Overview
Real-time authorization allows you to make custom approval or decline decisions during card transactions. When a cardholder attempts to make a purchase, Bridge calls your webhook endpoint synchronously, enabling you to apply your own business logic before the transaction is approved or declined. This gives you fine-grained control over card spending, such as:- Custom spending limits and velocity controls
- Merchant category restrictions
- Geographic restrictions
- Fraud detection and risk scoring
Real-time authorization is optional. If not configured, Bridge will authorize transactions based on available balance and other built-in controls.
Quick Start
- Set up an HTTPS endpoint that can handle POST requests
- Configure your webhook URL via the Bridge API
- Implement signature verification for security
- Return authorization decisions within the timeout window
How It Works
When a card is used for a purchase, the following flow occurs:- Card network receives transaction: The cardholder initiates a purchase
- Bridge receives authorization request: The card network sends the authorization to Bridge
- Bridge calls your webhook: Bridge forwards the authorization details to your configured endpoint
- Your decision: Your webhook returns an approve or decline decision
- Bridge responds to network: Bridge relays your decision back to the card network
- Transaction completes: The purchase is approved or declined
Webhook Request
When a card transaction requires authorization, Bridge sends a POST request to your configured webhook URL.Request Headers
Request Body Example
Field Reference
Top-level Fields
Data Object
Merchant Object
Local Transaction Details
Verification Data
Entry Method Values
Wallet Values
Webhook Response
Your webhook must return a JSON response with HTTP status code200.
Response Headers
Response Body
Response Examples
Security
HTTPS Requirement
Your webhook endpoint must use HTTPS. HTTP endpoints are not supported.Signature Verification
Every webhook request includes an RSA signature in theX-Webhook-Signature header using the format:
Verification Steps
- Extract the timestamp (
t) and signature (v0) from the header - Check that the timestamp is recent (reject events older than 10 minutes)
- Create the signed payload string:
{timestamp}.{raw_request_body} - Verify the RSA signature using Bridge’s public key
Bridge’s public key is provided when you configure your webhook endpoint. You can retrieve it via the webhook settings API.
Timeouts and Fallback Behavior
Timeout Configuration
The default timeout for webhook responses is 500ms. If your webhook doesn’t respond within this window:- Bridge stops waiting for your response
- The configured fallback behavior is applied
- The transaction continues based on fallback settings
