Auth method


You can use the authmethod field to designate an AUTH request as a pre-authorisation or a final authorisation.


Process overview

Pre-authorisation and final authorisation can be summarised as follows:






Final authorisation

(Only supported by Mastercard)


Mastercard Europe have mandated that Mastercard and Maestro transactions processed with certain European acquiring banks must be flagged as either pre-authorisation or final authorisation. Such transactions are subject to acquirer-specific conditions.


Failure to adhere to these conditions may incur a fine from the card issuer.
For full terms and conditions, please contact your acquiring bank.

We recommend that you contact your acquirer to ensure your system submits the correct authmethod value for your configuration.


By default, Secure Trading will process AUTH requests as follows:


You can change this default behaviour to submit pre-authorisations, by contacting our Support team.

Alternatively, you can override the default behaviour on a transaction-by-transaction basis by following the instructions below.



You can include the authmethod field in a request to indicate whether the associated payment is a pre-authorisation or a final authorisation. When submitted, this overrides the default settings on your account.


The values that can be submitted are:


The authmethod field can ONLY be submitted in requests of the following type:


The authmethod field cannot be inherited from previous authorisations. When performing repeat authorisations, the default value of your site will be used, unless you override this by manually submitting a new authmethod field in the request.


If a value for the authmethod field is submitted to the acquirer during authorisation, it will always be returned within the response, in order to indicate whether the payment processed was a pre-authorisation or a final authorisation.


Request example

The following is an example of an AUTH request that includes the authmethod field to override the account’s default setting:

import securetrading

stconfig = securetrading.Config()
stconfig.username = ""
stconfig.password = "Password1^"
st = securetrading.Api(stconfig)

auth = {
  "sitereference": "test_site12345",
  "requesttypedescriptions": ["AUTH"],
  "accounttypedescription": "ECOM",
  "currencyiso3a": "GBP",
  "baseamount": "1050",
  "orderreference": "My_Order_123",
  "authmethod": "FINAL",
  "cachetoken": "token_posted_by_st.js"

strequest = securetrading.Request()
stresponse = st.process(strequest) #stresponse contains the transaction response

if (!($autoload = realpath(__DIR__ . '/../../../autoload.php')) && !($autoload = realpath(__DIR__ . '/../vendor/autoload.php'))) {
  throw new Exception('Composer autoloader file could not be found.');

$configData = array(
  'username' => '',
  'password' => 'Password1^',

$requestData = array(
  'sitereference' => 'test_site12345', 
  'requesttypedescriptions' => array('AUTH'),
  'accounttypedescription' => 'ECOM',
  'currencyiso3a' => 'GBP',
  'baseamount' => '1050',
  'orderreference' => 'My_Order_123',
  'authmethod' => 'FINAL',
  'cachetoken' => 'token_posted_by_st.js'

$api = Securetradingapi($configData);
$response = $api->process($requestData);

curl --user^ -H "Content-type: application/json" -H "Accept: application/json" -X POST -d '{
"version": "1.00",
"request": [{
  "currencyiso3a": "GBP",
  "requesttypedescriptions": ["AUTH"],
  "sitereference": "test_site12345",
  "baseamount": "1050",
  "orderreference": "My_Order_123",
  "accounttypedescription": "ECOM",
  "authmethod": "FINAL",
  "cachetoken": "token_posted_by_st.js"


View default authmethod setting

To view the default authmethod settings on your site, sign in to MyST and choose your site from the drop-down in the left side-menu and click the magnifying glass.

The default authmethod setting for the selected site is visible under the “Site details” tab:

To change this value, please contact our Support team.

Click here for further information on MyST.