Skip to main content
This page is part of the legacy Bridge Cards API. For new integrations, use the consumer issuing guide instead.
Consider carefully before enabling. Due to the constraints of on-chain transactions, card authorizations operate within a tight latency window. Adding real-time authorization introduces additional latency that may result in increased timeout rates and declined transactions. We recommend enabling this feature only if your use case requires real-time decisioning that cannot be achieved through Bridge’s built-in authorization controls.

Overview

Real-time authorization allows you to make custom approval or decline decisions during card transactions. When a cardholder attempts to make a purchase, Bridge calls your webhook endpoint synchronously, enabling you to apply your own business logic before the transaction is approved or declined. This gives you fine-grained control over card spending, such as:
  • Custom spending limits and velocity controls
  • Merchant category restrictions
  • Geographic restrictions
  • Fraud detection and risk scoring
Real-time authorization is optional. If not configured, Bridge will authorize transactions based on available balance and other built-in controls.

Quick Start

  1. Set up an HTTPS endpoint that can handle POST requests
  2. Configure your webhook URL via the Bridge API
  3. Implement signature verification for security
  4. Return authorization decisions within the timeout window

How It Works

When a card is used for a purchase, the following flow occurs:
  1. Card network receives transaction: The cardholder initiates a purchase
  2. Bridge receives authorization request: The card network sends the authorization to Bridge
  3. Bridge calls your webhook: Bridge forwards the authorization details to your configured endpoint
  4. Your decision: Your webhook returns an approve or decline decision
  5. Bridge responds to network: Bridge relays your decision back to the card network
  6. Transaction completes: The purchase is approved or declined
Even if your webhook returns approved: true, the transaction may still be declined if the total end-to-end latency exceeds the card network’s timeout. You will be informed of the final authorization result through the regular card transaction webhooks.

Webhook Request

When a card transaction requires authorization, Bridge sends a POST request to your configured webhook URL.

Request Headers

Request Body Example

Field Reference

Top-level Fields

Data Object

Merchant Object

Local Transaction Details

Verification Data

Entry Method Values

Wallet Values

Webhook Response

Your webhook must return a JSON response with HTTP status code 200.

Response Headers

Response Body

Response Examples

Security

HTTPS Requirement

Your webhook endpoint must use HTTPS. HTTP endpoints are not supported.

Signature Verification

Every webhook request includes an RSA signature in the X-Webhook-Signature header using the format:
You should verify this signature to ensure request authenticity and freshness.

Verification Steps

  1. Extract the timestamp (t) and signature (v0) from the header
  2. Check that the timestamp is recent (reject events older than 10 minutes)
  3. Create the signed payload string: {timestamp}.{raw_request_body}
  4. Verify the RSA signature using Bridge’s public key
Bridge’s public key is provided when you configure your webhook endpoint. You can retrieve it via the webhook settings API.

Timeouts and Fallback Behavior

Timeout Configuration

The default timeout for webhook responses is 500ms. If your webhook doesn’t respond within this window:
  1. Bridge stops waiting for your response
  2. The configured fallback behavior is applied
  3. The transaction continues based on fallback settings

Fallback Modes

The default fallback mode is DECLINE. This means if your webhook is slow or unavailable, transactions will be declined. Consider your use case carefully before changing to APPROVE.

Configure Webhook Settings

Retrieve Current Settings

Response:

Create Webhook Configuration

Update Webhook Configuration

Update webhook URL:
Disable webhook:

Webhook Handler Integration

Here’s a complete example webhook handler in Python:
Test your webhook integration thoroughly in the sandbox environment before going live. Simulate various scenarios including timeouts, errors, and edge cases.