Changelog
StatusDashboard
Back to All
Added

New card_authorization.challenge_response Webhook Event Available

about 12 hours ago by Matt Ruhland
Release Date

April 16, 2026

Products Affected

Authorization Challenges, Events API

Impact

New webhook event type added

Audience

Fraud Command customers using Authorization Challenges

Action Required

None, this change is additive only

Overview

A new card_authorization.challenge_response webhook event is now available for Fraud Command customers using Authorization Challenges. The event fires when a cardholder responds to a challenge issued during card authorization, giving card programs real-time visibility into challenge outcomes. Programs can use the event to automate downstream actions, such as suspending a card after a cardholder declines a challenge.

Details

Subscribers to the card_authorization.challenge_response event type receive a payload each time a cardholder approves or declines an authorization challenge. The payload links the challenge to the originating transaction and card, identifies the delivery method, and includes timestamps for both challenge creation and completion.

Payload Fields

  • event_type - The event type, always card_authorization.challenge_response
  • event_token - Globally unique identifier for the event
  • transaction_token - Token of the transaction associated with the challenged authorization
  • card_token - Token of the card associated with the challenge
  • challenge_method - Method used to deliver the challenge.
  • response - The cardholder's response to the challenge. One of APPROVE or DECLINE
  • created - Timestamp when the challenge was created
  • completed - Timestamp when the challenge was completed

Example Payload

{
  "event_type": "card_authorization.challenge_response",
  "event_token": "bbbf1e86-322d-11ee-9779-00505685a123",
  "transaction_token": "a4e8dc9a-f821-4365-b6a9-a6219b105b6d",
  "card_token": "f2c7d5e1-9b3a-4c82-8e61-7d94a1c2b5f0",
  "challenge_method": "SMS",
  "response": "APPROVE",
  "created": "2026-04-16T14:23:45Z",
  "completed": "2026-04-16T14:24:31Z"
}

Release Timeline

Available now

User Impact

This change is additive only. Existing integrations will continue to function without modification.

Updated Documentation

For the full list of supported event types, visit our Types of Events guide. For background on how Authorization Challenges fit into the authorization flow, see Authorization Challenges and Fraud Command.

If you have any questions or concerns, please contact us via the HELP link in your Lithic Dashboard.

The Lithic changelog has an RSS feed! To monitor for new update announcements, subscribe with your preferred RSS reader.