Card Payment Capture

This guide explains how to capture an authorized card payment. The capture request processes the actual charge against the customer’s card after authentication.

Overview

Before capturing a payment, ensure:
  1. You have a valid payment session ID from initialization
  2. Any required card data is encrypted following our encryption guide
  3. You can handle authentication flows if needed

Endpoint

POST /payment-sessions/{payment_id}

Request Parameters

card
object
required
Encrypted card payment details

Example Request

curl -X POST "https://api.spendjuice.com/payment-sessions/{payment_id}" \
  -H "Authorization:  YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "card": {
      "card_number": "encrypted_card_number",
      "cvv": "encrypted_cvv", 
      "expiry_month": 1,
      "expiry_year": 39
    }
  }'

Authentication Flows

Some card payments require additional authentication after capture:

3D Secure (3DS)

1

Capture Response

{
  "data": {
    "status": "authenticating",
    "auth_type": "3ds",
    "message": "3D Secure authentication required",
    "links": {
      "redirect_url": "https://3ds.issuer-bank.com/auth"
    }
  }
}
2

3DS Verification

Redirect customer to provided URL to complete 3DS
3

Wait for Completion

Monitor webhooks or status endpoint for final result

One-Time Password (OTP)

1

Capture Response

{
  "data": {
    "status": "authenticating",
    "auth_type": "otp",
    "message": "OTP sent to registered phone number"
  }
}
2

Submit OTP

POST /payment-sessions/{payment_id}/authorize
{
  "otp": "123456"
}

PIN Verification

1

Capture Response

{
  "data": {
    "status": "authenticating",
    "auth_type": "pin",
    "message": "Enter card PIN"
  }
}
2

Submit PIN

POST /payment-sessions/{payment_id}/authorize
{
  "pin": "1234"
}

Error Handling

card_declined
error
Card declined by issuing bank
  • Status code: 402
  • Common reasons:
    • Insufficient funds
    • Invalid card
    • Suspicious activity
authentication_required
error
Additional authentication needed
  • Status code: 401
  • Next steps:
    • Handle 3DS redirect
    • Collect OTP/PIN
    • Retry with authentication

Best Practices

  1. Authentication Flow
    • Handle all authentication types (3DS, OTP, PIN)
    • Provide clear user feedback during auth
    • Implement proper timeouts and retries
    • Monitor auth completion via webhooks
  2. Error Handling
    • Implement exponential backoff for retries
    • Show user-friendly error messages
    • Log errors with payment IDs
    • Handle timeouts gracefully
  3. Security
    • Never log decrypted card data
    • Use HTTPS for all requests
    • Clear sensitive data after use
    • Monitor for unusual patterns

Need Help?