Skip to main content

What Are Mandates and Delegations?

A mandate (Visa) or delegation (Stripe) is a scoped spending authorization tied to an enrolled payment card. It defines the boundaries of what an agent can charge: the maximum amount per transaction, how many transactions are allowed, and when the authorization expires. Think of it as a controlled allowance: you’re giving an agent permission to spend within strict limits, rather than handing over your card.
Mandates and delegations are the same concept for different providers. Visa calls them mandates, Stripe calls them delegations. The spending controls, API key linking, and selection logic work identically for both.

Authorization Properties

Both mandates and delegations support the same core controls, though the field names differ slightly:
ControlVisa (Mandate)Stripe (Delegation)Description
Spending limitamountspendingLimitCentsMaximum amount per transaction
Max transactionsmaxUsagemaxTransactionsTotal transactions allowed
ExpirationexpiresAt (ISO date)durationSecs (seconds from creation)When the authorization expires
Currencycurrency (default: USD)currency (default: usd)Payment currency
API key linkapiKeyIdapiKeyIdLink to a specific NVM API key for automatic selection

Creating an Authorization

Via the Nevermined Pay Dashboard

After enrolling a card, create a mandate or delegation from the Nevermined Pay dashboard:
  1. Navigate to your enrolled Visa card
  2. Click Create Mandate
  3. Set the spending ceiling (amount per transaction)
  4. Set the maximum number of transactions
  5. Set an expiration date
  6. Optionally link an NVM API key (recommended if you have multiple mandates)
  7. Complete passkey authentication to authorize
Creating a Visa mandate requires passkey (FIDO2) authentication. This ensures only the cardholder can authorize agent spending.

Via the API

POST /payment-mandate

{
  "cardId": "your-card-id",
  "vProvisionedTokenID": "token-from-enrollment",
  "amount": 5.00,
  "currency": "USD",
  "maxUsage": 100,
  "expiresAt": "2026-12-31T23:59:59Z",
  "apiKeyId": "sk_...",
  "fidoBlob": "passkey-assertion-data",
  "identifier": "device-attestation-id",
  "dfpSessionId": "device-fingerprint-session",
  "verificationResults": "01",
  "verificationMethod": "23",
  "userId": "your-user-id"
}
The response includes an instructionId, the Visa instruction that enables agent charging.

Spending Controls

Both mandates and delegations enforce multiple layers of spending control:

Per-Transaction Amount

The spending limit sets the maximum a single transaction can charge. If an agent requests more than this amount, the payment is rejected.

Usage Limits

The max transactions cap limits the total number of transactions. NVM Pay tracks usage against this limit. Once the limit is reached, the authorization is exhausted and can’t be used for further payments.

Time-Based Expiration

After the expiration time, the authorization can’t be used regardless of remaining usage. Visa mandates use an explicit expiresAt date. Stripe delegations calculate expiration from durationSecs added to the creation timestamp.

Card Spending Ceiling

Each card has a cumulative spending ceiling (default $10.00). The sum of all active authorization amounts on a card can’t exceed this ceiling. This applies to both Visa and Stripe cards. Example:
Card CeilingAuthorization AAuthorization BRemaining
$10.00$5.00$3.00$2.00
If you try to create a third authorization for 3.00,itwillberejectedbecauseonly3.00, it will be rejected because only 2.00 of ceiling remains.

Updating an Authorization

You can update a mandate’s amount, usage limit, expiration, or API key link.
PUT /payment-mandate
The request targets an existing mandate’s instructionId.
Updating a Visa mandate revokes the existing instruction and creates a new one. Any unspent budget from the previous mandate doesn’t carry over.

Cancelling an Authorization

Cancel a mandate to revoke the agent’s spending authorization:
POST /cancel-purchase-instruction

{
  "instructionId": "the-mandate-instruction-id",
  "vProvisionedTokenID": "token-from-enrollment",
  "fidoBlob": "passkey-assertion-data",
  "identifier": "device-attestation-id",
  "dfpSessionId": "device-fingerprint-session",
  "verificationResults": "01",
  "verificationMethod": "23"
}
Cancellation requires passkey authentication, just like creation.

Status Lifecycle

Both mandate and delegation statuses follow the same pattern: 
Active -> Exhausted (usage limit reached)
  |
  |-> Expired (past expiration time)
  |
  |-> Revoked / Cancelled (manually removed)
Only active authorizations can be used for payments. NVM Pay checks status, usage, and expiration on every verify and settle request.
Stripe delegations track additional status detail: remainingBudgetCents (spending limit minus amount already spent) and transactionCount (current usage).

API Key Linking

You can optionally link a mandate or delegation to a specific NVM API key. This tells NVM Pay “when this API key is used, charge this authorization.” This is especially useful when you have multiple active authorizations and want deterministic routing. Instead of the agent guessing which one to use, the API key determines it automatically. Both Visa mandates and Stripe delegations support API key linking. See Mandate Selection for the full resolution algorithm.

Transaction History

Every payment processed through a mandate or delegation is recorded as a transaction:
FieldDescription
amountTransaction amount
currencyCurrency code
statuscompleted or failed
providerTransactionIdStripe charge ID
failureReasonError details (if failed)
createdAtWhen the transaction occurred
GET /cards/{cardId}/transactions?page=1&pageSize=20&status=completed

Provider Comparison

Visa MandateStripe Delegation
CreatePOST /payment-mandatePOST /api/v1/delegation/create
UpdatePUT /payment-mandate (revoke + recreate internally)Revoke + create new (explicit two-step)
CancelPOST /cancel-purchase-instructionDELETE /api/v1/delegation/{id}
Auth requiredPasskey (FIDO2) for create, update, cancelAPI credentials only
Expiration formatISO date (expiresAt)Duration in seconds (durationSecs)
Spending limit formatUSD amount (amount: 5.00)Cents (spendingLimitCents: 500)
Budget trackingusageCount / maxUsageamountSpentCents / remainingBudgetCents + transactionCount / maxTransactions

What’s Next?

If you have multiple mandates or delegations, you’ll want to understand how NVM Pay decides which one to use for a given payment request.

Mandate Selection

Learn the three-tier resolution algorithm for automatic mandate and delegation selection