A reference implementation of a customer remote authorization / decisioning endpoint for the PEX platform, built as an Azure Functions app (.NET 10 isolated worker).
When customer decisioning is enabled, PEX calls your endpoint in real time for each card transaction; your service approves or declines it. This repo is a minimal, runnable example of that endpoint — use it to understand the request/response contract and as a starting point for your own implementation.
The decision rules here are illustrative only (e.g. "approve when the amount is even"). They exist to make each scenario easy to trigger in testing. Replace them with your own authorization logic.
For the authoritative contract, see the PEX developer docs: https://developer.pexcard.com/documentation
PEX sends an HTTP POST with a DecisionRequest JSON body. Your endpoint returns a
DecisionResponse:
- Approve → HTTP
200with"Decision": 2 - Decline → HTTP
400with"Decision": 0
JSON property names are PascalCase (see Program.cs, which configures the serializer
accordingly). The Decision values (Approved = 2, Declined = 0) are defined by the contract.
This sample exposes several endpoints, each isolating one decision input so a scenario is easy to reproduce. A real service would expose a single decisioning endpoint.
| Route | Illustrative behavior |
|---|---|
decision/Authorization, decision/Authorization2 |
Approve when TransactionAmount is an even whole number |
decision/PsiAuthorization |
Approve when MCCCode == "5047" and TransactionAmount <= 5000 |
decision/authorizationtest/international |
Approve when IsInternational is true |
decision/authorizationtest/cardpresence |
Decline when IsCardNotPresent is true |
decision/authorizationtest/mcccategory |
Approve when MCCCode == "3052" |
decision/authorizationtest/timeout |
Wait 2.5s then approve (exercises caller timeout handling) |
It also implements the optional reachability check:
| Route | Behavior |
|---|---|
GET /Ping |
Returns 200 with { "ResponseDateTime": <UTC ISO 8601> }. PEX uses this to monitor reachability (target < 500ms). |
This sample uses anonymous endpoints for simplicity. In production, PEX can send a shared
secret as an HTTP Basic Authorization header (configured per card program). Your endpoint
should validate that header and reject unauthorized calls — add that check at the start of each
function before processing the request.
Requires the Azure Functions Core Tools and the .NET 10 SDK.
dotnet build DecisionEngine.Remote.Simulator.sln -c Release
cd DecisionEngine.Simulator/DecisionEngine.Remote.Simulator.Function
func startThen call an endpoint, e.g.:
curl -i -X POST http://localhost:7071/api/decision/Authorization \
-H "Content-Type: application/json" \
-d '{"NetworkTransactionId":1,"TransactionAmount":2}'local.settings.json ships with safe local defaults
(AzureWebJobsStorage=UseDevelopmentStorage=true). Provide a real storage connection string
when deploying.
| Project | Purpose |
|---|---|
DecisionEngine.Remote.Simulator.Common |
Request/response models (DecisionRequest, DecisionResponse, DecisionEnum, PingResponse) |
DecisionEngine.Remote.Simulator.Function |
HTTP-triggered functions implementing the example endpoints |
MIT — see LICENSE.