The Grant API is currently in a limited release. To determine whether it's right for your needs and to request access to the API, contact our Business Development team.

At any point the grantor can choose to revoke a granted payment method using PaymentMethod.revoke(). When the grantor revokes a grant, we delete the version of the payment method from the recipient's Vault.

Recipient experience

  • If the recipient attempts to use a granted payment method that you have revoked, they will get the error "Payment method token is invalid" with an HTTP status code of 422. This is consistent with the error a merchant would get if they attempted to use an unknown payment method token.
  • If the recipient has any outstanding transactions in progress on the revoked payment method, those will be processed normally, but they will not be able to initiate new transactions.
  • If the grantor revokes the grant before the recipient uses the payment method nonce, the nonce will be invalidated.
  • If the recipient has webhooks configured, they'll receive a notification that a granted payment method has been revoked from them.

Grantor experience

  • Revoking a granted payment method only deletes that specific payment method from a recipient's Vault.
  • Any other payment methods that the grantor has shared with that recipient will remain active.
  • Any other grants of the same payment method in the grantor's Vault to other merchants will also remain active unless they are revoked separately or during a payment method delete call.

Revoking grants when deleting a payment method

When the grantor deletes a payment method from their Vault, they can simultaneously revoke all grants of that payment method to other merchants. To do this, set revoke_all_grants to true on the PaymentMethod.delete() call.

Still have questions?

If you can’t find an answer, contact our Support team