Payment cancellation service
This API allows a transaction to be cancelled or deleted. Cancel or delete depends on the status of the payment.
This API will support the following payment services and products:
Payment services:
-
payments
Payment products- sepa-credit-transfers
- cross-border-credit-transfers
-
bulk-payments
Payment products- pain.001-sepa-credit-transfers
NOTE: To use these APIs a valid TLS certificate is required. Please refer to the Getting Started page section to obtain a test certificate for use with the Sandbox environment. Also note that bulk payments for direct debits do not support cancellation.
The following methods are supported by the Sandbox environment:
- Certificate validation
- Delete/cancel
- Save / confirm cancellation
- Retrieve authorisations
- Retrieve authorisation details
Test data
To test scenarios, test data is required. Just like in the production environment, users can only perform actions on particular accounts. For the sandbox testusers exist and can be used when redirecting. The login code is always 123456. Please refer to the table below when composing test cases.
| Account number | Users | Permissions | # Confirmations |
|---|---|---|---|
| NL34BNGT5532530633 NL36BNGT6726067582 (is inactive) NL38BNGT5562460881 (is a RVR account) |
testuser01 | Full | 1 |
| testuser02 | Full | ||
| NL77BNGT2034202452 | testuser03 | Full | 2 |
| testuser04 | Confirm (cannot create payments/batches) | ||
| testuser05 | Create (cannot confirm payments/batches, can no longer be used for payment initiations) | ||
| NL81BNGT1330425185 | testuser06 | Full | 1-2 * |
| testuser07 | Full |
* Depending on the amount of the payment, either one or two confirmations are required. For the Sandbox, the amount is set to € 1000.-. So, amounts up until € 1000.- require one confirmation. Amounts above € 1000.- require two confirmations.
Certificate validation
The following scenarios are available to test certificate validation. For testing purposes, the Sandbox supports additional values in the "TPP-Signature-Certificate" header to fake certain situations.
| TPP-Signature-Certificate | Status | Result | Description |
|---|---|---|---|
| invalid | 401 | CERTIFICATE_INVALID | Invalid signature certificate. |
| invalidRole | 401 | CERTIFICATE_INVALID | Invalid signature certificate. |
| expired | 401 | CERTIFICATE_INVALID | Invalid signature certificate, it is expired. |
| blocked | 401 | CERTIFICATE_INVALID | Invalid signature certificate, it might be blocked. |
| revoked | 401 | CERTIFICATE_INVALID | Invalid signature certificate, it might be revoked. |
Status
Whether a payment or bulk payment can be deleted or cancelled depends on its status, refer to the table below for the possibilities per status. Information about payment or bulk payment status retrieval can be found on the payment initiation documentation page.
| Status | Description | Can delete | Can cancel | Can create cancellation authorisation |
|---|---|---|---|---|
| PDNG | Pending: payment or bulk payment has been created but not yet saved or confirmed | No | No | No |
| RCVD | Received: payment or bulk payment has been created and saved, but not yet confirmed (this status is only possible if a confirmation on a payment initiation or cancellation has been withdrawn in the Webfront application) | Yes | No | No |
| PATC | Partially accepted, technically correct: payment or bulk payment has been created, saved and confirmed. But needs another confirmation | No | No | No |
| ACTC | Accepted, technically correct: payment or bulk payment is confirmed | No | Yes | No |
| ACWC | Accepted, with change: Same as ACTC but changes have been made to the payment or bulk payment (for example date has been changed while confirming) | No | Yes | No |
| CANC | Cancelled: payment or bulk payment has been cancelled. | No | No | No |
| RJCT | Rejected: payment or bulk payment has been rejected. | No | No | No |
| PCAN | Pending cancellation: payment or bulk payment is in cancellation but has not yet been (fully) confirmed. | No | No | Yes |
Delete/cancel
To delete or cancel a payment initiation, the DELETE endpoint can be called with an access token and with PSU involvement (using PSU-IP-Address indicator).
Headers
| Header | Example | Description |
|---|---|---|
| Content-Type | application/json | |
| Date | Fri, 09 Apr 2021 15:18:16 GMT | The date of the request. |
| X-Request-ID | 2ca1b6b4-82b3-4fe3-a7ea-9ccae9700329 | An identifier chosen by the TPP to identify the request. This id is passed back in the X-Request-ID header of the response |
| Authorization | Bearer ACCESS_TOKEN | Replace ACCESS_TOKEN with the access token obtained from the original payment initiation request. |
| Accept | application/json | |
| Digest | SHA-256=spt...rrI | Digest of the body |
| Signature | keyId=\"SN=...Yiow==\ | The signature of the request, see Signature setup |
| TPP-Signature-Certificate | -----BEGIN CERTIFICATE-----MII...UjY=-----END CERTIFICATE----- | The certificate used to sign the request. |
| PSU-IP-Address | 10.0.0.1 | The IP-address of the PSU initiating the request. |
Perform request
| Endpoint |
https://api.xs2a-sandbox.bngbank.nl/api/v1/payments/sepa-credit-transfers/PAYMENT_ID or for cross-border payments https://api.xs2a-sandbox.bngbank.nl/api/v1/payments/cross-border-credit-transfers/PAYMENT_ID or for bulk payments https://api.xs2a-sandbox.bngbank.nl/api/v1/bulk-payments/pain.001-sepa-credit-transfers/PAYMENT_ID |
Replace PAYMENT_ID with the id of a payment or bulk payment, for example: 2ca1b6b4-82b3-4fe3-a7ea-9ccae9700329 |
| Method | DELETE |
If the call was successful, a 200 or 202 status is returned. Response body is empty.
| Status code | Description | |
|---|---|---|
| 200 | Ok | The payment or bulk payment has been deleted, no further action required or possible. |
| 202 | Accepted |
The payment or bulk payment has been cancelled. However, the cancellation needs confirmation. The number of confirmations needed depends on the customer and may depend on the amount of the payment or bulk payment. Please refer to the test data table above. Note: If a payment or bulk payment does not have sufficient confirmations on the processing date, the original payment or bulk payment will still be processed. |
For other possible return codes, see the API DOCUMENTATION page.
Save / confirm cancellation
After a payment or bulk payments cancellation has been initiated by calling the DELETE payment initiation endpoint which resulted in a statuscode of 202, it has to be created and confirmed. To do so, the following actions have to be taken:
- Redirect to OAuth2.0 endpoint
- Review cancellation
- Save and confirm
Redirect to OAuth2.0 endpoint
To create an OAuth2.0 redirect URL, please refer to the Oauth2.0 page.
When creating an OAuth2.0 redirect for payment or bulk payment cancellation confirmation, a scope is required. This scope should look like: "PIS:[paymentinitiation-id]". Where paymentinitiation-id is the id of the payment initiation for which the DELETE payment initiation endpoint was called. For example: "PIS:dea36cf3-63fa-48b3-b203-2136f5453751".
Review cancellation
After navigating to the OAuth2.0 redirect URL. A confirmation details page will be displayed. Before details are shown, the user has to be known. To identify the user, a form will be displayed to submit the username who will be initiating the confirmation. A username can also be supplied using the username querystring parameter. If the username is valid, the payment initiation cancellation details will be displayed.
Confirm cancellation
If the user has sufficient authorisation to cancel the payment or bulk payment, the payment or bulk payment cancellation can be confirmed. Click "Confirm" to confirm the cancellationIn the Sandbox environment, enter 12345678 as the confirmation code and click "Confirm" to confirm the payment or bulk payment. . Click "Back" to return to redirect_url without confirming. No access code will be returned.
Redirect
After a cancellation has been confirmed, the user is redirected back to the redirect_uri that has been passed on the query string. This redirect_uri will contain an additional query string parameter "code". This code can be used to obtain an access token. With this access token, data regarding this payment initiation can be retrieved.
Retrieve authorisations
To retrieve authorisations (confirmations) of a payment or bulk payment, a payment-id as well as an access_token is required, please see previous steps for directions on how to obtain those.
Headers
| Header | Example | Description |
|---|---|---|
| Content-Type | application/json | |
| Date | Fri, 09 Apr 2021 15:18:16 GMT | The date of the request. |
| X-Request-ID | 2ca1b6b4-82b3-4fe3-a7ea-9ccae9700329 | An identifier chosen by the TPP to identify the request. This id is passed back in the X-Request-ID header of the response |
| Authorization | Bearer ACCESS_TOKEN | Replace ACCESS_TOKEN with the access token obtained in a previous step. |
| Accept | application/json | |
| Digest | SHA-256=spt...rrI | Digest of the body |
| Signature | keyId=\"SN=...Yiow==\ | The signature of the request, see Signature setup |
| TPP-Signature-Certificate | -----BEGIN CERTIFICATE-----MII...UjY=-----END CERTIFICATE----- | The certificate used to sign the request. |
Perform request
| Endpoint |
https://api.xs2a-sandbox.bngbank.nl/api/v1/payments/sepa-credit-transfers/PAYMENT_ID/cancellation-authorisations or for cross-border payments https://api.xs2a-sandbox.bngbank.nl/api/v1/payments/cross-border-credit-transfers/PAYMENT_ID/cancellation-authorisations or for bulk payments https://api.xs2a-sandbox.bngbank.nl/api/v1/bulk-payments/pain.001-sepa-credit-transfers/PAYMENT_ID/cancellation-authorisations |
Replace PAYMENT_ID with the id of a payment, for example: 2ca1b6b4-82b3-4fe3-a7ea-9ccae9700329 |
| Method | GET |
If the call was successful, a 200 status is returned along with the response body. See below an example of a response.
{
"authorisationIds": [
"19e54cc4-400e-4ba5-a9cd-0bfd39753f64"
]
}
Store an authorisation-id somewhere, as it is required for the next step.
For other possible return codes, see the API DOCUMENTATION page.
Retrieve authorisation details
To retrieve the details of an authorisation (confirmation) of a payment or bulk payment, a payment-id, access_token and an authorisation-id is required, please see previous steps for directions on how to obtain those.
Headers
| Header | Example | Description |
|---|---|---|
| Content-Type | application/json | |
| Date | Fri, 09 Apr 2021 15:18:16 GMT | The date of the request. |
| X-Request-ID | 2ca1b6b4-82b3-4fe3-a7ea-9ccae9700329 | An identifier chosen by the TPP to identify the request. This id is passed back in the X-Request-ID header of the response |
| Authorization | Bearer ACCESS_TOKEN | Replace ACCESS_TOKEN with the access token obtained in a previous step. |
| Accept | application/json | |
| Digest | SHA-256=spt...rrI | Digest of the body |
| Signature | keyId=\"SN=...Yiow==\ | The signature of the request, see Signature setup |
| TPP-Signature-Certificate | -----BEGIN CERTIFICATE-----MII...UjY=-----END CERTIFICATE----- | The certificate used to sign the request. |
Perform request
| Endpoint |
https://api.xs2a-sandbox.bngbank.nl/api/v1/payments/sepa-credit-transfers/PAYMENT_ID/cancellation-authorisations/AUTHORISATION_ID or for cross-border payments https://api.xs2a-sandbox.bngbank.nl/api/v1/payments/cross-border-credit-transfers/PAYMENT_ID/cancellation-authorisations/AUTHORISATION_ID or for bulk payments https://api.xs2a-sandbox.bngbank.nl/api/v1/bulk-payments/pain.001-sepa-credit-transfers/PAYMENT_ID/cancellation-authorisations/AUTHORISATION_ID |
Replace PAYMENT_ID with the id of a payment or bulk payment, for example: 2ca1b6b4-82b3-4fe3-a7ea-9ccae9700329. Also replace AUTHORISATION_ID for the id of the authorisation (confirmation), for example: fb74e2f0-6807-4c2a-8662-8d519d87e0a4 |
| Method | GET |
If the call was successful, a 200 status is returned along with the response body. See below an example of a response.
{
"scaStatus": "finalised"
}
For other possible return codes, see the API DOCUMENTATION page.