The Card Authorization Loop Endpoint is used to accept or reject a
card transaction.
A Card Product may have one
card_auth_loop_endpoint_id registered and the API will send an HTTP
request for every card authorization. When a card authorization comes
in, an HTTP POST request will be sent to the URL specified in the Card
Auth Loop Endpoint object. The value returned from that request will
determine if the authorization is rejected or not. See below for
details.
You must have the /card_auth_loop_endpoint endpoint enabled in order to use this functionality.
The Card Auth Loop Endpoint Protocol
For every card authorization, the Card Auth Loop Endpoint that is set
in the Card Product
card_auth_loop_endpoint_id is called.
When a card authorization comes in, an HTTP POST request will be sent
to the URL specified in the Card Auth Loop Endpoint object. The POST
receives a JSON body of a Card Event and must
return an empty JSON body and one of these HTTP codes:
| HTTP Code | Action | Meaning |
|---|
| 200 | accept | The authorization is accepted. |
| 402 | reject | The authorization is rejected and the transaction fails. |
- Any other HTTP code is ignored and the default authorization
behavior is run.
- If the HTTP response takes more that 1500 msec to return, the call
is ignored and the default authorization behavior is run.
Note that a final balance check takes place after the authorization is
accepted. A transaction authorized using the Card Auth Loop Endpoint
may still be automatically declined due to insufficient funds. See the
Managing Card Authorizations with the Card Auth Loop
Endpoint guide for more details
including the default authorization behavior. 
