The Capture API is used in a two-step payment flow where the merchant first authorizes an amount and later captures it. This flow is common in industries where the final amount may not be known at the time of authorization, such as hospitality, delivery services, or bookings.
To use this flow, you must first perform a SALE transaction with the auth=Yparameter enabled, which only authorizes the amount but does not capture it.
Once the authorization is successful, you can then finalize the payment using the CAPTURE action by providing the original transaction ID (trans_id) and the amount you wish to capture.
Endpoint
POST https://api.edfapay.com/payment/post
Content-Type: application/x-www-form-urlencoded
Example cURL Request
curl --location 'https://api.edfapay.com/payment/post' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'action=CAPTURE' \
--data-urlencode 'client_key=XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX' \
--data-urlencode 'trans_id=XXXXXXXXXXXX' \
--data-urlencode 'amount=0.11' \
--data-urlencode 'hash=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'Request Parameters
| Field | Type | Required | Description |
|---|---|---|---|
| action | string | Yes | API action type. For status checking, this must be CAPTURE. |
| client_key | string | Yes | Your EdfaPay merchant identifier (UUID format). |
| trans_id | string | Yes | Unique transaction ID from EdfaPay. |
| amount | string | Yes | Amount to capture (must be ≤ authorized amount) |
| hash | string | Yes | Hashed string to authenticate the request. |
Important NoteYou can get the trans_id from Dashboard in the transaction page with name Payment ID. Webhook(callback) response with value of parameter trans_id and also in the Successful Response
Hash Generation (Request Authentication)
To ensure the request is secure, you must generate a hash using the following logic:
Formula
hash = MD5(UPPERCASE(Reverse(email) + password + trans_id + Reverse(cardBIN + cardLast4)))JavaScript Example (Postman)
let trans_id = "XXXXXX"; // Original transaction ID
let password = "XXXXXX"; // Your merchant password
let card_number = "XXXXXX1234"; // First 6 and last 4 of card
let email = "[email protected]"; // Your merchant email
// Reverse helper
const reverse = str => [...str].reverse().join('');
// Build reversed values
let reversedEmail = reverse(email);
let reversedCard = reverse(card_number.substr(0, 6) + card_number.substr(-4));
// Prepare string to hash
let hashString = (reversedEmail + password + trans_id + reversedCard).toUpperCase();
// Hash it using MD5
let hash = CryptoJS.MD5(hashString).toString();
// Set in Postman environment if needed
postman.setEnvironmentVariable('hash', hash);
Notes:
- Reverse() → A function that reverses the input string.
- cardBIN = First 6 digits of the card number.
- cardLast4 = Last 4 digits of the card number.
- trans_id = Unique transaction ID (also appears in the redirect URL).
- Ensure you convert the full concatenated string to UPPERCASE before applying MD5.
- The final result (hash) should be a lowercase hexadecimal string (e.g., a1b2c3...).
Successful Response (Example)
{
"action": "CAPTURE",
"result": "SUCCESS",
"status": "SETTLED",
"order_id": "test1",
"trans_id": "XXXXXXXXXXXXXXXXXXXXXXXXX",
"trans_date": "01-01-2025 00:00:00",
"amount": "100.00",
"currency": "SAR",
"rrn": "XXXXXXXXXXXXXX",
"card_brand": "MASTER",
"merchant_name": "Edfapay"
}Failed Response (Example)
{
"result": "DECLINED",
"action": "CAPTURE",
"status": "PENDING",
"order_id": "XXXXX",
"trans_id": "XXXXXXXXXXXXXXXXXXXXXXXXXXX",
"trans_date": "XX-XX-XXXX XX:XX:XX",
"amount": "200.00",
"currency": "XXX",
"decline_reason": "INVALID_REQUEST - transaction.amount - Value 'XXX.XX' is invalid. value: XXX XXX.XX - reason: Requested capture amount exceeds outstanding authorized amount",
"card_brand": "XXXXXX",
"merchant_name": "XXXXXXXX XXXXX"
}Notes
- The CAPTURE action only works for transactions that were authorized with auth=Y during the SALE request.
- You must capture within the validity period set by the acquiring bank; otherwise, the authorization may expire.
- Make sure the amount in the CAPTURE request is less than or equal to the original authorized amount.
- The trans_id used in the capture request must be valid, from a successful authorized SALE, and not already captured..