> ## Documentation Index
> Fetch the complete documentation index at: https://docs.crossmint.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Remove Cards
> Remove saved cards, delete agents, and rotate card permissions.
## Introduction
This page covers the independent lifecycle operations for the cards flow. Pick the section that matches what you need to do — each operation is self-contained.
| If you need to… | See |
| ----------------------------------------------------------------- | ----------------------------------------------------- |
| Stop a saved card from being used for any future card permissions | [Remove a saved card](#remove-a-saved-card) |
| Cut off an agent's ability to create new card permissions | [Delete an agent](#delete-an-agent) |
| Immediately invalidate a single active card permission | [Revoke a card permission](#revoke-a-card-permission) |
| Replace a card permission whose credentials may be compromised | [Rotate a card permission](#rotate-a-card-permission) |
## Prerequisites
* An authenticated user with a valid JWT.
* The ID of the resource you want to modify (`paymentMethodId` for a card, `agentId` for an agent).
## Remove a Saved Card
Send a `DELETE` request with the `paymentMethodId`. The card can no longer be used to create new card permissions.
```typescript theme={null}
const BASE_URL = "https://staging.crossmint.com/api/unstable";
async function removePaymentMethod(jwt: string, paymentMethodId: string) {
const response = await fetch(
`${BASE_URL}/payment-methods/${paymentMethodId}`,
{
method: "DELETE",
headers: {
"Content-Type": "application/json",
"X-API-KEY": CROSSMINT_CLIENT_API_KEY,
Authorization: `Bearer ${jwt}`,
},
}
);
if (!response.ok) {
throw new Error(`Failed to remove payment method (${response.status})`);
}
}
```
Removing a saved card does **not** cancel card permissions already created against it. Active order intents keep working until their internal expiration is reached. To cut off an in-flight order intent immediately, [revoke it](#revoke-a-card-permission) or delete the agent.
## Delete an Agent
Send a `DELETE` request with the `agentId`. The agent loses the ability to create new card permissions, and any active order intents tied to it stop working.
```typescript theme={null}
const BASE_URL = "https://staging.crossmint.com/api/unstable";
async function deleteAgent(jwt: string, agentId: string) {
const response = await fetch(
`${BASE_URL}/agents/${agentId}`,
{
method: "DELETE",
headers: {
"Content-Type": "application/json",
"X-API-KEY": CROSSMINT_CLIENT_API_KEY,
Authorization: `Bearer ${jwt}`,
},
}
);
if (!response.ok) {
throw new Error(`Failed to delete agent (${response.status})`);
}
}
```
Deletion is permanent. To restore the agent's ability to spend, register a new agent by following [Register an Agent](/agents/payment-methods/cards/register-agent).
## Revoke a Card Permission
To immediately invalidate a single card permission — for example if its credentials may have been compromised — send a `DELETE` request with the `orderIntentId`. The order intent transitions to the `revoked` phase and its credentials can no longer be used for purchases.
Only order intents currently in the `active` or `requires-verification` phase can be revoked. Already-`expired` or already-`revoked` order intents return an error.
```typescript theme={null}
const BASE_URL = "https://staging.crossmint.com/api/unstable";
async function revokeOrderIntent(jwt: string, orderIntentId: string) {
const response = await fetch(
`${BASE_URL}/order-intents/${orderIntentId}`,
{
method: "DELETE",
headers: {
"Content-Type": "application/json",
"X-API-KEY": CROSSMINT_CLIENT_API_KEY,
Authorization: `Bearer ${jwt}`,
},
}
);
if (!response.ok) {
throw new Error(`Failed to revoke order intent (${response.status})`);
}
}
```
A successful revoke returns `204 No Content`. The underlying saved card and agent are untouched — only the targeted order intent is affected. To replace it with a new card permission, see [Rotate a card permission](#rotate-a-card-permission).
For the full schema, see the [Revoke Card Permission API Reference](/api-reference/agentic-commerce/order-intents/revoke-order-intent).
## Rotate a Card Permission
To rotate a card permission — for example if its credentials may have been compromised — revoke the old order intent and create a replacement:
1. [Revoke](#revoke-a-card-permission) the old order intent so its credentials can no longer be used.
2. Create a new order intent against the same saved card with the same (or updated) spending rules. See [Give Card Permission](/agents/payment-methods/cards/create-card-permissions).
3. Have the user authorize the new intent via passkey.
4. Use the new credentials in your checkout flow.
```typescript theme={null}
await revokeOrderIntent(jwt, oldOrderIntentId);
// Create a replacement card permission against the same payment method
const newOrderIntent = await createOrderIntent(jwt, agentId, paymentMethodId, mandates);
// If requires-verification, prompt the user for passkey authorization,
// then fetch credentials for the new card
const newCredentials = await fetchCardCredentials(jwt, newOrderIntent.orderIntentId, merchant);
```
To cut off an agent's access to **all** of its card permissions immediately, [delete the agent](#delete-an-agent) instead. For the full list of order intent phases — including `revoked` and `expired` — see the [Get Order Intent API Reference](/api-reference/agentic-commerce/order-intents/get-order-intent).
## Next Steps
Set up a new scoped card permission with updated spending rules.
Create a new agent after deleting one.