Authorization controls

These controls can allow or restrict authorizations based on the allowed or restricted countries list or merchants list. You can limit spending at a single country or at a group of countries, and you can limit spending by a single user, users with a particular card product, or all users. And the same applies to merchants.

There are two types of authorization controls nCore platform offers.

  • Allowed countries authorization controls

  • Allowed MCCs authorization controls

Allowed countries authorization controls

The allowed countries authorization controls functionality checks while processing authorizations whether the authorization is coming from a certain country which is allowed (whitelisted) or restricted (blacklisted). If the authorization is coming from a whitelisted country, then this control check is passed and move for the further processing else if the authorization is coming from a blacklisted country then the authorization is rejected and do not move forward for further processing.

It is a non-financial check specific to a country list to allow (whitelist) certain countries or restrict (blacklist) certain countries as per your business needs. The allowed countries' whitelisting or blacklisting should be configured and managed at card product level as well as at an individual card level.

Allowed lists management

You can create and manage allowed lists by using our APIs. Following are the APIs available at nCore platform for allowed lists management.

  • Create a list of allowed countries

  • Retrieve all allowed countries lists

  • Get allowed countries list by ID

  • Update a specific list of allowed countries

Create a list of allowed countries

You can create a list of allowed countries by sending a POST request to /allowedcountries endpoint. An example is given below.

POST /allowedcountries

{ "id": "d089a80f-e641-4045-8a80-54841e4a7458", "name": "Country list 01", "allow": true, "active": true, "country_codes": [ "string" ] }

The parameter “allow” is used to blacklist or whitelist the allowed countries list. If “allow” is false then the countries list will be considered as a blacklist.

Retrieve all lists of allowed countries

You can retrieve all existing lists of allowed countries by sending a GET request to /allowedcountries endpoint as given below.

GET /allowedcountries

Get a list of allowed countries by ID

You can retrieve a specific list of allowed countries by its ID by sending a GET request to /allowedcountries/{id} endpoint as given below.

GET /allowedcountries/{id}

Update a specific list of allowed countries

You can update a list of allowed countries by sending a PUT request to /allowedcountries/{id} endpoint as given below.

PUT /allowedcountries/{id}

Allowed MCCs authorization controls

The allowed MCCs authorization controls functionality checks whether the authorization is initiated at a certain merchant which is allowed (whitelisted) or restricted (blacklisted). If the authorization is coming from a whitelisted merchant, then this control check is passed and move for the further processing else if the authorization is coming from a blacklisted merchant then the authorization is rejected and do not move forward for further processing.

It is a non-financial check specific to a MCCs list (MCCs - merchant category codes) to allow (whitelist) certain merchants or restrict (blacklist) certain merchants as per your business needs. The list can be either a whitelist or a blacklist and logically cannot be both at the same time. The MCC whitelisting or the blacklisting should be configured on both card product level as well as at an individual card level.

It is allowed up to 1000 MCC codes per list.

In the file below you can find the list of supported MCCs:

Allowed lists management

You can manage allowed lists by using our APIs. Following are the APIs available at nCore platform for allowed lists management.

  • Create list of allowed MCCs

  • Retrieve all lists of allowed MCCs

  • Get a specific list of allowed MCCs by ID

  • Update a specific list of allowed MCCs

Create list of allowed MCCs

You can create a list of allowed MCCs by sending a POST request to /allowedmccs endpoint as given below.

POST /allowedmccs

Retrieve all lists of allowed MCCs

You can retrieve all existing lists of allowed MCCs by sending a GET request to /allowedmccs endpoint as given below.

GET /allowedmccs

Get a specific list of allowed MCCs

You can retrieve a list of allowed MCCs by its ID by sending a GET request to /allowedmccs/{id} endpoint as given below.

GET /allowedmccs/{id}

Update a specific list of allowed MCCs

You can update a list of allowed MCCs by sending a PUT request to /allowedmccs/{id} endpoint as given below.

PUT /allowedmccs/{id}

We have implemented several enhancements for MCC list management. For details refer to this document.

Last updated