type, a scope, a name, and a config whose shape depends on the type.
All amounts are in USD.
Restrictions
Restrictions block a transaction based on the single transaction in front of them. They hold no running state.Merchant restriction
type: MERCHANT_RESTRICTION. Blocks transactions whose merchant matches the criteria. The match works on one dimension at a time:
Block a set of merchant categories (here, gambling and dating):
merchant, so you can confirm what a given transaction would match against.
Channel restriction
type: CHANNEL_RESTRICTION. Blocks transactions on the listed channels. A transaction is blocked if its channel is in the list.
Disable ATM withdrawals on a card:
Limits
Limits cap value. The per-transaction cap looks only at the current transaction; the spend and count limits track usage over a calendar window.Transaction amount limit
type: TRANSACTION_AMOUNT_LIMIT. Rejects any single transaction above maxAmount. Has no window.
Spend limit
type: SPEND_LIMIT. Caps cumulative spend over a calendar window at maxAmount. A transaction is rejected if it would push spend in the current window past the cap.
Transaction count limit
type: AUTHORIZATION_COUNT_LIMIT. Caps the number of transactions over a calendar window at maxCount.
Windows
Spend and count limits track usage over a calendar window. The window is fixed when the policy is created; to change the period, create a new policy.
Windows are calendar-based in UTC. A daily limit resets at 00:00 UTC, not on a rolling 24-hour basis. When a window rolls over, usage starts fresh automatically.
How usage is counted
Spend and count limits track usage as transactions are authorized. Usage mostly only goes up, but a few later events adjust it.- Approved transactions add to usage: a spend limit by the authorized amount, a count limit by one.
- Declined transactions never count.
- Reversals release usage. When the network reverses an authorization before it settles, a full reversal frees both the amount and the transaction from the window. A partial reversal frees only the reversed amount, and the transaction still counts toward a count limit because it did occur.
- Expired or voided authorizations that never settle are released the same way as a full reversal.
- Refunds do not restore usage. A refund is a separate credit that can arrive days or weeks later, so it does not add headroom back to the window. Spending
$1,000and later receiving a$1,000refund still leaves only the original headroom for that window.
Common use cases
Each policy type maps to real controls you can ship. The examples below are grouped by who the control serves: the cardholder configuring their own card, and the program enforcing rules across cardholders. Every payload is a completePOST /policies body.
Cardholder-driven controls
Controls a cardholder sets on their own card, usually exposed through your app. These attach at theCARD scope.
Program-driven controls
Rules you enforce across the program or per cardholder, independent of what the cardholder sets. Restrictions can attach at thePROJECT scope to cover every card; spend and count limits attach per cardholder (USER) or per card (CARD).
For capping one slice of spend on its own (such as ATM cash), see restricting a limit to certain transactions.
Next
- Scopes: where each of these attaches and how overlapping policies resolve.