Register a webhook endpoint in your Stripe Dashboard or via POST /v1/webhook_endpoints with enabled_events including issuing_authorization.request
Your endpoint must respond within approximately 2 seconds with a JSON body containing approved (boolean) and optionally amount; Stripe will auto-decline if the response is not received in time
Extract the authorization object from the event payload: check merchant_data.category for the MCC, pending_request.amount for the requested amount, and card.id to identify which card is being authorized
Respond with {"approved": true} or {"approved": false}; optionally include {"amount": <integer>} to approve a partial amount less than or equal to the requested amount
After responding, Stripe will send a separate issuing_authorization.created event (synchronously resolved) for your records; handle that event asynchronously for ledger updates
Known gotchas
The issuing_authorization.request webhook is a synchronous webhook with a strict timeout; hosting it on a cold-start serverless function risks timeouts causing auto-declines
Do not confirm or adjust the balance in the request handler; use the subsequent issuing_authorization.created or issuing_transaction.created events for ledger updates
Test mode authorization webhooks use a separate test webhook secret; ensure your signing secret is correctly scoped to test vs. live mode
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp