Void an Authorization
POST /v1/payments/void
Cancels an authorized payment before it has been captured. Only PaymentIntents with status authorized can be voided.
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
payment_intent_id | string (UUID) | Yes | The ID of the authorized PaymentIntent to void. |
connector_account | string | No | Must equal the connector account that settled the originating authorize. See the override-forbidden note below. |
Void inherits the authorize’s connector account. The gateway voids
through the same connector_account that authorized the charge.
Passing a different connector_account (body or X-Connector-Account
header) returns 400 connector_account_override_forbidden. This is a
hard invariant for PCI chain-of-custody.
Examples
Response
{
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"merchant_id": "m1234567-89ab-cdef-0123-456789abcdef",
"amount": 5000,
"currency": "usd",
"status": "canceled",
"capture_method": "manual",
"gateway_token": "tok_test_aBcDeFgHiJkLmNoPqRsTuVwX",
"connector_id": "stripe",
"connector_account_id": "aa0e8400-e29b-41d4-a716-446655440aaa",
"connector_account_short_id": "ca_abc123def4",
"test_mode": true,
"created_at": "2026-03-18T12:00:00Z",
"updated_at": "2026-03-18T12:00:02Z",
"canceled_at": "2026-03-18T12:00:02Z"
}Error — override forbidden
Void refuses any connector_account that differs from the one that
authorized the PaymentIntent. If the originating authorize used
ca_abc123def4 but void specifies ca_ghi789jkl0:
POST /v1/payments/void
Authorization: Bearer sk_test_your_key_here
Idempotency-Key: void_01HK...
Content-Type: application/json
{
"payment_intent_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"connector_account": "ca_ghi789jkl0"
}Response — 400 Bad Request:
{
"error": {
"type": "invalid_request_error",
"code": "connector_account_override_forbidden",
"message": "Void must use the same connector_account as the originating authorization.",
"param": "connector_account",
"request_id": "req_01HK9ABCD3F7X1YZ2Q3W4E5R6T"
}
}Fix: drop the connector_account field on void — the gateway
inherits it from the originating authorize automatically.
When to Use
Void an authorization when:
- The customer cancels their order before shipment.
- You detect fraud before capturing funds.
- The authorization is no longer needed.
Timing: Void as soon as possible. Once an authorization expires or is captured, it cannot be voided. Use Refund instead for captured payments.
Error Cases
| Error Code | HTTP Status | Cause |
|---|---|---|
invalid_param | 400 | Missing payment_intent_id |
payment_intent_not_found | 404 | PaymentIntent does not exist |
invalid_state_transition | 409 | PaymentIntent is not in authorized status |
connector_account_override_forbidden | 400 | Void supplied a different connector_account than the originating authorize. See example above. |
connector_account_inactive | 400 | Originating connector account has since been soft-deleted. |
originating_account_unavailable | 409 | Originating connector account has been hard-deleted; void cannot route through it. |