Authorization controls
Authorization controls allow you to specify rules around how and where the cards you issue may be used. You can specify them at the time of creating a new card or later when you update the card.
Choose authorization controls that best suit your needs. Note that some are mandatory.
I want to... | Recommended authorization control | Parameter | Supported endpoints |
---|---|---|---|
Specify whether the card is a SINGLE or MULTIPLE use card. This control is mandatory, and once specified, you cannot modify the value later. Single-use cards can only be used for one successful debit transaction. | Transaction count | authorization_controls.allowed_transaction_count | Create a card API |
Specify the currencies that can be used to process transactions on the card. If you do not specify this field, all currencies will be allowed. | Currency | authorization_controls.allowed_currencies | Create a card API/Update a card API |
Specify the allowed merchant categories codes where the card can be used. Merchant Category Code (MCC) is a unique identifier for the type of goods or services provided by merchants. If you do not specify this field, all merchant categories will be allowed. See list of merchant category codes in the ISO 18245 standard. | Merchant category code | authorization_controls.allowed_merchant_categories | Create a card API/Update a card API |
Specify the activity range for the card. Authorizations before and after the time period will be rejected. | Time period | authorization_controls.active_from , authorization_controls.active_to | Create a card API /Update a card API |
Specify transaction limits for the card based on amount and intervals. This control is mandatory -- you can configure multiple transaction limits based on a single currency. For more information, see Transaction limits. | Transaction limit | authorization_controls.transaction_limits | Create a card API / Update a card API |
Configure advanced authorization control where the authorization request from the merchant’s bank is sent to my nominated endpoint and I can decline or accept the authorization based on my own fraud rules. For more information, see Remote authorization. | Remote authorization | remote_auth object | Get issuing config API / Update issuing config API |