Remove account token

POST

/api/aof/remove-account

This API allows you to remove a customer's linked account token from your platform. Once the token is removed, this action cannot be undone, and the token will no longer be valid for purchases.

Request

Header Params

Content-Type

string

required

Example:

application/json

Body Params application/json

req_time

string

required

Request date and time in UTC format as YYYYMMDDHHmmss.

merchant_id

string

required

A unique merchant key provided by ABA Bank.

<= 20 characters

ctid

string

required

Your customer token. Each customer must have a unique ctid.

<= 250 characters

pwt

string

required

Token generated by the payment gateway.

<= 250 characters

hash

string

required

Base64-encoded HMAC-SHA512 hash of concatenated values merchant_id, req_time, ctid, and pwt, using public_key.

PHP Sample Code

Example

{
    "req_time": "20250305114648",
    "merchant_id": "ec000002",
    "ctid": "522235C...C8FA2890C5378D7",
    "pwt": "522235462D55FA...6AF3DA7B968DD7B7F57A",
    "hash": "K1g6XnbVSyN1L/...RM1HrsmPDgfdUzT/6Ru9HV+H/yn1qLow=="
}

Request samples

Shell

JavaScript

Java

Swift

PHP

Python

HTTP

Objective-C

Ruby

OCaml

Dart

curl --location --request POST '/api/aof/remove-account' \
--header 'Content-Type: application/json' \
--data-raw '{
    "req_time": "20250305114648",
    "merchant_id": "ec000002",
    "ctid": "522235C...C8FA2890C5378D7",
    "pwt": "522235462D55FA...6AF3DA7B968DD7B7F57A",
    "hash": "K1g6XnbVSyN1L/...RM1HrsmPDgfdUzT/6Ru9HV+H/yn1qLow=="
}'

Responses

🟢200OK

application/json

Body

status

object

required

code

string

required

00 : Success

04 : Missing required parameter

29 : Invalid ctid or pwt value

500 : Server-side error

message

string

required

Please see more details on the property code above.

Example

{
    "status": {
        "code": "00",
        "message": "Success"
    }
}

Purchase using token

Remove card token