Authorization Class
The Authorization class handles the IPCAuthorization method and allows merchants to perform pre-authorizations using direct card input (like PAN, expiry, CVC) in a card-not-present flow.
Ideal for server-side card validations, bookings, or merchant-initiated holds on customer cards.
Overview
The IPCAuthorization method allows you to reserve funds on a customer’s card without capturing them immediately. This is useful for scenarios such as hotel bookings, car rentals, or delayed fulfillment, where you want to ensure funds are available before providing goods or services.
Key Points:
- Funds are held (not captured) and can be captured later using
IPCAuthorizationCapture. - Authorization expires if not captured within the allowed period (typically 30 days, but may vary by card issuer).
- You can reverse an authorization with
IPCAuthorizationReverseif you no longer need to capture the funds.
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
Amount | Double | Yes | The amount to be authorized. |
Currency | String | Yes | 3-letter ISO currency code (e.g., EUR, USD). |
OrderID | String | Yes | Unique merchant-side reference for the transaction (up to 80 characters). |
SID | String | Yes | Your myPOS Store ID. |
WalletNumber | String | Yes | Your myPOS Client Number. |
KeyIndex | Int | Yes | Indicates which key pair is being used for signature. |
CardToken | String | Yes* | Required if using a stored card. |
ItemName | String | Yes | Name of the product/service. |
Card | Object | Yes* | Required if using direct card input (PAN, Expiry, CVC, Cardholder). |
Note | String | No | Optional comment. |
OutputFormat | String | No | Response format: XML (default) or JSON. |
Either CardToken or Card object must be provided.
Workflow
- Build the Authorization request with all required parameters.
- Send the request to myPOS using the
Authorizationclass. - Receive a response with the authorization status and a unique transaction reference (
IPCTrnref). - Capture the funds later using
AuthorizationCaptureor reverse the hold withAuthorizationReverse.
Example Usage
use Mypos\IPC\Config;
use Mypos\IPC\Authorization;
use Mypos\IPC\Card;
$config = new Config();
// Configure SID, wallet, private/public keys, etc.
$card = new Card();
$card->setCardNumber('4111111111111111')
->setExpMM('12')
->setExpYY('26')
->setCvc('123')
->setCardHolder('Jane Doe');
$auth = new Authorization($config);
$auth->setOrderID('AUTH-ORDER-20250410')
->setItemName('Equipment Rental')
->setAmount(120.00)
->setCurrency('EUR')
->setNote('Authorization for damage deposit')
->setCard($card);
if ($auth->validate()) {
$response = $auth->process();
echo "Authorization successful!";
} else {
echo "Authorization validation failed.";
}
Response Properties
| Parameter | Type | Description |
|---|---|---|
Amount | Double | Echoed from your request. |
Currency | String | Echoed from your request. |
OrderID | String | Echoed from your request. |
IPCTrnref | String | Unique transaction reference for further operations. |
Status | Int | 0 means success; any other value indicates an error. |
StatusMsg | String | Human-readable result of the transaction. |
Signature | String | Base64-encoded signature for response verification. |
Use Cases
Use the Authorization class when:
- You want to reserve funds on a customer’s card without immediate capture.
- You’re building automated systems that use direct card input.
- You need merchant-initiated transactions (MIT) for reservations, security deposits, or verification holds.
- You operate in an environment where redirects are not possible (e.g., in-app or back-office flows).
Related Methods
- Authorization Capture: Capture funds from a previous authorization.
- Authorization Reverse: Release funds held by an authorization.
- Authorization List: View all active authorizations.
For full protocol details, see the official myPOS documentation.