Skip to main content
This page summarizes the main technical and operational recommendations for correctly integrating the authorization service through POST /authorize. It applies to these channels:
  • Ecommerce
  • POS

Endpoint

Scope

The authorization service processes payment transactions submitted by a merchant, terminal, PinPad, checkout, or server-to-server integration. An authorization may originate from different channels according to frame_type.

General authorization flow

Flow steps

Supported channels

Supported brands

Supported currencies

Submit currency fields as numeric ISO 4217 codes.

Amount format

Submit all amounts as strings without a decimal separator or thousands separators. Calculate the amount using the currency exponent.
Example for PEN:

Incorrect amount examples

Correct amount examples

Operation identifier

internal_operation_number identifies the merchant operation. It must be unique per merchant and retained for queries, traceability, support, and reconciliation.

Rules for internal_operation_number

Idempotency and duplicates

Use internal_operation_number to control duplicate operations. Do not reuse the same operation identifier for multiple authorizations because doing so may cause duplicate declines or reconciliation inconsistencies.

Sensitive data

Encrypt sensitive card data before calling the authorization service.

Information prohibited in free-form fields

Do not submit sensitive information in free-form fields such as metadata or additional_fields. Use metadata to submit additional merchant information for traceability, reporting, or reconciliation.
For POS, use transaction.meta.additional_fields to submit supplemental operation information.

Timeouts and retries

If the merchant receives no response because of a timeout or communication error, do not automatically assume that the operation was declined. Query the operation status before submitting another authorization.
The merchant should store the response identifiers required for queries, reversals, support, reconciliation, and traceability.

Operational use of identifiers


General response interpretation

For an approved authorization, validate both the card-brand response and the platform’s internal status.

Reference internal statuses

These statuses are provided for reference and may vary with service configuration.

Common errors

Before submitting an authorization, validate the following items.

Ecommerce recommendations

POS recommendations


POS rules by capture type

Integration best practices

Ecommerce integration checklist

POS integration checklist

Reconciliation recommendations

To simplify reconciliation, retain the relationship between the merchant’s internal order and the identifiers returned by the platform.

Support recommendations

Include the following information when reporting an incident.

Authorization guides

Ecommerce

View the Ecommerce authorization message.

POS

View the POS authorization message.

Response

View the authorization response structure.