Increment an authorisation
Increase an existing authorisation on a confirmed PaymentIntent before you capture it.
Incremental authorisation allows you to increase the authorised amount on a confirmed PaymentIntent before you capture it. Before capture, each incremental authorisation appears on the credit card statement as an additional pending entry (for example, a 10 USD authorisation incremented to 15 USD appears as separate 10 USD and 5 USD pending entries). After capture, the pending authorisations are removed, and the total captured amount appears as one final entry.
Availability
When using incremental authorisations, be aware of the following restrictions:
- It’s only available with Visa, Mastercard, or Discover.
- Certain card brands have merchant category restrictions (see below).
- mode is set to
paymentand capture_method is set tomanualon the CheckoutSession.
To learn more about incremental authorisation and in-person payments made using Terminal, see Incremental Authorisations.
IC+ feature
We offer incremental authorisations to users on IC+ pricing. If you’re on standard Stripe pricing and want access to this feature, you can learn more at support.stripe.com.
Availability by card network and merchant category
Use incremental authorisations on payments that fulfil the criteria below. You can find your user category in the Dashboard.
Attempting to perform an incremental authorisation on a payment that doesn’t fulfil the below criteria results in an error.
| Card brand | Merchant country | Payment type | Merchant category |
|---|---|---|---|
| Visa | Global | All card payment types | All user categories |
| Mastercard | Global* | All card payment types | All user categories |
| Discover | Global | All card payment types | Car rental, hotels, local/suburban commuter, passenger transport, including ferries, passenger railways, bus lines-charter, tour, steamship/cruise lines, boat rentals & lease, grocery stores and supermarkets, electric vehicle charging, eating places and restaurants, drinking places (alcoholic beverages), hotels, motels, resorts, trailer parks & campsites, equip/tool/furn/appl rental & leasing, automobile rental agency, truck and utility trailer rentals, motor home and rec vehicle rentals, parking lots, parking meters, and garages, amusement parks, circuses, fortune tell, recreation services (not classified) |
| Discover | Global | Card not present | Taxicabs and limousines |
Networks with limited support (beta)
Incremental authorisations with Strong Customer Authentication (SCA)
If you and the cardholder are in a country with SCA requirements, there are important considerations to keep in mind when using incremental authorisation.
When you request the incremental authorisation feature during the initial authorisation, Stripe automatically configures the payment method for future off-session usage. Although this requires 3-D Secure (3DS) for the initial authorisation, subsequent incremental authorisations on this payment is considered merchant-initiated, potentially exempting any additional SCA. Clearly indicate to your customer during the initial transaction that their payment will be saved for future off-session usage with the incremental authorisations.
With some 3DS transactions, the liability for fraudulent chargebacks (stolen or counterfeit cards) shifts from you to the card issuer. You don’t benefit from liability shift when submitting merchant-initiated transactions.
Compliance
You’re responsible for your compliance with all applicable laws, regulations, and network rules when saving a customer’s payment details. For instance, if you want to save their payment method for future use, such as charging them when they’re not actively using your website or app. Add terms to your website or app that state how you plan to save payment method details and allow customers to opt in.
If you want to charge them when they’re offline, make sure your terms include the following:
- The customer’s agreement to your initiating a payment or a series of payments on their behalf for specified transactions.
- The anticipated timing and frequency of payments (for example, if the charges are for scheduled instalments, subscription payments, or unscheduled top-ups).
- How you determine the payment amount.
- Your cancellation policy, if the payment method is for a subscription service.
Make sure you keep a record of your customer’s written agreement to these terms.
Best practices
When using incremental authorisation, proactively notify your end customer with the details of any authorisations for estimated amounts, which might be followed by incremental authorisations that increase those amounts. Here are some best practices for doing so:
- Disclose that an authorisation is for an estimated amount and that subsequent authorisation requests might follow at the time of checkout, before purchase.
- Base estimated amounts on a genuine estimate of what the total transaction amount will be.
You can use the custom_text field when creating a new CheckoutSession to display additional text on the checkout page to help meet compliance requirements.
Compliance
You’re responsible for your compliance with all applicable laws, regulations, and network rules when using incremental authorisation. Consult the network rules for the card networks that you plan to use this feature with to make sure your sales comply with applicable rules, which vary by network. For example, most card networks restrict how you can calculate estimated amounts included in the initial authorisation, and prohibit the use of incremental authorisations for transactions where the transaction amount should be known at the time of authorisation (for example, charges for recurring subscriptions).
The information provided on this page relating to your compliance with these requirements is for your general guidance, and isn’t legal, tax, accounting, or other professional advice. Consult a professional if you’re unsure about your obligations.
Create a CheckoutSession
Add a checkout button to your website that calls a server-side endpoint to create a Checkout Session.
<html> <head> <title>Buy cool new product</title> </head> <body> <!-- Use action="/create-checkout-session.php" if your server is PHP based. --> <form action="/create-checkout-session" method="POST"> <button type="submit">Checkout</button> </form> </body> </html>
A Checkout Session is the programmatic representation of what your customer sees when they’re redirected to the payment form. You can configure it with options such as:
- Line items to charge
- Currencies to use
You must populate success_ with the URL value of a page on your website that Checkout returns your customer to after they complete the payment. You can optionally also provide a cancel_ value of a page on your website that Checkout returns your customer to if they terminate the payment process before completion.
Note
Checkout Sessions expire 24 hours after creation by default.
After creating a Checkout Session, redirect your customer to the URL returned in the response.
Lastly, set request_incremental_authorization as if_ to enable the incremental authorisation feature.
After the customer has completed checkout, the payment_method_details field on the latest_charge in the PaymentIntent contains available or unavailable based on the customer’s payment method and the availability criteria mentioned above, which determines whether a PaymentIntent is eligible for incremental authorisation or not. (If you didn’t request incremental authorisation when creating the CheckoutSession, it will be unavailable.)
{ "id": "pi_ANipwO3zNfjeWODtRPIg", "object": "payment_intent", "amount": 1000, "amount_capturable": 1000, "amount_received": 0, ... // if latest_charge is expanded { "latest_charge": { "amount": 1000, "payment_method_details": { "card": { "incremental_authorization": { "status": "available" // or "unavailable" } } } ... } } }
Mount Checkout
Checkout renders in an iframe that securely sends payment information to Stripe over an HTTPS connection.
Common mistake
Avoid placing Checkout within another iframe because some payment methods require redirecting to another page for payment confirmation.
Customise appearance
Customise Checkout to match the design of your site by setting the background colour, button colour, border radius, and fonts in your account’s branding settings.
By default, Checkout renders with no external padding or margin. We recommend using a container element such as a div to apply your desired margin (for example, 16px on all sides).
Show a return page
After your customer attempts payment, Stripe redirects them to a return page that you host on your site. When you created the Checkout Session, you specified the URL of the return page in the return_url parameter. Read more about other options for customising redirect behaviour.
When rendering your return page, retrieve the Checkout Session status using the Checkout Session ID in the URL. Handle the result according to the session status as follows:
complete: The payment succeeded. Use the information from the Checkout Session to render a success page.open: The payment failed or was cancelled. Remount Checkout so that your customer can try again.
const session = await fetch(`/session_status?session_id=${session_id}`) if (session.status == 'open') { // Remount embedded Checkout } else if (session.status == 'complete') { // Show success page // Optionally use session.payment_status or session.customer_email // to customize the success page }
Redirect-based payment methods
During payment, some payment methods redirect the customer to an intermediate page, such as a bank authorisation page. When they complete that page, Stripe redirects them to your return page.
Learn more about redirect-based payment methods and redirect behaviour.
Perform an incremental authorisation
To increase the authorised amount on a PaymentIntent, use the increment_authorization endpoint and provide the updated total authorisation amount to increment to, which must be greater than the original authorised amount. This attempts to authorise for a higher amount on your customer’s card. A single PaymentIntent can call this endpoint multiple times to further increase the authorised amount.
You have a maximum of 10 incremental authorisation attempts per PaymentIntent.
curl https://api.stripe.com/v1/payment_intents/{{PAYMENT_INTENT_ID}}/increment_authorization \ -u: \ -d "amount"=1500sk_test_BQokikJOvBiI2HlWgH4olfQ2
If the incremental authorisation succeeds, it returns the PaymentIntent object with the updated amount. If the authorisation fails, it returns a card_declined error instead. The PaymentIntent object remains capturable for the previously authorised amount. Any potential updates to other PaymentIntent fields (for example, application_fee_amount, transfer_data, metadata, description, and statement_descriptor) aren’t saved if the incremental authorisation fails.
Incremental authorisation has a maximum cap of either 500 USD (or local equivalent) over, or 500% over the previously authorised amount (whichever is higher) for each individual increment.
Capture the PaymentIntent
Whether you increase the authorised amount on a PaymentIntent with an incremental authorisation or not, you need to capture the funds before the initial authorisation expires – incremental authorisations don’t extend the validity period. To capture the authorised amount on a PaymentIntent with prior incremental authorisations, use the capture endpoint as usual.
curl https://api.stripe.com/v1/payment_intents/{{PAYMENT_INTENT_ID}}/capture \ -u:sk_test_BQokikJOvBiI2HlWgH4olfQ2
If the incremental authorisation succeeds, it returns the captured PaymentIntent object with the updated amount. If the authorisation fails, it returns a card_declined error instead. The PaymentIntent isn’t captured, but it remains capturable for the previously authorised amount. Any potential updates to other PaymentIntent fields (for example, application_fee_amount, transfer_data, metadata, description and statement_descriptor) aren’t saved if the incremental authorisation fails.
Test your integration
Use the incremental authorisation Stripe test card with any CVC, postal code, and future expiry to trigger incremental authorisations while testing:
- First create the CheckoutSession using the test card in the create a CheckoutSession step above.
- Perform the incremental authorisation with the parameters specified in the perform an incremental authorisation step above, and use the test card to trigger an incremental authorisation.
| Number | Payment Method | Description |
|---|---|---|
pm_ | This increases the authorisation amount to the amount provided in the request. |