Authorization Restrictions
Authorization Restrictions define blocking conditions that may apply to decline transactions on an Account.
When an Account is created, the default Authorization Restrictions defined at the Product level are applied:
the product initial setup defines the applicable restrictions and whether they are, by default, checked or not.
Each applicable Authorization Restriction is identified by a specific "authorizationRestrictionReference".
Standard Authorization Restrictions can be configured to decline (i.e. block) following use conditions:
w acceptance channels: ATM / cash, POS, Card Not Present (e-Commerce, MOTO), recurring);
w entry modes: contactless online, magnetic stripe;
w business types (Merchant Category Code [MCC]);
w countries or regions (geo-blocking).
(NB this enumeration is informative, not normative, not exhaustive.)
The "AuthorizationRestriction" objects contain the following properties:
w "authorizationRestrictionReference", descriptive identification string;
(NB it is embedded in the "authorizationRestrictionIdentifier" object)
(used as parameter in the path of the operations related to the restriction)
w "name", a (brief but hopefully meaningful) textual description for the restriction;
w "conditionCheck", indicating if the condition is to be checked so the restriction applies;
(value as effective at operation execution time, esp. possibly changed via restriction override);
w "conditionCheckOrigin", indicating from which level the "conditionCheck" has been taken;
esp. it will indicate whether the restriction has been overridden after the product initial setup;
(possible values as defined by enumeration: “Default”, “Exception”, “Override”, “Other”)
w "conditionParameters", providing attributes, if any applicable, relating to the restriction;
(restriction criteria if relevant, merchant category code[s], country code[s], region code[s])
(present if the "conditionCheck" is true, and if applicable to the condition to be checked)
w "conditionParametersOrigin", indicating the level of the "conditionParameters" (if any);
(possible values as defined by enumeration: “Default”, “Exception”, “Override”, “Other”)
(present if the "conditionCheck" is true, and if the "conditionParameters" are present).
Operations on Authorization Restrictions:
("tags":["Account - Authorization Restriction"])
w List the Authorization Restrictions (for an account),
w Retrieve an Authorization Restriction (by reference).
Authorization Restriction Overrides
Authorization Restrictions can be changed by creating or updating Authorization Restriction Overrides.
An Authorization Restriction Override is identified by its "authorizationRestrictionOverrideReference".
The "authorizationRestrictionOverride" objects contain the following properties:
w "authorizationRestrictionOverrideReference", its identification string;
(embedded in the "authorizationRestrictionOverrideIdentifier" object)
generated by Worldline at the Authorization Restriction Override creation;
(used as parameter in the path of the operations related to the override)
w "authorizationRestrictionReference", overridden restriction identification;
(embedded in the "defaultAuthorizationRestrictionReference" object)
(used as parameter in the path of the operations related to its override[s])
w "deleted", indicating whether the override has been deleted or is still present;
remark: all of the properties hereafter are absent if the override is "deleted";
w "activationStartTime", the (first) point in time to start applying the override;
optional (if not provided, no delay to start: the override applies immediately)
must be before "activationEndTime" if any (can be present without an end time)
w "activationEndTime", the (last) point in time to stop applying the override;
optional (if not provided, no stop scheduled: the override applies endlessly)
must be after "activationStartTime" if any (can be present without a start time)
w "conditionCheck", indicating if the condition is to be checked so the override applies;
overrides the default configured on higher levels for the initial authorization restriction;
if set to “null”, the default value configured for the authorization restriction is effective;
w "conditionParameters", providing attributes, if any applicable, relating to the override;
override the default configured on higher levels for the initial authorization restriction;
if set to “null”, the default values configured for the authorization restriction are effective;
w "priority", used to apply overrides in ascending order of "priority" (from lowest to highest)
in case of different overrides - on a same restriction - whose effective timespans overlap;
must be different for all co-occurring overrides (not if they are never effective simultaneously)
(if not provided, will be set to 0).
Operations on Authorization Restriction Overrides:
("tags":["Account - Authorization Restriction"])
w List the Authorization Restriction Overrides (for an account),
w Create an Authorization Restriction Override (for an account),
w Retrieve an Authorization Restriction Override (by reference),
w Update an Authorization Restriction Override (for an account),
w Delete an Authorization Restriction Override (for an account).
.
List the Authorization Restrictions
Operation to get the list of Authorization Restrictions on an Account.
A (success) response will provide an array of "AuthorizationRestriction" objects.
The main properties replied (if success), per Authorization Restriction, are:
NB values currently in effect at the time the operation is performed
w "authorizationRestrictionReference",
w "name",
w "conditionCheck", (as effective at operation execution time)
w "conditionCheckOrigin" (as effective at operation execution time).
API Links
GET /api/v2/issuers/{issuerId}/accounts/{accountReference}/authorization-restrictions
Example
the replied Authorization Restriction relating to the geographical EURO Europe area is not in effect,
restriction identified by the "authorizationRestrictionReference": RESTRICTION_EURO_EUROPE_OFF,
with its "conditionCheck": false (the “Default”); no restriction for authorizations from outside this area.
GET /api/v2/issuers/98003/accounts/468762732120914/authorization-restrictions' \
--header 'WL-Correlation-ID: cf355a3c-c932-4c74-8f66-98318c024018' \
{ "issuerId": "98003",
"authorizationRestrictionIdentifier": {
"authorizationRestrictionReference": "RESTRICTION_EURO_EUROPE_OFF"},
"conditionCheck": false,
"conditionCheckOrigin": "Default",
"name": "Euro European countries off"}
/* and other existing restrictions */Retrieve an Authorization Restriction
Operation to fetch an existing Authorization Restriction,
identified by its "authorizationRestrictionReference".
A (success) response will provide the following information:
NB values currently in effect at the time the operation is performed
w "authorizationRestrictionReference",
w "name",
w "conditionCheck", (as effective at operation execution time)
w "conditionCheckOrigin",
w "conditionParameters", (as effective at operation execution time)
w "conditionParametersOrigin".
API Links
List the Authorization Restriction Overrides
Operation to get the list of overrides on an Authorization Restriction,
identified by its "authorizationRestrictionReference".
NB It includes the "deleted" overrides (if any).
A (success) response will provide an array of "authorizationRestrictionOverride" objects.
The main properties replied (if success), per Authorization Restriction Override, are:
w "authorizationRestrictionOverrideReference",
w "authorizationRestrictionReference",
w "deleted".
API Links
Create an Authorization Restriction Override
Operation to override an Authorization Restriction,
identified by its "authorizationRestrictionReference".
The following properties can be provided:
w "activationStartTime", (optional)
w "activationEndTime", (optional)
w "conditionCheck",
w "conditionParameters", (conditional)
w "priority".
A (success) response will return the generated:
w "authorizationRestrictionOverrideReference".
API Links
Example
To override the Authorization Restriction relating to the geographical EURO Europe area,
as identified by its "authorizationRestrictionReference" set to RESTRICTION_EURO_EUROPE_OFF,
setting the override "conditionCheck" to “true” to decline all new authorizations from outside this area.
"curl --location --request POST ""https://issuing-solutions.eae.apis.svc.as8677.net/issbox-test/api/v2/issuers/98003/accounts/468762732120914/authorization-restrictions/RESTRICTION_EURO_EUROPE_OFF/authorization-restriction-overrides"" \\
--header ""WL-Correlation-ID: 4996c9f9-4345-469d-8680-90bfda021b5e"" \\
--header ""Content-Type: application/json"" \\
--data-raw ""{\"conditionCheck\" : true }"Retrieve an Authorization Restriction Override
Operation to fetch an existing Authorization Restriction Override,
identified by its "authorizationRestrictionOverrideReference".
NB It may also provide the information for a "deleted" override.
A (success) response will provide the following information:
w "authorizationRestrictionOverrideReference",
w "authorizationRestrictionReference",
w "deleted",
w "activationStartTime", (if any)
w "activationEndTime", (if any)
w "conditionCheck",
w "conditionParameters", (if any)
w "priority".
NB the last 5 properties are absent if "deleted" is “true”.
API Links
Update an Authorization Restriction Override
Operation to update an existing Authorization Restriction Override,
identified by its "authorizationRestrictionOverrideReference".
Any of the following properties can (optionally) be updated:
w "activationStartTime",
w "activationEndTime",
w "conditionCheck",
w "conditionParameters",
w "priority".
API Links
Delete an Authorization Restriction Override
Operation to delete an existing Authorization Restriction Override,
identified by its "authorizationRestrictionOverrideReference".
API Links