Configure authorisation rules
Our API allows you to configure a set of authorization rules based on your needs.
You can block or allow transactions based on the MCC (merchant category code) or the currency of the transaction, allowing for better control on your card programs as you scale up.
Applying a rule will enable this rule on all your card transactions. It means a transaction will be approved or declined according to the rules in place.
Currency codes follow the ISO-4217 standard, please refer to iban.com.
Note that the MCC list is based on Visa or Mastercard schemes.
The Rule resource returns information on the existing rules that have been created/applied.
The unique ID for the authorisation rule
The type of authorization rule. One of MCC or CURRENCY
Determines whether the transactions should be allowed or blocked. One of ALLOW or BLOCK
The description of the authorization rule
A list of values based on the type of rule configured
{"id": 123,"description": "my authorization rule","type": "MCC","operation": "BLOCK","values": ["1234","5678"]}
Creates an authorization rule. It won't be enabled unless it is applied.
The type of authorization rule. One of MCC or CURRENCY
Determines whether the transactions should be allowed or blocked. One of ALLOW or BLOCK
The description of the authorization rule
A list of values based on the type of rule. For example, setting MCC as type will requires values to be set as ['1234', '5678']
curl -X POST 'https://api.sandbox.transferwise.tech/v3/spend/applications/{{clientId}}/spend-controls/rules' \-H 'Authorization: Bearer <your API token>' \-H 'Content-Type: application/json' \-d '{"description": "Blocking all transactions from MCC 1234 and 5678","type": "MCC","operation": "ALLOW","values": ["1234", "5678"]}'
Response
Returns a Rule
Apply an authorization rule. This will result in a rule being evaluated against every incoming card authorisation requests.
The ID of the authorization rule
curl -X POST 'https://api.sandbox.transferwise.tech/v3/spend/applications/{{clientId}}/spend-controls/rules/apply' \-H 'Authorization: Bearer <your API token>' \-H 'Content-Type: application/json' \-d '{"ruleId": "123",}'
Response
Returns a 200 - OK
This endpoint deactivates an authorization rule. This will result in all card transactions NOT being evaluated against this rule.
The rule still exists and can be applied again.
The ID of the authorization rule
curl -X POST 'https://api.sandbox.transferwise.tech/v3/spend/applications/{{clientId}}/spend-controls/rules/unapply' \-H 'Authorization: Bearer <your API token>' \-H 'Content-Type: application/json' \-d '{"ruleId": "123",}'
Response
Returns a 200 - OK
Returns the list of all the active authorisation rules that have been applied.
curl -X GET 'https://api.sandbox.transferwise.tech/v3/spend/applications/{{clientId}}/spend-controls/rules/applied' \-H 'Authorization: Bearer <your API token>'
Response
Returns a list of all authorisation rules that are applied.
[{"ruleId": 123,},{"ruleId": 456,}]
Retrieves all the existing authorization rules, regardless of whether or not they were applied.
curl -X GET 'https://api.sandbox.transferwise.tech/v3/spend/applications/{{clientId}}/spend-controls/rules' \-H 'Authorization: Bearer <your API token>'
Response
Returns a collection of Rules.
[{"id": 1,"description": "Blacklist gambling MCCs","type": "MCC","operation": "BLOCK","values": ["7801","7802","7995","9754"]}]
Deletes an authorization rule that is currently not applied. If a rule is applied, you should unapply the rule before deleting it.
curl -X DELETE 'https://api.sandbox.transferwise.tech/v3/spend/applications/{{clientId}}/spend-controls/rules/{{ruleId}}' \-H 'Authorization: Bearer <your API token>' \-H 'Content-Type: application/json'
Response
Returns a 200 - OK