# Index card spending limit controls (V2)

Returns all active card spending limit controls.  This endpoint replaces the old version. However, please note that you have to set the  header to the version you want (e.g., ). If you do not specify an , then the API will return the older version of the response.

Endpoint: GET /v1/card_controls/spending_limits(use api-version-header to consume this endpoint)
Version: 1.0

## Query parameters:

  - `filter[scope]` (string, required)
    Filter the results by the type of scope.
    Enum: "CARD", "CARDHOLDER", "ACCOUNT", "BUSINESS", "PARTNER", "PARTNER_CARDS", "BUSINESS_CARDS", "ACCOUNT_CARDS", "CARDHOLDER_CARDS", "NON_BUSINESS_CARDS", "PARTNER_CARDHOLDERS"

  - `filter[scope_id]` (string)
    Filter the results by a specific scope (e.g., the ID of an  or the  ID of a cardholder).

  - `include_related` (boolean)
    Using this filter, the API will return all card spending limit controls that were defined at the , , or  level that apply to a specific card. You can only use this filter in combination with the  and  filters. The  must be set to  and the  must be set to a card ID.

## Response 200 fields (application/json):

  - `id` (string, required)
    ID of the created card spending limit control.
    Example: "7a911b90-0109-11ec-9a03-0242ac130003"

  - `scope` (string, required)
    The scope of the card spending control.
    Enum: "CARD", "CARDHOLDER", "ACCOUNT", "BUSINESS", "PARTNER", "PARTNER_CARDS", "BUSINESS_CARDS", "ACCOUNT_CARDS", "CARDHOLDER_CARDS", "NON_BUSINESS_CARDS", "PARTNER_CARDHOLDERS"

  - `scope_id` (string, required)
    ID of the resource that corresponds with the . For example, if the  is , then the  would be your partner ID. For , it would be the business ID.
    Example: "54e06604b0cf825810bec508cc1f2dc7mcrd"

  - `origin` (string, required)
    Indicates whether the card spending control was created by Solarisbank or by you.
    Enum: "SOLARISBANK", "PARTNER"

  - `idempotency_key` (string, required)
    A randomly generated UUID which the server uses to recognize subsequent retries of the same request.
    Example: "504f6816-f7b5-4965-bc35-69acadc9f5c7"

  - `limit` (object, required)
    Object containing the properties of the spending limit control. Note that you must set either  or ; you cannot set both.

  - `limit.period` (string, required)
    The time period in which to restrict transactions.
    Enum: "HOURLY", "DAILY", "WEEKLY", "MONTHLY", "MINUTES_60", "HOURS_24", "DAYS_7", "DAYS_30", "TRANSACTION"

  - `limit.amount` (integer)
    The maximum amount (in Euro cents) that customers may spend under this card spending limit control. : You cannot set  and  together under the same scope ID.
    Example: 10000

  - `limit.count` (integer)
    The maximum number of transactions that customers may conduct under this card spending limit control.  : You cannot set  and  together under the same scope ID.

  - `limit.conditions` (array)
    Object containing the dimensions to either include or exclude in this control. Note that you must use either  or ; you cannot use both.

  - `limit.conditions.type` (string, required)
    The type of transactions to be included/excluded.
    Enum: "MERCHANT_CATEGORY", "POS_ENTRY_MODE", "TRANSACTION_TYPE", "MERCHANT_COUNTRY", "ACQUIRER_ID", "MERCHANT_ID", "ALL_TYPES"

  - `limit.conditions.dimension` (array)
    Array containing dimensions to include in the spending limit control.  See the [guide](https://docs.solarisgroup.com/guides/cards/card-spending-controls/#list-of-dimensions) for more information about dimensions.
    Example: ["5411"]

  - `limit.conditions.excluded_dimension` (array)
    Array containing dimensions to exclude from the spending limit control.  See the [guide](https://docs.solarisgroup.com/guides/cards/card-spending-controls/#list-of-dimensions) for more information about dimensions.
    Example: ["5411"]

  - `positive_balance_limit` (boolean)
    It is set to true if the limit field represents positive balance limit. It is an optional field. Default value is false.

## Response 400 fields (application/json):

  - `id` (string)
    Example: "a95f2aaf-4e0c-4d49-8021-8a16a884ed86"

  - `status` (string)
    Example: "400"

  - `code` (string)
    Example: "build_pagination_headers_failure"

  - `title` (string)
    Example: "Failed to build pagination headers."

  - `detail` (string)
    Example: "Cannot connect to database."

## Response 403 fields (application/json):

  - `id` (string)
    Example: "a95f2aaf-4e0c-4d49-8021-8a16a884ed86"

  - `status` (string)
    Example: "403"

  - `code` (string)
    Example: "unauthorized_action"

  - `title` (string)
    Example: "Unauthorized Action"

  - `detail` (string)
    Example: "Unauthorized action is not allowed."

## Response 500 fields (application/json):

  - `id` (string)
    Example: "e8915041-9d8c-4d96-9dd1-04e8522ecdbf"

  - `status` (string)
    Example: "500"

  - `code` (string)
    Example: "generic_error"

  - `title` (string)
    Example: "Generic Error"

  - `detail` (string)
    Example: "There was an error."