diff --git a/api/annuler.php b/api/annuler.php
new file mode 100644
index 0000000..fd36cd5
--- /dev/null
+++ b/api/annuler.php
@@ -0,0 +1,76 @@
+<?php
+
+require_once("commun.php");
+
+verifierJeton(donne("jeton"));
+
+if (!donne("idTransaction")) {
+    retour("requete_malformee");
+}
+
+$requete = $db->prepare("SELECT type, client, UNIX_TIMESTAMP(date), montant, utilisateur, valide FROM Transactions WHERE id=?");
+$requete->bind_param("s", $_POST['idTransaction']);
+if (!$requete->execute()) {
+    retour("erreur_bdd", ["message" => $requete->error]);
+}
+$requete->bind_result($type, $client, $date, $montant, $utilisateur, $valide);
+if (!$requete->fetch()) {
+    retour("transaction_inconnue");
+}
+$requete->close();
+
+if (!$valide) {
+    retour("transaction_deja_annulee");
+}
+
+if ($utilisateur != $login) {
+    verifierDroit(3, "transaction_autre");
+}
+
+if (time() > $date + TRANSACTION_DUREE) {
+    verifierDroit(3, "transaction_expire");
+}
+
+$requete = $db->prepare("SELECT solde FROM Clients WHERE idCarte=?");
+$requete->bind_param("s", $client);
+$requete->bind_result($soldeAncien);
+if (!$requete->execute()) {
+    retour("erreur_bdd", ["message" => $requete->error]);
+}
+$requete->fetch();
+$requete->close();
+
+switch ($type) {
+case TRANSACTION_CREATION:
+case TRANSACTION_RECHARGEMENT:
+    $soldeNouveau = $soldeAncien - $montant;
+    break;
+
+case TRANSACTION_PAIEMENT:
+case TRANSACTION_VIDANGE:
+    $soldeNouveau = $soldeAncien + $montant;
+    break;
+
+default:
+    retour("erreur_interne");
+    break;
+}
+
+$requete = $db->prepare("UPDATE Clients SET solde=? WHERE idCarte=?");
+$requete->bind_param("ss", $soldeNouveau, $client);
+if (!$requete->execute()) {
+    retour("erreur_bdd", ["message" => $requete->error]);
+}
+$requete->close();
+
+
+$requete = $db->prepare("UPDATE Transactions SET valide=0 WHERE id=?");
+$requete->bind_param("s", $_POST["idTransaction"]);
+if (!$requete->execute()) {
+    retour("erreur_bdd", ["message" => $requete->error]);
+}
+$requete->close();
+
+retour("ok", ["soldeAncien" => $soldeAncien, "soldeNouveau" => $soldeNouveau]);
+
+?>
diff --git a/api/commun.php b/api/commun.php
index ea2b113..c5a0f85 100644
--- a/api/commun.php
+++ b/api/commun.php
@@ -16,6 +16,8 @@ define("TRANSACTION_RECHARGEMENT", 2);
 define("TRANSACTION_PAIEMENT", 3);
 define("TRANSACTION_VIDANGE", 4);
 
+define("TRANSACTION_DUREE", 60);
+
 // Fonctions utiles
 function retour($status, $donnees = array()) { // Renvoie les données passées
     $donnees['status'] = $status;
@@ -63,12 +65,12 @@ function verifierJeton($jeton) {
     $requete->close();
 }
 
-function verifierDroit($droitMinimum) {
+function verifierDroit($droitMinimum, $retour = "droits_insuffisants") {
     global $droit;
     if (donne("jeton")) {
         verifierJeton(donne("jeton"));
         if ($droit < $droitMinimum) {
-            retour("droits_insuffisants");
+            retour($retour);
         }
     } else {
         retour("jeton_vide");
--
libgit2 0.21.2