Skip to main content
An authorization control limits spending by specified users at specified merchants. You can limit spending at a single merchant or at a group of merchants, and you can limit spending by a single user, users with a particular card product, or all users. You can block spending at all merchants by default and then allow it for specific merchants, or you can allow spending at all merchants by default and block it at specific merchants.
Tip
See Controlling Spending for a tutorial that walks you through the creation of a spend control, as well as links to more information about merchant category codes.

Create authorization control

Action: POST
Endpoint: /authcontrols
Limit where a user can make transactions to a single merchant or group of merchants. If multiple authorization controls apply to the same user, the limits of all controls are combined.

Request body

Sample request body

JSON

Response body

Sample response body

JSON

List authorization controls

Action: GET
Endpoint: /authcontrols
List all authorization controls associated with a specific user or card product, or list all authorization controls defined in your program. Include either a user or a card_product query parameter to indicate the user or card product whose associated authorization controls you want to retrieve (do not include both). To list all authorization controls for your program, omit the user and card_product query parameters from your request.

URL query parameters

Response body

Sample response body

JSON

Retrieve authorization control

Action: GET
Endpoint: /authcontrols/{token}
Retrieve a specific authorization control.

URL path parameters

URL query parameters

Response body

Sample response body

JSON

Update authorization control

Action: PUT
Endpoint: /authcontrols/{token}
Update a specific authorization control.

URL path parameters

Request body

Sample request body

JSON

Response body

Sample response body

JSON

Create a merchant identifier (MID) exemption

Action: POST
Endpoint: /authcontrols/exemptmids
Exempt an individual merchant from authorization controls by merchant identifier (MID). Transactions originating from this MID ignore any otherwise applicable authorization controls.
Note
You can create MID exemptions in your user sandbox. However, you must work with your Marqeta representative to create MID exemptions in a production environment.

Request body

Sample request body

JSON

Response body

Sample response body

JSON

List merchant identifier (MID) exemptions

Action: GET
Endpoint: /authcontrols/exemptmids
Retrieve a list of all merchant (MID) exemptions.

URL query parameters

Response body

Sample response body

JSON

Retrieve a merchant identifier (MID) exemption

Action: GET
Endpoint: /authcontrols/exemptmids/{token}
Retrieve a merchant (MID) exemption.

URL path parameters

Response body

Sample response body

JSON

Update a merchant identifier (MID) exemption

Action: PUT
Endpoint: /authcontrols/exemptmids/{token}
Update a merchant identifier exemption.

URL path parameters

Request body

Sample request body

JSON