Auth method


Mastercard Europe have mandated that Mastercard and Maestro transactions processed with certain European acquiring banks must be flagged as either pre-authorisation or final authorisation. Such transactions are subject to acquirer-specific conditions.

We recommend that you contact your acquirer for information on whether this mandate applies to your configuration and to clarify whether to process your transactions as pre-authorisations or final authorisations.


Process overview

Pre-authorisation and final authorisation can be summarised as follows:





Final authorisation



Failure to adhere to these conditions may incur a fine from Mastercard

We will allow final authorisations to be settled up to 7 days after authorisation, but recommend that you settle transactions within 4 days to avoid incurring a fine.

For full terms and conditions, please contact your acquiring bank.


By default, authorisations are processed as final authorisations in cases where a distinction is required by the participating acquirer. You can change this default behaviour to submit pre-authorisations, by contacting our Support team.

Alternatively, you can override the default behaviour on a transaction-by-transaction basis by following the instructions below.



You can include the authmethod field in a request to indicate whether the associated payment is a pre-authorisation or a final authorisation. When submitted, this overrides the default settings on your account.


The values that can be submitted are:


The authmethod field can ONLY be submitted in requests of the following type:


If a value for the authmethod field is submitted to the acquirer during authorisation, it will always be returned within the response, in order to indicate whether the payment processed was a pre-authorisation or a final authorisation.


Request example

The following is an example of an AUTH request that includes the authmethod field to override the account’s default setting:

import securetrading

stconfig = securetrading.Config()
stconfig.username = "[email protected]"
stconfig.password = "Password1^"
st = securetrading.Api(stconfig)

auth = {
  "sitereference": "test_site12345",
  "requesttypedescriptions": ["AUTH"],
  "accounttypedescription": "ECOM",
  "currencyiso3a": "GBP",
  "baseamount": "1050",
  "orderreference": "My_Order_123",
  "authmethod": "FINAL",
  "cachetoken": "token_posted_by_st.js"

strequest = securetrading.Request()
stresponse = st.process(strequest) #stresponse contains the transaction response

if (!($autoload = realpath(__DIR__ . '/../../../autoload.php')) && !($autoload = realpath(__DIR__ . '/../vendor/autoload.php'))) {
  throw new Exception('Composer autoloader file could not be found.');

$configData = array(
  'username' => '[email protected]',
  'password' => 'Password1^',

$requestData = array(
  'sitereference' => 'test_site12345', 
  'requesttypedescriptions' => array('AUTH'),
  'accounttypedescription' => 'ECOM',
  'currencyiso3a' => 'GBP',
  'baseamount' => '1050',
  'orderreference' => 'My_Order_123',
  'authmethod' => 'FINAL',
  'cachetoken' => 'token_posted_by_st.js'

$api = Securetradingapi($configData);
$response = $api->process($requestData);

curl --user [email protected]:Password1^ -H "Content-type: application/json" -H "Accept: application/json" -X POST -d '{
"alias":"[email protected]",
"version": "1.00",
"request": [{
  "currencyiso3a": "GBP",
  "requesttypedescriptions": ["AUTH"],
  "sitereference": "test_site12345",
  "baseamount": "1050",
  "orderreference": "My_Order_123",
  "accounttypedescription": "ECOM",
  "authmethod": "FINAL",
  "cachetoken": "token_posted_by_st.js"


View default authmethod setting

To view the default authmethod settings on your site, sign in to MyST and choose your site from the drop-down in the left side-menu and click the magnifying glass.

The default authmethod setting for the selected site is visible under the “Site details” tab:

To change this value, please contact our Support team.

Click here for further information on MyST.