Airwallex logo
Airwallex logo

Configure remote authorization

To be able to respond to remote authorization requests, you must enable remote authorization and configure your default settings. Airwallex falls back to the default settings if your system fails to respond with a decision within 2 seconds due to network failures or request timeouts.

Before you begin

Step 1: Retrieve your remote authorization settings

Use Get issuing config API to check if you have remote authorization set up. If it’s not configured, the response will not contain the remote_auth_settings object.

Example request

Shell
1curl --request GET \
2--url 'https://api-demo.airwallex.com/api/v1/issuing/config'
3--header 'Authorization: Bearer <your_bearer_token>'

Example response

JSON
1{
2  "spending_limit_settings": {
3    "per_transaction_limits": [
4      {
5        "currency": "AUD",
6        "default": 1000,
7        "maximum": 1000
8      }
9    ]
10  }
11}

Step 2: Initialize and enable remote authorization

When an existing configuration for remote authorization does not exist, use Update issuing config API endpoint to initialize and enable remote authorization.

To initialize, you will only need to provide an HTTPS URL of your remote authorization endpoint and submit the request. This will generate the shared secret when no existing remote authorization configuration exists. The shared_secret will be used to add digital signatures to transaction requests - this field can only be retrieved from Update issuing config API. It returns null in the Get issuing config API response.

Use the following parameters to enable remote authorization:

  • enabled: Set this to true to enable remote authorization. If you do not specify a value, false is set as default.
  • default_action: Specify the default action, AUTHORIZED or DECLINED, in the event of remote authorization failure, for example, network failures, request time-outs. If you do not specify a value, AUTHORIZED is set as default.
  • new_shared_secret: Set this to true to generate a new shared secret. Note that this will discard the old shared secret and you will need to update your system with the new secret to verify the remote auth request. We highly recommend that you do this after disabling the remote auth config.

Example request

Shell
1curl --request POST \
2--url 'https://api-demo.airwallex.com/api/v1/issuing/config/update' \
3--header 'Content-Type: application/json' \
4--header 'Authorization: Bearer <your_bearer_token>' \
5 --data '{
6  "remote_auth": { 
7    "default_action": "DECLINED", 
8    "enabled": true, 
9    "new_shared_secret": false, 
10    "url": "https://your.domain/remote-auth" 
11  } 
12}'
13

Example response

JSON
1{
2    "remote_auth_settings": {
3        "created_at": "2022-04-13T00:04:41.934+0000",
4        "default_action": "DECLINED",
5        "enabled": true,
6        "shared_secret": "QzhgcnBUG5iU9DiievrhLfpyEkNqzNnv",
7        "updated_at": "2022-04-13T00:04:41.934+0000",
8        "url": "https://your-endpoint/remote-auth"
9    },
10    "spending_limit_settings":{...}
11}

Step 3: (Optional) Enable health check

Airwallex has a strict time limit for the full remote authorization call, with a portion allocated to establishing the initial connection between Airwallex and your URL. By enabling a health check endpoint to pre-establish and maintain this connection, the connection time can be significantly reduced, allowing more time for processing the authorization request. Airwallex offers health checks via HTTP GET requests.

HTTP_GET requests

HTTP_GET will be a standard GET call made to a separate URL. Please ensure that a new URL is implemented and has the same host as your remote authorization URL. The URL should be configured to always return 200 OK.

In order to enable this feature, please first ensure that your remote authorization settings have been configured, and a shared_secret has been generated, then contact your Airwallex Account Manager to enable health checks.

Was this page helpful?