Authorization controls Invite Only

     

    Configure pre-defined rules on cards & cardholders to control spend.

    Setting authorization controls

    You can set authorization_controls on cards and cardholders that act as spending rules, giving you some control over how your cards can be used. Authorization controls support spending limits (eg., 100 USD/auth, 3,000 USD/month), blocking types of businesses (eg., bakeries, gambling), and advanced combinations of rules. Although optional, we recommend that you specify controls — otherwise all transactions will be approved by default, provided your balance has sufficient funds.

    Authorization controls are optional and you can set them when you create new cards and cardholders You can also update existing ones at any time.

    field type description
    allowed_categories array Array of strings containing categories of authorizations to always allow.
    blocked_categories array Array of strings containing categories of authorizations to always decline.
    spending_limits array Array of hashes that specify amount-based rules.

    Spending limits

    To limit the amount of money that can be spent, set spending_limits within authorization_controls to an array of hashes with the following structure:

    field type description
    amount integer Maximum amount allowed, in the currency of the card. Amounts in different currencies are converted to the card’s currency when evaluating this control (10 USD = 1000).
    interval array The time interval in which the amount applies. Can be per_authorization, daily, weekly, monthly, yearly, or all_time.
    categories array (optional) Array of strings specifying categories to which this limit applies. Leaving this blank will apply the limit to all categories.

    Spending limits can only approve or reject authorizations, and not follow-on charges like tips or hotel fees. In addition, spending totals are summed by their calendar date: months begin on the 1st, weeks on Monday, and days at midnight UTC. This can result in singular transactions spread across multiple time intervals. For example, if a 200 USD authorization is approved on the 30th of April, and a follow on tip of 40 USD is charged on the 1st of May, 200 USD counts towards April and 40 USD counts towards May.

    Examples

    The following examples demonstrate different uses of authorization controls for cards and cardholders.

    Limit a cardholder's monthly spending across all their cards

    curl https://api.stripe.com/v1/issuing/cardholders/ich_1Cm3paIyNTgGDVfzBqq1uqxR \ -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \ -d "authorization_controls[spending_limits][0][amount]"=300000 \ -d "authorization_controls[spending_limits][0][interval]"=monthly
    # Set your secret key: remember to change this to your live secret key in production # See your keys here: https://dashboard.stripe.com/account/apikeys Stripe.api_key = 'sk_test_4eC39HqLyjWDarjtT1zdp7dc' Stripe::Issuing::Cardholder.update( 'ich_1Cm3paIyNTgGDVfzBqq1uqxR', { authorization_controls: { spending_limits: [{ amount: 300000, interval: 'monthly', }] }, } )
    # Set your secret key: remember to change this to your live secret key in production # See your keys here: https://dashboard.stripe.com/account/apikeys stripe.api_key = 'sk_test_4eC39HqLyjWDarjtT1zdp7dc' stripe.issuing.Cardholder.modify( 'ich_1Cm3paIyNTgGDVfzBqq1uqxR', authorization_controls={ 'spending_limits': [{ 'amount': 300000, 'interval': 'monthly', }] } )
    // Set your secret key: remember to change this to your live secret key in production // See your keys here: https://dashboard.stripe.com/account/apikeys \Stripe\Stripe::setApiKey('sk_test_4eC39HqLyjWDarjtT1zdp7dc'); \Stripe\Issuing\Cardholder::update( 'ich_1Cm3paIyNTgGDVfzBqq1uqxR', [ 'authorization_controls' => [ 'spending_limits' => [{ 'amount' => 300000, 'interval' => 'monthly', }] ], ] )
    // Set your secret key: remember to change this to your live secret key in production // See your keys here: https://dashboard.stripe.com/account/apikeys Stripe.apiKey = "sk_test_4eC39HqLyjWDarjtT1zdp7dc"; Cardholder cardholder = Cardholder.retrieve("ich_1Cm3paIyNTgGDVfzBqq1uqxR"); Map<String, Object> spendingLimitParam = new HashMap<String, Object>(); spendingLimitParam.put("amount", 300000); spendingLimitParam.put("interval", "monthly"); List<Map<String, Object>> spendingLimits = new ArrayList<Map<String, Object>>(); spendingLimits.add(0, spendingLimitParam); Map<String, Object> controlParams = new HashMap<String, Object>(); controlParams.put("spending_limits", spendingLimits); Map<String, Object> params = new HashMap<>(); params.put("authorization_controls", controlParams); cardholder.update(params);
    // Set your secret key: remember to change this to your live secret key in production // See your keys here: https://dashboard.stripe.com/account/apikeys const stripe = require('stripe')('sk_test_4eC39HqLyjWDarjtT1zdp7dc'); const cardholder = stripe.issuing.cardholders.update('ich_1Cm3paIyNTgGDVfzBqq1uqxR', { authorization_controls: { spending_limits: [{ amount: 300000, interval: 'monthly' }], }, );

    Limit the spending and allowed categories for a card

    curl https://api.stripe.com/v1/issuing/cards/ic_1Cm3paIyNTgGDVfzBqq1uqxR \ -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \ -d "authorization_controls[allowed_categories][0]"=automated_fuel_dispensers \ -d "authorization_controls[spending_limits][0][amount]"=8000 \ -d "authorization_controls[spending_limits][0][interval]"=per_authorization
    # Set your secret key: remember to change this to your live secret key in production # See your keys here: https://dashboard.stripe.com/account/apikeys Stripe.api_key = 'sk_test_4eC39HqLyjWDarjtT1zdp7dc' Stripe::Issuing::Card.update( 'ic_1Cm3paIyNTgGDVfzBqq1uqxR', { authorization_controls: { allowed_categories: ['automated_fuel_dispensers'], spending_limits: [{ amount: 8000, interval: 'per_authorization' }] }, } )
    # Set your secret key: remember to change this to your live secret key in production # See your keys here: https://dashboard.stripe.com/account/apikeys stripe.api_key = 'sk_test_4eC39HqLyjWDarjtT1zdp7dc' stripe.issuing.Card.modify( 'ic_1Cm3paIyNTgGDVfzBqq1uqxR', authorization_controls={ 'allowed_categories': ['automated_fuel_dispensers'], 'spending_limits': [{ 'amount': 8000, 'interval': 'per_authorization' }] } )
    // Set your secret key: remember to change this to your live secret key in production // See your keys here: https://dashboard.stripe.com/account/apikeys \Stripe\Stripe::setApiKey('sk_test_4eC39HqLyjWDarjtT1zdp7dc'); \Stripe\Issuing\Card::update( 'ic_1Cm3paIyNTgGDVfzBqq1uqxR', [ 'authorization_controls' => [ 'allowed_categories' => ['automated_fuel_dispensers'], 'spending_limits' => [ 'amount' => 8000, 'interval' => 'per_authorization' ] ], ] )
    // Set your secret key: remember to change this to your live secret key in production // See your keys here: https://dashboard.stripe.com/account/apikeys Stripe.apiKey = "sk_test_4eC39HqLyjWDarjtT1zdp7dc"; Card card = Card.retrieve("ic_1Cm3paIyNTgGDVfzBqq1uqxR"); Map<String, Object> spendingLimitParam = new HashMap<String, Object>(); spendingLimitParam.put("amount", 8000); spendingLimitParam.put("interval", "per_authorization"); List<Map<String, Object>> spendingLimits = new ArrayList<Map<String, Object>>(); spendingLimits.add(spendingLimitParam); List<String> allowedCategories = new ArrayList<String>(); allowedCategories.add("automated_fuel_dispensers"); Map<String, Object> controlParams = new HashMap<String, Object>(); controlParams.put("allowed_categories", allowedCategories); controlParams.put("spending_limits", spendingLimits); Map<String, Object> params = new HashMap<>(); params.put("authorization_controls", controlParams); card.update(params);
    // Set your secret key: remember to change this to your live secret key in production // See your keys here: https://dashboard.stripe.com/account/apikeys const stripe = require('stripe')('sk_test_4eC39HqLyjWDarjtT1zdp7dc'); const card = stripe.issuing.cards.update('ic_1Cm3paIyNTgGDVfzBqq1uqxR', { authorization_controls: { allowed_categories: ['automated_fuel_dispensers'], spending_limits: [{ amount: 8000, interval: 'per_authorization' }] }, );

    Restrict a card's weekly spending for certain categories

    curl https://api.stripe.com/v1/issuing/cards/ic_1Cm3paIyNTgGDVfzBqq1uqxR \ -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \ -d "authorization_controls[spending_limits][0][amount]"=4000 \ -d "authorization_controls[spending_limits][0][interval]"=weekly \ -d "authorization_controls[spending_limits][0][categories][0]"=fast_food_restaurants
    # Set your secret key: remember to change this to your live secret key in production # See your keys here: https://dashboard.stripe.com/account/apikeys Stripe.api_key = 'sk_test_4eC39HqLyjWDarjtT1zdp7dc' Stripe::Issuing::Card.update( 'ic_1Cm3paIyNTgGDVfzBqq1uqxR', { authorization_controls: { spending_limits: [{ amount: 4000, interval: 'weekly', categories: ['fast_food_restaurants'] }] }, } )
    # Set your secret key: remember to change this to your live secret key in production # See your keys here: https://dashboard.stripe.com/account/apikeys stripe.api_key = 'sk_test_4eC39HqLyjWDarjtT1zdp7dc' stripe.issuing.Card.modify( 'ic_1Cm3paIyNTgGDVfzBqq1uqxR', authorization_controls={ 'spending_limits': [{ 'amount': 4000, 'interval': 'weekly', 'categories': ['fast_food_restaurants'] }] } )
    // Set your secret key: remember to change this to your live secret key in production // See your keys here: https://dashboard.stripe.com/account/apikeys \Stripe\Stripe::setApiKey('sk_test_4eC39HqLyjWDarjtT1zdp7dc'); \Stripe\Issuing\Card::update( 'ic_1Cm3paIyNTgGDVfzBqq1uqxR', [ 'authorization_controls' => [ 'spending_limits' => [ 'amount': 4000, 'interval': 'weekly', 'categories': ['fast_food_restaurants'] ] ], ] )
    // Set your secret key: remember to change this to your live secret key in production // See your keys here: https://dashboard.stripe.com/account/apikeys Stripe.apiKey = "sk_test_4eC39HqLyjWDarjtT1zdp7dc"; Card card = Card.retrieve("ic_1Cm3paIyNTgGDVfzBqq1uqxR"); List<String> spendingLimitCategories = new ArrayList<String>(); spendingLimitCategories.put("fast_food_restaurants"); Map<String, Object> spendingLimitParam = new HashMap<String, Object>(); spendingLimitParam.put("amount", 8000); spendingLimitParam.put("interval", "per_authorization"); spendingLimitParam.put("categories", spendingLimitCategories); List<Map<String, Object>> spendingLimits = new ArrayList<Map<String, Object>>(); spendingLimits.add(spendingLimitParam); Map<String, Object> controlParams = new HashMap<String, Object>(); controlParams.put("spending_limits", spendingLimits); Map<String, Object> params = new HashMap<>(); params.put("authorization_controls", controlParams); card.update(params);
    // Set your secret key: remember to change this to your live secret key in production // See your keys here: https://dashboard.stripe.com/account/apikeys const stripe = require('stripe')('sk_test_4eC39HqLyjWDarjtT1zdp7dc'); const card = stripe.issuing.cards.update('ic_1Cm3paIyNTgGDVfzBqq1uqxR', { authorization_controls: { spending_limits: [{ amount: 4000, interval: 'weekly', categories: ['fast_food_restaurants'] }] }, );

    Next steps

    Read on to learn more.

    Was this page helpful?

    Thank you for helping improve Stripe's documentation. If you need help or have any questions, please consider contacting support.

    On this page