Overview of Two-Phase Commits
Most examples in this documentation use one-phase transactions that combine two requests — authorization and capture — in one. However, there are some scenarios where you might want to perform these two requests separately. This sequence of two separate requests is called a two-phase transaction, or two-phase commit (2PC).
What are two-phase commits?
A two-phase commit is a transaction carried out in two steps:
The merchant requests approval of an expected purchase, checking whether the customer's credit allows for the purchase to occur. This is called an authorization request (J5).
If authorization is granted, the merchant performs the charge. This is called a capture request (J4).
The capture request doesn't have to be performed immediately after authorization: the two steps can take place hours or even days apart. A standard limit is 5 days, but different credit card providers have different terms with their merchants, and you may want to check with your provider for details. Hyp has no control over the authorization process or how long it takes for an authorization to expire.
What's the purpose of two-phase commits?
Two-phase commits are mostly needed in two cases:
When a merchant is holding inventory of a specific product and wants to make sure that they can deliver the product before actually charging the customer.
When a transaction amount is relatively high, a merchant might want to check that the customer's credit limit allows for such a large transaction before actually making the charge.
How to implement a two-phase commit?
When implementing a two-phase commit, the capture step is straightforward: you already have all the information you need to finalize the payment. The authorization step, however, depends on how you as a merchant collect and store card data.
Apart from rare cases where merchants collect card data directly, which requires full PCI DSS certification, the two most common ways to collect card data without PCI DSS exposure are:
Payment page authorization. The merchant requests a Hyp payment page configured for authorization only. The customer enters their card details, Hyp performs the authorization for the amount of the expected purchase, and returns a transaction identifier and a card token. The merchant later uses this token to complete the capture step. This flow is best suited when the customer is ready to make a specific purchase, but the merchant needs time to check and hold inventory before charging the customer. See Payment Page Authorization for details.
Card verification authorization. The merchant requests a Hyp payment page configured for authorization only. The customer enters their credit card details, and Hyp performs an authorization for a small amount (often ₪1 or $1). This verifies that the card is valid and returns a reusable card token. There is no follow-up capture, and the authorization naturally expires. Later, the merchant uses the stored token to perform a proper authorization and capture when the real purchase occurs. This flow is common in travel and marketplace services. See Card Verification Authorization for details.
FAQ
Does an authorization request (J5) check CVV and the Israeli ID number?
This entirely depends on your terminal settings.
Does an authorization request create a token for the credit card?
Yes, it does create a token. In fact, one of the two common two-phase transaction flows, card verification authorization, depends on a standalone authorization request to create a token that is later used in a two-phase commit.
Can I charge an amount that is different from the amount approved in the first phase?
You can always charge less than the originally approved amount.
If you want to charge more than the approved amount, this is possible but requires a specific terminal configuration and approval from the credit card provider.
Can I cancel an authorization request?
Yes, you can, with a normal cancelDeal or refundDeal request. See Refunds and Cancellations for details.
Last updated
Was this helpful?