scope decides what it applies to. Scopes form a hierarchy that follows how your program is structured: the program contains cardholders, and each card belongs to a cardholder.
In the API,
PROJECT is the identifier for the program scope and USER for the cardholder scope. The program scope carries no id.
What a scope means
For a restriction, the scope is the set of cards it governs. A merchant restriction at the program scope blocks that merchant on every card; the same restriction at the card scope blocks it on one card. For a limit, the scope is also the entity whose usage is counted:- A spend limit on a card counts that card’s spend.
- A spend limit on a cardholder counts the combined spend across all of that cardholder’s cards. A
$1,000monthly cardholder limit means $1,000 total, no matter how many cards they hold.
What attaches where
Running-total limits (spend and transaction count) cannot attach at the program scope, because a program-wide running total has no counted entity. To apply the same limit across many cards, attach it per card or per cardholder. If you need a program-wide rollout across a large number of cards, contact Reap.
How overlapping policies resolve
When a card is used, Reap collects every active policy attached to that card, to its cardholder, and to the program, and checks the transaction against all of them. A transaction is declined if any applicable policy blocks it. The strictest rule wins, so a permissive policy at one level never overrides a stricter policy at another. If more than one policy would block a transaction, the one reported in thepolicy field of the decline is the most specific: a card policy is reported ahead of a cardholder policy, which is reported ahead of a program policy. This only affects which policy is named as the reason; the transaction declines regardless.
Platform-enforced limits (ATM withdrawal limits and restricted MCCs) apply on top of your policies on every program and cannot be overridden.
Seeing a card’s or cardholder’s policies
Fetching a single card or cardholder returns the policies attached directly to it under apolicies array. This is the directly-attached set only; it does not include policies inherited from a higher scope or the platform-enforced limits. To list all of your policies and filter by scope, use GET /policies with the scopeType and scopeId query parameters.
To see the full set in force for a card or cardholder - the directly-attached policies plus everything inherited from a higher scope, with the headroom remaining on each limit - use GET /policies/effective.