The Card Authorization Loop Endpoint is used to accept or reject a card transaction. A Card Product may have one card_auth_loop_endpoint_id registered and the API will send an HTTP request for every card authorization. When a card authorization comes in, an HTTP POST request will be sent to the URL specified in the Card Auth Loop Endpoint object. The value returned from that request will determine if the authorization is rejected or not. See below for details.
You must have the /card_auth_loop_endpoint endpoint enabled in order to use this functionality.

The Card Auth Loop Endpoint Protocol

For every card authorization, the Card Auth Loop Endpoint that is set in the Card Product card_auth_loop_endpoint_id is called. When a card authorization comes in, an HTTP POST request will be sent to the URL specified in the Card Auth Loop Endpoint object. The POST receives a JSON body of a Card Event and must return an empty JSON body and one of these HTTP codes:
HTTP CodeActionMeaning
200acceptThe authorization is accepted.
402rejectThe authorization is rejected and the transaction fails.
  • Any other HTTP code is ignored and the default authorization behavior is run.
  • If the HTTP response takes more that 1500 msec to return, the call is ignored and the default authorization behavior is run.
Note that a final balance check takes place after the authorization is accepted. A transaction authorized using the Card Auth Loop Endpoint may still be automatically declined due to insufficient funds. See the Managing Card Authorizations with the Card Auth Loop Endpoint guide for more details including the default authorization behavior.