The user can revoke the authorization from the merchant app or from the payment method app:

• If the user initiates the authorization cancellation process from the merchant client, you need to call the revoke API to invalidate the accessToken. After the accessToken is invalidated, the authorization is canceled successfully.
• If the user initiates the authorization cancellation process from the payment method client, you will receive the authorization notification when the accessToken is invalidated and the authorization is canceled successfully.

Request

To call the revoke API, make a POST request to the Alipay server with the correct request URL path. If the domain name is open-na.alipay.com, the request URLs for the revoke API are as follows:

• Sandbox environment: https://open-na-global.alipay.com/ams/sandbox/api/v1/authorizations/revoke
• Production environment: https://open-na-global.alipay.com/ams/api/v1/authorizations/revoke

Specify the accessToken that needs to be invalidated in the request.

{
  "accessToken": "281010033AB2F588D14B43238637264FCA5Axxxx"
}

Response

The following example shows a response to a revoke request if the accessToken is invalidated successfully.

{
  "result": {
    "resultCode": "SUCCESS",
    "resultStatus": "S",
    "resultMessage": "Success"
  }
}

After calling the revoke API, the following cases might occur:

• If no response is returned, you must call the API again with the same fields as the previous request.
• If a response is returned, take the following actions for each case:

• When result.resultStatus is S, the API is called successfully and the accessToken becomes invalid. The accessToken cannot be used for auto debit anymore.
• When result.resultStatus is U, the API call status is unknown. You need to call the API again with the same fields as the previous request.
• When result.resultStatus is F, the API call has failed. You need to take corresponding actions according to resultCode.