> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lite.sa/llms.txt
> Use this file to discover all available pages before exploring further.

# Capture an authorized payment

> Captures all or part of an authorized payment. If no amount is specified,
the full authorized amount is captured.




## OpenAPI

````yaml /openapi/payment-acceptance.json post /payments/{payment_id}/capture
openapi: 3.1.0
info:
  title: lite - Payment Acceptance
  version: 1.0.0
servers:
  - url: https://api.lite.sa/v1
    description: Production
security:
  - ApiKeyAuth: []
  - BearerAuth: []
tags:
  - name: 3DS Authentication
    description: Standalone payer authentication via the 3DS standard
  - name: Hosted Checkout
    description: Create, manage and deploy hosted checkout pages
  - name: Server-to-Server Payments
    description: Direct payment API for server-side integrations
paths:
  /payments/{payment_id}/capture:
    post:
      tags:
        - Server-to-Server Payments
      summary: Capture an authorized payment
      description: >
        Captures all or part of an authorized payment. If no amount is
        specified,

        the full authorized amount is captured.
      operationId: lite.server-to-server.capturePayment
      parameters:
        - $ref: '#/components/parameters/payment_id'
        - $ref: '#/components/parameters/x-correlation-id'
        - $ref: '#/components/parameters/x-idempotency-key'
      requestBody:
        $ref: '#/components/requestBodies/CapturePayment'
      responses:
        '202':
          $ref: '#/components/responses/PaymentAccepted'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '500':
          $ref: '#/components/responses/InternalServerError'
components:
  parameters:
    payment_id:
      name: payment_id
      in: path
      required: true
      description: Unique identifier of the payment
      schema:
        type: string
        format: uuid
        example: 9822ffb8-26de-423b-ad15-0d129cf1b4ac
    x-correlation-id:
      name: x-correlation-id
      in: header
      required: false
      description: >-
        Unique identifier for request tracing. Generated by the client or server
        if not provided.
      schema:
        type: string
        format: uuid
        example: 550e8400-e29b-41d4-a716-446655440000
    x-idempotency-key:
      name: x-idempotency-key
      in: header
      required: false
      description: >-
        Unique key for idempotent request processing. Duplicate requests with
        the same key are safely ignored.
      schema:
        type: string
        format: uuid
        example: baf6a8e2-0c89-46ef-9ca5-faa65b99bcd5
  requestBodies:
    CapturePayment:
      description: Capture an authorized payment
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/CaptureRequest'
  responses:
    PaymentAccepted:
      description: Payment accepted for processing.
      content:
        application/json:
          schema:
            type: object
            required:
              - payment
            properties:
              payment:
                type: object
                required:
                  - id
                properties:
                  id:
                    type: string
                    format: uuid
                    description: Unique payment identifier
                    example: baf6a8e2-0c89-46ef-9ca5-faa65b99bcd5
                  status:
                    type: string
                    description: Payment status
                    enum:
                      - CREATED
                      - PENDING
                    example: PENDING
                  merchant_reference:
                    type: string
                    description: Merchant order reference
                    example: ORD-123456
              _links:
                type: object
                description: Available action links (HATEOAS)
                properties:
                  self:
                    $ref: '#/components/schemas/Link'
                  capture:
                    $ref: '#/components/schemas/Link'
                  void:
                    $ref: '#/components/schemas/Link'
                  refund:
                    $ref: '#/components/schemas/Link'
                  redirect:
                    $ref: '#/components/schemas/Link'
    BadRequest:
      description: >
        The request was invalid or malformed.


        Returned when:

        - Request validation fails (missing required fields, invalid field
        formats)

        - Payment details do not match the session (amount, currency, order
        reference mismatch)

        - The operation is not allowed given the current resource state
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    Unauthorized:
      description: |
        Authentication failed — missing or invalid token.

        Returned when:
        - The JWT bearer token is missing, expired, or has an invalid signature
        - The API key is missing or invalid
        - The authenticated session token is invalid
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    Forbidden:
      description: >
        Request blocked by security policy.


        Returned when:

        - A security threat is detected (SQL injection, XSS, NoSQL injection,
        LDAP injection, path traversal)

        - Header injection or suspicious headers are detected

        - The request payload exceeds the maximum allowed size

        - Geo-region validation fails (user country does not match client
        region)
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    NotFound:
      description: |
        The requested resource was not found.

        Returned when:
        - The specified resource ID does not exist
        - The path does not match any known endpoint
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    InternalServerError:
      description: >
        An unexpected error occurred on the server.


        Returned when an unhandled exception or infrastructure failure prevents
        the request from being processed. Retry the request with exponential
        backoff.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
  schemas:
    CaptureRequest:
      type: object
      description: >-
        Capture amount and metadata. If amount is omitted, the full authorized
        amount is captured.
      properties:
        amount:
          type: integer
          minimum: 1
          description: >-
            Amount to capture in minor units (e.g. 10000 for 100.00 SAR). Omit
            to capture full authorized amount.
          example: 10000
        metadata:
          type: object
          description: Additional metadata. Set `is_final` to true for the final capture.
          example:
            order_id: ORD-123
            order_status: shipped
            tracking_number: TRACK123
            is_final: false
    Link:
      type: object
      required:
        - href
        - method
      properties:
        href:
          type: string
          format: uri
          description: Link URL
        method:
          type: string
          description: HTTP method
          enum:
            - GET
            - POST
            - PUT
            - PATCH
            - DELETE
            - HEAD
            - OPTIONS
          example: POST
    ErrorResponse:
      type: object
      required:
        - error
      properties:
        error:
          type: object
          required:
            - code
            - message
            - timestamp
          properties:
            code:
              type: string
              description: Error code identifying the type of error
              example: PAYMENT_DETAILS_MISMATCH
            message:
              type: string
              description: Human-readable error description
              example: The request was invalid or malformed
            details:
              type: object
              description: Additional error details
            correlationId:
              type: string
              format: uuid
              description: Correlation ID for tracking the request
              example: 550e8400-e29b-41d4-a716-446655440000
            timestamp:
              type: string
              format: date-time
              description: Timestamp when the error occurred
              example: '2024-12-16T10:30:00.000Z'
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: x-api-key
      description: API key for service-to-service or merchant authentication.
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: >-
        JWT Bearer token obtained from user authentication. Passed as
        Authorization: Bearer <token>.

````