diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 6eb3f5dc..c36e1d8e 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -21,10 +21,10 @@ jobs:
     runs-on: ${{ github.repository == 'stainless-sdks/lithic-typescript' && 'depot-ubuntu-24.04' || 'ubuntu-latest' }}
     if: (github.event_name == 'push' || github.event.pull_request.head.repo.fork) && (github.event_name != 'push' || github.event.head_commit.message != 'codegen metadata')
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Set up Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version: '22'
 
@@ -43,10 +43,10 @@ jobs:
       contents: read
       id-token: write
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Set up Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version: '22'
 
@@ -61,7 +61,7 @@ jobs:
           github.repository == 'stainless-sdks/lithic-typescript' &&
           !startsWith(github.ref, 'refs/heads/stl/')
         id: github-oidc
-        uses: actions/github-script@v8
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           script: core.setOutput('github_token', await core.getIDToken());
 
@@ -91,10 +91,10 @@ jobs:
     runs-on: ${{ github.repository == 'stainless-sdks/lithic-typescript' && 'depot-ubuntu-24.04' || 'ubuntu-latest' }}
     if: github.event_name == 'push' || github.event.pull_request.head.repo.fork
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Set up Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version: '22'
 
diff --git a/.github/workflows/publish-npm.yml b/.github/workflows/publish-npm.yml
index 5950b3e3..b24a2038 100644
--- a/.github/workflows/publish-npm.yml
+++ b/.github/workflows/publish-npm.yml
@@ -21,10 +21,10 @@ jobs:
       id-token: write
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Set up Node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3.9.1
         with:
           node-version: '20'
 
diff --git a/.github/workflows/release-doctor.yml b/.github/workflows/release-doctor.yml
index 3ebabb64..b12956ad 100644
--- a/.github/workflows/release-doctor.yml
+++ b/.github/workflows/release-doctor.yml
@@ -12,7 +12,7 @@ jobs:
     if: github.repository == 'lithic-com/lithic-node' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || startsWith(github.head_ref, 'release-please') || github.head_ref == 'next')
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Check release environment
         run: |
diff --git a/.release-please-manifest.json b/.release-please-manifest.json
index 93396555..593fcf0c 100644
--- a/.release-please-manifest.json
+++ b/.release-please-manifest.json
@@ -1,3 +1,3 @@
 {
-  ".": "0.139.0"
+  ".": "0.140.0"
 }
diff --git a/.stats.yml b/.stats.yml
index 9a940850..ddc91aa1 100644
--- a/.stats.yml
+++ b/.stats.yml
@@ -1,4 +1,4 @@
-configured_endpoints: 193
-openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/lithic/lithic-00f07b0edcc0c3c5ef79920ced7f58dac2434df5e4c27ff6041783e8228315f9.yml
-openapi_spec_hash: 963688b09480159a06865075c94a2577
-config_hash: 265a2b679964f4ad5706de101ad2a942
+configured_endpoints: 194
+openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/lithic/lithic-55d6cdcb852320054c00ae49deb0e42c086bdb82ada1ab7ac1bbbbc7c7cc0eeb.yml
+openapi_spec_hash: 71f86153c543bc60978d55b8a2634674
+config_hash: 1c5c139a2aa0d1d45c063f953a9bc803
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 70cc51c3..6f99b7e4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,23 @@
 # Changelog
 
+## 0.140.0 (2026-05-15)
+
+Full Changelog: [v0.139.0...v0.140.0](https://github.com/lithic-com/lithic-node/compare/v0.139.0...v0.140.0)
+
+### Features
+
+* **api:** add card_authorization.challenge webhook event ([aa5e447](https://github.com/lithic-com/lithic-node/commit/aa5e44751b46b22055da3691529cae688f6d6ce5))
+
+
+### Bug Fixes
+
+* **api:** Change conditional value numeric type from integer to number ([6e86c29](https://github.com/lithic-com/lithic-node/commit/6e86c2959478dae721d835a3816b7cc599927131))
+
+
+### Documentation
+
+* **api:** clarify ACCOUNT_AGE attribute in auth rules v2 ([a492725](https://github.com/lithic-com/lithic-node/commit/a492725ac836e570ede0091904b38040d0b44446))
+
 ## 0.139.0 (2026-05-08)
 
 Full Changelog: [v0.138.0...v0.139.0](https://github.com/lithic-com/lithic-node/compare/v0.138.0...v0.139.0)
diff --git a/api.md b/api.md
index cc5fca0d..d7f9175a 100644
--- a/api.md
+++ b/api.md
@@ -232,6 +232,16 @@ Methods:
 - <code title="get /v1/cards/{card_token}/financial_transactions/{financial_transaction_token}">client.cards.financialTransactions.<a href="./src/resources/cards/financial-transactions.ts">retrieve</a>(financialTransactionToken, { ...params }) -> FinancialTransaction</code>
 - <code title="get /v1/cards/{card_token}/financial_transactions">client.cards.financialTransactions.<a href="./src/resources/cards/financial-transactions.ts">list</a>(cardToken, { ...params }) -> FinancialTransactionsSinglePage</code>
 
+# CardAuthorizations
+
+Types:
+
+- <code><a href="./src/resources/card-authorizations.ts">CardAuthorization</a></code>
+
+Methods:
+
+- <code title="post /v1/card_authorizations/{event_token}/challenge_response">client.cardAuthorizations.<a href="./src/resources/card-authorizations.ts">challengeResponse</a>(eventToken, { ...params }) -> void</code>
+
 # CardBulkOrders
 
 Types:
@@ -808,6 +818,7 @@ Types:
 - <code><a href="./src/resources/webhooks.ts">AccountHolderVerificationWebhookEvent</a></code>
 - <code><a href="./src/resources/webhooks.ts">AccountHolderDocumentUpdatedWebhookEvent</a></code>
 - <code><a href="./src/resources/webhooks.ts">CardAuthorizationApprovalRequestWebhookEvent</a></code>
+- <code><a href="./src/resources/webhooks.ts">CardAuthorizationChallengeWebhookEvent</a></code>
 - <code><a href="./src/resources/webhooks.ts">CardAuthorizationChallengeResponseWebhookEvent</a></code>
 - <code><a href="./src/resources/webhooks.ts">AuthRulesBacktestReportCreatedWebhookEvent</a></code>
 - <code><a href="./src/resources/webhooks.ts">BalanceUpdatedWebhookEvent</a></code>
diff --git a/package.json b/package.json
index c920b378..1a7b1542 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "lithic",
-  "version": "0.139.0",
+  "version": "0.140.0",
   "description": "The official TypeScript library for the Lithic API",
   "author": "Lithic <sdk-feedback@lithic.com>",
   "types": "dist/index.d.ts",
diff --git a/packages/mcp-server/manifest.json b/packages/mcp-server/manifest.json
index 4fdea2c5..76ca0636 100644
--- a/packages/mcp-server/manifest.json
+++ b/packages/mcp-server/manifest.json
@@ -1,7 +1,7 @@
 {
   "dxt_version": "0.2",
   "name": "lithic-mcp",
-  "version": "0.139.0",
+  "version": "0.140.0",
   "description": "The official MCP Server for the Lithic API",
   "author": {
     "name": "Lithic",
diff --git a/packages/mcp-server/package.json b/packages/mcp-server/package.json
index 19b9831a..cd18eabf 100644
--- a/packages/mcp-server/package.json
+++ b/packages/mcp-server/package.json
@@ -1,6 +1,6 @@
 {
   "name": "lithic-mcp",
-  "version": "0.139.0",
+  "version": "0.140.0",
   "description": "The official MCP Server for the Lithic API",
   "author": "Lithic <sdk-feedback@lithic.com>",
   "types": "dist/index.d.ts",
diff --git a/packages/mcp-server/src/code-tool-worker.ts b/packages/mcp-server/src/code-tool-worker.ts
index 0e25078f..9a1f7d5a 100644
--- a/packages/mcp-server/src/code-tool-worker.ts
+++ b/packages/mcp-server/src/code-tool-worker.ts
@@ -167,6 +167,7 @@ const fuse = new Fuse(
     'client.cards.balances.list',
     'client.cards.financialTransactions.list',
     'client.cards.financialTransactions.retrieve',
+    'client.cardAuthorizations.challengeResponse',
     'client.cardBulkOrders.create',
     'client.cardBulkOrders.list',
     'client.cardBulkOrders.retrieve',
diff --git a/packages/mcp-server/src/local-docs-search.ts b/packages/mcp-server/src/local-docs-search.ts
index 8821a583..16bce531 100644
--- a/packages/mcp-server/src/local-docs-search.ts
+++ b/packages/mcp-server/src/local-docs-search.ts
@@ -1224,12 +1224,12 @@ const EMBEDDED_METHODS: MethodEntry[] = [
     qualified: 'client.authRules.v2.draft',
     params: [
       'auth_rule_token: string;',
-      "parameters?: { conditions: { attribute: conditional_attribute; operation: conditional_operation; value: conditional_value; }[]; } | { period: { duration: number; type: 'CUSTOM'; } | { type: 'DAY'; } | { type: 'WEEK'; day_of_week?: number; } | { type: 'MONTH'; day_of_month?: number; } | { type: 'YEAR'; day_of_month?: number; month?: number; }; scope: 'CARD' | 'ACCOUNT'; filters?: { exclude_countries?: string[]; exclude_mccs?: string[]; include_countries?: string[]; include_mccs?: string[]; include_pan_entry_modes?: string[]; }; limit_amount?: number; limit_count?: number; } | { merchants: { comment?: string; descriptor?: string; merchant_id?: string; }[]; } | { action: 'DECLINE' | 'CHALLENGE'; conditions: { attribute: string; operation: string; value: string | number | string[] | string; }[]; } | { action: 'DECLINE' | 'CHALLENGE'; conditions: { attribute: string; operation: string; value: string | number | string[] | string; parameters?: { interval?: 'LIFETIME' | '7D' | '30D' | '90D'; scope?: 'CARD' | 'ACCOUNT' | 'BUSINESS_ACCOUNT'; unit?: 'MPH' | 'KPH' | 'MILES' | 'KILOMETERS'; }; }[]; } | { action: { type: 'APPROVE'; } | { code: string; type: 'RETURN'; }; conditions: { attribute: 'COMPANY_NAME' | 'COMPANY_ID' | 'TIMESTAMP' | 'TRANSACTION_AMOUNT' | 'SEC_CODE' | 'MEMO'; operation: string; value: string | number | string[] | string; }[]; } | { action: { type: 'DECLINE'; reason?: string; } | { type: 'REQUIRE_TFA'; reason?: string; }; conditions: { attribute: string; operation: string; value: string | number | string[] | string; }[]; } | { action: { key: string; type: 'TAG'; value: string; } | { queue_token: string; scope: 'CARD' | 'ACCOUNT'; type: 'CREATE_CASE'; }; conditions: { attribute: string; operation: string; value: string | number | string[] | string; parameters?: { filters?: spend_velocity_filters; period?: velocity_limit_period; scope?: 'CARD' | 'ACCOUNT' | 'GLOBAL'; }; }[]; } | { code: string; features: { type: 'AUTHORIZATION'; name?: string; } | { type: 'AUTHENTICATION'; name?: string; } | { type: 'TOKENIZATION'; name?: string; } | { type: 'ACH_RECEIPT'; name?: string; } | { type: 'CARD'; name?: string; } | { type: 'ACCOUNT_HOLDER'; name?: string; } | { type: 'IP_METADATA'; name?: string; } | { period: velocity_limit_period; scope: 'CARD' | 'ACCOUNT'; type: 'SPEND_VELOCITY'; filters?: velocity_limit_filters; name?: string; } | { scope: 'CARD' | 'ACCOUNT' | 'BUSINESS_ACCOUNT'; type: 'TRANSACTION_HISTORY_SIGNALS'; name?: string; }[]; };",
+      "parameters?: { conditions: { attribute: conditional_attribute; operation: conditional_operation; value: conditional_value; }[]; } | { period: { duration: number; type: 'CUSTOM'; } | { type: 'DAY'; } | { type: 'WEEK'; day_of_week?: number; } | { type: 'MONTH'; day_of_month?: number; } | { type: 'YEAR'; day_of_month?: number; month?: number; }; scope: 'CARD' | 'ACCOUNT'; filters?: { exclude_countries?: string[]; exclude_mccs?: string[]; include_countries?: string[]; include_mccs?: string[]; include_pan_entry_modes?: string[]; }; limit_amount?: number; limit_count?: number; } | { merchants: { comment?: string; descriptor?: string; merchant_id?: string; }[]; } | { action: 'DECLINE' | 'CHALLENGE'; conditions: { attribute: string; operation: string; value: string | number | number | string[] | string; }[]; } | { action: 'DECLINE' | 'CHALLENGE'; conditions: { attribute: string; operation: string; value: string | number | number | string[] | string; parameters?: { interval?: 'LIFETIME' | '7D' | '30D' | '90D'; scope?: 'CARD' | 'ACCOUNT' | 'BUSINESS_ACCOUNT'; unit?: 'MPH' | 'KPH' | 'MILES' | 'KILOMETERS'; }; }[]; } | { action: { type: 'APPROVE'; } | { code: string; type: 'RETURN'; }; conditions: { attribute: 'COMPANY_NAME' | 'COMPANY_ID' | 'TIMESTAMP' | 'TRANSACTION_AMOUNT' | 'SEC_CODE' | 'MEMO'; operation: string; value: string | number | number | string[] | string; }[]; } | { action: { type: 'DECLINE'; reason?: string; } | { type: 'REQUIRE_TFA'; reason?: string; }; conditions: { attribute: string; operation: string; value: string | number | number | string[] | string; }[]; } | { action: { key: string; type: 'TAG'; value: string; } | { queue_token: string; scope: 'CARD' | 'ACCOUNT'; type: 'CREATE_CASE'; }; conditions: { attribute: string; operation: string; value: string | number | number | string[] | string; parameters?: { filters?: spend_velocity_filters; period?: velocity_limit_period; scope?: 'CARD' | 'ACCOUNT' | 'GLOBAL'; }; }[]; } | { code: string; features: { type: 'AUTHORIZATION'; name?: string; } | { type: 'AUTHENTICATION'; name?: string; } | { type: 'TOKENIZATION'; name?: string; } | { type: 'ACH_RECEIPT'; name?: string; } | { type: 'CARD'; name?: string; } | { type: 'ACCOUNT_HOLDER'; name?: string; } | { type: 'IP_METADATA'; name?: string; } | { period: velocity_limit_period; scope: 'CARD' | 'ACCOUNT'; type: 'SPEND_VELOCITY'; filters?: velocity_limit_filters; name?: string; } | { scope: 'CARD' | 'ACCOUNT' | 'BUSINESS_ACCOUNT'; type: 'TRANSACTION_HISTORY_SIGNALS'; name?: string; }[]; };",
     ],
     response:
       "{ token: string; account_tokens: string[]; business_account_tokens: string[]; card_tokens: string[]; current_version: { parameters: object | object | object | object | object | object | object | object | object; version: number; }; draft_version: { error: string; parameters: object | object | object | object | object | object | object | object | object; state: 'PENDING' | 'SHADOWING' | 'ERROR'; version: number; }; event_stream: string; lithic_managed: boolean; name: string; program_level: boolean; state: 'ACTIVE' | 'INACTIVE'; type: 'CONDITIONAL_BLOCK' | 'VELOCITY_LIMIT' | 'MERCHANT_LOCK' | 'CONDITIONAL_ACTION' | 'TYPESCRIPT_CODE'; excluded_account_tokens?: string[]; excluded_business_account_tokens?: string[]; excluded_card_tokens?: string[]; }",
     markdown:
-      "## draft\n\n`client.authRules.v2.draft(auth_rule_token: string, parameters?: { conditions: auth_rule_condition[]; } | { period: velocity_limit_period; scope: 'CARD' | 'ACCOUNT'; filters?: velocity_limit_filters; limit_amount?: number; limit_count?: number; } | { merchants: object[]; } | { action: 'DECLINE' | 'CHALLENGE'; conditions: object[]; } | { action: 'DECLINE' | 'CHALLENGE'; conditions: object[]; } | { action: object | object; conditions: object[]; } | { action: object | object; conditions: object[]; } | { action: card_transaction_update_action; conditions: object[]; } | { code: string; features: rule_feature[]; }): { token: string; account_tokens: string[]; business_account_tokens: string[]; card_tokens: string[]; current_version: object; draft_version: object; event_stream: event_stream; lithic_managed: boolean; name: string; program_level: boolean; state: 'ACTIVE' | 'INACTIVE'; type: 'CONDITIONAL_BLOCK' | 'VELOCITY_LIMIT' | 'MERCHANT_LOCK' | 'CONDITIONAL_ACTION' | 'TYPESCRIPT_CODE'; excluded_account_tokens?: string[]; excluded_business_account_tokens?: string[]; excluded_card_tokens?: string[]; }`\n\n**post** `/v2/auth_rules/{auth_rule_token}/draft`\n\nCreates a new draft version of a rule that will be ran in shadow mode.\n\nThis can also be utilized to reset the draft parameters, causing a draft version to no longer be ran in shadow mode.\n\n\n### Parameters\n\n- `auth_rule_token: string`\n\n- `parameters?: { conditions: { attribute: conditional_attribute; operation: conditional_operation; value: conditional_value; }[]; } | { period: { duration: number; type: 'CUSTOM'; } | { type: 'DAY'; } | { type: 'WEEK'; day_of_week?: number; } | { type: 'MONTH'; day_of_month?: number; } | { type: 'YEAR'; day_of_month?: number; month?: number; }; scope: 'CARD' | 'ACCOUNT'; filters?: { exclude_countries?: string[]; exclude_mccs?: string[]; include_countries?: string[]; include_mccs?: string[]; include_pan_entry_modes?: string[]; }; limit_amount?: number; limit_count?: number; } | { merchants: { comment?: string; descriptor?: string; merchant_id?: string; }[]; } | { action: 'DECLINE' | 'CHALLENGE'; conditions: { attribute: string; operation: string; value: string | number | string[] | string; }[]; } | { action: 'DECLINE' | 'CHALLENGE'; conditions: { attribute: string; operation: string; value: string | number | string[] | string; parameters?: { interval?: 'LIFETIME' | '7D' | '30D' | '90D'; scope?: 'CARD' | 'ACCOUNT' | 'BUSINESS_ACCOUNT'; unit?: 'MPH' | 'KPH' | 'MILES' | 'KILOMETERS'; }; }[]; } | { action: { type: 'APPROVE'; } | { code: string; type: 'RETURN'; }; conditions: { attribute: 'COMPANY_NAME' | 'COMPANY_ID' | 'TIMESTAMP' | 'TRANSACTION_AMOUNT' | 'SEC_CODE' | 'MEMO'; operation: string; value: string | number | string[] | string; }[]; } | { action: { type: 'DECLINE'; reason?: string; } | { type: 'REQUIRE_TFA'; reason?: string; }; conditions: { attribute: string; operation: string; value: string | number | string[] | string; }[]; } | { action: { key: string; type: 'TAG'; value: string; } | { queue_token: string; scope: 'CARD' | 'ACCOUNT'; type: 'CREATE_CASE'; }; conditions: { attribute: string; operation: string; value: string | number | string[] | string; parameters?: { filters?: spend_velocity_filters; period?: velocity_limit_period; scope?: 'CARD' | 'ACCOUNT' | 'GLOBAL'; }; }[]; } | { code: string; features: { type: 'AUTHORIZATION'; name?: string; } | { type: 'AUTHENTICATION'; name?: string; } | { type: 'TOKENIZATION'; name?: string; } | { type: 'ACH_RECEIPT'; name?: string; } | { type: 'CARD'; name?: string; } | { type: 'ACCOUNT_HOLDER'; name?: string; } | { type: 'IP_METADATA'; name?: string; } | { period: velocity_limit_period; scope: 'CARD' | 'ACCOUNT'; type: 'SPEND_VELOCITY'; filters?: velocity_limit_filters; name?: string; } | { scope: 'CARD' | 'ACCOUNT' | 'BUSINESS_ACCOUNT'; type: 'TRANSACTION_HISTORY_SIGNALS'; name?: string; }[]; }`\n  Parameters for the Auth Rule\n\n### Returns\n\n- `{ token: string; account_tokens: string[]; business_account_tokens: string[]; card_tokens: string[]; current_version: { parameters: object | object | object | object | object | object | object | object | object; version: number; }; draft_version: { error: string; parameters: object | object | object | object | object | object | object | object | object; state: 'PENDING' | 'SHADOWING' | 'ERROR'; version: number; }; event_stream: string; lithic_managed: boolean; name: string; program_level: boolean; state: 'ACTIVE' | 'INACTIVE'; type: 'CONDITIONAL_BLOCK' | 'VELOCITY_LIMIT' | 'MERCHANT_LOCK' | 'CONDITIONAL_ACTION' | 'TYPESCRIPT_CODE'; excluded_account_tokens?: string[]; excluded_business_account_tokens?: string[]; excluded_card_tokens?: string[]; }`\n\n  - `token: string`\n  - `account_tokens: string[]`\n  - `business_account_tokens: string[]`\n  - `card_tokens: string[]`\n  - `current_version: { parameters: { conditions: object[]; } | { period: object | object | object | object | object; scope: 'CARD' | 'ACCOUNT'; filters?: object; limit_amount?: number; limit_count?: number; } | { merchants: { comment?: string; descriptor?: string; merchant_id?: string; }[]; } | { action: 'DECLINE' | 'CHALLENGE'; conditions: { attribute: string; operation: conditional_operation; value: conditional_value; }[]; } | { action: 'DECLINE' | 'CHALLENGE'; conditions: { attribute: string; operation: conditional_operation; value: conditional_value; parameters?: object; }[]; } | { action: { type: 'APPROVE'; } | { code: string; type: 'RETURN'; }; conditions: { attribute: 'COMPANY_NAME' | 'COMPANY_ID' | 'TIMESTAMP' | 'TRANSACTION_AMOUNT' | 'SEC_CODE' | 'MEMO'; operation: conditional_operation; value: conditional_value; }[]; } | { action: { type: 'DECLINE'; reason?: string; } | { type: 'REQUIRE_TFA'; reason?: string; }; conditions: { attribute: string; operation: conditional_operation; value: conditional_value; }[]; } | { action: object | object; conditions: { attribute: string; operation: conditional_operation; value: conditional_value; parameters?: object; }[]; } | { code: string; features: object | object | object | object | object | object | object | object | object[]; }; version: number; }`\n  - `draft_version: { error: string; parameters: { conditions: object[]; } | { period: object | object | object | object | object; scope: 'CARD' | 'ACCOUNT'; filters?: object; limit_amount?: number; limit_count?: number; } | { merchants: { comment?: string; descriptor?: string; merchant_id?: string; }[]; } | { action: 'DECLINE' | 'CHALLENGE'; conditions: { attribute: string; operation: conditional_operation; value: conditional_value; }[]; } | { action: 'DECLINE' | 'CHALLENGE'; conditions: { attribute: string; operation: conditional_operation; value: conditional_value; parameters?: object; }[]; } | { action: { type: 'APPROVE'; } | { code: string; type: 'RETURN'; }; conditions: { attribute: 'COMPANY_NAME' | 'COMPANY_ID' | 'TIMESTAMP' | 'TRANSACTION_AMOUNT' | 'SEC_CODE' | 'MEMO'; operation: conditional_operation; value: conditional_value; }[]; } | { action: { type: 'DECLINE'; reason?: string; } | { type: 'REQUIRE_TFA'; reason?: string; }; conditions: { attribute: string; operation: conditional_operation; value: conditional_value; }[]; } | { action: object | object; conditions: { attribute: string; operation: conditional_operation; value: conditional_value; parameters?: object; }[]; } | { code: string; features: object | object | object | object | object | object | object | object | object[]; }; state: 'PENDING' | 'SHADOWING' | 'ERROR'; version: number; }`\n  - `event_stream: string`\n  - `lithic_managed: boolean`\n  - `name: string`\n  - `program_level: boolean`\n  - `state: 'ACTIVE' | 'INACTIVE'`\n  - `type: 'CONDITIONAL_BLOCK' | 'VELOCITY_LIMIT' | 'MERCHANT_LOCK' | 'CONDITIONAL_ACTION' | 'TYPESCRIPT_CODE'`\n  - `excluded_account_tokens?: string[]`\n  - `excluded_business_account_tokens?: string[]`\n  - `excluded_card_tokens?: string[]`\n\n### Example\n\n```typescript\nimport Lithic from 'lithic';\n\nconst client = new Lithic();\n\nconst authRule = await client.authRules.v2.draft('182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e');\n\nconsole.log(authRule);\n```",
+      "## draft\n\n`client.authRules.v2.draft(auth_rule_token: string, parameters?: { conditions: auth_rule_condition[]; } | { period: velocity_limit_period; scope: 'CARD' | 'ACCOUNT'; filters?: velocity_limit_filters; limit_amount?: number; limit_count?: number; } | { merchants: object[]; } | { action: 'DECLINE' | 'CHALLENGE'; conditions: object[]; } | { action: 'DECLINE' | 'CHALLENGE'; conditions: object[]; } | { action: object | object; conditions: object[]; } | { action: object | object; conditions: object[]; } | { action: card_transaction_update_action; conditions: object[]; } | { code: string; features: rule_feature[]; }): { token: string; account_tokens: string[]; business_account_tokens: string[]; card_tokens: string[]; current_version: object; draft_version: object; event_stream: event_stream; lithic_managed: boolean; name: string; program_level: boolean; state: 'ACTIVE' | 'INACTIVE'; type: 'CONDITIONAL_BLOCK' | 'VELOCITY_LIMIT' | 'MERCHANT_LOCK' | 'CONDITIONAL_ACTION' | 'TYPESCRIPT_CODE'; excluded_account_tokens?: string[]; excluded_business_account_tokens?: string[]; excluded_card_tokens?: string[]; }`\n\n**post** `/v2/auth_rules/{auth_rule_token}/draft`\n\nCreates a new draft version of a rule that will be ran in shadow mode.\n\nThis can also be utilized to reset the draft parameters, causing a draft version to no longer be ran in shadow mode.\n\n\n### Parameters\n\n- `auth_rule_token: string`\n\n- `parameters?: { conditions: { attribute: conditional_attribute; operation: conditional_operation; value: conditional_value; }[]; } | { period: { duration: number; type: 'CUSTOM'; } | { type: 'DAY'; } | { type: 'WEEK'; day_of_week?: number; } | { type: 'MONTH'; day_of_month?: number; } | { type: 'YEAR'; day_of_month?: number; month?: number; }; scope: 'CARD' | 'ACCOUNT'; filters?: { exclude_countries?: string[]; exclude_mccs?: string[]; include_countries?: string[]; include_mccs?: string[]; include_pan_entry_modes?: string[]; }; limit_amount?: number; limit_count?: number; } | { merchants: { comment?: string; descriptor?: string; merchant_id?: string; }[]; } | { action: 'DECLINE' | 'CHALLENGE'; conditions: { attribute: string; operation: string; value: string | number | number | string[] | string; }[]; } | { action: 'DECLINE' | 'CHALLENGE'; conditions: { attribute: string; operation: string; value: string | number | number | string[] | string; parameters?: { interval?: 'LIFETIME' | '7D' | '30D' | '90D'; scope?: 'CARD' | 'ACCOUNT' | 'BUSINESS_ACCOUNT'; unit?: 'MPH' | 'KPH' | 'MILES' | 'KILOMETERS'; }; }[]; } | { action: { type: 'APPROVE'; } | { code: string; type: 'RETURN'; }; conditions: { attribute: 'COMPANY_NAME' | 'COMPANY_ID' | 'TIMESTAMP' | 'TRANSACTION_AMOUNT' | 'SEC_CODE' | 'MEMO'; operation: string; value: string | number | number | string[] | string; }[]; } | { action: { type: 'DECLINE'; reason?: string; } | { type: 'REQUIRE_TFA'; reason?: string; }; conditions: { attribute: string; operation: string; value: string | number | number | string[] | string; }[]; } | { action: { key: string; type: 'TAG'; value: string; } | { queue_token: string; scope: 'CARD' | 'ACCOUNT'; type: 'CREATE_CASE'; }; conditions: { attribute: string; operation: string; value: string | number | number | string[] | string; parameters?: { filters?: spend_velocity_filters; period?: velocity_limit_period; scope?: 'CARD' | 'ACCOUNT' | 'GLOBAL'; }; }[]; } | { code: string; features: { type: 'AUTHORIZATION'; name?: string; } | { type: 'AUTHENTICATION'; name?: string; } | { type: 'TOKENIZATION'; name?: string; } | { type: 'ACH_RECEIPT'; name?: string; } | { type: 'CARD'; name?: string; } | { type: 'ACCOUNT_HOLDER'; name?: string; } | { type: 'IP_METADATA'; name?: string; } | { period: velocity_limit_period; scope: 'CARD' | 'ACCOUNT'; type: 'SPEND_VELOCITY'; filters?: velocity_limit_filters; name?: string; } | { scope: 'CARD' | 'ACCOUNT' | 'BUSINESS_ACCOUNT'; type: 'TRANSACTION_HISTORY_SIGNALS'; name?: string; }[]; }`\n  Parameters for the Auth Rule\n\n### Returns\n\n- `{ token: string; account_tokens: string[]; business_account_tokens: string[]; card_tokens: string[]; current_version: { parameters: object | object | object | object | object | object | object | object | object; version: number; }; draft_version: { error: string; parameters: object | object | object | object | object | object | object | object | object; state: 'PENDING' | 'SHADOWING' | 'ERROR'; version: number; }; event_stream: string; lithic_managed: boolean; name: string; program_level: boolean; state: 'ACTIVE' | 'INACTIVE'; type: 'CONDITIONAL_BLOCK' | 'VELOCITY_LIMIT' | 'MERCHANT_LOCK' | 'CONDITIONAL_ACTION' | 'TYPESCRIPT_CODE'; excluded_account_tokens?: string[]; excluded_business_account_tokens?: string[]; excluded_card_tokens?: string[]; }`\n\n  - `token: string`\n  - `account_tokens: string[]`\n  - `business_account_tokens: string[]`\n  - `card_tokens: string[]`\n  - `current_version: { parameters: { conditions: object[]; } | { period: object | object | object | object | object; scope: 'CARD' | 'ACCOUNT'; filters?: object; limit_amount?: number; limit_count?: number; } | { merchants: { comment?: string; descriptor?: string; merchant_id?: string; }[]; } | { action: 'DECLINE' | 'CHALLENGE'; conditions: { attribute: string; operation: conditional_operation; value: conditional_value; }[]; } | { action: 'DECLINE' | 'CHALLENGE'; conditions: { attribute: string; operation: conditional_operation; value: conditional_value; parameters?: object; }[]; } | { action: { type: 'APPROVE'; } | { code: string; type: 'RETURN'; }; conditions: { attribute: 'COMPANY_NAME' | 'COMPANY_ID' | 'TIMESTAMP' | 'TRANSACTION_AMOUNT' | 'SEC_CODE' | 'MEMO'; operation: conditional_operation; value: conditional_value; }[]; } | { action: { type: 'DECLINE'; reason?: string; } | { type: 'REQUIRE_TFA'; reason?: string; }; conditions: { attribute: string; operation: conditional_operation; value: conditional_value; }[]; } | { action: object | object; conditions: { attribute: string; operation: conditional_operation; value: conditional_value; parameters?: object; }[]; } | { code: string; features: object | object | object | object | object | object | object | object | object[]; }; version: number; }`\n  - `draft_version: { error: string; parameters: { conditions: object[]; } | { period: object | object | object | object | object; scope: 'CARD' | 'ACCOUNT'; filters?: object; limit_amount?: number; limit_count?: number; } | { merchants: { comment?: string; descriptor?: string; merchant_id?: string; }[]; } | { action: 'DECLINE' | 'CHALLENGE'; conditions: { attribute: string; operation: conditional_operation; value: conditional_value; }[]; } | { action: 'DECLINE' | 'CHALLENGE'; conditions: { attribute: string; operation: conditional_operation; value: conditional_value; parameters?: object; }[]; } | { action: { type: 'APPROVE'; } | { code: string; type: 'RETURN'; }; conditions: { attribute: 'COMPANY_NAME' | 'COMPANY_ID' | 'TIMESTAMP' | 'TRANSACTION_AMOUNT' | 'SEC_CODE' | 'MEMO'; operation: conditional_operation; value: conditional_value; }[]; } | { action: { type: 'DECLINE'; reason?: string; } | { type: 'REQUIRE_TFA'; reason?: string; }; conditions: { attribute: string; operation: conditional_operation; value: conditional_value; }[]; } | { action: object | object; conditions: { attribute: string; operation: conditional_operation; value: conditional_value; parameters?: object; }[]; } | { code: string; features: object | object | object | object | object | object | object | object | object[]; }; state: 'PENDING' | 'SHADOWING' | 'ERROR'; version: number; }`\n  - `event_stream: string`\n  - `lithic_managed: boolean`\n  - `name: string`\n  - `program_level: boolean`\n  - `state: 'ACTIVE' | 'INACTIVE'`\n  - `type: 'CONDITIONAL_BLOCK' | 'VELOCITY_LIMIT' | 'MERCHANT_LOCK' | 'CONDITIONAL_ACTION' | 'TYPESCRIPT_CODE'`\n  - `excluded_account_tokens?: string[]`\n  - `excluded_business_account_tokens?: string[]`\n  - `excluded_card_tokens?: string[]`\n\n### Example\n\n```typescript\nimport Lithic from 'lithic';\n\nconst client = new Lithic();\n\nconst authRule = await client.authRules.v2.draft('182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e');\n\nconsole.log(authRule);\n```",
     perLanguage: {
       typescript: {
         method: 'client.authRules.v2.draft',
@@ -3187,6 +3187,55 @@ const EMBEDDED_METHODS: MethodEntry[] = [
       },
     },
   },
+  {
+    name: 'challenge_response',
+    endpoint: '/v1/card_authorizations/{event_token}/challenge_response',
+    httpMethod: 'post',
+    summary: 'Respond to Authorization Challenge',
+    description:
+      "Card program's response to Authorization Challenge.\nPrograms that have Authorization Challenges configured as Out of Band receive a [card_authorization.challenge](https://docs.lithic.com/reference/post_card-authorization-challenge) webhook when an authorization attempt triggers a challenge.\nThe card program should respond using this endpoint after the cardholder completes the challenge.",
+    stainlessPath: '(resource) card_authorizations > (method) challenge_response',
+    qualified: 'client.cardAuthorizations.challengeResponse',
+    params: ['event_token: string;', "response: 'APPROVE' | 'DECLINE';"],
+    markdown:
+      "## challenge_response\n\n`client.cardAuthorizations.challengeResponse(event_token: string, response: 'APPROVE' | 'DECLINE'): void`\n\n**post** `/v1/card_authorizations/{event_token}/challenge_response`\n\nCard program's response to Authorization Challenge.\nPrograms that have Authorization Challenges configured as Out of Band receive a [card_authorization.challenge](https://docs.lithic.com/reference/post_card-authorization-challenge) webhook when an authorization attempt triggers a challenge.\nThe card program should respond using this endpoint after the cardholder completes the challenge.\n\n### Parameters\n\n- `event_token: string`\n\n- `response: 'APPROVE' | 'DECLINE'`\n  Whether the cardholder has approved or declined the issued challenge\n\n### Example\n\n```typescript\nimport Lithic from 'lithic';\n\nconst client = new Lithic();\n\nawait client.cardAuthorizations.challengeResponse('182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e', { response: 'APPROVE' })\n```",
+    perLanguage: {
+      typescript: {
+        method: 'client.cardAuthorizations.challengeResponse',
+        example:
+          "import Lithic from 'lithic';\n\nconst client = new Lithic({\n  apiKey: process.env['LITHIC_API_KEY'], // This is the default and can be omitted\n});\n\nawait client.cardAuthorizations.challengeResponse('182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e', {\n  response: 'APPROVE',\n});",
+      },
+      python: {
+        method: 'card_authorizations.challenge_response',
+        example:
+          'import os\nfrom lithic import Lithic\n\nclient = Lithic(\n    api_key=os.environ.get("LITHIC_API_KEY"),  # This is the default and can be omitted\n)\nclient.card_authorizations.challenge_response(\n    event_token="182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",\n    response="APPROVE",\n)',
+      },
+      java: {
+        method: 'cardAuthorizations().challengeResponse',
+        example:
+          'package com.lithic.api.example;\n\nimport com.lithic.api.client.LithicClient;\nimport com.lithic.api.client.okhttp.LithicOkHttpClient;\nimport com.lithic.api.models.CardAuthorizationChallengeResponseParams;\n\npublic final class Main {\n    private Main() {}\n\n    public static void main(String[] args) {\n        LithicClient client = LithicOkHttpClient.fromEnv();\n\n        CardAuthorizationChallengeResponseParams params = CardAuthorizationChallengeResponseParams.builder()\n            .eventToken("182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e")\n            .response(CardAuthorizationChallengeResponseParams.Response.APPROVE)\n            .build();\n        client.cardAuthorizations().challengeResponse(params);\n    }\n}',
+      },
+      kotlin: {
+        method: 'cardAuthorizations().challengeResponse',
+        example:
+          'package com.lithic.api.example\n\nimport com.lithic.api.client.LithicClient\nimport com.lithic.api.client.okhttp.LithicOkHttpClient\nimport com.lithic.api.models.CardAuthorizationChallengeResponseParams\n\nfun main() {\n    val client: LithicClient = LithicOkHttpClient.fromEnv()\n\n    val params: CardAuthorizationChallengeResponseParams = CardAuthorizationChallengeResponseParams.builder()\n        .eventToken("182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e")\n        .response(CardAuthorizationChallengeResponseParams.Response.APPROVE)\n        .build()\n    client.cardAuthorizations().challengeResponse(params)\n}',
+      },
+      go: {
+        method: 'client.CardAuthorizations.ChallengeResponse',
+        example:
+          'package main\n\nimport (\n\t"context"\n\n\t"github.com/lithic-com/lithic-go"\n\t"github.com/lithic-com/lithic-go/option"\n)\n\nfunc main() {\n\tclient := lithic.NewClient(\n\t\toption.WithAPIKey("My Lithic API Key"),\n\t)\n\terr := client.CardAuthorizations.ChallengeResponse(\n\t\tcontext.TODO(),\n\t\t"182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",\n\t\tlithic.CardAuthorizationChallengeResponseParams{\n\t\t\tResponse: lithic.F(lithic.CardAuthorizationChallengeResponseParamsResponseApprove),\n\t\t},\n\t)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n}\n',
+      },
+      ruby: {
+        method: 'card_authorizations.challenge_response',
+        example:
+          'require "lithic"\n\nlithic = Lithic::Client.new(\n  api_key: "My Lithic API Key",\n  environment: "sandbox" # defaults to "production"\n)\n\nresult = lithic.card_authorizations.challenge_response("182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", response: :APPROVE)\n\nputs(result)',
+      },
+      http: {
+        example:
+          'curl https://api.lithic.com/v1/card_authorizations/$EVENT_TOKEN/challenge_response \\\n    -H \'Content-Type: application/json\' \\\n    -H "Authorization: $LITHIC_API_KEY" \\\n    -d \'{\n          "response": "APPROVE"\n        }\'',
+      },
+    },
+  },
   {
     name: 'list',
     endpoint: '/v1/card_bulk_orders',
diff --git a/packages/mcp-server/src/methods.ts b/packages/mcp-server/src/methods.ts
index 41531e65..8f2a64e0 100644
--- a/packages/mcp-server/src/methods.ts
+++ b/packages/mcp-server/src/methods.ts
@@ -364,6 +364,12 @@ export const sdkMethods: SdkMethod[] = [
     httpMethod: 'get',
     httpPath: '/v1/cards/{card_token}/financial_transactions',
   },
+  {
+    clientCallName: 'client.cardAuthorizations.challengeResponse',
+    fullyQualifiedName: 'cardAuthorizations.challengeResponse',
+    httpMethod: 'post',
+    httpPath: '/v1/card_authorizations/{event_token}/challenge_response',
+  },
   {
     clientCallName: 'client.cardBulkOrders.create',
     fullyQualifiedName: 'cardBulkOrders.create',
diff --git a/packages/mcp-server/src/server.ts b/packages/mcp-server/src/server.ts
index 7612b3f1..964f5925 100644
--- a/packages/mcp-server/src/server.ts
+++ b/packages/mcp-server/src/server.ts
@@ -29,7 +29,7 @@ export const newMcpServer = async ({
   new McpServer(
     {
       name: 'lithic_api',
-      version: '0.139.0',
+      version: '0.140.0',
     },
     {
       instructions: await getInstructions({ stainlessApiKey, customInstructionsPath }),
diff --git a/src/client.ts b/src/client.ts
index ba109c19..b639282d 100644
--- a/src/client.ts
+++ b/src/client.ts
@@ -53,6 +53,11 @@ import {
   BookTransferReverseParams,
   BookTransfers,
 } from './resources/book-transfers';
+import {
+  CardAuthorization,
+  CardAuthorizationChallengeResponseParams,
+  CardAuthorizations,
+} from './resources/card-authorizations';
 import {
   CardBulkOrder,
   CardBulkOrderCreateParams,
@@ -196,6 +201,7 @@ import {
   BookTransferTransactionUpdatedWebhookEvent,
   CardAuthorizationApprovalRequestWebhookEvent,
   CardAuthorizationChallengeResponseWebhookEvent,
+  CardAuthorizationChallengeWebhookEvent,
   CardConvertedWebhookEvent,
   CardCreatedWebhookEvent,
   CardReissuedWebhookEvent,
@@ -1149,6 +1155,7 @@ export class Lithic {
   tokenizationDecisioning: API.TokenizationDecisioning = new API.TokenizationDecisioning(this);
   tokenizations: API.Tokenizations = new API.Tokenizations(this);
   cards: API.Cards = new API.Cards(this);
+  cardAuthorizations: API.CardAuthorizations = new API.CardAuthorizations(this);
   cardBulkOrders: API.CardBulkOrders = new API.CardBulkOrders(this);
   balances: API.Balances = new API.Balances(this);
   disputes: API.Disputes = new API.Disputes(this);
@@ -1185,6 +1192,7 @@ Lithic.AuthStreamEnrollment = AuthStreamEnrollment;
 Lithic.TokenizationDecisioning = TokenizationDecisioning;
 Lithic.Tokenizations = Tokenizations;
 Lithic.Cards = Cards;
+Lithic.CardAuthorizations = CardAuthorizations;
 Lithic.CardBulkOrders = CardBulkOrders;
 Lithic.Balances = Balances;
 Lithic.Disputes = Disputes;
@@ -1305,6 +1313,12 @@ export declare namespace Lithic {
     type CardWebProvisionParams as CardWebProvisionParams,
   };
 
+  export {
+    CardAuthorizations as CardAuthorizations,
+    type CardAuthorization as CardAuthorization,
+    type CardAuthorizationChallengeResponseParams as CardAuthorizationChallengeResponseParams,
+  };
+
   export {
     CardBulkOrders as CardBulkOrders,
     type CardBulkOrder as CardBulkOrder,
@@ -1562,6 +1576,7 @@ export declare namespace Lithic {
     type AccountHolderVerificationWebhookEvent as AccountHolderVerificationWebhookEvent,
     type AccountHolderDocumentUpdatedWebhookEvent as AccountHolderDocumentUpdatedWebhookEvent,
     type CardAuthorizationApprovalRequestWebhookEvent as CardAuthorizationApprovalRequestWebhookEvent,
+    type CardAuthorizationChallengeWebhookEvent as CardAuthorizationChallengeWebhookEvent,
     type CardAuthorizationChallengeResponseWebhookEvent as CardAuthorizationChallengeResponseWebhookEvent,
     type AuthRulesBacktestReportCreatedWebhookEvent as AuthRulesBacktestReportCreatedWebhookEvent,
     type BalanceUpdatedWebhookEvent as BalanceUpdatedWebhookEvent,
diff --git a/src/resources/auth-rules/v2/v2.ts b/src/resources/auth-rules/v2/v2.ts
index f1db4265..45923088 100644
--- a/src/resources/auth-rules/v2/v2.ts
+++ b/src/resources/auth-rules/v2/v2.ts
@@ -529,9 +529,10 @@ export namespace Conditional3DSActionParameters {
      * - `TRANSACTION_AMOUNT`: The base transaction amount (in cents) plus the acquirer
      *   fee field in the settlement/cardholder billing currency. This is the amount
      *   the issuer should authorize against unless the issuer is paying the acquirer
-     *   fee on behalf of the cardholder.
+     *   fee on behalf of the cardholder. Use an integer value.
      * - `RISK_SCORE`: Mastercard only: Assessment by the network of the authentication
-     *   risk level, with a higher value indicating a higher amount of risk.
+     *   risk level, with a higher value indicating a higher amount of risk. Use an
+     *   integer value.
      * - `MESSAGE_CATEGORY`: The category of the authentication being processed.
      * - `ADDRESS_MATCH`: Lithic's evaluation result comparing transaction's address
      *   data with the cardholder KYC data if it exists. Valid values are `MATCH`,
@@ -672,7 +673,7 @@ export namespace ConditionalACHActionParameters {
      *   ID) of the entity initiating the ACH transaction.
      * - `TIMESTAMP`: The timestamp of the ACH transaction in ISO 8601 format.
      * - `TRANSACTION_AMOUNT`: The amount of the ACH transaction in minor units
-     *   (cents).
+     *   (cents). Use an integer value.
      * - `SEC_CODE`: Standard Entry Class code indicating the type of ACH transaction.
      *   Valid values include PPD (Prearranged Payment and Deposit Entry), CCD
      *   (Corporate Credit or Debit Entry), WEB (Internet-Initiated/Mobile Entry), TEL
@@ -801,26 +802,27 @@ export namespace ConditionalAuthorizationActionParameters {
      * - `TRANSACTION_AMOUNT`: The base transaction amount (in cents) plus the acquirer
      *   fee field in the settlement/cardholder billing currency. This is the amount
      *   the issuer should authorize against unless the issuer is paying the acquirer
-     *   fee on behalf of the cardholder.
+     *   fee on behalf of the cardholder. Use an integer value.
      * - `CASH_AMOUNT`: The cash amount of the transaction in minor units (cents). This
-     *   represents the amount of cash being withdrawn or advanced.
+     *   represents the amount of cash being withdrawn or advanced. Use an integer
+     *   value.
      * - `RISK_SCORE`: Network-provided score assessing risk level associated with a
      *   given authorization. Scores are on a range of 0-999, with 0 representing the
      *   lowest risk and 999 representing the highest risk. For Visa transactions,
      *   where the raw score has a range of 0-99, Lithic will normalize the score by
-     *   multiplying the raw score by 10x.
+     *   multiplying the raw score by 10x. Use an integer value.
      * - `CARD_TRANSACTION_COUNT_15M`: The number of transactions on the card in the
-     *   trailing 15 minutes before the authorization.
+     *   trailing 15 minutes before the authorization. Use an integer value.
      * - `CARD_TRANSACTION_COUNT_1H`: The number of transactions on the card in the
-     *   trailing hour up and until the authorization.
+     *   trailing hour up and until the authorization. Use an integer value.
      * - `CARD_TRANSACTION_COUNT_24H`: The number of transactions on the card in the
-     *   trailing 24 hours up and until the authorization.
+     *   trailing 24 hours up and until the authorization. Use an integer value.
      * - `CARD_DECLINE_COUNT_15M`: The number of declined transactions on the card in
-     *   the trailing 15 minutes before the authorization.
+     *   the trailing 15 minutes before the authorization. Use an integer value.
      * - `CARD_DECLINE_COUNT_1H`: The number of declined transactions on the card in
-     *   the trailing hour up and until the authorization.
+     *   the trailing hour up and until the authorization. Use an integer value.
      * - `CARD_DECLINE_COUNT_24H`: The number of declined transactions on the card in
-     *   the trailing 24 hours up and until the authorization.
+     *   the trailing 24 hours up and until the authorization. Use an integer value.
      * - `CARD_STATE`: The current state of the card associated with the transaction.
      *   Valid values are `CLOSED`, `OPEN`, `PAUSED`, `PENDING_ACTIVATION`,
      *   `PENDING_FULFILLMENT`.
@@ -845,18 +847,21 @@ export namespace ConditionalAuthorizationActionParameters {
      *   data, the service location postal code is used. Otherwise, falls back to the
      *   card acceptor postal code.
      * - `CARD_AGE`: The age of the card in seconds at the time of the authorization.
+     *   Use an integer value.
      * - `ACCOUNT_AGE`: The age of the account holder's account in seconds at the time
-     *   of the authorization.
+     *   of the authorization. Use an integer value. For programs where Lithic does not
+     *   manage or retain account holder data, this attribute does not evaluate.
      * - `AMOUNT_Z_SCORE`: The z-score of the transaction amount relative to the
      *   entity's transaction history. Null if fewer than 30 approved transactions in
      *   the specified window. Requires `parameters.scope` and `parameters.interval`.
+     *   Use a decimal value.
      * - `AVG_TRANSACTION_AMOUNT`: The average approved transaction amount for the
      *   entity over the specified window, in cents. Requires `parameters.scope` and
-     *   `parameters.interval`.
+     *   `parameters.interval`. Use a decimal value.
      * - `STDEV_TRANSACTION_AMOUNT`: The standard deviation of approved transaction
      *   amounts for the entity over the specified window, in cents. Null if fewer than
      *   30 approved transactions in the specified window. Requires `parameters.scope`
-     *   and `parameters.interval`.
+     *   and `parameters.interval`. Use a decimal value.
      * - `IS_NEW_COUNTRY`: Whether the transaction's merchant country has not been seen
      *   in the entity's transaction history. Valid values are `TRUE`, `FALSE`.
      *   Requires `parameters.scope`.
@@ -867,26 +872,31 @@ export namespace ConditionalAuthorizationActionParameters {
      *   Valid values are `TRUE`, `FALSE`. Requires `parameters.scope`.
      * - `CONSECUTIVE_DECLINES`: The number of consecutive declined transactions for
      *   the entity over the last 30 days (rolling). Requires `parameters.scope`. Not
-     *   supported for `BUSINESS_ACCOUNT` scope.
+     *   supported for `BUSINESS_ACCOUNT` scope. Use an integer value.
      * - `TIME_SINCE_LAST_TRANSACTION`: The number of days since the last approved
-     *   transaction for the entity. Requires `parameters.scope`.
+     *   transaction for the entity, rounded to the nearest whole day. Requires
+     *   `parameters.scope`. Use an integer value.
      * - `DISTINCT_COUNTRY_COUNT`: The number of distinct merchant countries seen in
-     *   the entity's transaction history. Requires `parameters.scope`.
+     *   the entity's transaction history. Requires `parameters.scope`. Use an integer
+     *   value.
      * - `IS_NEW_MERCHANT`: Whether the card acceptor ID has not been seen in the
      *   card's approved transaction history (capped at the 1000 most recently seen
      *   merchants). Valid values are `TRUE`, `FALSE`. Card-scoped only; no
      *   `parameters` required.
      * - `THREE_DS_SUCCESS_RATE`: The 3DS authentication success rate for the card, as
      *   a percentage from 0.0 to 100.0. Card-scoped only; no `parameters` required.
+     *   Use a decimal value.
      * - `TRAVEL_SPEED`: The estimated speed of travel derived from the distance
      *   between the postal code centers of the last card-present transaction and the
      *   current transaction, divided by the elapsed time. Null if there is no prior
      *   card-present transaction, if either postal code cannot be geocoded, or if
-     *   elapsed time is zero. Requires `parameters.unit` set to `MPH` or `KPH`.
+     *   elapsed time is zero. Requires `parameters.unit` set to `MPH` or `KPH`. Use a
+     *   decimal value.
      * - `DISTANCE_FROM_LAST_TRANSACTION`: The estimated distance between the postal
      *   code centers of the last card-present transaction and the current transaction.
      *   Null if there is no prior card-present transaction or if either postal code
      *   cannot be geocoded. Requires `parameters.unit` set to `MILES` or `KILOMETERS`.
+     *   Use a decimal value.
      */
     attribute:
       | 'MCC'
@@ -1021,12 +1031,12 @@ export namespace ConditionalCardTransactionUpdateActionParameters {
      * - `TRANSACTION_AMOUNT`: The base transaction amount (in cents) plus the acquirer
      *   fee field in the settlement/cardholder billing currency. This is the amount
      *   the issuer should authorize against unless the issuer is paying the acquirer
-     *   fee on behalf of the cardholder.
+     *   fee on behalf of the cardholder. Use an integer value.
      * - `RISK_SCORE`: Network-provided score assessing risk level associated with a
      *   given authorization. Scores are on a range of 0-999, with 0 representing the
      *   lowest risk and 999 representing the highest risk. For Visa transactions,
      *   where the raw score has a range of 0-99, Lithic will normalize the score by
-     *   multiplying the raw score by 10x.
+     *   multiplying the raw score by 10x. Use an integer value.
      * - `TRANSACTION_STATUS`: The status of the transaction. Valid values are
      *   `PENDING`, `VOIDED`, `SETTLING`, `SETTLED`, `BOUNCED`, `RETURNED`, `DECLINED`,
      *   `EXPIRED`.
@@ -1047,15 +1057,17 @@ export namespace ConditionalCardTransactionUpdateActionParameters {
      * - `WALLET_TYPE`: For transactions using a digital wallet token, indicates the
      *   source of the token. Valid values are `APPLE_PAY`, `GOOGLE_PAY`,
      *   `SAMSUNG_PAY`, `MASTERPASS`, `MERCHANT`, `OTHER`, `NONE`.
-     * - `CARD_AGE`: The age of the card in seconds at the time of the transaction.
+     * - `CARD_AGE`: The age of the card in seconds at the time of the transaction. Use
+     *   an integer value.
      * - `ACCOUNT_AGE`: The age of the account in seconds at the time of the
-     *   transaction.
+     *   transaction. Use an integer value. For programs where Lithic does not manage
+     *   or retain account holder data, this attribute does not evaluate.
      * - `SPEND_VELOCITY_COUNT`: The number of transactions matching the specified
      *   filters within the given period. Requires `parameters` with `scope`, `period`,
-     *   and optional `filters`.
+     *   and optional `filters`. Use an integer value.
      * - `SPEND_VELOCITY_AMOUNT`: The total spend amount (in cents) of transactions
      *   matching the specified filters within the given period. Requires `parameters`
-     *   with `scope`, `period`, and optional `filters`.
+     *   with `scope`, `period`, and optional `filters`. Use an integer value.
      */
     attribute:
       | 'MCC'
@@ -1218,10 +1230,10 @@ export namespace ConditionalTokenizationActionParameters {
      *   `SAMSUNG_PAY`, `UNKNOWN`, `VISA_CHECKOUT`.
      * - `WALLET_ACCOUNT_SCORE`: Risk score for the account in the digital wallet.
      *   Numeric value where lower numbers indicate higher risk (e.g., 1 = high risk, 2
-     *   = medium risk).
+     *   = medium risk). Use an integer value.
      * - `WALLET_DEVICE_SCORE`: Risk score for the device in the digital wallet.
      *   Numeric value where lower numbers indicate higher risk (e.g., 1 = high risk, 2
-     *   = medium risk).
+     *   = medium risk). Use an integer value.
      * - `WALLET_RECOMMENDED_DECISION`: The decision recommended by the digital wallet
      *   provider. Valid values include APPROVE, DECLINE,
      *   REQUIRE_ADDITIONAL_AUTHENTICATION.
@@ -1277,7 +1289,7 @@ export namespace ConditionalTokenizationActionParameters {
 /**
  * A regex string, to be used with `MATCHES` or `DOES_NOT_MATCH`
  */
-export type ConditionalValue = string | number | Array<string> | (string & {});
+export type ConditionalValue = string | number | number | Array<string> | (string & {});
 
 /**
  * The event stream during which the rule will be evaluated.
diff --git a/src/resources/card-authorizations.ts b/src/resources/card-authorizations.ts
new file mode 100644
index 00000000..f6088807
--- /dev/null
+++ b/src/resources/card-authorizations.ts
@@ -0,0 +1,670 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+import { APIResource } from '../core/resource';
+import * as Shared from './shared';
+import * as TransactionsAPI from './transactions/transactions';
+import { APIPromise } from '../core/api-promise';
+import { RequestOptions } from '../internal/request-options';
+import { path } from '../internal/utils/path';
+
+export class CardAuthorizations extends APIResource {
+  /**
+   * Card program's response to Authorization Challenge. Programs that have
+   * Authorization Challenges configured as Out of Band receive a
+   * [card_authorization.challenge](https://docs.lithic.com/reference/post_card-authorization-challenge)
+   * webhook when an authorization attempt triggers a challenge. The card program
+   * should respond using this endpoint after the cardholder completes the challenge.
+   */
+  challengeResponse(
+    eventToken: string,
+    body: CardAuthorizationChallengeResponseParams,
+    options?: RequestOptions,
+  ): APIPromise<void> {
+    return this._client.post(path`/v1/card_authorizations/${eventToken}/challenge_response`, {
+      body,
+      ...options,
+    });
+  }
+}
+
+/**
+ * Card Authorization
+ */
+export interface CardAuthorization {
+  /**
+   * The provisional transaction group uuid associated with the authorization
+   */
+  token: string;
+
+  /**
+   * Fee (in cents) assessed by the merchant and paid for by the cardholder. Will be
+   * zero if no fee is assessed. Rebates may be transmitted as a negative value to
+   * indicate credited fees.
+   */
+  acquirer_fee: number;
+
+  /**
+   * @deprecated Deprecated, use `amounts`. Authorization amount of the transaction
+   * (in cents), including any acquirer fees. The contents of this field are
+   * identical to `authorization_amount`.
+   */
+  amount: number;
+
+  /**
+   * Structured amounts for this authorization. The `cardholder` and `merchant`
+   * amounts reflect the original network authorization values. For programs with
+   * hold adjustments enabled (e.g., automated fuel dispensers or tipping MCCs), the
+   * `hold` amount may exceed the `cardholder` and `merchant` amounts to account for
+   * anticipated final transaction amounts such as tips or fuel fill-ups
+   */
+  amounts: CardAuthorization.Amounts;
+
+  /**
+   * @deprecated Deprecated, use `amounts`. The base transaction amount (in cents)
+   * plus the acquirer fee field. This is the amount the issuer should authorize
+   * against unless the issuer is paying the acquirer fee on behalf of the
+   * cardholder.
+   */
+  authorization_amount: number;
+
+  avs: CardAuthorization.Avs;
+
+  /**
+   * Card object in ASA
+   */
+  card: CardAuthorization.Card;
+
+  /**
+   * @deprecated Deprecated, use `amounts`. 3-character alphabetic ISO 4217 code for
+   * cardholder's billing currency.
+   */
+  cardholder_currency: string;
+
+  /**
+   * The portion of the transaction requested as cash back by the cardholder, and
+   * does not include any acquirer fees. The amount field includes the purchase
+   * amount, the requested cash back amount, and any acquirer fees.
+   *
+   * If no cash back was requested, the value of this field will be 0, and the field
+   * will always be present.
+   */
+  cash_amount: number;
+
+  /**
+   * Date and time when the transaction first occurred in UTC.
+   */
+  created: string;
+
+  /**
+   * Merchant information including full location details.
+   */
+  merchant: CardAuthorization.Merchant;
+
+  /**
+   * @deprecated Deprecated, use `amounts`. The amount that the merchant will
+   * receive, denominated in `merchant_currency` and in the smallest currency unit.
+   * Note the amount includes `acquirer_fee`, similar to `authorization_amount`. It
+   * will be different from `authorization_amount` if the merchant is taking payment
+   * in a different currency.
+   */
+  merchant_amount: number;
+
+  /**
+   * @deprecated 3-character alphabetic ISO 4217 code for the local currency of the
+   * transaction.
+   */
+  merchant_currency: string;
+
+  /**
+   * Where the cardholder received the service, when different from the card acceptor
+   * location. This is populated from network data elements such as Mastercard DE-122
+   * SE1 SF9-14 and Visa F34 DS02.
+   */
+  service_location: CardAuthorization.ServiceLocation | null;
+
+  /**
+   * @deprecated Deprecated, use `amounts`. Amount (in cents) of the transaction that
+   * has been settled, including any acquirer fees.
+   */
+  settled_amount: number;
+
+  /**
+   * The type of authorization request that this request is for. Note that
+   * `CREDIT_AUTHORIZATION` and `FINANCIAL_CREDIT_AUTHORIZATION` is only available to
+   * users with credit decisioning via ASA enabled.
+   */
+  status:
+    | 'AUTHORIZATION'
+    | 'CREDIT_AUTHORIZATION'
+    | 'FINANCIAL_AUTHORIZATION'
+    | 'FINANCIAL_CREDIT_AUTHORIZATION'
+    | 'BALANCE_INQUIRY';
+
+  /**
+   * The entity that initiated the transaction.
+   */
+  transaction_initiator: 'CARDHOLDER' | 'MERCHANT' | 'UNKNOWN';
+
+  account_type?: 'CHECKING' | 'SAVINGS';
+
+  cardholder_authentication?: TransactionsAPI.CardholderAuthentication;
+
+  /**
+   * Deprecated, use `cash_amount`.
+   */
+  cashback?: number;
+
+  /**
+   * @deprecated Deprecated, use `amounts`. If the transaction was requested in a
+   * currency other than the settlement currency, this field will be populated to
+   * indicate the rate used to translate the merchant_amount to the amount (i.e.,
+   * `merchant_amount` x `conversion_rate` = `amount`). Note that the
+   * `merchant_amount` is in the local currency and the amount is in the settlement
+   * currency.
+   */
+  conversion_rate?: number;
+
+  /**
+   * The event token associated with the authorization. This field is only set for
+   * programs enrolled into the beta.
+   */
+  event_token?: string;
+
+  /**
+   * Optional Object containing information if the Card is a part of a Fleet managed
+   * program
+   */
+  fleet_info?: CardAuthorization.FleetInfo | null;
+
+  /**
+   * The latest Authorization Challenge that was issued to the cardholder for this
+   * merchant.
+   */
+  latest_challenge?: CardAuthorization.LatestChallenge;
+
+  /**
+   * Card network of the authorization.
+   */
+  network?: 'AMEX' | 'INTERLINK' | 'MAESTRO' | 'MASTERCARD' | 'UNKNOWN' | 'VISA';
+
+  /**
+   * Network-provided score assessing risk level associated with a given
+   * authorization. Scores are on a range of 0-999, with 0 representing the lowest
+   * risk and 999 representing the highest risk. For Visa transactions, where the raw
+   * score has a range of 0-99, Lithic will normalize the score by multiplying the
+   * raw score by 10x.
+   */
+  network_risk_score?: number | null;
+
+  /**
+   * Contains raw data provided by the card network, including attributes that
+   * provide further context about the authorization. If populated by the network,
+   * data is organized by Lithic and passed through without further modification.
+   * Please consult the official network documentation for more details about these
+   * values and how to use them. This object is only available to certain programs-
+   * contact your Customer Success Manager to discuss enabling access.
+   */
+  network_specific_data?: CardAuthorization.NetworkSpecificData | null;
+
+  pos?: CardAuthorization.Pos;
+
+  token_info?: TransactionsAPI.TokenInfo | null;
+
+  /**
+   * Deprecated: approximate time-to-live for the authorization.
+   */
+  ttl?: string;
+}
+
+export namespace CardAuthorization {
+  /**
+   * Structured amounts for this authorization. The `cardholder` and `merchant`
+   * amounts reflect the original network authorization values. For programs with
+   * hold adjustments enabled (e.g., automated fuel dispensers or tipping MCCs), the
+   * `hold` amount may exceed the `cardholder` and `merchant` amounts to account for
+   * anticipated final transaction amounts such as tips or fuel fill-ups
+   */
+  export interface Amounts {
+    cardholder: Amounts.Cardholder;
+
+    hold: Amounts.Hold | null;
+
+    merchant: Amounts.Merchant;
+
+    settlement: Amounts.Settlement | null;
+  }
+
+  export namespace Amounts {
+    export interface Cardholder {
+      /**
+       * Amount in the smallest unit of the applicable currency (e.g., cents)
+       */
+      amount: number;
+
+      /**
+       * Exchange rate used for currency conversion
+       */
+      conversion_rate: string;
+
+      /**
+       * 3-character alphabetic ISO 4217 currency
+       */
+      currency: Shared.Currency;
+    }
+
+    export interface Hold {
+      /**
+       * Amount in the smallest unit of the applicable currency (e.g., cents)
+       */
+      amount: number;
+
+      /**
+       * 3-character alphabetic ISO 4217 currency
+       */
+      currency: Shared.Currency;
+    }
+
+    export interface Merchant {
+      /**
+       * Amount in the smallest unit of the applicable currency (e.g., cents)
+       */
+      amount: number;
+
+      /**
+       * 3-character alphabetic ISO 4217 currency
+       */
+      currency: Shared.Currency;
+    }
+
+    export interface Settlement {
+      /**
+       * Amount in the smallest unit of the applicable currency (e.g., cents)
+       */
+      amount: number;
+
+      /**
+       * 3-character alphabetic ISO 4217 currency
+       */
+      currency: Shared.Currency;
+    }
+  }
+
+  export interface Avs {
+    /**
+     * Cardholder address
+     */
+    address: string;
+
+    /**
+     * Lithic's evaluation result comparing the transaction's address data with the
+     * cardholder KYC data if it exists. In the event Lithic does not have any
+     * Cardholder KYC data, or the transaction does not contain any address data,
+     * NOT_PRESENT will be returned
+     */
+    address_on_file_match: 'MATCH' | 'MATCH_ADDRESS_ONLY' | 'MATCH_ZIP_ONLY' | 'MISMATCH' | 'NOT_PRESENT';
+
+    /**
+     * Cardholder ZIP code
+     */
+    zipcode: string;
+  }
+
+  /**
+   * Card object in ASA
+   */
+  export interface Card {
+    /**
+     * Globally unique identifier for the card.
+     */
+    token: string;
+
+    /**
+     * Last four digits of the card number
+     */
+    last_four: string;
+
+    /**
+     * Customizable name to identify the card
+     */
+    memo: string;
+
+    /**
+     * Amount (in cents) to limit approved authorizations. Purchase requests above the
+     * spend limit will be declined (refunds and credits will be approved).
+     *
+     * Note that while spend limits are enforced based on authorized and settled volume
+     * on a card, they are not recommended to be used for balance or
+     * reconciliation-level accuracy. Spend limits also cannot block force posted
+     * charges (i.e., when a merchant sends a clearing message without a prior
+     * authorization).
+     */
+    spend_limit: number;
+
+    /**
+     * Note that to support recurring monthly payments, which can occur on different
+     * day every month, the time window we consider for MONTHLY velocity starts 6 days
+     * after the current calendar date one month prior.
+     */
+    spend_limit_duration: 'ANNUALLY' | 'FOREVER' | 'MONTHLY' | 'TRANSACTION';
+
+    state: 'CLOSED' | 'OPEN' | 'PAUSED' | 'PENDING_ACTIVATION' | 'PENDING_FULFILLMENT';
+
+    type: 'SINGLE_USE' | 'MERCHANT_LOCKED' | 'UNLOCKED' | 'PHYSICAL' | 'DIGITAL_WALLET' | 'VIRTUAL';
+  }
+
+  /**
+   * Merchant information including full location details.
+   */
+  export interface Merchant extends Shared.Merchant {
+    /**
+     * Phone number of card acceptor.
+     */
+    phone_number: string | null;
+
+    /**
+     * Postal code of card acceptor.
+     */
+    postal_code: string | null;
+
+    /**
+     * Street address of card acceptor.
+     */
+    street_address: string | null;
+  }
+
+  /**
+   * Where the cardholder received the service, when different from the card acceptor
+   * location. This is populated from network data elements such as Mastercard DE-122
+   * SE1 SF9-14 and Visa F34 DS02.
+   */
+  export interface ServiceLocation {
+    /**
+     * City of service location.
+     */
+    city: string | null;
+
+    /**
+     * Country code of service location, ISO 3166-1 alpha-3.
+     */
+    country: string | null;
+
+    /**
+     * Postal code of service location.
+     */
+    postal_code: string | null;
+
+    /**
+     * State/province code of service location, ISO 3166-2.
+     */
+    state: string | null;
+
+    /**
+     * Street address of service location.
+     */
+    street_address: string | null;
+  }
+
+  /**
+   * Optional Object containing information if the Card is a part of a Fleet managed
+   * program
+   */
+  export interface FleetInfo {
+    /**
+     * Code indicating what the driver was prompted to enter at time of purchase. This
+     * is configured at a program level and is a static configuration, and does not
+     * change on a request to request basis
+     */
+    fleet_prompt_code: 'NO_PROMPT' | 'VEHICLE_NUMBER' | 'DRIVER_NUMBER';
+
+    /**
+     * Code indicating which restrictions, if any, there are on purchase. This is
+     * configured at a program level and is a static configuration, and does not change
+     * on a request to request basis
+     */
+    fleet_restriction_code: 'NO_RESTRICTIONS' | 'FUEL_ONLY';
+
+    /**
+     * Number representing the driver
+     */
+    driver_number?: string | null;
+
+    /**
+     * Number associated with the vehicle
+     */
+    vehicle_number?: string | null;
+  }
+
+  /**
+   * The latest Authorization Challenge that was issued to the cardholder for this
+   * merchant.
+   */
+  export interface LatestChallenge {
+    /**
+     * The phone number used for sending Authorization Challenge SMS.
+     */
+    phone_number: string;
+
+    /**
+     * The status of the Authorization Challenge
+     *
+     * - `COMPLETED` - Challenge was successfully completed by the cardholder
+     * - `PENDING` - Challenge is still open
+     * - `EXPIRED` - Challenge has expired without being completed
+     * - `ERROR` - There was an error processing the challenge
+     */
+    status: 'COMPLETED' | 'PENDING' | 'EXPIRED' | 'ERROR';
+
+    /**
+     * The date and time when the Authorization Challenge was completed in UTC. Present
+     * only if the status is `COMPLETED`.
+     */
+    completed_at?: string;
+  }
+
+  /**
+   * Contains raw data provided by the card network, including attributes that
+   * provide further context about the authorization. If populated by the network,
+   * data is organized by Lithic and passed through without further modification.
+   * Please consult the official network documentation for more details about these
+   * values and how to use them. This object is only available to certain programs-
+   * contact your Customer Success Manager to discuss enabling access.
+   */
+  export interface NetworkSpecificData {
+    mastercard?: NetworkSpecificData.Mastercard | null;
+
+    visa?: NetworkSpecificData.Visa | null;
+  }
+
+  export namespace NetworkSpecificData {
+    export interface Mastercard {
+      /**
+       * Indicates the electronic commerce security level and UCAF collection.
+       */
+      ecommerce_security_level_indicator?: string | null;
+
+      /**
+       * The On-behalf Service performed on the transaction and the results. Contains all
+       * applicable, on-behalf service results that were performed on a given
+       * transaction.
+       */
+      on_behalf_service_result?: Array<Mastercard.OnBehalfServiceResult> | null;
+
+      /**
+       * Indicates the type of additional transaction purpose.
+       */
+      transaction_type_identifier?: string | null;
+    }
+
+    export namespace Mastercard {
+      export interface OnBehalfServiceResult {
+        /**
+         * Indicates the results of the service processing.
+         */
+        result_1: string;
+
+        /**
+         * Identifies the results of the service processing.
+         */
+        result_2: string;
+
+        /**
+         * Indicates the service performed on the transaction.
+         */
+        service: string;
+      }
+    }
+
+    export interface Visa {
+      /**
+       * Identifies the purpose or category of a transaction, used to classify and
+       * process transactions according to Visa’s rules.
+       */
+      business_application_identifier?: string | null;
+    }
+  }
+
+  export interface Pos {
+    /**
+     * POS > Entry Mode object in ASA
+     */
+    entry_mode?: Pos.EntryMode;
+
+    terminal?: Pos.Terminal;
+  }
+
+  export namespace Pos {
+    /**
+     * POS > Entry Mode object in ASA
+     */
+    export interface EntryMode {
+      /**
+       * Card Presence Indicator
+       */
+      card?: 'PRESENT' | 'NOT_PRESENT' | 'UNKNOWN';
+
+      /**
+       * Cardholder Presence Indicator
+       */
+      cardholder?:
+        | 'DEFERRED_BILLING'
+        | 'ELECTRONIC_ORDER'
+        | 'INSTALLMENT'
+        | 'MAIL_ORDER'
+        | 'NOT_PRESENT'
+        | 'PRESENT'
+        | 'REOCCURRING'
+        | 'TELEPHONE_ORDER'
+        | 'UNKNOWN';
+
+      /**
+       * Method of entry for the PAN
+       */
+      pan?:
+        | 'AUTO_ENTRY'
+        | 'BAR_CODE'
+        | 'CONTACTLESS'
+        | 'ECOMMERCE'
+        | 'ERROR_KEYED'
+        | 'ERROR_MAGNETIC_STRIPE'
+        | 'ICC'
+        | 'KEY_ENTERED'
+        | 'MAGNETIC_STRIPE'
+        | 'MANUAL'
+        | 'OCR'
+        | 'SECURE_CARDLESS'
+        | 'UNSPECIFIED'
+        | 'UNKNOWN'
+        | 'CREDENTIAL_ON_FILE';
+
+      /**
+       * Indicates whether the cardholder entered the PIN. True if the PIN was entered.
+       */
+      pin_entered?: boolean;
+    }
+
+    export interface Terminal {
+      /**
+       * True if a clerk is present at the sale.
+       */
+      attended: boolean;
+
+      /**
+       * True if the terminal is capable of retaining the card.
+       */
+      card_retention_capable: boolean;
+
+      /**
+       * True if the sale was made at the place of business (vs. mobile).
+       */
+      on_premise: boolean;
+
+      /**
+       * The person that is designated to swipe the card
+       */
+      operator: 'ADMINISTRATIVE' | 'CARDHOLDER' | 'CARD_ACCEPTOR' | 'UNKNOWN';
+
+      /**
+       * True if the terminal is capable of partial approval. Partial approval is when
+       * part of a transaction is approved and another payment must be used for the
+       * remainder. Example scenario: A $40 transaction is attempted on a prepaid card
+       * with a $25 balance. If partial approval is enabled, $25 can be authorized, at
+       * which point the POS will prompt the user for an additional payment of $15.
+       */
+      partial_approval_capable: boolean;
+
+      /**
+       * Status of whether the POS is able to accept PINs
+       */
+      pin_capability: 'CAPABLE' | 'INOPERATIVE' | 'NOT_CAPABLE' | 'UNSPECIFIED';
+
+      /**
+       * POS Type
+       */
+      type:
+        | 'ADMINISTRATIVE'
+        | 'ATM'
+        | 'AUTHORIZATION'
+        | 'COUPON_MACHINE'
+        | 'DIAL_TERMINAL'
+        | 'ECOMMERCE'
+        | 'ECR'
+        | 'FUEL_MACHINE'
+        | 'HOME_TERMINAL'
+        | 'MICR'
+        | 'OFF_PREMISE'
+        | 'PAYMENT'
+        | 'PDA'
+        | 'PHONE'
+        | 'POINT'
+        | 'POS_TERMINAL'
+        | 'PUBLIC_UTILITY'
+        | 'SELF_SERVICE'
+        | 'TELEVISION'
+        | 'TELLER'
+        | 'TRAVELERS_CHECK_MACHINE'
+        | 'VENDING'
+        | 'VOICE'
+        | 'UNKNOWN';
+
+      /**
+       * Uniquely identifies a terminal at the card acceptor location of acquiring
+       * institutions or merchant POS Systems. Left justified with trailing spaces.
+       */
+      acceptor_terminal_id?: string | null;
+    }
+  }
+}
+
+export interface CardAuthorizationChallengeResponseParams {
+  /**
+   * Whether the cardholder has approved or declined the issued challenge
+   */
+  response: 'APPROVE' | 'DECLINE';
+}
+
+export declare namespace CardAuthorizations {
+  export {
+    type CardAuthorization as CardAuthorization,
+    type CardAuthorizationChallengeResponseParams as CardAuthorizationChallengeResponseParams,
+  };
+}
diff --git a/src/resources/events/events.ts b/src/resources/events/events.ts
index 6ee7dfd9..e034f7fe 100644
--- a/src/resources/events/events.ts
+++ b/src/resources/events/events.ts
@@ -109,6 +109,10 @@ export interface Event {
    *   created.
    * - book_transfer_transaction.updated: Occurs when a book transfer transaction is
    *   updated.
+   * - card_authorization.challenge: Occurs when an Out of Band challenge is issued
+   *   during card authorization. The card program should issue its own challenge to
+   *   the cardholder and then respond via
+   *   [/v1/card_authorizations/{event_token}/challenge_response](https://docs.lithic.com/reference/respondtoauthorizationchallenge).
    * - card_authorization.challenge_response: Occurs when a cardholder responds to an
    *   SMS challenge during card authorization.
    * - card_transaction.enhanced_data.created: Occurs when L2/L3 enhanced commercial
@@ -205,6 +209,7 @@ export interface Event {
     | 'balance.updated'
     | 'book_transfer_transaction.created'
     | 'book_transfer_transaction.updated'
+    | 'card_authorization.challenge'
     | 'card_authorization.challenge_response'
     | 'card_transaction.enhanced_data.created'
     | 'card_transaction.enhanced_data.updated'
@@ -284,6 +289,7 @@ export interface EventSubscription {
     | 'balance.updated'
     | 'book_transfer_transaction.created'
     | 'book_transfer_transaction.updated'
+    | 'card_authorization.challenge'
     | 'card_authorization.challenge_response'
     | 'card_transaction.enhanced_data.created'
     | 'card_transaction.enhanced_data.updated'
@@ -401,6 +407,7 @@ export interface EventListParams extends CursorPageParams {
     | 'balance.updated'
     | 'book_transfer_transaction.created'
     | 'book_transfer_transaction.updated'
+    | 'card_authorization.challenge'
     | 'card_authorization.challenge_response'
     | 'card_transaction.enhanced_data.created'
     | 'card_transaction.enhanced_data.updated'
diff --git a/src/resources/events/subscriptions.ts b/src/resources/events/subscriptions.ts
index 4d08452b..73c106ca 100644
--- a/src/resources/events/subscriptions.ts
+++ b/src/resources/events/subscriptions.ts
@@ -175,6 +175,7 @@ export interface SubscriptionCreateParams {
     | 'balance.updated'
     | 'book_transfer_transaction.created'
     | 'book_transfer_transaction.updated'
+    | 'card_authorization.challenge'
     | 'card_authorization.challenge_response'
     | 'card_transaction.enhanced_data.created'
     | 'card_transaction.enhanced_data.updated'
@@ -252,6 +253,7 @@ export interface SubscriptionUpdateParams {
     | 'balance.updated'
     | 'book_transfer_transaction.created'
     | 'book_transfer_transaction.updated'
+    | 'card_authorization.challenge'
     | 'card_authorization.challenge_response'
     | 'card_transaction.enhanced_data.created'
     | 'card_transaction.enhanced_data.updated'
@@ -359,6 +361,7 @@ export interface SubscriptionSendSimulatedExampleParams {
     | 'balance.updated'
     | 'book_transfer_transaction.created'
     | 'book_transfer_transaction.updated'
+    | 'card_authorization.challenge'
     | 'card_authorization.challenge_response'
     | 'card_transaction.enhanced_data.created'
     | 'card_transaction.enhanced_data.updated'
diff --git a/src/resources/index.ts b/src/resources/index.ts
index 31f6c61f..9bd437df 100644
--- a/src/resources/index.ts
+++ b/src/resources/index.ts
@@ -51,6 +51,11 @@ export {
   type BookTransferReverseParams,
   type BookTransferResponsesCursorPage,
 } from './book-transfers';
+export {
+  CardAuthorizations,
+  type CardAuthorization,
+  type CardAuthorizationChallengeResponseParams,
+} from './card-authorizations';
 export {
   CardBulkOrders,
   type CardBulkOrder,
@@ -299,6 +304,7 @@ export {
   type AccountHolderVerificationWebhookEvent,
   type AccountHolderDocumentUpdatedWebhookEvent,
   type CardAuthorizationApprovalRequestWebhookEvent,
+  type CardAuthorizationChallengeWebhookEvent,
   type CardAuthorizationChallengeResponseWebhookEvent,
   type AuthRulesBacktestReportCreatedWebhookEvent,
   type BalanceUpdatedWebhookEvent,
diff --git a/src/resources/webhooks.ts b/src/resources/webhooks.ts
index d18feb15..aab001c4 100644
--- a/src/resources/webhooks.ts
+++ b/src/resources/webhooks.ts
@@ -4,6 +4,7 @@ import { getRequiredHeader, HeadersLike } from '../internal/headers';
 import { APIResource } from '../core/resource';
 import { Webhook } from 'standardwebhooks';
 import * as BookTransfersAPI from './book-transfers';
+import * as CardAuthorizationsAPI from './card-authorizations';
 import * as DisputesAPI from './disputes';
 import * as DisputesV2API from './disputes-v2';
 import * as ExternalPaymentsAPI from './external-payments';
@@ -11,7 +12,6 @@ import * as FundingEventsAPI from './funding-events';
 import * as InternalTransactionAPI from './internal-transaction';
 import * as ManagementOperationsAPI from './management-operations';
 import * as PaymentsAPI from './payments';
-import * as Shared from './shared';
 import * as TokenizationsAPI from './tokenizations';
 import * as AccountHoldersAPI from './account-holders/account-holders';
 import * as ExternalBankAccountsAPI from './external-bank-accounts/external-bank-accounts';
@@ -667,630 +667,51 @@ export namespace AccountHolderDocumentUpdatedWebhookEvent {
   }
 }
 
-export interface CardAuthorizationApprovalRequestWebhookEvent {
-  /**
-   * The provisional transaction group uuid associated with the authorization
-   */
-  token: string;
-
-  /**
-   * Fee (in cents) assessed by the merchant and paid for by the cardholder. Will be
-   * zero if no fee is assessed. Rebates may be transmitted as a negative value to
-   * indicate credited fees.
-   */
-  acquirer_fee: number;
-
-  /**
-   * @deprecated Deprecated, use `amounts`. Authorization amount of the transaction
-   * (in cents), including any acquirer fees. The contents of this field are
-   * identical to `authorization_amount`.
-   */
-  amount: number;
-
-  /**
-   * Structured amounts for this authorization. The `cardholder` and `merchant`
-   * amounts reflect the original network authorization values. For programs with
-   * hold adjustments enabled (e.g., automated fuel dispensers or tipping MCCs), the
-   * `hold` amount may exceed the `cardholder` and `merchant` amounts to account for
-   * anticipated final transaction amounts such as tips or fuel fill-ups
-   */
-  amounts: CardAuthorizationApprovalRequestWebhookEvent.Amounts;
-
-  /**
-   * @deprecated Deprecated, use `amounts`. The base transaction amount (in cents)
-   * plus the acquirer fee field. This is the amount the issuer should authorize
-   * against unless the issuer is paying the acquirer fee on behalf of the
-   * cardholder.
-   */
-  authorization_amount: number;
-
-  avs: CardAuthorizationApprovalRequestWebhookEvent.Avs;
-
-  /**
-   * Card object in ASA
-   */
-  card: CardAuthorizationApprovalRequestWebhookEvent.Card;
-
-  /**
-   * @deprecated Deprecated, use `amounts`. 3-character alphabetic ISO 4217 code for
-   * cardholder's billing currency.
-   */
-  cardholder_currency: string;
-
-  /**
-   * The portion of the transaction requested as cash back by the cardholder, and
-   * does not include any acquirer fees. The amount field includes the purchase
-   * amount, the requested cash back amount, and any acquirer fees.
-   *
-   * If no cash back was requested, the value of this field will be 0, and the field
-   * will always be present.
-   */
-  cash_amount: number;
-
-  /**
-   * Date and time when the transaction first occurred in UTC.
-   */
-  created: string;
-
+/**
+ * The Auth Stream Access request payload that was sent to the ASA responder.
+ */
+export interface CardAuthorizationApprovalRequestWebhookEvent
+  extends CardAuthorizationsAPI.CardAuthorization {
   event_type: 'card_authorization.approval_request';
-
-  /**
-   * Merchant information including full location details.
-   */
-  merchant: CardAuthorizationApprovalRequestWebhookEvent.Merchant;
-
-  /**
-   * @deprecated Deprecated, use `amounts`. The amount that the merchant will
-   * receive, denominated in `merchant_currency` and in the smallest currency unit.
-   * Note the amount includes `acquirer_fee`, similar to `authorization_amount`. It
-   * will be different from `authorization_amount` if the merchant is taking payment
-   * in a different currency.
-   */
-  merchant_amount: number;
-
-  /**
-   * @deprecated 3-character alphabetic ISO 4217 code for the local currency of the
-   * transaction.
-   */
-  merchant_currency: string;
-
-  /**
-   * Where the cardholder received the service, when different from the card acceptor
-   * location. This is populated from network data elements such as Mastercard DE-122
-   * SE1 SF9-14 and Visa F34 DS02.
-   */
-  service_location: CardAuthorizationApprovalRequestWebhookEvent.ServiceLocation | null;
-
-  /**
-   * @deprecated Deprecated, use `amounts`. Amount (in cents) of the transaction that
-   * has been settled, including any acquirer fees.
-   */
-  settled_amount: number;
-
-  /**
-   * The type of authorization request that this request is for. Note that
-   * `CREDIT_AUTHORIZATION` and `FINANCIAL_CREDIT_AUTHORIZATION` is only available to
-   * users with credit decisioning via ASA enabled.
-   */
-  status:
-    | 'AUTHORIZATION'
-    | 'CREDIT_AUTHORIZATION'
-    | 'FINANCIAL_AUTHORIZATION'
-    | 'FINANCIAL_CREDIT_AUTHORIZATION'
-    | 'BALANCE_INQUIRY';
-
-  /**
-   * The entity that initiated the transaction.
-   */
-  transaction_initiator: 'CARDHOLDER' | 'MERCHANT' | 'UNKNOWN';
-
-  account_type?: 'CHECKING' | 'SAVINGS';
-
-  cardholder_authentication?: TransactionsAPI.CardholderAuthentication;
-
-  /**
-   * Deprecated, use `cash_amount`.
-   */
-  cashback?: number;
-
-  /**
-   * @deprecated Deprecated, use `amounts`. If the transaction was requested in a
-   * currency other than the settlement currency, this field will be populated to
-   * indicate the rate used to translate the merchant_amount to the amount (i.e.,
-   * `merchant_amount` x `conversion_rate` = `amount`). Note that the
-   * `merchant_amount` is in the local currency and the amount is in the settlement
-   * currency.
-   */
-  conversion_rate?: number;
-
-  /**
-   * The event token associated with the authorization. This field is only set for
-   * programs enrolled into the beta.
-   */
-  event_token?: string;
-
-  /**
-   * Optional Object containing information if the Card is a part of a Fleet managed
-   * program
-   */
-  fleet_info?: CardAuthorizationApprovalRequestWebhookEvent.FleetInfo | null;
-
-  /**
-   * The latest Authorization Challenge that was issued to the cardholder for this
-   * merchant.
-   */
-  latest_challenge?: CardAuthorizationApprovalRequestWebhookEvent.LatestChallenge;
-
-  /**
-   * Card network of the authorization.
-   */
-  network?: 'AMEX' | 'INTERLINK' | 'MAESTRO' | 'MASTERCARD' | 'UNKNOWN' | 'VISA';
-
-  /**
-   * Network-provided score assessing risk level associated with a given
-   * authorization. Scores are on a range of 0-999, with 0 representing the lowest
-   * risk and 999 representing the highest risk. For Visa transactions, where the raw
-   * score has a range of 0-99, Lithic will normalize the score by multiplying the
-   * raw score by 10x.
-   */
-  network_risk_score?: number | null;
-
-  /**
-   * Contains raw data provided by the card network, including attributes that
-   * provide further context about the authorization. If populated by the network,
-   * data is organized by Lithic and passed through without further modification.
-   * Please consult the official network documentation for more details about these
-   * values and how to use them. This object is only available to certain programs-
-   * contact your Customer Success Manager to discuss enabling access.
-   */
-  network_specific_data?: CardAuthorizationApprovalRequestWebhookEvent.NetworkSpecificData | null;
-
-  pos?: CardAuthorizationApprovalRequestWebhookEvent.Pos;
-
-  token_info?: TransactionsAPI.TokenInfo | null;
-
-  /**
-   * Deprecated: approximate time-to-live for the authorization.
-   */
-  ttl?: string;
 }
 
-export namespace CardAuthorizationApprovalRequestWebhookEvent {
+export interface CardAuthorizationChallengeWebhookEvent {
   /**
-   * Structured amounts for this authorization. The `cardholder` and `merchant`
-   * amounts reflect the original network authorization values. For programs with
-   * hold adjustments enabled (e.g., automated fuel dispensers or tipping MCCs), the
-   * `hold` amount may exceed the `cardholder` and `merchant` amounts to account for
-   * anticipated final transaction amounts such as tips or fuel fill-ups
+   * The authorization that triggered the challenge
    */
-  export interface Amounts {
-    cardholder: Amounts.Cardholder;
-
-    hold: Amounts.Hold | null;
-
-    merchant: Amounts.Merchant;
-
-    settlement: Amounts.Settlement | null;
-  }
-
-  export namespace Amounts {
-    export interface Cardholder {
-      /**
-       * Amount in the smallest unit of the applicable currency (e.g., cents)
-       */
-      amount: number;
-
-      /**
-       * Exchange rate used for currency conversion
-       */
-      conversion_rate: string;
-
-      /**
-       * 3-character alphabetic ISO 4217 currency
-       */
-      currency: Shared.Currency;
-    }
-
-    export interface Hold {
-      /**
-       * Amount in the smallest unit of the applicable currency (e.g., cents)
-       */
-      amount: number;
-
-      /**
-       * 3-character alphabetic ISO 4217 currency
-       */
-      currency: Shared.Currency;
-    }
-
-    export interface Merchant {
-      /**
-       * Amount in the smallest unit of the applicable currency (e.g., cents)
-       */
-      amount: number;
-
-      /**
-       * 3-character alphabetic ISO 4217 currency
-       */
-      currency: Shared.Currency;
-    }
-
-    export interface Settlement {
-      /**
-       * Amount in the smallest unit of the applicable currency (e.g., cents)
-       */
-      amount: number;
-
-      /**
-       * 3-character alphabetic ISO 4217 currency
-       */
-      currency: Shared.Currency;
-    }
-  }
-
-  export interface Avs {
-    /**
-     * Cardholder address
-     */
-    address: string;
-
-    /**
-     * Lithic's evaluation result comparing the transaction's address data with the
-     * cardholder KYC data if it exists. In the event Lithic does not have any
-     * Cardholder KYC data, or the transaction does not contain any address data,
-     * NOT_PRESENT will be returned
-     */
-    address_on_file_match: 'MATCH' | 'MATCH_ADDRESS_ONLY' | 'MATCH_ZIP_ONLY' | 'MISMATCH' | 'NOT_PRESENT';
-
-    /**
-     * Cardholder ZIP code
-     */
-    zipcode: string;
-  }
+  authorization: CardAuthorizationsAPI.CardAuthorization;
 
   /**
-   * Card object in ASA
+   * Details of the Authorization Challenge issued during card authorization
    */
-  export interface Card {
-    /**
-     * Globally unique identifier for the card.
-     */
-    token: string;
-
-    /**
-     * Last four digits of the card number
-     */
-    last_four: string;
-
-    /**
-     * Customizable name to identify the card
-     */
-    memo: string;
-
-    /**
-     * Amount (in cents) to limit approved authorizations. Purchase requests above the
-     * spend limit will be declined (refunds and credits will be approved).
-     *
-     * Note that while spend limits are enforced based on authorized and settled volume
-     * on a card, they are not recommended to be used for balance or
-     * reconciliation-level accuracy. Spend limits also cannot block force posted
-     * charges (i.e., when a merchant sends a clearing message without a prior
-     * authorization).
-     */
-    spend_limit: number;
-
-    /**
-     * Note that to support recurring monthly payments, which can occur on different
-     * day every month, the time window we consider for MONTHLY velocity starts 6 days
-     * after the current calendar date one month prior.
-     */
-    spend_limit_duration: 'ANNUALLY' | 'FOREVER' | 'MONTHLY' | 'TRANSACTION';
-
-    state: 'CLOSED' | 'OPEN' | 'PAUSED' | 'PENDING_ACTIVATION' | 'PENDING_FULFILLMENT';
-
-    type: 'SINGLE_USE' | 'MERCHANT_LOCKED' | 'UNLOCKED' | 'PHYSICAL' | 'DIGITAL_WALLET' | 'VIRTUAL';
-  }
-
-  /**
-   * Merchant information including full location details.
-   */
-  export interface Merchant extends Shared.Merchant {
-    /**
-     * Phone number of card acceptor.
-     */
-    phone_number: string | null;
-
-    /**
-     * Postal code of card acceptor.
-     */
-    postal_code: string | null;
-
-    /**
-     * Street address of card acceptor.
-     */
-    street_address: string | null;
-  }
-
-  /**
-   * Where the cardholder received the service, when different from the card acceptor
-   * location. This is populated from network data elements such as Mastercard DE-122
-   * SE1 SF9-14 and Visa F34 DS02.
-   */
-  export interface ServiceLocation {
-    /**
-     * City of service location.
-     */
-    city: string | null;
-
-    /**
-     * Country code of service location, ISO 3166-1 alpha-3.
-     */
-    country: string | null;
-
-    /**
-     * Postal code of service location.
-     */
-    postal_code: string | null;
-
-    /**
-     * State/province code of service location, ISO 3166-2.
-     */
-    state: string | null;
-
-    /**
-     * Street address of service location.
-     */
-    street_address: string | null;
-  }
+  challenge: CardAuthorizationChallengeWebhookEvent.Challenge;
 
   /**
-   * Optional Object containing information if the Card is a part of a Fleet managed
-   * program
+   * The type of event that occurred.
    */
-  export interface FleetInfo {
-    /**
-     * Code indicating what the driver was prompted to enter at time of purchase. This
-     * is configured at a program level and is a static configuration, and does not
-     * change on a request to request basis
-     */
-    fleet_prompt_code: 'NO_PROMPT' | 'VEHICLE_NUMBER' | 'DRIVER_NUMBER';
-
-    /**
-     * Code indicating which restrictions, if any, there are on purchase. This is
-     * configured at a program level and is a static configuration, and does not change
-     * on a request to request basis
-     */
-    fleet_restriction_code: 'NO_RESTRICTIONS' | 'FUEL_ONLY';
-
-    /**
-     * Number representing the driver
-     */
-    driver_number?: string | null;
-
-    /**
-     * Number associated with the vehicle
-     */
-    vehicle_number?: string | null;
-  }
+  event_type: 'card_authorization.challenge';
+}
 
+export namespace CardAuthorizationChallengeWebhookEvent {
   /**
-   * The latest Authorization Challenge that was issued to the cardholder for this
-   * merchant.
+   * Details of the Authorization Challenge issued during card authorization
    */
-  export interface LatestChallenge {
-    /**
-     * The phone number used for sending Authorization Challenge SMS.
-     */
-    phone_number: string;
-
-    /**
-     * The status of the Authorization Challenge
-     *
-     * - `COMPLETED` - Challenge was successfully completed by the cardholder
-     * - `PENDING` - Challenge is still open
-     * - `EXPIRED` - Challenge has expired without being completed
-     * - `ERROR` - There was an error processing the challenge
-     */
-    status: 'COMPLETED' | 'PENDING' | 'EXPIRED' | 'ERROR';
-
+  export interface Challenge {
     /**
-     * The date and time when the Authorization Challenge was completed in UTC. Present
-     * only if the status is `COMPLETED`.
+     * Globally unique identifier for the event that triggered the challenge. Use this
+     * token when calling the challenge response endpoint
      */
-    completed_at?: string;
-  }
-
-  /**
-   * Contains raw data provided by the card network, including attributes that
-   * provide further context about the authorization. If populated by the network,
-   * data is organized by Lithic and passed through without further modification.
-   * Please consult the official network documentation for more details about these
-   * values and how to use them. This object is only available to certain programs-
-   * contact your Customer Success Manager to discuss enabling access.
-   */
-  export interface NetworkSpecificData {
-    mastercard?: NetworkSpecificData.Mastercard | null;
-
-    visa?: NetworkSpecificData.Visa | null;
-  }
+    event_token: string;
 
-  export namespace NetworkSpecificData {
-    export interface Mastercard {
-      /**
-       * Indicates the electronic commerce security level and UCAF collection.
-       */
-      ecommerce_security_level_indicator?: string | null;
-
-      /**
-       * The On-behalf Service performed on the transaction and the results. Contains all
-       * applicable, on-behalf service results that were performed on a given
-       * transaction.
-       */
-      on_behalf_service_result?: Array<Mastercard.OnBehalfServiceResult> | null;
-
-      /**
-       * Indicates the type of additional transaction purpose.
-       */
-      transaction_type_identifier?: string | null;
-    }
-
-    export namespace Mastercard {
-      export interface OnBehalfServiceResult {
-        /**
-         * Indicates the results of the service processing.
-         */
-        result_1: string;
-
-        /**
-         * Identifies the results of the service processing.
-         */
-        result_2: string;
-
-        /**
-         * Indicates the service performed on the transaction.
-         */
-        service: string;
-      }
-    }
-
-    export interface Visa {
-      /**
-       * Identifies the purpose or category of a transaction, used to classify and
-       * process transactions according to Visa’s rules.
-       */
-      business_application_identifier?: string | null;
-    }
-  }
-
-  export interface Pos {
     /**
-     * POS > Entry Mode object in ASA
+     * ISO-8601 time at which the challenge expires
      */
-    entry_mode?: Pos.EntryMode;
-
-    terminal?: Pos.Terminal;
-  }
+    expiry_time: string;
 
-  export namespace Pos {
     /**
-     * POS > Entry Mode object in ASA
+     * ISO-8601 time at which the challenge was issued
      */
-    export interface EntryMode {
-      /**
-       * Card Presence Indicator
-       */
-      card?: 'PRESENT' | 'NOT_PRESENT' | 'UNKNOWN';
-
-      /**
-       * Cardholder Presence Indicator
-       */
-      cardholder?:
-        | 'DEFERRED_BILLING'
-        | 'ELECTRONIC_ORDER'
-        | 'INSTALLMENT'
-        | 'MAIL_ORDER'
-        | 'NOT_PRESENT'
-        | 'PRESENT'
-        | 'REOCCURRING'
-        | 'TELEPHONE_ORDER'
-        | 'UNKNOWN';
-
-      /**
-       * Method of entry for the PAN
-       */
-      pan?:
-        | 'AUTO_ENTRY'
-        | 'BAR_CODE'
-        | 'CONTACTLESS'
-        | 'ECOMMERCE'
-        | 'ERROR_KEYED'
-        | 'ERROR_MAGNETIC_STRIPE'
-        | 'ICC'
-        | 'KEY_ENTERED'
-        | 'MAGNETIC_STRIPE'
-        | 'MANUAL'
-        | 'OCR'
-        | 'SECURE_CARDLESS'
-        | 'UNSPECIFIED'
-        | 'UNKNOWN'
-        | 'CREDENTIAL_ON_FILE';
-
-      /**
-       * Indicates whether the cardholder entered the PIN. True if the PIN was entered.
-       */
-      pin_entered?: boolean;
-    }
-
-    export interface Terminal {
-      /**
-       * True if a clerk is present at the sale.
-       */
-      attended: boolean;
-
-      /**
-       * True if the terminal is capable of retaining the card.
-       */
-      card_retention_capable: boolean;
-
-      /**
-       * True if the sale was made at the place of business (vs. mobile).
-       */
-      on_premise: boolean;
-
-      /**
-       * The person that is designated to swipe the card
-       */
-      operator: 'ADMINISTRATIVE' | 'CARDHOLDER' | 'CARD_ACCEPTOR' | 'UNKNOWN';
-
-      /**
-       * True if the terminal is capable of partial approval. Partial approval is when
-       * part of a transaction is approved and another payment must be used for the
-       * remainder. Example scenario: A $40 transaction is attempted on a prepaid card
-       * with a $25 balance. If partial approval is enabled, $25 can be authorized, at
-       * which point the POS will prompt the user for an additional payment of $15.
-       */
-      partial_approval_capable: boolean;
-
-      /**
-       * Status of whether the POS is able to accept PINs
-       */
-      pin_capability: 'CAPABLE' | 'INOPERATIVE' | 'NOT_CAPABLE' | 'UNSPECIFIED';
-
-      /**
-       * POS Type
-       */
-      type:
-        | 'ADMINISTRATIVE'
-        | 'ATM'
-        | 'AUTHORIZATION'
-        | 'COUPON_MACHINE'
-        | 'DIAL_TERMINAL'
-        | 'ECOMMERCE'
-        | 'ECR'
-        | 'FUEL_MACHINE'
-        | 'HOME_TERMINAL'
-        | 'MICR'
-        | 'OFF_PREMISE'
-        | 'PAYMENT'
-        | 'PDA'
-        | 'PHONE'
-        | 'POINT'
-        | 'POS_TERMINAL'
-        | 'PUBLIC_UTILITY'
-        | 'SELF_SERVICE'
-        | 'TELEVISION'
-        | 'TELLER'
-        | 'TRAVELERS_CHECK_MACHINE'
-        | 'VENDING'
-        | 'VOICE'
-        | 'UNKNOWN';
-
-      /**
-       * Uniquely identifies a terminal at the card acceptor location of acquiring
-       * institutions or merchant POS Systems. Left justified with trailing spaces.
-       */
-      acceptor_terminal_id?: string | null;
-    }
+    start_time: string;
   }
 }
 
@@ -2445,6 +1866,7 @@ export type ParsedWebhookEvent =
   | AccountHolderVerificationWebhookEvent
   | AccountHolderDocumentUpdatedWebhookEvent
   | CardAuthorizationApprovalRequestWebhookEvent
+  | CardAuthorizationChallengeWebhookEvent
   | CardAuthorizationChallengeResponseWebhookEvent
   | AuthRulesBacktestReportCreatedWebhookEvent
   | BalanceUpdatedWebhookEvent
@@ -2925,6 +2347,7 @@ export declare namespace Webhooks {
     type AccountHolderVerificationWebhookEvent as AccountHolderVerificationWebhookEvent,
     type AccountHolderDocumentUpdatedWebhookEvent as AccountHolderDocumentUpdatedWebhookEvent,
     type CardAuthorizationApprovalRequestWebhookEvent as CardAuthorizationApprovalRequestWebhookEvent,
+    type CardAuthorizationChallengeWebhookEvent as CardAuthorizationChallengeWebhookEvent,
     type CardAuthorizationChallengeResponseWebhookEvent as CardAuthorizationChallengeResponseWebhookEvent,
     type AuthRulesBacktestReportCreatedWebhookEvent as AuthRulesBacktestReportCreatedWebhookEvent,
     type BalanceUpdatedWebhookEvent as BalanceUpdatedWebhookEvent,
diff --git a/src/version.ts b/src/version.ts
index d8122e8a..47d5dc0b 100644
--- a/src/version.ts
+++ b/src/version.ts
@@ -1 +1 @@
-export const VERSION = '0.139.0'; // x-release-please-version
+export const VERSION = '0.140.0'; // x-release-please-version
diff --git a/tests/api-resources/card-authorizations.test.ts b/tests/api-resources/card-authorizations.test.ts
new file mode 100644
index 00000000..47cc8d57
--- /dev/null
+++ b/tests/api-resources/card-authorizations.test.ts
@@ -0,0 +1,31 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+import Lithic from 'lithic';
+
+const client = new Lithic({
+  apiKey: 'My Lithic API Key',
+  baseURL: process.env['TEST_API_BASE_URL'] ?? 'http://127.0.0.1:4010',
+});
+
+describe('resource cardAuthorizations', () => {
+  test('challengeResponse: only required params', async () => {
+    const responsePromise = client.cardAuthorizations.challengeResponse(
+      '182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e',
+      { response: 'APPROVE' },
+    );
+    const rawResponse = await responsePromise.asResponse();
+    expect(rawResponse).toBeInstanceOf(Response);
+    const response = await responsePromise;
+    expect(response).not.toBeInstanceOf(Response);
+    const dataAndResponse = await responsePromise.withResponse();
+    expect(dataAndResponse.data).toBe(response);
+    expect(dataAndResponse.response).toBe(rawResponse);
+  });
+
+  test('challengeResponse: required and optional params', async () => {
+    const response = await client.cardAuthorizations.challengeResponse(
+      '182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e',
+      { response: 'APPROVE' },
+    );
+  });
+});