Revocation
At any point the grantor can choose to revoke a granted payment method using Payment Method: Revoke. When the grantor revokes a grant, we delete the version of the payment method from the recipient's Vault.
Recipient experience
- If the recipient attempts to use a granted payment method that you have revoked, they will get the error "Payment method token is invalid" with an HTTP status code of 422. This is consistent with the error a merchant would get if they attempted to use an unknown payment method token.
- If the recipient has any outstanding transactions in progress on the revoked payment method, those will be processed normally, but they will not be able to initiate new transactions.
- If the grantor revokes the grant before the recipient uses the payment method nonce, the nonce will be invalidated.
- If the recipient has webhooks configured, they'll receive a notification that a granted payment method has been revoked from them.
Grantor experience
- Revoking a granted payment method only deletes that specific payment method from a recipient's Vault.
- Any other payment methods that the grantor has shared with that recipient will remain active.
- Any other grants of the same payment method in the grantor's Vault to other merchants will also remain active unless they are revoked separately or during a payment method delete call.
Revoking grants when deleting a payment method
When the grantor deletes a payment method from their Vault, they can simultaneously revoke all grants of that payment method to other merchants. To do this, set revoke_all_grants to true on the Payment Method: Delete call.