Cancel a Mandate
VRP mandates cannot be cancelled directly via the API. To cancel a mandate, you must redirect the customer to Acquired's hosted revocation page, where they can review the mandate details and confirm cancellation.
Revocation URL
Construct the revocation URL using the mandate ID:
{{url}}/v1/open-banking/vrp/{mandate_id}/revokeThe following query parameters are supported:
| Parameter | Required | Description |
|---|---|---|
redirect_url | Optional | The URL the customer will be returned to after cancellation. Must match an approved domain configured for your account. If not provided, the redirect URL from your hosted checkout settings is used. |
webhook_url | Optional | The URL to receive the mandate_cancelled webhook. If not provided, the webhook URL from your hosted checkout settings is used. |
Example:
https://pay.acquired.com/v1/open-banking/vrp/01HZ6XMP5GQWJY3F7DCRATBK9N/revoke?redirect_url=https%3A%2F%2Fyour.domain.com%2Fredirect&webhook_url=https%3A%2F%2Fyour.domain.com%2FwebhookHow it works
- Redirect the customer - Your application redirects the customer to the revocation URL. The page displays the mandate details, including their bank, account (last two digits), mandate limits, and payee information.
- Customer confirms cancellation - The customer selects "Cancel Mandate" and is shown a confirmation prompt warning that the action is irreversible. They can proceed or choose to keep the mandate.
- Mandate cancelled - Once confirmed, the mandate is cancelled and the customer is shown a success page. A
mandate_cancelledwebhook is sent to your webhook URL. - Customer returned - The customer selects "Return to merchant" and is redirected to your
redirect_url. If noredirect_urlis configured, the return button is not displayed.
Redirect response
When the customer is redirected back to your site, the following parameters are included:
| Parameter | Description |
|---|---|
status | cancelled |
mandate_id | The ULID of the cancelled mandate. |
transaction_id | Empty value. |
order_id | Empty value. |
timestamp | UNIX timestamp of the cancellation. |
hash | HMAC hash for response validation. The transaction_id is included in the hash concatenation string as an empty value. |
Note: Attempting to cancel a VRP mandate directly via the API will return a
403 Forbiddenerror. All mandate cancellations must go through the hosted revocation flow.
Updated about 4 hours ago