Authorization Events Webhook

Galileo POSTs to /Authorization to send Authorization Events to the client. An Authorization Event is triggered when a card financial transaction with an association occurs. This includes card authorizations and denied card authorizations due to invalid PIN, insufficient funds, inactive card, etc.

Requests

The event data (described in the index pages that follow) will be in the body of the request, as JSON or form data.

JSON example (application/json)

{ "type": "denied_auth_gas", "account_id": "2011", "amount": "10.25", "balance": "500.00", "card_id": "12534", "mcc": "5712", "merch_loc": "NEW YORK, NY", "merch_name": "Widgets Incorporated", "merch_num": "L4DIV6D5LM4X7LF", "network": "V", "pmt_ref_no": "155200002022", "prod_id": "1701", "prog_id": "305", "timestamp": "2019-10-09 11:20:33 MST", "auth_id": "12303090" }

Form example (application/x-www-form-urlencoded)

type=denied_auth_gas&prod_id=1504&prog_id=255&pmt_ref_no=199999999998&merchant_name=DISCOUNT+FM+1&merchant_number=231000000129001&mcc=5541&merch_loc=ARCHER%2C+FLUS&auth_tran_type=5&amount=30.65&network=V&open_to_buy=2.95&auth_id=29143890&timestamp=2019-10-09+11%3A20%3A33+MST&account_id=388750&card_id=740724

Responses

ValueDescriptionRetransmit
0SuccessNo
1Parameters do not pass validation (parsing error)No
2Cardholder account not in systemNo
3General system failureNo
4Authentication failedNo
5Not ready to accept messagesYes

JSON example

{ "success_code": "0" }

XML responses should use the webhook name (Authorization) as the envelope.

XML example

<Authorization><success_code>0</success_code></Authorization>
Headers
uuid
required

A unique identifier for the HTTP request.

string
required
Defaults to HMAC-SHA256

Signature algorithm. For now, always "HMAC-SHA256".

string
required
Defaults to galileo

Identifies request as coming from Galileo. Hard-coded to "galileo".

string
required

UTC timestamp when request is sent. Format: "<timestamp><timezone>" where timestamp = YYYYMMDD:HHMMSS and timezone = UTC. Example: 20170504:141752UTC.

string
required

Signature of request. See overview for more details.

Response

Response body
object
string

Response ("success") codes. Possible values:

  • 0 - Success
  • 1 - Parameters do not pass validation
  • 2 - Cardholder account not in system
  • 3 - General system failure
  • 4 - Authentication failed
  • 5 - Not ready to accept messages. Event will be retransmitted.

For all but 5, the event will not be retransmitted.

0 1 2 3 4 5

Language
Choose an example:
application/json
application/xml

©Galileo Financial Technologies, LLC 2025

All documentation, including but not limited to text, graphics, images, and any other content, are the exclusive property of Galileo Financial Technologies, LLC and are protected by copyright laws. These materials may not be reproduced, distributed, transmitted, displayed, or otherwise used without the prior written permission of Galileo Financial Technologies, LLC. Any unauthorized use or reproduction of these materials are expressly prohibited.