To carry out a payment cancellation with the XS2A APIs, it is necessary for the TPP to ask for a payment cancellation to the ASPSP. To validate the cancellation, you will have to perform an OAuth2 authorization which will provide you a time-limited access token. This access token is mandatory to access the payment status afterwards.

Payment Cancellation
Initiate Payment Cancellation
DELETE /berlingroup/v1/{payment-service}/{payment-product}/{payment-id}

Asks for payment cancellation at the ASPSP for a given payment (giving id, service and product). Specificities for this API and available services and products are listed in the dedicated HowTo.

Create a cancellation authorisation resource on a payment
POST /berlingroup/v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations

Creates an authorisation sub-resource of the payment resource for its cancellation and start the authorisation process.

Authorization request
GET /berlingroup/authorization/authorize

Requests an authorization from a PSU following the OAuth2 protocol. Details of the authentication workflow and user interfaces are described in the dedicated HowTo section.

Our specificities regarding the OAuth2 protocol are listed below.

response_type : code

code_challenge_method : S256

After successful authorization, the user will be redirected to the redirect URI provided in the request with the following parameters :

Access Token Request
POST /berlingroup/authorization/token

Requests an access token using the authorization code retrieved from the PSU authorization. This Access Token can be refreshed and the duration for both tokens can be found in the HowTo dedicated to the specific implementation.