Description

To carry out a payment cancellation with the XS2A APIs, it is necessary for the TPP to ask for a payment cancellation to the ASPSP. To validate the cancellation, you will have to perform an OAuth2 authorization which will provide you a time-limited access token. This access token is mandatory to access the payment status afterwards.

Payment Cancellation
Initiate Payment Cancellation
DELETE /berlingroup/v1/{payment-service}/{payment-product}/{payment-id}

Asks for payment cancellation at the ASPSP for a given payment (giving id, service and product). Specificities for this API and available services and products are listed in the dedicated HowTo.

Create a cancellation authorisation resource on a payment
POST /berlingroup/v1/{payment-service}/{payment-product}/{paymentId}/cancellation-authorisations

Creates an authorisation sub-resource of the payment resource for its cancellation and start the authorisation process.

Authorization request
GET /berlingroup/authorization/authorize

Requests an authorization from a PSU following the OAuth2 protocol. Details of the authentication workflow and user interfaces are described in the dedicated HowTo section.
Our specificities regarding the OAuth2 protocol are listed below.

response_type : code
code_challenge_method : S256

After successful authorization, the user will be redirected to the redirect URI provided in the request with the following parameters :

http://your_redirect_uri?code=authorization_code&state=test
Access Token Request
POST /berlingroup/v1/token

Requests an access token using the authorization code retrieved from the PSU authorization. This Access Token can be refreshed. The duration of access token is 5 minutes, and the duration of refresh token is 20 minutes.

Specific BerlinGroup Implementation on Payment Initiation Service

For specific BerlinGroup Implementation on the Payment Initiation Service, please refer to HOWTO N°8