Log inGet started
Airwallex logo
Core API
Transactional FX
Back to home
OverviewUnderstanding Banking as a ServiceSupported regions and currencies
Get started
Create cardholders
Create cards
Authorization controls
Transaction limits
Remote authorization
Test and go live

Authorization controls

Authorization controls allow you to specify rules around how and where the cards you issue may be used. You can specify them at the time of creating a new card or later when you update the card.

Choose authorization controls that best suit your needs. Note that some are mandatory.

Scenario Recommended authorization control API Endpoints > Field
Specify whether the card is a SINGLE or MULTIPLE use card.
This control is mandatory, and once specified, the value cannot be modified later. Single-use cards can only be used for one successful debit transaction.
Transaction count Create a card > authorization_controls.allowed_transaction_count
Specify the currencies that can be used to process transactions on the card.
If you do not specify this field, all currencies will be allowed.
Currency Create a card/Update a card > authorization_controls.allowed_currencies
Specify the allowed merchant categories codes for the card.
Merchant Category Code (MCC) is a unique identifier for the type of goods or services provided by merchants. If you do not specify this field, all merchant categories will be allowed. See list of merchant category codes in the ISO 18245 standard.
Merchant category code Create a card/Update a card > authorization_controls.allowed_merchant_categories
Specify the activity range for the card.
Authorizations before and after the time period will be rejected.
Time period Create a card/Update a card > authorization_controls.active_from/authorization_controls.active_to
Specify transaction limits for the card based on amount and intervals. This control is mandatory.
You can configure multiple transaction limits based on a single currency. For more information, see Transaction limits
Transaction limit Create a card/Update a card > authorization_controls.transaction_limits
Configure advanced authorization control where the authorization request from the merchant’s bank is sent to the customer's nominated endpoint and the customer can decline or accept the authorization based on their own fraud rules. For more information, see Remote authorization. Remote authorization Get issuing config/Update issuing config > remote_auth object