Authorization Controls

Sample response body
Copy section link
Copy section link

Copied

Is this helpful?

Retrieve authorization control
Copy section link
Copy section link

Action: GET
Endpoint: /authcontrols/{token}

GET

Retrieve a specific authorization control.

URL path parameters
Copy section link
Copy section link

Fields Description

Fields	Description
token string Required	Identifies the authorization control to return. Allowable Values: Existing authorization control token. Send a `GET` request to `/authcontrols` to retrieve authorization control tokens.

token

string
Required

Identifies the authorization control to return.

Allowable Values:

Existing authorization control token.

Send a GET request to /authcontrols to retrieve authorization control tokens.

Sample response body
Copy section link
Copy section link

Copied

Is this helpful?

Update authorization control
Copy section link
Copy section link

Action: PUT
Endpoint: /authcontrols/{token}

PUT

Update a specific authorization control.

URL path parameters
Copy section link
Copy section link

Fields Description

Fields	Description
token string Required	Identifies the authorization control to update. Allowable Values: Existing authorization control token. Send a `GET` request to `/authcontrols` to retrieve authorization control tokens.

token

string
Required

Identifies the authorization control to update.

Allowable Values:

Existing authorization control token.

Send a GET request to /authcontrols to retrieve authorization control tokens.

Body field details
Copy section link
Copy section link

Fields Description

Fields	Description
name string Required	The name of the authorization control. Allowable Values: 255 char max
active boolean Optional	Indicates whether the authorization control is active. Allowable Values: `true`, `false` Default value: `true`
start_time string Optional	The date and time when the exception goes into effect. Allowable Values: yyyy-MM-ddThh:mm:ssZ
end_time string Optional	The date and time when the exception ends. Allowable Values: yyyy-MM-ddThh:mm:ssZ
merchant_scope object Optional	Defines the group of merchants to which the exception applies. You must populate one or more fields of this object. If no fields are populated, the exception applies to all merchants. Allowable Values: A valid `merchant_scope` object.
association object Optional	Defines a card product or user to which the authorization control applies. Note If this object is included in the authorization control that you are updating, then you must include this object in your request even if you do not intend to update its values. If you do not include this object when you update your authorization control, its existing values will be overwritten and can cause unexpected behavior. Allowable Values: A valid `association` object.

name

string
Required

The name of the authorization control.

Allowable Values:

255 char max

active

boolean
Optional

Indicates whether the authorization control is active.

Allowable Values:

true, false

Default value:
true

start_time

string
Optional

The date and time when the exception goes into effect.

Allowable Values:

yyyy-MM-ddThh:mm:ssZ

end_time

string
Optional

The date and time when the exception ends.

Allowable Values:

yyyy-MM-ddThh:mm:ssZ

merchant_scope

object
Optional

Defines the group of merchants to which the exception applies.

You must populate one or more fields of this object. If no fields are populated, the exception applies to all merchants.

Allowable Values:

A valid merchant_scope object.

association

object
Optional

Defines a card product or user to which the authorization control applies.

Note

If this object is included in the authorization control that you are updating, then you must include this object in your request even if you do not intend to update its values. If you do not include this object when you update your authorization control, its existing values will be overwritten and can cause unexpected behavior.

Allowable Values:

A valid association object.

The merchant_scope object
Copy section link
Copy section link

Fields Description

Fields	Description
mid string Optional	Merchant identifier (MID). The unique identification number of a merchant. Enter a value to control access to a particular merchant. Allowable Values: 36 char max
mcc string Optional	A single merchant category code (MCC). Identifies the type of goods or services provided by the merchant. Enter a value to control access to a particular type of product or service. Allowable Values: 4 char max
mcc_group string Optional	Token identifying a group of MCCs. Enter a value to control access to a group of product or service types. Allowable Values: Existing MCC group token. Send a `GET` request to `/mccgroups` to retrieve MCC group tokens.

mid

string
Optional

Merchant identifier (MID). The unique identification number of a merchant.

Enter a value to control access to a particular merchant.

Allowable Values:

36 char max

mcc

string
Optional

A single merchant category code (MCC). Identifies the type of goods or services provided by the merchant.

Enter a value to control access to a particular type of product or service.

Allowable Values:

4 char max

mcc_group

string
Optional

Token identifying a group of MCCs.

Enter a value to control access to a group of product or service types.

Allowable Values:

Existing MCC group token.

Send a GET request to /mccgroups to retrieve MCC group tokens.

The association object
Copy section link
Copy section link

Fields Description

Fields	Description
card_product_token OR user_token string Required	Token identifying either a card product or user. Specify a card product token in the `card_product_token` field to apply the authorization control to all users holding active cards associated with the card product. Specify a user token in the `user_token` field to apply the authorization control to a single user. Pass either `card_product_token` or `user_token`, not both. Allowable Values: Existing card product or user token. Send a `GET` request to `/cardproducts` to retrieve card product tokens or to `/users` to retrieve user tokens.

card_product_token

OR

user_token

string
Required

Token identifying either a card product or user.

Specify a card product token in the card_product_token field to apply the authorization control to all users holding active cards associated with the card product. Specify a user token in the user_token field to apply the authorization control to a single user.

Pass either card_product_token or user_token, not both.

Allowable Values:

Existing card product or user token.

Send a GET request to /cardproducts to retrieve card product tokens or to /users to retrieve user tokens.

Sample request body
Copy section link
Copy section link

Copied

Is this helpful?

Sample response body
Copy section link
Copy section link

Copied

Is this helpful?

List authorization controls
Copy section link
Copy section link

Action: GET
Endpoint: /authcontrols

GET

List all authorization controls associated with a specific user or card product, or list all authorization controls defined in your program.

Include either a user or a card_product query parameter to indicate the user or card product whose associated authorization controls you want to retrieve (do not include both).

To list all authorization controls for your program, omit the user and card_product query parameters from your request.

This endpoint supports field filtering and pagination.

Query parameters
Copy section link
Copy section link

Fields Description

Fields	Description
user string Optional	The token identifying the user whose associated authorization controls you want to retrieve. Enter the string "null" to list authorization controls that are not associated with a user. Allowable Values: Existing user token or the string "null". Send a `GET` request to `/users` to retrieve existing tokens.
card_product string Optional	The token identifying the card product whose associated authorization controls you want to retrieve. Enter the string "null" to list authorization controls that are not associated with a card product. Allowable Values: Existing card product token or the string "null". Send a `GET` request to `/cardproducts` to retrieve existing tokens.

user

string
Optional

The token identifying the user whose associated authorization controls you want to retrieve.

Enter the string "null" to list authorization controls that are not associated with a user.

Allowable Values:

Existing user token or the string "null".

Send a GET request to /users to retrieve existing tokens.

card_product

string
Optional

The token identifying the card product whose associated authorization controls you want to retrieve.

Enter the string "null" to list authorization controls that are not associated with a card product.

Allowable Values:

Existing card product token or the string "null".

Send a GET request to /cardproducts to retrieve existing tokens.

Sample response body
Copy section link
Copy section link

Copied

Is this helpful?

Create a merchant (MID) exemption
Copy section link
Copy section link

Action: POST
Endpoint: /authcontrols/exemptmids

POST

Exempt an individual merchant from authorization controls. Transactions originating from this MID ignore any otherwise applicable authorization controls.

Note

You can create MID exemptions in your user sandbox. However, you must work with your Marqeta representative to create MID exemptions in a production environment.

Body field details
Copy section link
Copy section link

Fields Description

Fields	Description
token string Optional	The unique identifier of the MID exemption. If you do not include a token, the system will generate one automatically. This token is necessary for use in other API calls, so we recommend that rather than let the system generate one, you use a simple string that is easy to remember. This value cannot be updated. Allowable Values: 36 char max
name string Required	The name of the MID exemption. Allowable Values: 255 char max
mid string Conditionally required	The merchant to be exempted. This field is required if there is no entry in the `merchant_group_token` field. Use either this field or the `merchant_group_token` field, not both. Allowable Values: Existing merchant identifier.
merchant_group_token string Conditionally required	The token of the merchant group to be exempted. This field is required if there is no entry in the `mid` field. Pass either this field or the `mid` field, not both. Allowable Values: A valid merchant group token. For information about merchant groups, see Merchant Groups.
association object Optional	The card product or user to which the MID exemption applies. If you include this object in your request, you must populate one or more of its fields. If no fields are populated, the MID exemption applies to all users. Allowable Values: A valid `association` object.

token

string
Optional

The unique identifier of the MID exemption.

If you do not include a token, the system will generate one automatically. This token is necessary for use in other API calls, so we recommend that rather than let the system generate one, you use a simple string that is easy to remember. This value cannot be updated.

Allowable Values:

36 char max

name

string
Required

The name of the MID exemption.

Allowable Values:

255 char max

mid

string
Conditionally required

The merchant to be exempted. This field is required if there is no entry in the merchant_group_token field. Use either this field or the merchant_group_token field, not both.

Allowable Values:

Existing merchant identifier.

merchant_group_token

string
Conditionally required

The token of the merchant group to be exempted. This field is required if there is no entry in the mid field. Pass either this field or the mid field, not both.

Allowable Values:

A valid merchant group token. For information about merchant groups, see Merchant Groups.

association

object
Optional

The card product or user to which the MID exemption applies.

If you include this object in your request, you must populate one or more of its fields. If no fields are populated, the MID exemption applies to all users.

Allowable Values:

A valid association object.

The association object
Copy section link
Copy section link

Fields Description

Fields	Description
card_product_token OR user_token string Required	Token identifying either a card product or user. Specify a card product token in the `card_product_token` field to apply the MID exemption to all users holding active cards associated with the card product. Specify a user token in the `user_token` field to apply the MID exemption to a single user. Pass either `card_product_token` or `user_token`, not both. Allowable Values: Existing card product or user token. Send a `GET` request to `/cardproducts` to retrieve card product tokens or to `/users` to retrieve user tokens.

card_product_token

OR

user_token

string
Required

Token identifying either a card product or user.

Specify a card product token in the card_product_token field to apply the MID exemption to all users holding active cards associated with the card product. Specify a user token in the user_token field to apply the MID exemption to a single user.

Pass either card_product_token or user_token, not both.

Allowable Values:

Existing card product or user token.

Send a GET request to /cardproducts to retrieve card product tokens or to /users to retrieve user tokens.

Sample request body
Copy section link
Copy section link

Copied

Is this helpful?

Sample response body
Copy section link
Copy section link

Copied

Is this helpful?

Retrieve a merchant (MID) exemption
Copy section link
Copy section link

Action: GET
Endpoint: /authcontrols/exemptmids/{token}

GET

Retrieve a merchant (MID) exemption.

URL path parameters
Copy section link
Copy section link

Fields Description

Fields	Description
token string Required	The MID exemption to return. Allowable Values: Existing MID exemption token. Send a `GET` request to `/authcontrols/exemptmids` to retrieve MID exemption tokens.

token

string
Required

The MID exemption to return.

Allowable Values:

Existing MID exemption token.

Send a GET request to /authcontrols/exemptmids to retrieve MID exemption tokens.

Sample response body
Copy section link
Copy section link

Copied

Is this helpful?

List merchant (MID) exemptions
Copy section link
Copy section link

Action: GET
Endpoint: /authcontrols/exemptmids

GET

Retrieve a list of all merchant (MID) exemptions.

Query parameters
Copy section link
Copy section link

Fields Description

Fields	Description
user string Optional	The token identifying the user whose associated MID exemptions you want to retrieve. Enter the string "null" to list MID exemptions that are not associated with a user. Allowable Values: Existing user token or the string "null". Send a `GET` request to `/users` to retrieve existing tokens.
card_product string Optional	The token identifying the card product whose associated MID exemptions you want to retrieve. Enter the string "null" to list MID exemptions that are not associated with a card product. Allowable Values: Existing card product token or the string "null". Send a `GET` request to `/cardproducts` to retrieve existing tokens.

user

string
Optional

The token identifying the user whose associated MID exemptions you want to retrieve.

Enter the string "null" to list MID exemptions that are not associated with a user.

Allowable Values:

Existing user token or the string "null".

Send a GET request to /users to retrieve existing tokens.

card_product

string
Optional

The token identifying the card product whose associated MID exemptions you want to retrieve.

Enter the string "null" to list MID exemptions that are not associated with a card product.

Allowable Values:

Existing card product token or the string "null".

Send a GET request to /cardproducts to retrieve existing tokens.

Sample response body
Copy section link
Copy section link

Copied

Is this helpful?