Legacy docs ↗App sign in ↗

Managing Card Authorizations

Suggest Edits

The Card Authorization Loop Endpoint allows you to accept or reject a card transaction at the time of authorization based on your business logic. To accomplish this, you assign the Card Auth Loop Endpoint to the Card Product whose card authorization requests you want to monitor. From there, any time a new authorization or refund authorization request is received for a card created using that Card Product, you will receive a callback at the URL specified in the Card Auth Loop Endpoint object.

The general flow for authorization using the Card Auth Loop Endpoint is shown below:

CALE Flow.jpeg

Testing in the Developer Sandbox

  1. Create a new Card Auth Loop Endpoint.
  2. Update the card_auth_loop_endpoint_id of the Card Product you would like to receive authorization requests for with the id of the Card Auth Loop Endpoint you created.
  3. Create a new card_event.auth_request Card Simulation to mimic a card authorization taking place.
  4. An HTTP POST request will be sent to the URL listed in the Card Auth Loop Endpoint containing an auth-request Card Event in the message body (example below).
  5. You now have 1500 milliseconds to respond with a 200 (to approve the request) or a 402 (to reject the request).

Testing in Production

  1. Create a new Card Auth Loop Endpoint.
  2. Update the card_auth_loop_endpoint_id of the Card Product you would like to receive authorization requests for with the id of the Card Auth Loop Endpoint you created.
  3. Initiate authorization by swiping or submitting a virtual payment using a card issued under the Card Product from step 2.
  4. An HTTP POST request will be sent to the URL listed in the Card Auth Loop Endpoint containing an auth-request Card Event in the message body (example below).
  5. You now have 1500 milliseconds to respond with a 200 (to approve the request) or a 402 (to reject the request).

Example Card Auth Loop Endpoint Callback

When a card authorization request is received, an HTTP POST will be sent to the URL specified in the Card Auth Loop Endpoint object. The POST body contains a Card Event object as shown below.

{
  "message_type": "auth-request",
  "amount": "25.00",
  "bank_id": "bank_treasuryprime",
  "org_id": "org_1evy4cx23n5",
  "decline_reason": null,
  "updated_at": "2022-05-26T19:43:05Z",
  "currency": "USD",
  "status": "pending",
  "id": "cnm_11h8zp29ahk22d",
  "card_id": "card_11h84t45a4d26",
  "trace_id": "aec7df65adb14c34989384d0hh44f897",
  "network": "mastercard",
  "network_created_at": null,
  "merchant": {
    "name": "Card Transaction Test 1",
    "mcc": "3501",
    "mid": "4445025949033",
    "address": {
      "city": "LAS VEGAS",
      "state": "NV",
      "postal_code": "88901",
      "country": "USA"
    }
  },
  "processor": "marqeta",
  "networkdata": null,
  "created_at": "2022-05-26T19:43:05Z",
  "atm": null
}

Updated 2 months ago