In some instances, particularly with SEPA payments, Token.io may not receive a final status update from the bank even though the funds have been credited to the payee. This issue often arises from access token limitations, as certain banks allow only one active access token at a time. When a Payment Service User (PSU) initiates another transaction, the original access token can be invalidated, preventing Token.io from obtaining the final status for the original payment.
These banks include:
1. REDSYS (all banks)
2. SEB Sweden
3. SEB Baltics
4. Swedbank (all banks)
5. BRD
6. Comdirect
Example scenarios below:
REDSYS (Spanish) banks
The bank initially responds with:
{
"transactionStatus": "ACWP"
}where ACWP stands for Accepted Without Posting, meaning the transaction has been accepted for processing but has not yet been fully posted to the recipient's account.
This is often followed by an error message similar to:
{
"tppMessages": [
{
"category": "ERROR",
"code": "INVALID_GRANT",
"text": "The enrollment found from the token provided has been invalidated by another enrollment with the same actor, user id, and client id or revoked by the user."
}
]
}SEB banks and Swedbanks
The bank initially responds with:
{
"transactionStatus": "ACTC"
}where ACTC stands for Accepted Credit Transfer Confirmation, indicating that the credit transfer has been accepted by the processor or bank and is en route to the recipient, though it may not yet be settled in their account.
This is often followed by an error message similar to:
{
"tppMessages": [
{
"category": "ERROR",
"code": "TOKEN_EXPIRED",
"text": "Provided refresh_token expired"
}
]
}These error messages indicate that the access token for the initial payment has been invalidated, either due to a new transaction or because the PSU explicitly revoked it. In these cases, Token.io cannot call the `/status` endpoint to retrieve a final status, as only the latest valid refresh token will be accepted by the bank. These banks confirm that status updates are only accessible with the most recent access token generated from the latest enrolment between the TPP and PSU.
If you encounter this issue, first check the PSU's bank statement to confirm if the funds have been credited. If so, consider the payment successful, as Token.io cannot retrieve further status updates with the invalidated token. In these scenarios, funds will still move as indicated, and no additional status polling is necessary.