Skip to main content
A policy’s scope decides what it applies to. Scopes form a hierarchy that follows how your program is structured: the program contains cardholders, and each card belongs to a cardholder. In the API, PROJECT is the identifier for the program scope and USER for the cardholder scope. The program scope carries no id.

What a scope means

For a restriction, the scope is the set of cards it governs. A merchant restriction at the program scope blocks that merchant on every card; the same restriction at the card scope blocks it on one card. For a limit, the scope is also the entity whose usage is counted:
  • A spend limit on a card counts that card’s spend.
  • A spend limit on a cardholder counts the combined spend across all of that cardholder’s cards. A $1,000 monthly cardholder limit means $1,000 total, no matter how many cards they hold.
This distinction matters when a cardholder has more than one card. Use the card scope to cap each card on its own; use the cardholder scope to cap the person.

What attaches where

Running-total limits (spend and transaction count) cannot attach at the program scope, because a program-wide running total has no counted entity. To apply the same limit across many cards, attach it per card or per cardholder. If you need a program-wide rollout across a large number of cards, contact Reap.

How overlapping policies resolve

When a card is used, Reap collects every active policy attached to that card, to its cardholder, and to the program, and checks the transaction against all of them. A transaction is declined if any applicable policy blocks it. The strictest rule wins, so a permissive policy at one level never overrides a stricter policy at another. If more than one policy would block a transaction, the one reported in the policy field of the decline is the most specific: a card policy is reported ahead of a cardholder policy, which is reported ahead of a program policy. This only affects which policy is named as the reason; the transaction declines regardless. Platform-enforced limits (ATM withdrawal limits and restricted MCCs) apply on top of your policies on every program and cannot be overridden.

Seeing a card’s or cardholder’s policies

Fetching a single card or cardholder returns the policies attached directly to it under a policies array. This is the directly-attached set only; it does not include policies inherited from a higher scope or the platform-enforced limits. To list all of your policies and filter by scope, use GET /policies with the scopeType and scopeId query parameters. To see the full set in force for a card or cardholder - the directly-attached policies plus everything inherited from a higher scope, with the headroom remaining on each limit - use GET /policies/effective.