AutoCapture (Auth + Capture)

Use AutoCapture API to authorize and capture a PayBright transaction

AutoCapture Transaction

The AutoCapture API is used to authorize and capture a PayBright transaction. This API should be used when the merchant would like to execute a singular event that both authorizes and captures the transaction (capture occurring upon successful completion of the application), as opposed to two distinct authorization and capture events (for details, see Auth documentation).


Please ensure that your authentication and capture preferences are shared with the PayBright team beforehand so that we can ensure your merchant account is configured correctly.


Refer to the API Reference guide for a description of the contents in the API and to identify the mandatory fields.



For Buy Online Pay In-store (BOPIS) transactions, store address should not be passed as the shipping address in x_customer_shipping_address1 field in the body of the Auth request.

To autocapture a transaction, you will need to create the signature using the API Key and API Token shared with you by the PayBright team. Upon receiving a successful response to the AutoCapture call, payment is remitted to the merchant within one day.

curl --location --request POST '' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-raw 'x_account_id=Z9s7Yt0Txsqbbx&x_amount=1100.00&x_currency=CAD&x_customer_billing_address1=22+Viewcrest+Cir&x_customer_billing_city=Etobicoke&x_customer_billing_country=CA&x_customer_billing_phone=6139876543&x_customer_billing_state=ON&
$body = array(
    'x_account_id' => 'Z9s7Yt0Txsqbbx',
    'x_amount' => '1100.00',
    'x_currency' => 'CAD',
    'x_customer_billing_address1' => '22 Viewcrest Cir',
    'x_customer_billing_city' => 'Etobicoke',
    'x_customer_billing_country' => 'CA',
    'x_customer_billing_phone' => '5196152481',
    'x_customer_billing_state' => 'ON',
    'x_customer_billing_zip' => 'M9W7G5',
    'x_customer_email' => '[email protected]',
    'x_customer_first_name' => 'Jamie',
    'x_customer_last_name' => 'Testhet',
    'x_customer_phone' => '6139876543',
    'x_customer_shipping_address1' => '22 Viewcrest Cir',
    'x_customer_shipping_city' => 'Etobicoke',
    'x_customer_shipping_country' => 'CA',
    'x_customer_shipping_first_name' => 'Jamie',
    'x_customer_shipping_last_name' => 'Testhet',
    'x_customer_shipping_phone' => '6139876543',
    'x_customer_shipping_state' => 'ON',
    'x_customer_shipping_zip' => 'M9W7G5',
    'x_reference' => '2194779',
    'x_shop_country' => 'CA',
    'x_shop_name' => 'Paybright Test Store',
    'x_test' => 'true',
    'x_url_callback' => '',
    'x_url_cancel' => '',
    'x_url_complete' => ''

$bodyString = http_build_query($body);
$signatureString = '';

foreach (explode('&', $bodyString) as $chunk) {
    $param = explode("=", $chunk);
    if ($param && $param[1] != '') { 
        $signatureString = $signatureString . urldecode($param[0]) . urldecode($param[1]);
$pb_sig = hash_hmac('sha256', $signatureString, "gyB8ELayUsE8tPxZ9s7Yt0Txsqbbx");
$bodyString = $bodyString . '&x_signature=' . $pb_sig; 

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $bodyString);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

$response = curl_exec($ch);

Rendering PayBright Application

The AutoCapture API returns an HTML Page in the response, which is then to be rendered on your website. This page allows your customers to complete a single-field application within 30 to 60 seconds. Customers are redirected back to the merchant website once they have completed the PayBright application.



You will receive the final decision on a customer's PayBright application through:

  • POST callback notification sent to the URL passed in x_url_callback and GET request sent to the Redirect URL passed in x_url_complete field when the Auth API call was made.


Tip: PayBright recommends using the Checkout page's URL as x_url_complete for a seamless customer experience.


Tip: PayBright will receive a 200 OK from the POST request made to x_url_callback to avoid any order synchronization issues; best practice is to wait for the POST callback before finalizing a customer order.

You should see a request that looks like this with x_result and x_gateway_reference.


Processing the Request

A transaction ID (x_gateway_reference) is provided in the POST and GET request you receive from PayBright to reference this transaction moving forward.

The decision on the customer's application with PayBright is returned in x_result field. You can receive different statuses in x_result and will have to build your back-end accordingly:


If x_result == Completed is in the request you receive on the callback url and complete url, it means that the customer application was successfully approved by PayBright and the transaction was captured.


Pending in x_result means that the transaction was flagged by PayBright's system as a potential fraud case, and requires a manual review. PayBright will make a final decision within 48 hours and you will receive a POST Request on the callback URL you passed in the initial auth API call.

You will receive x_result == Completed if PayBright's Fraud team approves the transaction and x_result == Failed if the transaction is marked as Fraud. Please cancel any order marked as 'fraud' on your end.