When dealing with online payments and recurring transactions, it can be challenging to understand all the different identifiers, tokens, and steps involved in completing a payment. Below, we'll break down the key elements of PayPal's payment process, specifically focusing on Authorization IDs, Capture IDs, and Tokens, explaining their roles, uses, and differences.
1. Authorization ID
An Authorization ID is a unique identifier created when a customer authorizes a payment. This authorization allows the merchant to hold a specific amount on the customer's credit card without immediately transferring the funds. The intent for this type of transaction is usually set to "AUTHORIZE." The key points about Authorization IDs are:
Purpose: Used to confirm that there are sufficient funds available on a customer's card, without capturing (charging) the funds immediately.
Use Case: Suitable for scenarios where you need to verify funds but are not ready to complete the transaction, such as pre-orders or reservations.
Capture Process: Once an authorization is in place, the merchant must use the Authorization ID to capture the funds when the payment is ready to be finalized.
Time Limit: Authorization IDs are temporary and are typically valid for up to 29 days. If not captured within this period, the authorization expires.
2. Capture ID
A Capture ID is generated once the authorized payment is captured. Capturing funds involves finalizing the transaction, effectively transferring the authorized amount from the customer to the merchant. The intent for capturing can be set to either "AUTHORIZE" (followed by a separate capture step) or "CAPTURE" (which authorizes and captures the funds in a single step).
Generated When: A capture ID is produced after an authorized payment is successfully captured.
Use Case: Once a payment is captured, the capture ID can be used for various operations such as tracking the payment status or issuing a refund if needed.
Automatic Capture: If the payment intent is set to "CAPTURE", the Capture ID may appear directly during the CHECKOUT.ORDER.APPROVED event, as the authorization and capture happen simultaneously.
3. Token
A Token represents a customer's payment method and is often used for future billing. Tokens provide a secure way for merchants to initiate payments without storing sensitive payment details themselves. Tokens are commonly used for recurring payments or subscriptions. The following are important aspects of tokens:
When Created: Tokens can be created after the first completed payment (e.g., capturing a payment) when the customer explicitly authorizes their payment details to be securely stored for future transactions.
Persistent Nature: Unlike Authorization IDs, which are temporary, tokens are persistent and can be used for multiple future transactions, provided they are generated after a completed payment.
Use Case: Primarily used for recurring billing, such as subscriptions. Tokens allow customers to avoid entering their payment information for each billing cycle.
After Completed Payment: Tokens generated after a successful payment (capture) represent stored payment information that can be used for recurring charges in the future. This type of token is ideal for subscriptions or services that require automatic billing.
Pre-Authorization for Recurring Charges
In cases like pre-authorizing a credit card for recurring monthly fees (e.g., for a phone service provider), the process often involves both authorization and tokenization:
Initial Pre-Authorization: When the customer provides their credit card details, the service provider may perform a pre-authorization to validate the card. An Authorization ID is created to temporarily hold the amount.
Token Creation for Recurring Payments: After the initial pre-authorization or payment capture, a token is created to store the payment details securely. This token is then used for future recurring payments, allowing the provider to automatically charge the customer every month.
Capturing Payments: Reference ID, Authorization ID, and Tokens
Reference ID: Often used interchangeably with Authorization ID, this represents the ID tied to a specific authorization event. It’s used to capture authorized funds.
Authorization ID: Used to capture an authorized amount or void it if needed. Each capture request requires a corresponding Authorization ID.
Token: Unlike Authorization IDs, a token is not used to capture previously authorized funds but is instead used to initiate new transactions. Tokens allow merchants to charge customers for future payments (e.g., recurring subscriptions) without requiring the customer to authorize the payment again each time.
Example Workflow
Authorization and Capture Flow:
The customer authorizes a payment (intent = "AUTHORIZE"), and an Authorization ID is generated.
When ready, the merchant uses this Authorization ID to capture the funds.
After capture, a Capture ID is provided to track the successful completion.
Recurring Payment Flow with Token:
The first payment is processed and captured. A token is then generated to securely represent the customer's payment method.
For future billing cycles, the merchant uses the token to automatically charge the customer without requiring new authorizations.
Summary
Authorization ID: Temporary identifier used to authorize a payment but not capture it right away.
Capture ID: Generated after a successful capture, used to track and manage completed payments.
Token: Secure reference for a customer's payment details, used for recurring or future payments.
Understanding these elements helps in designing a payment workflow that balances customer convenience, security, and flexibility, ensuring compliance with regulations while providing a seamless payment experience for recurring billing or future payments.
No comments:
Post a Comment