# Revoke a VRP consent The DELETE /vrp-consents/{id} endpoint revokes an individual VRP consent. Endpoint: DELETE /vrp-consents/{id} Security: Bearer, BasicAuth ## Path parameters: - `id` (string, required) VRP consent id Example: "vc:12345abcd:abcde" ## Response 200 fields (application/json): - `vrpConsent` (object, required) The VRP consent object. - `vrpConsent.id` (string, required) The Token.io generated VRP consent id. Example: "vc:12345abcd:abcde" - `vrpConsent.memberId` (string, required) The Token.io-assigned member id of the TPP. Example: "m:123456abcd:abcd" - `vrpConsent.initiation` (object, required) The initiation payload for the VRP consent. - `vrpConsent.initiation.bankId` (string) The Token.io id of the bank where the consent is created. This field is required if the customer is not using Token.io's Hosted Pages for bank selection, i.e., API-only integration when EMBEDDED_HOSTED_PAGES is selected in flowType, or Hosted Pages embedded (modal) integration. Example: "ob-modelo" - `vrpConsent.initiation.refId` (string, required) The TPP-generated reference identifier for the token. This is not to be confused with the requestId. The refId maps to the tppRefId in the bank's consentRequest. This is needed to match/verify the originating token request with the bank's consent request. We recommend that the refId should not contain special characters (the allowed characters are the 26-letter Latin alphabet, the numerical digits from 0-9 and the hyphen '-'). This field should not exceed 18 characters in length. Example: "9htio4a1sp2akdr1aa" - `vrpConsent.initiation.remittanceInformationPrimary` (string, required) The primary field for remittance information. This should contain a reference, as assigned by the creditor, to unambiguously refer to the payment transactions under this consent. The value of this field should appear on the bank statement and reconciliation file, irrespective of the payment network being used. We recommend that the remittanceInformationPrimary field should not contain special characters (the allowed characters are the 26-letter Latin alphabet, the numerical digits from 0-9 and the hyphen '-') as banks may remove these when sending this field to the beneficiary. This field should not exceed 35 characters in length. Example: "Sweepco" - `vrpConsent.initiation.remittanceInformationSecondary` (string) The secondary field for remittance information. The information supplied should enable the reconciliation of an entry in an unstructured form. Depending on the payment network, information from this field may or may not be included in the bank statement and reconciliation file. We recommend that the remittanceInformationSecondary field should not contain special characters (the allowed characters are the 26-letter Latin alphabet, the numerical digits from 0-9 and the hyphen '-') as banks may remove these when sending this field to the beneficiary. This field should not exceed 140 characters in length. Example: "Secondary remittance information." - `vrpConsent.initiation.startDateTime` (string) The date and time from which payments can be made (in ISO 8601 format). Payments initiated before this time will be rejected. If not provided, the time of consent creation is used as a default. The date and time cannot be earlier than the current time. Example: "2017-04-05T10:43:07.123+01:00" - `vrpConsent.initiation.endDateTime` (string) The date and time before which payments can be made (in ISO 8601 format). Payments initiated after this time will be rejected. Example: "2017-04-05T10:43:07.132+01:00" - `vrpConsent.initiation.onBehalfOfId` (string) The id of the ultimate client on whose behalf the consent is created. If the consent is created on behalf of a sub-TPP, this field should contain the sub-TPP referenceId. This field is mandatory for unregulated TPPs. Example: "6f34h397-b29h-23b0-s30g-hkd0d2dk4k1s" - `vrpConsent.initiation.scheme` (string, required) The types of payments that can be made under this VRP consent. Enum: "OBL_SWEEPING" - `vrpConsent.initiation.localInstrument` (string, required) The bank's payment service used for making a payment. Presently only Faster Payments are supported. Enum: "FASTER_PAYMENTS" - `vrpConsent.initiation.debtor` (any) The debtor information. The account identifier (one of) is required if it's mandatory for the specific bank, or if the TPP decides to pass in the debtor information. - `vrpConsent.initiation.creditor` (any, required) The creditor information. The account information (one of) is required. - `vrpConsent.initiation.currency` (string, required) The ISO 4217 three letter currency code for this VRP consent. All amounts specified in this consent are in this currency. All payments created under this consent should use this currency. Example: "EUR" - `vrpConsent.initiation.minimumIndividualAmount` (string) The minimum amount for individual payments made under this consent, with up to four digits after the decimal point It should not exceed the maximumIndividualAmount or any of the periodic limits maximumAmount. Example: "5.0" - `vrpConsent.initiation.maximumIndividualAmount` (string, required) The maximum amount for individual payments made under this consent, with up to four digits after the decimal point. Example: "10000.0" - `vrpConsent.initiation.periodicLimits` (array, required) A list of periodic limits that are applied together as an intersection. At least one should be specified. - `vrpConsent.initiation.periodicLimits.maximumAmount` (string, required) The transaction amount with up to four digits after the decimal point. Example: "100.00" - `vrpConsent.initiation.periodicLimits.periodType` (string, required) Enum: "DAY", "WEEK", "MONTH", "YEAR" - `vrpConsent.initiation.periodicLimits.periodAlignment` (string) This field specifies whether the period starts on the consent start date or lines up with a calendar. If not specified, the CONSENT alignment is used. The consent start date is defined by the startDateTime field of the consent (the time element is disregarded) or the date when consent is created if the startDateTime is not specified. Enum: "CONSENT", "CALENDAR" - `vrpConsent.initiation.maximumOccurrences` (integer) The total number of payments that can be initiated under this consent. Any new payments will be rejected if the number is over this limit. This cannot be negative, 0 value is considered as not set. Example: 3 - `vrpConsent.initiation.callbackUrl` (string, required) The TPP's url that Token.io calls back to. This url should not be under the token.io domain and must be https/SSL secure. Example: "https://tpp.com/callback" - `vrpConsent.initiation.callbackState` (string, required) The uniquely-generated string included as part of the URL when communicating with the bank. It is sent to the bank during payment initiation and is also returned in the callback from the bank. You can use it to identify which payment the callback refers to, ensuring that the callback can be reliably matched to the original payment request. Example: "6242e45e-3063-4c42-8376" - `vrpConsent.initiation.returnRefundAccount` (boolean) This field indicates whether the RefundAccount object should be included in the VRP created under this consent. Example: true - `vrpConsent.initiation.risk` (object) This field is used to specify additional details for the risk scoring of payments. - `vrpConsent.initiation.risk.psuId` (string) The merchant's unique customer identifier for the user. Example: "0000789123" - `vrpConsent.initiation.risk.paymentContextCode` (string) This field describes the context of the payment context. This field is an OBIE standard and also maps to NextGenPsd2's purposeCode and categoryPurposeCode fields. We recommend that the TPP populates this field. Enum: "INVALID_PAYMENT_CONTEXT_CODE", "BILLING_GOODS_AND_SERVICES_IN_ADVANCE", "BILLING_GOODS_AND_SERVICES_IN_ARREARS", "PISP_PAYEE", "ECOMMERCE_MERCHANT_INITIATED_PAYMENT", "FACE_TO_FACE_POINT_OF_SALE", "TRANSFER_TO_SELF", "TRANSFER_TO_THIRD_PARTY" - `vrpConsent.initiation.risk.paymentPurposeCode` (string) The category code conforming to the Recommended UK Purpose Code in the ISO 20022 Payment Messaging List, related to the type of services or goods corresponding to the underlying purpose of the payment. This list applies to all banks that follow ISO 20022. CASH - CashManagementTransferCORT - TradeSettlementPaymentDVPM - DeliveryAgainstPaymentINTC - IntraCompanyPaymentTREA - TreasuryPaymentSUPP - SupplierPayment Enum: "CASH", "CORT", "DVPM", "INTC", "TREA", "SUPP" - `vrpConsent.initiation.risk.merchantCategoryCode` (string) The category code conforming to ISO 18245, relating to the type of services or goods provided by the merchant. A list of codes can be purchased here." Example: "4812" - `vrpConsent.initiation.risk.beneficiaryAccountType` (string) This information should be provided if the AccountType is known. Enum: "PERSONAL", "JOINT_PERSONAL", "PERSONAL_SAVINGS_ACCOUNT", "BUSINESS", "BUSINESS_SAVINGS_ACCOUNT", "CHARITY", "COLLECTION", "CORPORATE", "GOVERNMENT", "EWALLET", "INVESTMENT", "ISA", "PREMIER", "WEALTH", "PENSION" - `vrpConsent.initiation.risk.contractPresentIndicator` (boolean) This field indicates whether a Payee has a contractual relationship with the Payment Initiation Service Provider (PISP). Example: true - `vrpConsent.initiation.risk.beneficiaryPrepopulatedIndicator` (boolean) This field indicates whether the Payment Initiation Service Provider (PISP) has immutably prepopulated payment details for the user. Example: true - `vrpConsent.initiation.risk.deliveryAddress` (object) Specifies the recipient's delivery address details. - `vrpConsent.initiation.risk.deliveryAddress.addressLine` (array) Specifies the delivery address using multiple lines, as necessary. Example: ["Flat 2, The Red Lodge, 1 High Street"] - `vrpConsent.initiation.risk.deliveryAddress.addressType` (string) Specifies the type of address. Enum: "INVALID_ADDRESS_TYPE", "BUSINESS", "CORRESPONDENCE", "DELIVERYTO", "MAILTO", "POBOX", "POSTAL", "RESIDENTIAL", "STATEMENT" - `vrpConsent.initiation.risk.deliveryAddress.buildingNumber` (string) The building number within the delivery address. Example: "1" - `vrpConsent.initiation.risk.deliveryAddress.country` (string) Two-letter country code in upper case (ISO 3166-1 alpha-2). Example: "GB" - `vrpConsent.initiation.risk.deliveryAddress.countrySubDivision` (array) Identifies a subdivision of a country; for instance, a state, region, or county. Example: ["North Yorkshire"] - `vrpConsent.initiation.risk.deliveryAddress.department` (string) This OBIE specification maps to house number. Example: "1" - `vrpConsent.initiation.risk.deliveryAddress.postCode` (string) An identifier consisting of a group of letters and/or numbers that is added to a postal address to assist the sorting of mail. Example: "YO62 5JB" - `vrpConsent.initiation.risk.deliveryAddress.streetName` (string) The name of the respective street or thoroughfare in which the dwelling or business is located or where mail is received. Example: "High Street" - `vrpConsent.initiation.risk.deliveryAddress.subDepartment` (string) This OBIE specification maps to flats. Example: "Flat 2" - `vrpConsent.initiation.risk.deliveryAddress.townName` (string) The name of a built-up area with defined boundaries and a local government. Example: "York" - `vrpConsent.createdDateTime` (string, required) The time this VRP consent object was created (in ISO 8601 format). Example: "2017-04-05T10:43:07.123Z" - `vrpConsent.updatedDateTime` (string, required) The last time this VRP consent object was updated (in ISO 8601 format). Example: "2017-04-05T10:45:07.123Z" - `vrpConsent.status` (string, required) The Token.io VRP consent status. PENDING - Token.io has received the request to create a VRP consent and the request has passed Token.io's validation.PENDING_MORE_INFO - The initiaion lacks mandatory fields (e.g., bankId) that must be collected before connecting to the bank.PENDING_REDIRECT_AUTH - The consent request has been acknowledged by the bank and Token.io is awaiting user confirmation at the bank's page.PENDING_REDIRECT_AUTH_VERIFICATION - Token.io has received the callback information from the bank and is currently verifying it with the bank.AUTHORIZED - the VRP consent has been successfully authorized.REJECTED - The VRP consent has been rejected. More details are shared in the corresponding statusReasonInformation field.REVOKED - The VRP consent has been revoked by the user.FAILED - Token.io failed to proceed with the consent as a result of problems with the bank, or because the user has abandoned the request. All PENDING statuses convert to FAILED 30 minutes after consent creation. Enum: "PENDING", "PENDING_MORE_INFO", "PENDING_REDIRECT_AUTH", "PENDING_REDIRECT_AUTH_VERIFICATION", "AUTHORIZED", "REJECTED", "REVOKED", "FAILED" - `vrpConsent.bankVrpConsentId` (string) The VRP consent id from the bank. This field can be empty if the consent id isn't available on the bank side. Example: "4jq34dwjgi9MCK2MXB9f7v" - `vrpConsent.bankVrpConsentStatus` (string) The raw bank status. This field can be empty if the consent status isn't available on the bank side. Example: "AwaitingAuthorization" - `vrpConsent.statusReasonInformation` (string) A human-readable description of the reason for the reported status, which may include a message from the bank. This value should not exceed 256 characters in length. Example: "The consent resource is awaiting user authorization." - `vrpConsent.authentication` (object) The authentication operation required to proceed with consent creation. This is present when the consent initiation request has been created at the bank, but the consent hasn't been authorized or rejected yet. - `vrpConsent.authentication.redirectUrl` (string, required) This URL redirects the user in order to authorize the consent creation. Example: "http://psu-redirect.com" ## Response 401 fields (application/json): - `error` (object) The request does not have valid authentication credentials needed to perform the operation. - `error.message` (string) A description of the error. Example: "This is a description of the error." - `error.tokenTraceId` (string) The trace identifier for the given call. Example: "5678912345" ## Response 404 fields (application/json): - `error` (object, required) Error object returned when given VRP consent cannot be found. The error code value is Resource.NotFound. - `error.errorCode` (string, required) A textual error code categorising the error. Example: "InternalServerError" - `error.vrpConsentId` (string, required) VRP consent id. Example: "vc:12345abcd:abcde" - `error.message` (string, required) A description of the error that occurred and a possible way to fix it. Example: "This is a description of the error." - `error.tokenTraceId` (string) The trace identifier for the given call. Example: "5678912345" ## Response 500 fields (application/json): - `error` (object) This could refer to either an error by the payment service provider or the bank. When the bank reports a 5xx error, "token-external-error": "true" is set as a header in the HTTP response, indicating that the "internal" error originates from the bank. When one of the payment service providers internal services fails or when the bank reports a 4xx error, this header is not populated. The absence of this response header should be interpreted as "token-external-error": "false". - `error.errorCode` (string, required) This is a textual error code categorising the error. Example: "InternalServerError" - `error.message` (string, required) A description of the error. Example: "This is a description of the error." - `error.tokenTraceId` (string) The trace identifier for the given call. Example: "5678912345"