About Just-in-Time Funding
Just-in-Time (JIT) Funding is a method of automatically funding an account in real time during the transaction process.
The standard funding model requires you to preload funds into individual accounts and maintain sufficient balances for each cardholder’s transactions. You must manage each account balance to avoid under-funded or over-funded accounts.
With JIT Funding, accounts do not need to carry a balance. Instead, the Marqeta platform automatically moves funds from your funding source into the appropriate account at transaction time. The Marqeta platform makes programmatic funding decisions based on the details of the transaction. You can also directly participate in the decision-making process by configuring an endpoint on your system to receive and respond to JIT Funding requests originating on the Marqeta platform. If your system allows the transaction, the Marqeta platform moves funds from the funding source to the account.
For a detailed view of the flow of funds in a JIT transaction, see JIT transaction lifecyle.
The Marqeta platform supports the following types of JIT Funding:
-
Managed JIT Funding – The Marqeta platform applies spend controls to make authorization decisions.
-
Gateway JIT Funding – The Marqeta platform applies spend controls to make authorization decisions and forwards funding requests to your system (the gateway) to make funding decisions.
For the JIT Funding API reference, see Gateway JIT Funding Messages.
At the end of this guide, you should understand:
-
The available types of JIT Funding.
-
The role of JIT Funding in transactions on the Marqeta platform.
-
The requirements for implementing JIT Funding.
Standard funding
Copy section link
This section explains the standard funding model for the purpose of contrasting it with the following JIT Funding models. The standard funding model requires you to preload funds into the cardholder’s general purpose account (GPA) and to ensure that the GPA balance is sufficient to cover the transactions made by that cardholder.
Transaction process
Copy section link
The standard funding process includes one initial step that the JIT Funding processes do not: the cardholder’s account is first funded using a GPA Order.
When a cardholder then attempts to make a payment using their prefunded account, the following process occurs:
-
The merchant sends an authorization message to the card network.
-
The card network sends an authorization message to the Marqeta platform.
-
The Marqeta platform evaluates the transaction, then verifies that the cardholder’s GPA contains sufficient funds to cover the transaction.
-
If the authorization is valid, the Marqeta platform returns an authorization response to the card network.
-
The card network sends an authorization response to the merchant.
Managed JIT Funding
Copy section link
Managed JIT Funding simplifies the funding task by handling all authorization decisions on the Marqeta platform, but limits the level of control you have over the funding approval process.
For example, you can create spend controls on the Marqeta platform to limit when, where, and how much a cardholder can spend with their card, but you cannot allow or deny individual transactions. For more information on spend controls, see Controlling Spending.
For a tutorial that walks you through the enablement process for Managed JIT Funding, see Configuring Managed JIT Funding.
Transaction process
Copy section link
When a cardholder attempts to make a payment using an account configured for Managed JIT Funding, the following process occurs:
-
The merchant sends an authorization message to the card network.
-
The card network sends an authorization message to the Marqeta platform.
-
The Marqeta platform uses spend controls to validate the authorization.
-
If the authorization is valid, the Marqeta platform moves funds from the funding source into the cardholder’s account.
-
The Marqeta platform returns an authorization response to the card network.
-
The card network sends an authorization response to the merchant.
Gateway JIT Funding
Copy section link
With Gateway JIT Funding, your system participates in the funding approval process, enabling you to have a high level of control over which transactions are successfully approved.
When a cardholder with a JIT-funded account attempts to spend, the Marqeta platform sends a funding request message containing details about the transaction to the gateway endpoint on your system. Your system makes a decision to allow or deny the funds based on your own business rules and returns the appropriate response to the Marqeta platform. For example, you could block international transactions based on the country of the card acceptor, or block online transactions by requiring that the card be present at the point of sale.
Note
The gateway endpoint on your system must respond to every JIT Funding request, whether you intend to allow or deny the transaction.For more information on Gateway JIT Funding requests, responses, and notifications, see the Gateway JIT Funding Messages API reference page. For information on using transaction data to make funding decisions, see Transaction Data for JIT Funding Decisions.
For a tutorial that walks you through the enablement process for Gateway JIT Funding, see Configuring Gateway JIT Funding.
Transaction process
Copy section link
When a cardholder attempts to make a payment using an account configured for Gateway JIT Funding, the following process occurs:
-
The merchant sends an authorization message to the card network.
-
The card network sends an authorization message to the Marqeta platform.
-
The Marqeta platform uses spend controls to validate the authorization.
-
If the authorization is valid, the Marqeta platform sends a funding request to your gateway endpoint.
-
Your system approves or denies the funding request.
-
Your system returns a funding response to the Marqeta platform. If the transaction indicates support for partial approval, your response can approve an amount less than or equal to the amount in the funding request.
-
If the funding request is approved by your system, the Marqeta platform moves funds from the funding source into the cardholder’s account.
-
The Marqeta platform returns an authorization response to the card network and sends an authorization notification to your webhook endpoint for validation.
-
The card network sends an authorization response to the merchant.
For additional examples of the Gateway JIT Funding process, see the Gateway JIT Funding Scenarios guide.
Actionable vs. informative messages
Copy section link
The Marqeta platform sends funding requests to your gateway endpoint only if they are actionable (such as authorizations). For the remainder, the Marqeta platform sends a non-actionable notification to your webhook endpoint. You can use this data to update your account balances according to the transaction type–some transactions impact account balances and some do not. For more information, see Event Types.
Partial approval
Copy section link
For most requests, you must allow or deny the entire funding amount.
However, some requests enable you to approve only a partial amount of the requested funds.
Each JIT Funding request contains a partial_approval_capable field; when set to true, your JIT Funding response can allow an amount less than the requested amount.
Metadata
Copy section link
Gateway JIT Funding also enables you to add metadata to your gateway’s response that populates the transaction record with additional details, such as an order number. This metadata can facilitate correlation between records on your system and the Marqeta platform, and simplify reconciliation.
Managed vs. Gateway JIT Funding
Copy section link
In most cases, you should choose Managed JIT funding for single-use cards, and Gateway JIT Funding for multi-use cards.
The following table compares Managed JIT Funding with Gateway JIT Funding:
| Managed JIT Funding | Gateway JIT Funding | |
|---|---|---|
Authorization decisions |
Handled by the Marqeta platform, based on spend controls. |
Handled by the Marqeta platform, based on spend controls and your system’s authorization logic. |
Partial approval capable |
No |
Yes (transaction-dependent) |
Metadata injection |
No |
Yes |
Sample use cases |
Single-use cards; virtual cards for e-commerce. |
Multi-use cards; additional access to funds available to cards not issued by Marqeta; additional controls on top of those supported by the Marqeta platform. |
Additional considerations
Copy section link
These additional considerations may help when considering which card type and JIT Funding method is right for your card product:
Regulatory compliance
Multi-use cards often require Know Your Customer (KYC) verification and PCI-Level 1 compliance, as do card programs that allow cash withdrawals and international spending. If your business is not PCI-Level 1 compliant, Marqeta enables you to create a multi-use card program that may reduce or remove these regulatory considerations. For more information, see Using Marqeta.js and Using Activate Card and Set PIN Widgets.
Single-use virtual cards often fall outside the scope of KYC and PCI compliance.
Pending Marqeta approval, such single-use virtual cards using Managed JIT Funding may allow you to avoid implementing marqeta.js for PCI compliance, as well as KYC verification.
Funding source
For Managed JIT Funding, the funding source is created and managed directly by Marqeta. Marqeta holds the account and manages ledger balances for you. For Gateway JIT Funding, you must certify and implement your gateway funding source as specified in JIT funding implementation, and you must manage your own ledger balances.
JIT Funding implementation
Copy section link
You will work with Marqeta to enable JIT Funding for your program. Whether you use Managed or Gateway JIT Funding, Marqeta handles the creation of the following required objects on your behalf:
-
A funding source configured for JIT Funding; when using Gateway JIT Funding, the funding source also defines the endpoint on your system where the Marqeta platform sends funding requests.
-
A card product configured for JIT Funding associated with the above funding source.
-
Spend controls that define which transactions are approved or denied by the Marqeta platform.
Gateway JIT Funding requires additional setup. You must complete Marqeta’s Gateway JIT Funding certification and implement the following on your system:
-
An endpoint on your system for receiving and responding to actionable funding requests from the Marqeta platform. Communication between the Marqeta platform and your system requires TLS v1.2 or greater. Your endpoint must not allow communication using unencrypted HTTP or accept connections on port 80.
-
One or more funding-decision algorithms on your system that decides whether to approve or deny the request and returns the appropriate response to the Marqeta platform.
-
An endpoint on your system for receiving informative event notifications; the Marqeta platform sends webhook notifications to your endpoint within seconds of each transaction that enable you to track requests, maintain balances, and resolve time-out issues.
Gateway JIT Funding certification
Copy section link
When you use Gateway JIT Funding, you directly participate in the card network’s authorization process. For this reason, it is essential for your gateway to respond both promptly and correctly in every supported transaction scenario.
Before enabling Gateway JIT Funding in your production environment, a Marqeta representative works with you in your private sandbox environment to ensure your gateway endpoint responds appropriately in each scenario. The private sandbox environment provides real-time simulations of the transaction scenarios encountered in a production environment and provides the feedback necessary for resolving issues of accuracy and responsiveness.
Contact your Marqeta representative for more information on Gateway JIT Funding certification.
Handling failures
Copy section link
There are multiple fallback measures for ensuring that cards continue to function in the event of a system failure during the transaction process.
You can check the standin_by field of a transaction record to see if Stand-in Processing (STIP) was necessary and who handled the transaction instead.
The presence of the standin_approved_by field indicates that the transaction was approved.
If the card network cannot connect to the Marqeta platform, it performs STIP.
The card network makes authorization decisions as necessary and notifies the Marqeta platform later with information about transactions that occurred while STIP was enabled.
The standin_by field of the transaction will have a value of NETWORK.
If your system cannot respond to a Gateway JIT Funding request, the Marqeta platform uses Commando Mode to make a decision in your place based on defined business rules.
The Marqeta platform stores any unsent webhooks for later transmission, ensuring that card state and account balances on your system correspond with activity that occurred while Commando Mode was in effect.
The standin_approved_by field of the transaction will have a value of COMMANDO_AUTO or COMMANDO_MANUAL, depending on what triggered Commando Mode to be enabled.