> ## Documentation Index
> Fetch the complete documentation index at: https://docs.slash.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Partially update account authorization webhook

> Partially update the authorization webhook configuration for an account.
Only the provided fields will be updated.


<Note>
  **Enterprise Feature**: Authorization webhooks are an enterprise-only feature. Please reach out to [sales@slash.com](mailto:sales@slash.com) to get set up with this functionality.
</Note>

The Authorization Request Event schema shows the shape of the event that is sent to the webhook.


## OpenAPI

````yaml patch /account/{accountId}/authorization-webhook
openapi: 3.1.0
info:
  title: Slash Public API
  description: API description
  version: 0.0.1
  contact: {}
servers:
  - url: https://api.slash.com
    description: production
security:
  - api_key: []
  - partner_api_key: []
  - bearer: []
  - developer_application: []
paths:
  /account/{accountId}/authorization-webhook:
    parameters:
      - name: accountId
        in: path
        schema:
          type: string
        required: true
    patch:
      description: |
        Partially update the authorization webhook configuration for an account.
        Only the provided fields will be updated.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                webhookUrl:
                  type: string
                  description: The URL where authorization webhook events will be sent
                status:
                  type: string
                  enum:
                    - active
                    - inactive
                  description: Current status of the webhook
                config:
                  $ref: '#/components/schemas/AuthorizationWebhookConfig'
                  description: Configuration specific to the authorization webhook
                  x-entrypoint:
                    virtualPath: schemas/AuthorizationWebhookConfig
                    sourcePath: schemas/AuthorizationWebhookConfig.yaml
                    title: AuthorizationWebhookConfig
                    origin: ./src/publicApi
      responses:
        '200':
          description: Authorization webhook updated successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthorizationWebhook'
                x-entrypoint:
                  virtualPath: schemas/AuthorizationWebhook
                  sourcePath: schemas/AuthorizationWebhook.yaml
                  title: AuthorizationWebhook
                  origin: ./src/publicApi
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '403':
          description: Forbidden
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '429':
          description: TooManyRequests
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '500':
          description: Internal Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
      security:
        - api_key: []
        - bearer: []
components:
  schemas:
    AuthorizationWebhookConfig:
      description: >
        Configuration specific to the authorization webhook, discriminated on
        `fallbackBehavior`.


        The fallback behavior is used when the webhook cannot produce an answer
        — it fails to send a response in time, sends an invalid response, or
        cannot be reached (including while Slash is operating in a degraded mode
        where external webhooks cannot be consulted):

        - `reject`: the transaction is declined.

        - `default`: the transaction continues through Slash's standard
        authorization flow (balance and limit checks still apply). If a `when`
        condition is provided, only transactions matching the condition
        continue; non-matching transactions are declined.
      oneOf:
        - type: object
          description: >-
            Always decline the transaction when the webhook cannot produce an
            answer.
          properties:
            fallbackBehavior:
              type: string
              enum:
                - reject
              description: The transaction will be declined.
          required:
            - fallbackBehavior
        - type: object
          description: >
            Continue the transaction through the standard authorization flow
            when the webhook cannot produce an answer — for every transaction,
            or only for transactions matching the optional `when` condition.
          properties:
            fallbackBehavior:
              type: string
              enum:
                - default
              description: >-
                The transaction will continue to run through the standard
                authorization flow (e.g. the balance check).
            when:
              $ref: '#/components/schemas/AuthorizationWebhookCondition'
              description: >
                Optional condition restricting which transactions the `default`
                fallback applies to: matching transactions continue through the
                standard authorization flow, non-matching transactions are
                declined. Omit to apply the `default` fallback to every
                transaction.
              x-entrypoint:
                virtualPath: schemas/AuthorizationWebhookCondition
                sourcePath: schemas/AuthorizationWebhookCondition.yaml
                title: AuthorizationWebhookCondition
                origin: ./src/publicApi
          required:
            - fallbackBehavior
      x-entrypoint:
        virtualPath: schemas/AuthorizationWebhookConfig
        sourcePath: schemas/AuthorizationWebhookConfig.yaml
        title: AuthorizationWebhookConfig
        origin: ./src/publicApi
      title: AuthorizationWebhookConfig
    AuthorizationWebhook:
      type: object
      properties:
        webhookUrl:
          type: string
          description: The URL where authorization webhook events will be sent
        signingSecret:
          type: string
          description: Secret used for signing webhook payloads
        status:
          type: string
          enum:
            - active
            - inactive
          description: Current status of the webhook
        timeoutDurationMs:
          type: integer
          description: The timeout duration in milliseconds for webhook requests
        config:
          $ref: '#/components/schemas/AuthorizationWebhookConfig'
          description: Configuration specific to the authorization webhook
          x-entrypoint:
            virtualPath: schemas/AuthorizationWebhookConfig
            sourcePath: schemas/AuthorizationWebhookConfig.yaml
            title: AuthorizationWebhookConfig
            origin: ./src/publicApi
        createdAt:
          type: string
          format: date-time
          description: When the webhook was created
        updatedAt:
          type: string
          format: date-time
          description: When the webhook was last updated
      required:
        - webhookUrl
        - signingSecret
        - status
        - timeoutDurationMs
        - config
        - createdAt
        - updatedAt
      x-entrypoint:
        virtualPath: schemas/AuthorizationWebhook
        sourcePath: schemas/AuthorizationWebhook.yaml
        title: AuthorizationWebhook
        origin: ./src/publicApi
      title: AuthorizationWebhook
    Error:
      type: object
      properties:
        message:
          type: string
        name:
          type: string
        identifier:
          type: string
        rawStatus:
          type: number
        meta:
          type: object
          additionalProperties: true
      required:
        - message
        - name
        - identifier
        - rawStatus
      x-entrypoint:
        origin: ./src/publicApi
        sourcePath: ./src/publicApi/main.yaml
        title: Error
        virtualPath: components/Error
      title: Error
    AuthorizationWebhookCondition:
      description: >
        A condition expression evaluated against a card authorization, used to
        decide whether the `default` fallback behavior applies to that
        transaction.


        Conditions form a small expression tree:

        - Logical nodes (`and` / `or`) combine two sub-conditions and can be
        nested.

        - Comparison leaves (`lte`, `lt`, `gte`, `gt`, `eq`) test the
        transaction amount (`amountCents`, the absolute amount in USD cents).

        - Set-membership leaves (`in`) test whether the transaction's
        `merchantCategoryCode` (4-digit MCC) or `merchantCountry` (ISO 3166-1
        alpha-2, as delivered on the authorization request event's
        `merchant.location.country`) is one of the given values.


        A condition over a field the authorization request did not carry
        evaluates to false.
      oneOf:
        - type: object
          description: >
            Logical node: combines two sub-conditions with `and` (both must
            match) or `or` (either must match). Sub-conditions may themselves be
            logical nodes.
          properties:
            operator:
              type: string
              enum:
                - and
                - or
              description: How the two sub-conditions are combined.
            left:
              $ref: '#/components/schemas/AuthorizationWebhookCondition'
              description: The first sub-condition.
              x-entrypoint:
                virtualPath: schemas/AuthorizationWebhookCondition
                sourcePath: schemas/AuthorizationWebhookCondition.yaml
                title: AuthorizationWebhookCondition
                origin: ./src/publicApi
            right:
              $ref: '#/components/schemas/AuthorizationWebhookCondition'
              description: The second sub-condition.
              x-entrypoint:
                virtualPath: schemas/AuthorizationWebhookCondition
                sourcePath: schemas/AuthorizationWebhookCondition.yaml
                title: AuthorizationWebhookCondition
                origin: ./src/publicApi
          required:
            - operator
            - left
            - right
        - type: object
          description: >
            Amount comparison leaf: tests the absolute transaction amount in USD
            cents against `value`.
          properties:
            operator:
              type: string
              enum:
                - lte
                - lt
                - gte
                - gt
                - eq
              description: >-
                The comparison to apply: less-than-or-equal, less-than,
                greater-than-or-equal, greater-than, or equal.
            field:
              type: string
              enum:
                - amountCents
              description: >-
                The transaction field being compared. Amounts are compared as
                absolute values in USD cents.
            value:
              type: integer
              description: The amount in USD cents to compare against.
          required:
            - operator
            - field
            - value
        - type: object
          description: >
            Set-membership leaf: tests whether the transaction's merchant
            category code or merchant country is one of `values`.
          properties:
            operator:
              type: string
              enum:
                - in
              description: Matches when the transaction's field value is one of `values`.
            field:
              type: string
              enum:
                - merchantCategoryCode
                - merchantCountry
              description: >-
                `merchantCategoryCode` is the 4-digit MCC; `merchantCountry` is
                the ISO 3166-1 alpha-2 merchant country.
            values:
              type: array
              items:
                type: string
              description: The set of values to match against.
          required:
            - operator
            - field
            - values
      x-entrypoint:
        virtualPath: schemas/AuthorizationWebhookCondition
        sourcePath: schemas/AuthorizationWebhookCondition.yaml
        title: AuthorizationWebhookCondition
        origin: ./src/publicApi
      title: AuthorizationWebhookCondition
  securitySchemes:
    api_key:
      type: apiKey
      description: |
        API key authentication for public API requests.

        Keys come in two flavors:

        - *Legal-entity-scoped keys* are pinned to a single legal entity.
          Minted via the dashboard under a specific entity; every request
          acts on that entity.
        - *User-scoped keys* are pinned to a user and span every legal
          entity that user has access to. Every request made with a
          user-scoped key (except `GET /legal-entity`, which lists the
          legal entities the user can access) must include an
          `x-legal-entity` header naming the legal entity the request is
          operating on. Requests without the header are rejected with
          `400`. The authenticated user must have an active permission
          role on the supplied legal entity, otherwise the request is
          rejected with `403`.
      name: X-API-Key
      in: header
    partner_api_key:
      type: apiKey
      description: |
        Partner-program API key authentication.

        Keys are minted in the partner dashboard (Developers → API Keys),
        are scoped to a single partner program, and are prefixed with
        `sk_partner_`. Partner keys are only accepted by routes that
        declare this scheme; they are rejected by `api_key` routes and
        vice versa.
      name: X-API-Key
      in: header
    bearer:
      type: http
      scheme: bearer
    developer_application:
      type: http
      scheme: basic

````