> ## Documentation Index
> Fetch the complete documentation index at: https://developers.pcibooking.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Authorize & Capture

> Pre-authorize a card token and capture later. Two-step payment flow via PCI Booking's Universal Payment Gateway.

Authorize and capture is a two-step flow through PCI Booking's [Universal Payment Gateway (UPG)](/use-tokens/universal-payment-gateway). It separates the fund hold from the settlement, which is useful for delayed fulfillment scenarios like hotel bookings or rental reservations.

## Pre-Authorize (Hold Funds)

The first step detokenizes your card token to place a hold on the cardholder's funds. PCI Booking replaces the token with real card data and sends an authorization request to your configured PSP.

* Submit a **card token**, **amount**, **currency**, and **gateway credentials ID**.
* PCI Booking detokenizes and forwards the authorization to the PSP.
* The PSP places a hold on the funds and returns an authorization reference.
* No funds are transferred yet.

This is the same UPG detokenization mechanism as a charge. The only difference is the transaction type.

```bash theme={null}
curl -X POST "https://service.pcibooking.net/api/paymentGateway?credentialsId=my-stored-credentials" \
  -H "Authorization: APIKEY your-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "CardToken": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4",
    "OperationType": "PreAuth",
    "Amount": 250.00,
    "Currency": "EUR"
  }'
```

## Capture (Settle Funds)

The second step settles a previous authorization. You reference the original transaction ID. No card token or card data is needed, since the PSP already has the authorization on file.

* Submit the **original transaction reference** and the **amount to capture**.
* The capture amount can be equal to or less than the authorized amount.
* PCI Booking forwards the capture to the PSP, which transfers the funds.

```bash theme={null}
curl -X POST "https://service.pcibooking.net/api/paymentGateway?credentialsId=my-stored-credentials" \
  -H "Authorization: APIKEY your-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "CardToken": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4",
    "OperationType": "Capture",
    "GatewayReference": "txn_abc123",
    "Amount": 250.00,
    "Currency": "EUR"
  }'
```

## When to Use

* **Hotels and travel**. Authorize at booking, capture at checkout.
* **Rentals**. Authorize at pickup, capture at return.
* **E-commerce**. Authorize at order, capture at shipment.
* **Partial captures**. Capture less than the authorized amount if the final total changes.

Both steps use the same UPG endpoint. Your systems never see card data at any point in the flow.

## Next Steps

<CardGroup cols={2}>
  <Card title="Charge" icon="book" href="/use-tokens/charge">
    Process a simple one-step charge instead.
  </Card>

  <Card title="Refunds & Voids" icon="book" href="/use-tokens/refunds-voids">
    Reverse or refund completed transactions.
  </Card>
</CardGroup>
