#srgt-slinky_unexpected

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1298926469585567827

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Hi, let me help you with this.

Could you please share the Issuing Auth Request ID? iauth_

Yes, one moment

cardholder: 'ich_1QDMJEJDNzoiriX4v2CLm10D',
card: 'ic_1QDMJEJDNzoiriX4K4v680iY',
authorization_id: 'iauth_1QDMJGJDNzoiriX4wnVOqkHD',
authorization_approved: false,
authorization_status: 'closed'

The category of the authorization request seems to be "meals_entertainment", which is not one of the ones you allowed. This might be the reason why it was rejected.

That's really weird … This is my code:

const authorization = await stripe.testHelpers.issuing.authorizations.create({
amount: 100,
currency: "eur",
card: card.id,
merchant_data: {
category: "grocery_stores_supermarkets",
},
});

Here's another one: iauth_1QDMJ8JDNzoiriX4bvoLDCsr

When I look at it in the dashboard I get the following details:

Hey! Taking over for my colleague. Let me catch up.

Same the decline seems to be declined Due to allowed_categories on Cardholder.

Here's my thinking:

For permissive spending controls (like allowed_categories), I expected them to add up. In my example, the cardholders (allowed_categories:["transportation_services"]) and cards (allowed_categories:["grocery_stores_supermarkets"]) are combined into allowed_categories:["transportation_services, grocery_stores_supermarkets"].

For restrictive spending controls, always use the strictest.

Also: Is there a way for me to get the details why an authorization was declined via the API?

If the most restrictive spending control always wins, how would you model something like that?

• Under normal circumstances, the cardholder should only use their cards in German.
• The cardholder has several cards.
• The cardholder now travels to the USA and wants to use one of his cards for Uber.

I would have thought that you could add the geo-restriction at cardholder level and then override it at card level, but it seems smarter to keep all these controls at card level?