Void Authorization

APICURRENT

Last updated: Sept 19th, 3:29am

In the authorize and capture flow, if the transaction is no longer valid, Payments v2 allows you to void the authorization provided by the customer, ending the flow to avoid accidental capture. Key use cases to call out:

You may void an authorization before making any captures at all. This will render the entire payment voided, preventing you from making any captures.

Alternatively, you may also void an authorization after a partial capture provided the final_capture is set to false. This will void the possibility of any future captures for this authorization.

Note: An authorization is automatically voided 29 days after its creation.

Know before you code

The Payments API must be used with the Orders v2 API.

See the Orders v2 API reference documentation to learn more about Orders.

See the Payments v2 API reference documentation to learn more about Payments.

Complete the steps in Get Started to setup your developer environment.

Use Postman to explore and test PayPal APIs.

If you are a partner acting on behalf of merchants on your platform, you'll need to include the PayPal-Auth-Assertion header in your API request. You can generate the value according to the following pseudocode. See REST Requests for more information. You'll need to be an approved partner and complete seller onboarding.

1<base64-encoding <span class="hljs-keyword">of</span>-({<span class="hljs-string">"alg"</span>:<span class="hljs-string">"none"</span>})>.<base64-encoding-<span class="hljs-keyword">of</span>-({<span class="hljs-string">"iss"</span>:<span class="hljs-string">"<var>client_id</var>"</span>,<span class="hljs-string">"payer_id"</span>:<span class="hljs-string">"<var>payer_id</var>"</span>})>.

You can only void an authorization if the intent is set to AUTHORIZE at the time of order creation

To void an authorization, the order has to be created, approved, and authorized.

Void authorization

To void an authorization, call the "Void Authorized Payment" API at /v2/payments/authorizations/{authorization_id}/void.

Sample API request

1curl -v -X POST https://api-m.sandbox.paypal.com/v2/payments/authorizations/12P54155LA952100L/void -H "Content-Type: application/json" -H "Authorization: Bearer Access-Token" -H "PayPal-Request-Id: 123e4567-e89b-12d3-a456-426655440016" -H "Prefer: return=representation"

Modify the code

Set the Access Token to the one you used when you authorized the order.

Change PayPal-Request-Id to a unique value, such as GUID, for each order to ensure idempotency.

Update authorization_id to the id obtained from a successful authorization call.

Remove preference if additional details are not required in the response. This will result in an HTTP 204 No Content response.

API response

You will get an HTTP 200 OK response. Payment status will now be updated to VOIDED to indicate captures are not possible for this authorization. Alternatively, if the Prefer header was not included, the response defaults to HTTP 204 No Content.

Note: If you did not receive the response, making the same API call without changing anything will result in an HTTP 200 OK with confirmation of voided authorization.

Sample API response

1{
2    "id": "12P54155LA952100L",
3    "status": "VOIDED",
4    "amount": {
5        "currency_code": "USD",
6        "value": "200.00"
7    },
8    "seller_protection": {
9        "status": "ELIGIBLE",
10        "dispute_categories": [
11            "ITEM_NOT_RECEIVED",
12            "UNAUTHORIZED_TRANSACTION"
13        ]
14    },
15    "expiration_time": "2022-09-16T10:56:26-07:00",
16    "create_time": "2022-08-18T10:56:26-07:00",
17    "update_time": "2022-08-18T10:56:48-07:00",
18    "links": [
19        {
20            "href": "https://api-m.sandbox.paypal.com/v2/payments/authorizations/12P54155LA952100L",
21            "rel": "self",
22            "method": "GET"
23        }
24    ]
25}