Payments API Cancel

I just did a test of my own with PHP SDK version 38.1.0.20240919, making a request to the CancelPayment endpoint. It succeeded, with these headers being set:

content-length: 0
content-type: application/x-www-form-urlencoded
square-version: 2024-09-19
accept-encoding: gzip
accept: application/json
user-agent: Square-PHP-SDK/38.1.0.20240919 (2024-09-19) PHP/8.3.8 (Darwin-23.6.0)

The Content-Type header was included in my request. That’s interesting that this is only happening with CancelPayment for you. Are there any differences between how/when you’re calling CancelPayment compared to the other endpoints you tested with?

I can say by looking at the code I have from composer with the latest PHP SDK that the methods cancelPayment() and completePayment() build the request differently and content-type is explicitly set as a header for completePayment, but not cancelPayment. You tell me that this is correct? This is done for all the other calls in this file below.

Here is the path where I am looking: vendor/square/square/src/Apis/PaymentsApi.php

public function cancelPayment(string $paymentId): ApiResponse
    {
        $_reqBuilder = $this->requestBuilder(RequestMethod::POST, '/v2/payments/{payment_id}/cancel')
            ->auth('global')
            ->parameters(TemplateParam::init('payment_id', $paymentId));

public function completePayment(string $paymentId, CompletePaymentRequest $body): ApiResponse
    {
        $_reqBuilder = $this->requestBuilder(RequestMethod::POST, '/v2/payments/{payment_id}/complete')
            ->auth('global')
            ->parameters(
                TemplateParam::init('payment_id', $paymentId),
                HeaderParam::init('Content-Type', 'application/json'),
                BodyParam::init($body)
            );

Are you whitelisted by Cloudflare? I modified the code on the server to do another test. I am still being blocked by Cloudflare with seemingly good headers now. I could very well have a request that y’all are expecting, but it’s not making it to the endpoint.

[request:protected] => Square\Http\HttpRequest Object
        (
            [httpMethod:Core\Types\Sdk\CoreRequest:private] => Post
            [headers:Core\Types\Sdk\CoreRequest:private] => Array
                (
                    [Square-Version] => 2024-09-19
                    [user-agent] => Square-PHP-SDK/38.1.0.20240919 (2024-09-19) PHP/8.1.30 (Linux-3.10.0-1160.92.1.el7.x86_64) 
                    [Content-Type] => application/json
                    [Authorization] => Bearer xxxxxxxxxxxxxxxxxxxx
                    [Accept] => application/json
                )

            [queryUrl:Core\Types\Sdk\CoreRequest:private] => https://connect.squareupsandbox.com/v2/payments/pCpX55k2PHTrG8lXC5YwYIMskGGZY/cancel
            [parameters:Core\Types\Sdk\CoreRequest:private] => Array
                (
                )

        )

Only thing different from my basic curl request that worked is the user-agent and accept headers being passed with SDK. Without those headers, the basic curl request from our server works.

curl https://connect.squareupsandbox.com/v2/payments/pCpX55k2PHTrG8lXC5YwYIMskGGZY/cancel -X POST -H 'Square-Version: 2024-09-19' -H 'Authorization: Bearer xxxxxxx' -H 'Content-Type: application/json'

Bump. Any news on this?

Where is your hosting provider? Is in Ukraine?

No. It is located in Dallas, Texas with Rackspace.

Have you tested this using localhost and if so did it work as expected?

I had showed in a previous reply that I tried from our server. I used a regular curl request with the expected headers. It worked as expected. I even showed code that looks wrong in a previous reply, but I have no response from you. Is there somebody else I should be talking to help me with this? Am I in the wrong place?

I just took a look at the example you provided and this payment vpb7DlZ71UbMutwH5rxvnbgsbuSZY was completed. Are you trying to cancel a payment after you call CompletePayment? If so that’s not possible. You can only call CancelPayment on AUTHORIZED payments. If you want to cancel a completed payment you’ll need to refund the payment.

I told you that I was able to cancel that one by a curl request manually as a test. The SDK still didn’t work for me.

That payment is COMPLETED. It is not canceled. Here is the payment from the API response:

{
    "payment": {
        "id": "vpb7DlZ71UbMutwH5rxvnbgsbuSZY",
        "created_at": "2024-10-10T21:38:24.273Z",
        "updated_at": "2024-10-11T15:55:15.590Z",
        "amount_money": {
            "amount": 2613,
            "currency": "USD"
        },
        "status": "COMPLETED",
        "delay_duration": "PT168H",
        "source_type": "CARD",
        "card_details": {
            "status": "CAPTURED",
            "card": {
                "card_brand": "DISCOVER",
                "last_4": "0004",
                "exp_month": 3,
                "exp_year": 2028,
                "fingerprint": "sq-1-cbVYiJ-h4rRelDRB1wukUWtVs9evi_aHC3xvBD7hx9ITn86wbXde_uexHvBs01uMNA",
                "card_type": "CREDIT",
                "prepaid_type": "NOT_PREPAID",
                "bin": "601100"
            },
            "entry_method": "KEYED",
            "cvv_status": "CVV_ACCEPTED",
            "avs_status": "AVS_ACCEPTED",
            "statement_description": "SQ *DEFAULT TEST ACCOUNT",
            "card_payment_timeline": {
                "authorized_at": "2024-10-10T21:38:24.396Z",
                "captured_at": "2024-10-11T15:55:14.132Z"
            }
        },
        "location_id": "1042EFC3RVW48",
        "order_id": "dLSI08YLZmZvRiXvHd8DeqZnZf4F",
        "reference_id": "100466",
        "risk_evaluation": {
            "created_at": "2024-10-10T21:38:24.397Z",
            "risk_level": "NORMAL"
        },
        "processing_fee": [
            {
                "effective_at": "2024-10-11T17:55:15.000Z",
                "type": "INITIAL",
                "amount_money": {
                    "amount": 106,
                    "currency": "USD"
                }
            }
        ],
        "buyer_email_address": "[email protected]",
        "billing_address": {
            "address_line_1": "83 Bay St",
            "address_line_2": "",
            "locality": "Manchesterлы",
            "administrative_district_level_1": "NH",
            "postal_code": "03104",
            "country": "US",
            "first_name": "Matthewшел",
            "last_name": "Baerлы"
        },
        "shipping_address": {
            "address_line_1": "83 Bay St",
            "locality": "Manchester",
            "administrative_district_level_1": "CO",
            "postal_code": "03104",
            "country": "US"
        },
        "note": "sandbox.foreseeing.com: Bibliopolis Order #100466",
        "total_money": {
            "amount": 2613,
            "currency": "USD"
        },
        "approved_money": {
            "amount": 2613,
            "currency": "USD"
        },
        "receipt_number": "vpb7",
        "receipt_url": "https://squareupsandbox.com/receipt/preview/vpb7DlZ71UbMutwH5rxvnbgsbuSZY",
        "delay_action": "CANCEL",
        "delayed_until": "2024-10-17T21:38:24.273Z",
        "application_details": {
            "square_product": "ECOMMERCE_API",
            "application_id": "sandbox-sq0idb-ebTnngKOH4ne39ifBFJltg"
        },
        "version_token": "hOSbtWTwNUCkf6ihviJykA069NJY1HGqWlMSuXXrFRz6o"
    }
}

If you try to call CancelPayment with a COMPLETED payment you’ll get this error:

{
    "errors": [
        {
            "code": "BAD_REQUEST",
            "detail": "Payment vpb7DlZ71UbMutwH5rxvnbgsbuSZY is in inflight state COMPLETED, which is invalid for the requested operation",
            "category": "INVALID_REQUEST_ERROR"
        }
    ]
}

Do you have an example of an AUTHORIZED payment your trying to call CancelPayment with that is failing?

My apologies, I didn’t check what you sent. I assumed you used the latest example, but you seemed to pull an older one that I was testing that our Approval process still worked.

Here is a new test payment id that is in the proper status to either be CAPTURED or CANCELLED: ZsObABSVpCKQecjizUmeGyD1SFCZY

My apologies again. I was testing that it worked from localhost and the call went through. So that payment I just gave you is now CANCELLED. It does work as expected from localhost. Y’all are blocking our server for whatever reason and it would be nice to get to the bottom of it.

I just checked the logs and I see a call to CANCEL but it’s a GET request instead of a POST. Looking at some of your previous examples I see that you have it as a POST request but I do see in our logs a GET. Can you double check the code and make sure your sending a valid POST request to CancelPayment.

I am using the SDK. Y’all control that. I merely call the SDK, pass it the data and it does the work. Also, the example requests I showed you were POSTs. I’m not sure what GET requests you’re seeing, but whatever it is it’s your SDK doing it not me.

Please, don’t lose site of the this comment I just posted about it working from localhost with the SDK. So, it is something about cloudflare blocking my request from our server with the SDK. It is that specific. Since a normal curl request from our sever works. It would be nice to get to the bottom of why cloudflare is blocking me. Whatever other data about my request you need to solve that I can give.

What’s the IP address of the server?

The sever ip is 65.61.168.241

Everything looks good with that IP. Is Cloudflare providing Ray ID?

Here is a timestamp and headers returned from cloudflare when we were blocked.

[0] => HTTP/1.1 400 Bad Request
[Server] => cloudflare
[Date] => Mon, 28 Oct 2024 18:08:05 GMT
[Content-Type] => text/html
[Content-Length] => 155
[Connection] => close
[CF-RAY] => -