Issuing authorizations
Learn how to use Issuing to handle authorization requests.
When a card is used to make a purchase, it generates an authorization request, which is approved or declined based on the following steps:
Stripe checks that the balance used for Issuing has sufficient funds, that the card is active, and that your spending controls allow the authorization. Sometimes, Stripe immediately approves or declines the authorization request at this stage.
Stripe sends an
issuing_
event. If you don’t have a real-time authorization webhook, we approve the authorization without sending theauthorization. request issuing_
.authorization. request Listen for Stripe events
Set up a real-time authorization webhook to listen for this event so you can synchronously approve/decline Authorizations.
You can approve or decline the authorization by responding directly to the webhook event. If you don’t approve or decline the
issuing_
within 2 seconds, Stripe uses your webhook timeout settings to approve or decline the authorization.authorization. request Stripe sends an
issuing_
event, notifying you of the Authorization creation and decision.authorization. created
Scenarios without a real-time authorization request
Sometimes, Stripe receives an authorization request from the card network and approves or declines it without sending you an issuing_
event:
- If Stripe decides that the authorization request can’t be approved (for example, because the card is inactive or your spending controls don’t allow it), we’ll decline it.
- If you don’t have a real-time authorization webhook configured, and we don’t have a reason to decline the authorization request, we’ll approve it.
When this occurs, Stripe still sends an issuing_
event, notifying you of the Authorization’s creation.
Authorization updates
When Stripe receives an authorization request, we send an issuing_
webhook event. If you approve the authorization, we deduct the amount
from your Issuing balance and hold it in reserve until the authorization is either captured, voided, or expired without capture. If you decline the authorization, the status is set to closed
and we don’t place any holds.
When the authorization is captured, a transaction is created and the status
of the authorization is set to closed
.
If the authorization request is voided, we send an issuing_
webhook event with its status
set to reversed
and the amount
as 0
. We add the voided amount back to your Issuing balance, essentially undoing the balance impact of the original authorization.
If the authorization request is expired without capture, we send an issuing_
webhook event with its status
set to reversed
and the amount
representing any remaining amount authorized for possible late captures. We add the expired amount back to your Issuing balance, essentially undoing the balance impact of the original authorization.
Purchases in different currencies
Cards can be used for purchases in any currency that the card network supports. Stripe automatically converts the currency of the purchase into the card’s currency when holding funds, using the card network’s daily rate.
The merchant_
represents the cost of the purchase in the local currency. The amount
field represents the expected amount of the Transaction
in the card’s currency and is not final until the Authorization
has been captured.
Handling other authorizations
In addition to regular authorizations, there are a few other cases that you should be ready to handle.
Fuel dispenser transactions
When a cardholder attempts a purchase at a fuel dispenser (MCC 5542), an issuing_
for 1 USD is sent (called a “status check”). The default amount held is 100 USD to cover the unknown purchase amount. When the cardholder finishes pumping fuel, an issuing_
event is sent to reflect the amount of the purchase.
When the fuel dispenser allows a partial authorization by setting the field is_
to true
, you can respond with a lesser approved amount (for example, 50 USD). However, when a fuel dispenser doesn’t allow partial authorizations, you must either approve the network default amount (Stripe ignores any amount you specify), or decline the entire authorization.
For Commercial Fleet programs, Stripe receives some information in the Issuing Authorization fleet and fuel hashes after the fuel has been dispensed. As a result, some of these fields won’t be populated during the issuing_
webhook and will be sent later in the issuing_
webhook.
Using with Stripe Treasury
Authorizations on cards that use funds stored in Treasury FinancialAccounts have a treasury
field with references to Treasury resources: Treasury Transaction, ReceivedCredit, and ReceivedDebit.
Scenarios with no record of declined authorizations in the Dashboard or API
In some cases, an authorization made with an Issuing Card might be declined and neither you or your connected accounts will receive a webhook event or an authorization record (iauth_
).
In these cases, make sure that you collect as much information as possible about the declined authorization before reaching out to Stripe support for assistance.
We recommend including the following information:
- The time of the decline
- The cardholder (
ich_
) who made the purchase - The card (
ic_
) used for the authorization - The merchant involved in the authorization
- Any other circumstances surrounding the authorization
It’s possible that the authorization is declined before any related information is transmitted to Stripe. In these cases, the cardholder involved must directly contact the business to determine the cause of the decline because Stripe hasn’t received a record of the authorization request.
You might encounter additional instances of declines without an associated webhook event or authorization object that Stripe can assist with. To determine the classification of the decline, contact Stripe support with the information provided above. We can help to determine the most appropriate steps to investigate the decline(s).