercard, American Express, and Discover.
Certain card brands have merchant category restrictions. Refer to the network availability table below.
This page describes extended authorisations for online card payments. For in-person card payments using extended authorisations, refer to the Terminal documentation.

mode is set to payment and capture_method is set to manual on the CheckoutSession.

IC+ Feature

We offer extended authorisations to users on IC+ pricing. If you’re on blended Stripe pricing and want access to this feature, contact us at support.stripe.com.

Availability by card network and merchant category

Every card network has different rules that determine which payments have extended authorisations available, and how long they’re valid. The following table shows the validity windows and transaction types that extended authorisation is available for using Visa, Mastercard, American Express, and Discover. However, we recommend that you rely on the capture_before field to confirm the validity window for any given payment because these rules can change without prior notice.

Card brand	Merchant category	Extended authorisation validity window
Visa	Hotel, lodging, vehicle rental, and cruise line All other merchant categories*	30 days**
Mastercard (not including Maestro and Cirrus cards)	All merchant categories	30 days
American Express	Lodging and vehicle rental	30 days***
Discover	Airline, bus charter/tour, car rental, cruise line, local/suburban commuter, passenger transport including ferries, hotel, lodging, and passenger railway	30 days

For other merchant categories, Stripe charges an additional 0.08% fee per transaction. The extended window only applies to Customer-Initiated Transactions and doesn’t apply to transactions with merchants in JP. ** The exact extended authorisation window for Visa is 29 days and 18 hours, to allow time for clearing processes.*** Although your validity window is extended to 30 days, you must capture the authorised funds no later than the end of your customer’s stay or rental.

Networks with limited support (beta)

Recent changes to availability

Best Practices

Customers see their funds held longer when you use extended authorisations. Use clear statement descriptors to avoid increased disputes from unrecognised payments.

You can use the custom_text field when creating a new CheckoutSession to display additional text on the checkout page to help meet compliance requirements.

Compliance

You’re responsible for your compliance with all applicable laws, regulations, and network rules when using extended authorisation. Consult the network specifications for the card networks that you plan to accept using this feature with to make sure your sales are compliant with the applicable rules, which vary by network. For instance, for many networks extended validity windows are only for cases where you don’t know the final amount that you’ll capture at the time of authorisation.

The information provided on this page relating to your compliance with these requirements is for your general guidance, and is not legal, tax, accounting, or other professional advice. Consult a professional if you’re unsure about your obligations.

Create a CheckoutSession

From your server, create a Checkout Session and set the ui_mode to embedded. You can configure the Checkout Session with line items to include, and options such as currency.

To return customers to a custom page that you host on your website, specify that page’s URL in the return_url parameter. Include the {CHECKOUT_SESSION_ID} template variable in the URL to retrieve the session’s status on the return page. Checkout automatically substitutes the variable with the Checkout Session ID before redirecting.

Read more about configuring the return page and other options for customising redirect behaviour.

After you create the Checkout Session, use the client_secret returned in the response to mount Checkout.

To enable the extended authorisation feature, set request_extended_authorization to if_available.

Rely on the capture_before field to confirm the validity window for a given payment. The validity window won’t change after the CheckoutSession is complete. To determine if the authorisation is extended after the CheckoutSession is complete, look at the extended_authorization.status field on the associated Charge.

{
  "id": "pi_xxx",
  "object": "payment_intent",
  "amount": 1000,
  "amount_capturable": 1000,
  "amount_received": 0,
  "status": "requires_capture",
  ...
  // if latest_charge is expanded
  "latest_charge": {
      "id": "ch_xxx",
      "object": "charge",
      "payment_method_details": {
        "card": {
          "amount_authorized": 1000,
          "capture_before": 1696524701,
          "extended_authorization": {
              "status": "enabled", // or "disabled"
          }
        }
      }
      ...
    }
  ...
}

Mount Checkout

Checkout is available as part of Stripe.js. Include the Stripe.js script on your page by adding it to the head of your HTML file. Next, create an empty DOM node (container) to use for mounting.

index.html
<head>
  <script src="https://js.stripe.com/basil/stripe.js"></script>
</head>
<body>
  <div id="checkout">
    <!-- Checkout will insert the payment form here -->
  </div>
</body>

Initialise Stripe.js with your publishable API key.

Create an asynchronous fetchClientSecret function that makes a request to your server to create the Checkout Session and retrieve the client secret. Pass this function into options when you create the Checkout instance:

index.js
// Initialize Stripe.js
const stripe = Stripe('pk_test_TYooMQauvdEDq54NiTphI7jx'
);

initialize();

// Fetch Checkout Session and retrieve the client secret
async function initialize() {
  const fetchClientSecret = async () => {
    const response = await fetch("/create-checkout-session", {
      method: "POST",
    });
    const { clientSecret } = await response.json();
    return clientSecret;
  };

  // Initialize Checkout
  const checkout = await stripe.initEmbeddedCheckout({
    fetchClientSecret,
  });

  // Mount Checkout
  checkout.mount('#checkout');
}

Checkout renders in an iframe that securely sends payment information to Stripe over an HTTPS connection.

Common mistake

Avoid placing Checkout within another iframe because some payment methods require redirecting to another page for payment confirmation.

Customise appearance

Customise Checkout to match the design of your site by setting the background colour, button colour, border radius, and fonts in your account’s branding settings.

By default, Checkout renders with no external padding or margin. We recommend using a container element such as a div to apply your desired margin (for example, 16px on all sides).

Show a return page

After your customer attempts payment, Stripe redirects them to a return page that you host on your site. When you created the Checkout Session, you specified the URL of the return page in the return_url parameter. Read more about other options for customising redirect behaviour.

When rendering your return page, retrieve the Checkout Session status using the Checkout Session ID in the URL. Handle the result according to the session status as follows:

complete: The payment succeeded. Use the information from the Checkout Session to render a success page.
open: The payment failed or was cancelled. Remount Checkout so that your customer can try again.

client.js
const session = await fetch(`/session_status?session_id=${session_id}`)
if (session.status == 'open') {
  // Remount embedded Checkout
} else if (session.status == 'complete') {
  // Show success page
  // Optionally use session.payment_status or session.customer_email
  // to customize the success page
}

Redirect-based payment methods

During payment, some payment methods redirect the customer to an intermediate page, such as a bank authorisation page. When they complete that page, Stripe redirects them to your return page.

Learn more about redirect-based payment methods and redirect behaviour.

Test your integration

Use the Stripe test cards below with any CVC and future expiry date to request extended authorisations while testing. If extended authorisations are available on payments for a given network while testing, they’re also available for live payments.

Card brand	Number	Payment method
Visa		`pm_card_visa`
Mastercard		`pm_card_mastercard`
Amex		`pm_card_amex`
Discover		`pm_card_discover`