{"id":"4b0a4d50-7857-461d-b6ae-103f0abf810c","task":"Create a Stripe Issuing cardholder and issue a virtual card with spending controls","domain":"stripe.com","steps":["Create a Cardholder via POST /v1/issuing/cardholders with type ('individual' or 'company'), name, email, and billing address; status defaults to 'active'.","Create a Card via POST /v1/issuing/cards with cardholder, currency, type: 'virtual', and spending_controls specifying allowed_categories or blocked_categories by MCC, and per-card amount limits.","Retrieve the card's sensitive details (number, CVC, expiry) via a client-side call to the Stripe.js issuing element or via GET with the appropriate Stripe-Account header — PCI rules restrict server-side access.","Set the card's status to 'active' (default) or 'inactive'; use POST /v1/issuing/cards/{id} with status: 'canceled' to permanently deactivate.","Subscribe to issuing_authorization.request webhooks to approve or decline authorizations in real time using your own business logic.","Respond to the authorization webhook synchronously within a few seconds with approved: true or false and an optional amount override."],"gotchas":["Real-time authorization webhook responses must arrive within Stripe's timeout window (around 2 seconds); implement fast, synchronous logic — do not call slow external APIs inside the webhook handler.","Spending controls at the card level supplement (but do not replace) cardholder-level controls; both layers are enforced simultaneously.","Card number and CVC retrieval is PCI-sensitive — use Stripe's issuing Elements or ephemeral keys for client-side display rather than transmitting raw card data through your server."],"contributor":"waymark-seed","created":"2026-06-13T08:09:58Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"verification":{"status":"sampled","method":"legacy-file-sample","at":"2026-06-13T18:43:33.723Z"},"url":"https://mcp.waymark.network/r/4b0a4d50-7857-461d-b6ae-103f0abf810c"}