# Create card spending limit control (V2)

Creates a card spending limit control and applies it to all cards defined in the  and  of the request.   This endpoint replaces the old version. However, please note that you have to set the  header to the version you want (e.g., ). If you do not specify a version, then the API will return the older version of the response.

Endpoint: POST /v1/card_controls/spending_limits(use api-version-header to consume this endpoint)
Version: 1.0

## Request fields (application/json):

  - `scope` (string, required)
    The scope of the card spending control.
    Enum: "CARD", "CARDHOLDER", "ACCOUNT", "BUSINESS", "PARTNER", "PARTNER_CARDS", "BUSINESS_CARDS", "ACCOUNT_CARDS", "CARDHOLDER_CARDS", "NON_BUSINESS_CARDS", "PARTNER_CARDHOLDERS"

  - `scope_id` (string, required)
    ID of the resource that corresponds with the . For example, if the  is , then the  would be your partner ID. For , it would be the business ID.
    Example: "54e06604b0cf825810bec508cc1f2dc7mcrd"

  - `idempotency_key` (string, required)
    A randomly generated UUID which the server uses to recognize subsequent retries of the same request.
    Example: "504f6816-f7b5-4965-bc35-69acadc9f5c7"

  - `limit` (object, required)
    Object containing the properties of the spending limit control. Note that you must set either  or ; you cannot set both.

  - `limit.period` (string, required)
    The time period in which to restrict transactions.
    Enum: "HOURLY", "DAILY", "WEEKLY", "MONTHLY", "MINUTES_60", "HOURS_24", "DAYS_7", "DAYS_30", "TRANSACTION"

  - `limit.amount` (integer)
    The maximum amount (in Euro cents) that customers may spend under this card spending limit control. : You cannot set  and  together under the same scope ID.
    Example: 10000

  - `limit.count` (integer)
    The maximum number of transactions that customers may conduct under this card spending limit control.  : You cannot set  and  together under the same scope ID.

  - `limit.conditions` (array)
    Object containing the dimensions to either include or exclude in this control. Note that you must use either  or ; you cannot use both.

  - `limit.conditions.type` (string, required)
    The type of transactions to be included/excluded.
    Enum: "MERCHANT_CATEGORY", "POS_ENTRY_MODE", "TRANSACTION_TYPE", "MERCHANT_COUNTRY", "ACQUIRER_ID", "MERCHANT_ID", "ALL_TYPES"

  - `limit.conditions.dimension` (array)
    Array containing dimensions to include in the spending limit control.  See the [guide](https://docs.solarisgroup.com/guides/cards/card-spending-controls/#list-of-dimensions) for more information about dimensions.
    Example: ["5411"]

  - `limit.conditions.excluded_dimension` (array)
    Array containing dimensions to exclude from the spending limit control.  See the [guide](https://docs.solarisgroup.com/guides/cards/card-spending-controls/#list-of-dimensions) for more information about dimensions.
    Example: ["5411"]

  - `positive_balance_limit` (boolean)
    It is set to true if the limit field represents positive balance limit. It is an optional field. Default value is false.

## Response 201 fields (application/json):

  - `id` (string, required)
    ID of the created card spending limit control.
    Example: "7a911b90-0109-11ec-9a03-0242ac130003"

  - `scope` (string, required)
    The scope of the card spending control.
    Enum: "CARD", "CARDHOLDER", "ACCOUNT", "BUSINESS", "PARTNER", "PARTNER_CARDS", "BUSINESS_CARDS", "ACCOUNT_CARDS", "CARDHOLDER_CARDS", "NON_BUSINESS_CARDS", "PARTNER_CARDHOLDERS"

  - `scope_id` (string, required)
    ID of the resource that corresponds with the . For example, if the  is , then the  would be your partner ID. For , it would be the business ID.
    Example: "54e06604b0cf825810bec508cc1f2dc7mcrd"

  - `origin` (string, required)
    Indicates whether the card spending control was created by Solarisbank or by you.
    Enum: "SOLARISBANK", "PARTNER"

  - `idempotency_key` (string, required)
    A randomly generated UUID which the server uses to recognize subsequent retries of the same request.
    Example: "504f6816-f7b5-4965-bc35-69acadc9f5c7"

  - `limit` (object, required)
    Object containing the properties of the spending limit control. Note that you must set either  or ; you cannot set both.

  - `limit.period` (string, required)
    The time period in which to restrict transactions.
    Enum: "HOURLY", "DAILY", "WEEKLY", "MONTHLY", "MINUTES_60", "HOURS_24", "DAYS_7", "DAYS_30", "TRANSACTION"

  - `limit.amount` (integer)
    The maximum amount (in Euro cents) that customers may spend under this card spending limit control. : You cannot set  and  together under the same scope ID.
    Example: 10000

  - `limit.count` (integer)
    The maximum number of transactions that customers may conduct under this card spending limit control.  : You cannot set  and  together under the same scope ID.

  - `limit.conditions` (array)
    Object containing the dimensions to either include or exclude in this control. Note that you must use either  or ; you cannot use both.

  - `limit.conditions.type` (string, required)
    The type of transactions to be included/excluded.
    Enum: "MERCHANT_CATEGORY", "POS_ENTRY_MODE", "TRANSACTION_TYPE", "MERCHANT_COUNTRY", "ACQUIRER_ID", "MERCHANT_ID", "ALL_TYPES"

  - `limit.conditions.dimension` (array)
    Array containing dimensions to include in the spending limit control.  See the [guide](https://docs.solarisgroup.com/guides/cards/card-spending-controls/#list-of-dimensions) for more information about dimensions.
    Example: ["5411"]

  - `limit.conditions.excluded_dimension` (array)
    Array containing dimensions to exclude from the spending limit control.  See the [guide](https://docs.solarisgroup.com/guides/cards/card-spending-controls/#list-of-dimensions) for more information about dimensions.
    Example: ["5411"]

  - `positive_balance_limit` (boolean)
    It is set to true if the limit field represents positive balance limit. It is an optional field. Default value is false.

## Response 208 fields (application/json):

  - `id` (string, required)
    ID of the created card spending limit control.
    Example: "7a911b90-0109-11ec-9a03-0242ac130003"

  - `scope` (string, required)
    The scope of the card spending control.
    Enum: "CARD", "CARDHOLDER", "ACCOUNT", "BUSINESS", "PARTNER", "PARTNER_CARDS", "BUSINESS_CARDS", "ACCOUNT_CARDS", "CARDHOLDER_CARDS", "NON_BUSINESS_CARDS", "PARTNER_CARDHOLDERS"

  - `scope_id` (string, required)
    ID of the resource that corresponds with the . For example, if the  is , then the  would be your partner ID. For , it would be the business ID.
    Example: "54e06604b0cf825810bec508cc1f2dc7mcrd"

  - `origin` (string, required)
    Indicates whether the card spending control was created by Solarisbank or by you.
    Enum: "SOLARISBANK", "PARTNER"

  - `idempotency_key` (string, required)
    A randomly generated UUID which the server uses to recognize subsequent retries of the same request.
    Example: "504f6816-f7b5-4965-bc35-69acadc9f5c7"

  - `limit` (object, required)
    Amount or count limit - only one could be used.

  - `limit.dimension` (array, required)
    The dimension of transactions to be restricted.
    Example: ["5411"]

  - `limit.type` (string, required)
    The type of transactions to be included/excluded.
    Enum: "MERCHANT_CATEGORY", "POS_ENTRY_MODE", "TRANSACTION_TYPE", "MERCHANT_COUNTRY", "ACQUIRER_ID", "MERCHANT_ID", "ALL_TYPES"

  - `limit.period` (string, required)
    The time period in which to restrict transactions.
    Enum: "HOURLY", "DAILY", "WEEKLY", "MONTHLY", "MINUTES_60", "HOURS_24", "DAYS_7", "DAYS_30", "TRANSACTION"

  - `limit.amount` (integer)
    The maximum amount (in Euro cents) that customers may spend under this card spending limit control. : You cannot set  and  together under the same scope ID.
    Example: 10000

  - `limit.count` (integer)
    The maximum number of transactions that customers may conduct under this card spending limit control.  : You cannot set  and  together under the same scope ID.

## Response 400 fields (application/json):

  - `id` (string)
    Example: "a95f2aaf-4e0c-4d49-8021-8a16a884ed86"

  - `status` (string)
    Example: "400"

  - `code` (string)
    Example: "build_pagination_headers_failure"

  - `title` (string)
    Example: "Failed to build pagination headers."

  - `detail` (string)
    Example: "Cannot connect to database."

## Response 403 fields (application/json):

  - `id` (string)
    Example: "a95f2aaf-4e0c-4d49-8021-8a16a884ed86"

  - `status` (string)
    Example: "403"

  - `code` (string)
    Example: "unauthorized_action"

  - `title` (string)
    Example: "Unauthorized Action"

  - `detail` (string)
    Example: "Unauthorized action is not allowed."

## Response 500 fields (application/json):

  - `id` (string)
    Example: "e8915041-9d8c-4d96-9dd1-04e8522ecdbf"

  - `status` (string)
    Example: "500"

  - `code` (string)
    Example: "generic_error"

  - `title` (string)
    Example: "Generic Error"

  - `detail` (string)
    Example: "There was an error."