Read the Account-Level Authorization Controls overview at docs.galileo-ft.com/pro/docs/account-level-auth-controls to understand the ALC (Account-Level Control) model before designing controls.
Design MCC controls using the MCC Control Design guide (docs.galileo-ft.com/pro/docs/mcc-control-design) to determine which merchant category codes to block or allow.
Design velocity controls using the Velocity Control Design guide (docs.galileo-ft.com/pro/docs/velocity-control-design) specifying per-transaction, daily, weekly, or monthly limits as appropriate.
Use the Set MCC Controls endpoint to apply MCC restrictions and the Set Velocity Controls endpoint to apply spend limits to the target account.
Verify controls are active by simulating card transactions in sandbox using the card transaction simulation setup at docs.galileo-ft.com/pro/docs/setup-for-card-transaction-simulation.
Monitor authorization decisions via the Auth API or Events API to confirm controls are being enforced as expected.
Known gotchas
ALCs are applied at the account level and affect all cards linked to that account; design controls at the card-product level via the Config API if you need program-wide defaults.
MCC control lists must enumerate specific MCC codes — Galileo does not support wildcard MCC ranges, so enumerate all codes in the target range individually.
Velocity controls that conflict with product-level limits will be governed by whichever limit is more restrictive; test combined limit interactions thoroughly in sandbox.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp