Skip to main content
Pre-authorization (pre-auth) allows merchants to temporarily block funds on a customer’s card or account and capture the payment later, typically after order fulfilment. This helps secure funds without charging the customer immediately. Cashfree Payment Gateway (PG) supports pre-auth for UPI and for Visa and Mastercard credit, debit and prepaid cards.

How pre-authorization works

Pre-authorization allows you to manage payments flexibly in the following ways:
  • Authorise an amount on a customer’s card or account without immediate capture.
  • Capture the authorized amount later—either fully or partially—when required.
  • Void the authorisation to release the blocked funds if the order is not fulfilled.
Unlike standard transactions, where funds are instantly captured, pre-auth provides flexibility in payment processing.

Pre-authorization flow

  1. The customer initiates the payment.
  2. The amount is blocked on the customer’s card or account after successful payment completion.
  3. The merchant can:
  • Either Capture the full or partial amount.
    OR
  • Void the authorisation to release the blocked funds to the customer.
Note: If not captured within seven days, the funds are automatically released.

Pre-authorization feature request

Please use the raise an issue support form to request this feature to be enabled for your account.

Managing pre-authorization transactions

You can capture or void pre-auth transactions from the Cashfree Merchant Dashboard or integrate the capture and void APIs to automate the process.
Note
  • You must capture or void a pre-auth transaction within seven days of authorisation.
  • A transaction can only be captured or voided once.
  • Once captured, a transaction cannot be voided.
  • Once voided, a transaction cannot be captured.
  • Transactions not captured within 7 days are automatically released back to the customer.
  • Voided transactions return funds to the customer immediately.
  • After pre-auth is enabled for your account, ensure all Pre Auth transactions are either captured or voided.

Supported payment instruments for pre-authorisation

Cashfree Payment Gateway supports pre-auth workflow on cards and UPI (Unified Payments Interface).

Cards

Once Pre-Auth is enabled for your account, every card payment will be Pre-Auth by default, you do not need to provide any additional parameters while initiating the payment. Below is a sample Order Pay API request and response: 
curl --request POST \
  --url https://sandbox.cashfree.com/pg/orders/sessions \
  --header 'Content-Type: application/json' \
  --header 'x-api-version: <x-api-version>' \
  --data '{
  "payment_session_id": "session__CvcEmNKDkmERQrxnx39ibhJ3Ii034pjc8ZVxf3qcgEXCWlgDDlHRgz2XYZCqpajDQSXMMtCusPgOIxYP2LZx0-05p39gC2Vgmq1RAj--gcn",
  "payment_method": {
    "card": {
      "channel": "link",
      "card_number": "4111111111111111",
      "card_expiry_mm": "06",
      "card_expiry_yy": "22",
      "card_cvv": "900",
      "card_holder_name": "Tushar Gupta"
    }
  },
  "save_instrument": true
}'

UPI

For UPI pre-auth, you need to pass additional parameters in the /orders/pay API request. Once you have created the order, invoke the Order Pay API call with the authorize_only, authorization parameters. The authorization object contains the following attributes:
  • approve_by - The time by when customer needs to approve this one time mandate request.
  • start_time - The time when the mandate should start.
  • end_time - The time until when the mandate hold will be on customer’s bank account. You can call capture and void until this time.

UPI Collect

Below is a sample UPI Collect request and response: 
curl --request POST \
  --url https://api.cashfree.com/pg/orders/sessions \
  --header 'Content-Type: application/json' \
  --data '{
	"payment_session_id": "HTIdYxfOYgqKyYM3rLCZ",
	"payment_method" : {
		"upi" : { 
			"channel": "collect",
			"upi_id": "rohit@okicici",
			"authorize_only": true,
			"authorization" : {
          "approve_by": "2022-02-08T19:20:12+05:30",
          "start_time": "2022-02-09T12:34:34Z",
          "end_time": "2022-02-10T12:34:34Z"
       }			
		}
	}
}'

UPI Intent

Below is a sample UPI Intent request and response: 
curl --request POST \
  --url https://api.cashfree.com/pg/orders/sessions \
  --header 'Content-Type: application/json' \
  --data '{
	"payment_session_id": "HTIdYxfOYgqKyYM3rLCZ",
	"payment_method" : {
		"upi" : { 
			"channel": "link",
			"authorize_only": true,
			"authorization" : {
          "approve_by": "2022-02-08T19:20:12+05:30",
          "start_time": "2022-02-09T12:34:34Z",
          "end_time": "2022-02-10T12:34:34Z"
       }			
		}
	}
}'

Capture

The capture workflow helps you to capture the payment and move the authorised amount partially or completely from customers bank account to your bank account, by calling Pre-Authorization API for capture. 
curl --request POST \
  --url https://api.cashfree.com/pg/orders/:order_id/authorization \
  --header 'Content-Type: application/json' \
  --header 'x-api-version: <<api_version>>' \
  --header 'x-client-id: <<app_id>>' \
  --header 'x-client-secret: <<secret_key>>' \
  --data '{
  "action": "CAPTURE",
  "amount": "2.00"
}'

Void

The void workflow helps you to release the entire authorized amount back to the customer, by calling Pre-Authorization API for void. 
curl --request POST \
  --url https://api.cashfree.com/pg/orders/:order_id/authorization \
  --header 'Content-Type: application/json' \
  --header 'x-api-version: <<api_version>>' \
  --header 'x-client-id: <<app_id>>' \
  --header 'x-client-secret: <<secret_key>>' \
  --data '{
  "action": "VOID"
}'

FAQs

Capture call is performed after authorisation. It is a merchant-initiated request (via API or Merchant Dashboard) to collect the previously authorized funds. This step debits the amount from the customer.
If not captured within 7 days, the authorisation expires, and the funds are released back to the customer.
Yes, merchants can capture a partial amount of the authorized funds.
MDR is always applied only on the captured amount.
All Visa and Mastercard credit, debit and prepaid cards support pre-authorization.
A void call cancels the authorisation before capture, releasing the hold on funds.
No, voiding must be for the entire authorized amount.
Here are some common use cases:
  • Ticket Bookings – Airlines, concerts, and events often place a hold on a credit card to ensure funds are available before finalizing the booking. This is useful if confirmation is pending or for refundable ticket options.
  • Car Rentals – Rental companies use pre-authorization to secure a deposit in case of damages, late returns, or additional charges. The hold is released if no extra fees are incurred.
  • Hotel Reservations – Hotels pre-authorize a guest’s credit card at check-in to cover potential incidentals, damages, or unpaid charges, ensuring payment security before checkout.
Settlement occurs when the merchant finalizes a pre-authorized transaction by capturing the funds.
Merchants typically receive funds from pre-authorized transactions as per their normal settlement cycle, i.e., T+x days after a successful capture.
A dispute may result in a chargeback, requiring the merchant to provide proof of authorization and service fulfilment.
Currently, the pre-authorization feature is not supported for American Express and Diners cards due to limitations imposed by the respective card networks. We are actively monitoring any changes in network policies and will update our services accordingly if support becomes available in the future.