Declines a CVV or AVS verification result from a recurring session and triggers deletion of the associated token. Use this endpoint when your application determines that the CVV or AVS result from a prior recurring session is unacceptable and the stored card token should be removed.
Ack / Nack pattern for recurring sessions
After a recurring session completes, your application evaluates the CVV (cvv2Cvc2Status) and AVS (avsStatus) results returned by the gateway.
Acceptable result — Call Recurring — Ack to confirm the session. The token is retained for future recurring charges.
Unacceptable result — Call this endpoint (Nack) to decline the session. The token is permanently deleted and cannot be used for future charges.
API Key
Generate your API key from the Payments Manager: Administrator Client → API Key → Add New Key. Pass it as auth-api-key in every request.
Company & Merchant Numbers
Your CompanyNumber (5-digit) and MerchantNumber (8-digit) are issued by PayFacto during onboarding. Both are required on every Nack request.
Environment Base URL
Test: https://test.api.payfacto.cloud/v1 | Production: Provided by the PayFacto Integration team upon certification.
Session ID
You must have stored the ID returned by the recurring session creation response. This is the identifier passed to this endpoint to target the correct session and token for deletion.
Request Format — Base64-Encoded Payload
Requests use HTTP POST with an application/x-www-form-urlencoded body. Assemble all parameters as a cleartext query string, Base64-encode it, then send: auth-api-key={key}&payload={base64}.
Sending a Nack is irreversible. Once processed, the token associated with the session ID is permanently deleted and cannot be recovered. Ensure the CVV/AVS result genuinely warrants rejection before calling this endpoint.
All parameters are passed inside the Base64-encoded payload form field. Raw body format: auth-api-key=<key>&payload=<base64>.
Required fields
The example below uses the test endpoint and a sandbox API key. Replace credentials and base URL before going live.
Always returned
The following codes are specific to this endpoint. For the complete catalogue see the Return Code Index.