Subscribe to the issuing_authorization.request webhook event in your Stripe webhook endpoint settings; Stripe sends this event synchronously and expects a response within a short timeout window (check current docs for the exact window, typically a few hundred milliseconds)
Verify the webhook signature using the Stripe-Signature header and your webhook signing secret before processing any authorization decision
Parse the Authorization object from the event payload; inspect amount, currency, merchant_data.category_code (MCC), merchant_data.name, cardholder.id, and card.spending_controls to make the approval decision
Respond to the webhook with HTTP 200 and a JSON body of {"approved": true} to approve or {"approved": false} to decline; any non-200 response or timeout results in Stripe applying the card's default spending_controls decision
Log the authorization event and your decision for audit purposes; subscribe to issuing_authorization.updated and issuing_authorization.created events for post-authorization tracking (captures and reversals)
Test authorization webhooks using Stripe's test mode and the testmode simulate authorization endpoint (POST /v1/test_helpers/issuing/authorizations/{id}/capture) to trigger synthetic authorization events without a physical card
Known gotchas
The response timeout for real-time authorization webhooks is strict — your endpoint must respond within the window specified in current Stripe docs; if your business logic involves external API calls or database queries, cache the necessary data in advance to keep response times well under the limit
If Stripe cannot reach your webhook endpoint (network failure, timeout, non-200 response), it falls back to the card's spending_controls.allowed_categories and spending_limits configured at card or cardholder level — ensure fallback controls are configured appropriately for your risk tolerance
Approving an authorization does not guarantee the transaction will complete — the merchant may still cancel or the capture may differ from the authorized amount; listen to issuing_transaction.created to record the final settled transaction amount
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp