Remote authorization
Remote authorization enables you to approve or decline transaction authorizations in real time from your own system.
When a cardholder makes a payment using a card associated with an account enabled with remote authorization, the Airwallex platform sends a remote authorization request containing transaction details to your nominated endpoint. Your system makes the decision to authorize or decline the transactions using your own business rules and return the response to Airwallex. For example, you can block based on the value of the payment, or block international transactions based on the currency of the payment.
Your account must be enabled for Remote Authorization to use this feature.
How it works
The following diagram shows the information flow for remote authorization from the merchant through to the configured endpoint on your server.
The authorization process is as follows:
- The merchant sends an authorization message to the card network.
- The card network sends an authorization message to the Airwallex platform.
- Airwallex checks if remote authorization is enabled on the account that issued the card.
- If remote authorization is enabled, Airwallex sends the remote authorization request to your configured endpoint.
- Your system authorizes or declines the request.
- After receiving your decision, Airwallex performs internal risk and regulatory reviews before finalizing the authorization response. Airwallex can decline an approved decision based on the risk and regulatory checks.
- Airwallex returns the final authorization response to the card network and sends an authorization notification to your endpoint via webhooks.
- The card network sends the authorization response to the merchant.
Airwallex imposes a 2.5s time window for your system to return a response. In the event of a timeout or error, the default action will be taken for the transaction.
Note that the authorization process can differ based on the authorization scenario:
- Dual message (Authorization followed by a Clearing request)
- Single message (Authorization and Clearing request combined)
See remote authorization scenarios for details.