Voiding an authorized payment
A void describes the process of how merchants void funds for an authorized payment. A void is the second part of a two-part payment flow, and occurs after an authorized payment is finalized. Finalized payments have
kind set to
authorization. When a merchant wishes to cancel the order for an authorized transaction, Shopify sends a void request to a payments app, and the app can resolve or reject it.
- The merchant requests to void an authorized payment.
- Shopify sends a backend request to the payments app, specifying the void request.
- The app replies with a 201 and an empty response body.
- The app finalizes the void request using either voidSessionResolve or voidSessionReject mutations.
- Shopify updates the payment status.
- You've completed the Getting started building payments apps.
- You've familiarized yourself with the general transaction requirements.
- You meet the payments apps requirements.
To use the GraphQL mutations, your app must be aware of access scopes for payments apps.
Initiate the flow
A void can only be performed when the payment initiated by Shopify has a
kind property with a value of
authorization. With an authorization you place a hold on funds and then reply to Shopify's void request with either VoidSessionResolve or VoidSessionReject mutations to either accept or reject the voiding of funds.
The void flow begins with an HTTP request sent from Shopify to the provider's URL as provided during app extension configuration:
||Unique identifier for the void attempt. Used as the idempotency key. It can be assumed that requests with a given ID are identical to any previously-received requests with the same ID.||
||Identifies the void when communicating with Shopify (in GraphQL mutations, for example).||
||The ID of the authorized payment that is to be voided.||
||The IETF BCP 47 language tag representing the language used by the merchant.||
||A timestamp representing when the void request was proposed.||
Shopify must receive a HTTP 201 response for the void session creation to be successful.
If the request fails, then it is retried several times. If the request still fails, then the merchant needs to manually retry the void in the Shopify admin.
Resolve a void request
After you've successfully processed the void request, you can resolve it by using the voidSessionResolve mutation:
id argument corresponds to the
gid of the void.
Reject a void request
If you can't process a void request, then you should reject it. You should only reject a void in the case of final and irrecoverable errors. Otherwise, you can re-attempt to resolve the void.
You can reject a void using the voidSessionReject mutation:
As part of the rejection, you need to include a reason why the void was rejected as part of VoidSessionRejectionReasonInput.
VoidSessionRejectionReasonInput.code is a
VoidSessionStatusReasonRejectionCode, which is an enum of standardized error codes.
VoidSessionRejectionReasonInput.merchantMessage argument is a localized error message presented to the merchant explaining why the void was rejected.
If there's a Shopify service disruption (or if 5xx status codes are being returned), then requests must be retried. It is suggested to follow the guidelines in the retry policy section.