Skip to main content
PATCH
cURL

Authorizations

X-API-Key
string
header
required

API key authentication for public API requests.

Keys come in two flavors:

  • Legal-entity-scoped keys are pinned to a single legal entity. Minted via the dashboard under a specific entity; every request acts on that entity.
  • User-scoped keys are pinned to a user and span every legal entity that user has access to. Every request made with a user-scoped key (except GET /legal-entity, which lists the legal entities the user can access) must include an x-legal-entity header naming the legal entity the request is operating on. Requests without the header are rejected with 400. The authenticated user must have an active permission role on the supplied legal entity, otherwise the request is rejected with 403.

Path Parameters

cardId
string
required

Body

application/json

A partial spending constraint update that can be applied to a CardGroupSpendingRule

merchantCategoryRule
object | null
merchantRule
object | null
spendingRule
object | null
countryRule
object | null
merchantCategoryCodeRule
object | null

Response

OK

A constraint that can be applied to a CardGroupSpendingRule

merchantCategoryRule
object | null
merchantRule
object | null
spendingRule
object | null
countryRule
object | null
merchantCategoryCodeRule
object | null