senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/docs/API_REFERENCE.md
senke c785e61e69
Some checks failed
Backend API CI / test-unit (push) Failing after 0s
Details
Backend API CI / test-integration (push) Failing after 0s
Details
Frontend CI / test (push) Failing after 0s
Details
Storybook Audit / Build & audit Storybook (push) Failing after 0s
Details
feat(v0.701): AdminTransfers page/route, MSW, stories, Deep Health, API ref, docs, scope v0.702 
- Step 13: AdminTransfersPage, LazyAdminTransfers, route /admin/transfers
- Step 14: MSW handlers admin transfers
- Step 15: AdminTransfersView stories (Default, Empty, WithFailedTransfers, Error, Loading)
- Step 16-17: DeepHealth handler (disk, config), GET /health/deep
- Step 19: health_deep_test.go (4 tests)
- Step 20: docs/API_REFERENCE.md
- Step 21: Archive V0_604, MIGRATIONS.md migration 116
- Step 22: CHANGELOG, PROJECT_STATE, FEATURE_STATUS v0.701
- Step 23: RETROSPECTIVE_V0701, V0_702 placeholder, SCOPE_CONTROL, .cursorrules
- Step 24: Archive V0_701_RELEASE_SCOPE
- Fix: AdminTransfersView Select component (use options API)
2026-02-23 23:42:02 +01:00

6.7 KiB
Raw Blame History

API Reference — Veza Backend

Base URL: http://localhost:8080/api/v1 (or your APP_DOMAIN)

All responses use the format: { "success": true|false, "data": {...} } or { "success": false, "error": "..." }.

Authentication

POST /auth/register

Register a new user.

Auth: None

Body:

{
  "username": "johndoe",
  "email": "john@example.com",
  "password": "SecureP@ssw0rd"
}

Example:

curl -X POST http://localhost:8080/api/v1/auth/register \
  -H "Content-Type: application/json" \
  -d '{"username":"johndoe","email":"john@example.com","password":"SecureP@ssw0rd"}'

Response (201):

{
  "success": true,
  "data": {
    "user": { "id": "uuid", "username": "johndoe", "email": "john@example.com" },
    "access_token": "eyJ...",
    "refresh_token": "eyJ...",
    "expires_in": 3600
  }
}

POST /auth/login

Login with email and password.

Auth: None

Body:

{
  "email": "john@example.com",
  "password": "SecureP@ssw0rd"
}

Example:

curl -X POST http://localhost:8080/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email":"john@example.com","password":"SecureP@ssw0rd"}'

Response (200):

{
  "success": true,
  "data": {
    "access_token": "eyJ...",
    "refresh_token": "eyJ...",
    "expires_in": 3600,
    "user": { "id": "uuid", "username": "johndoe", "email": "john@example.com" }
  }
}

POST /auth/refresh

Refresh access token using refresh token.

Auth: None (refresh token in body or cookie)

Body:

{
  "refresh_token": "eyJ..."
}

Example:

curl -X POST http://localhost:8080/api/v1/auth/refresh \
  -H "Content-Type: application/json" \
  -d '{"refresh_token":"eyJ..."}'

POST /auth/logout

Logout and invalidate refresh token.

Auth: Bearer token (optional)

Example:

curl -X POST http://localhost:8080/api/v1/auth/logout \
  -H "Authorization: Bearer eyJ..."

Marketplace

GET /marketplace/products

List marketplace products (paginated).

Auth: None (public)

Query params: limit, offset, search, sort

Example:

curl "http://localhost:8080/api/v1/marketplace/products?limit=20&offset=0"

Response (200):

{
  "success": true,
  "data": {
    "products": [...],
    "total": 42
  }
}

GET /marketplace/products/:id

Get a single product by ID.

Auth: None (public)

Example:

curl http://localhost:8080/api/v1/marketplace/products/uuid-here

POST /marketplace/orders

Create an order (checkout).

Auth: Bearer token (required)

Body: Cart items, payment method, etc.

Example:

curl -X POST http://localhost:8080/api/v1/marketplace/orders \
  -H "Authorization: Bearer eyJ..." \
  -H "Content-Type: application/json" \
  -d '{"items":[{"product_id":"uuid","quantity":1}],"payment_method":"card"}'

Seller

GET /sell/balance

Get seller balance (Stripe Connect).

Auth: Bearer token (required)

Example:

curl http://localhost:8080/api/v1/sell/balance \
  -H "Authorization: Bearer eyJ..."

Response (200):

{
  "success": true,
  "data": {
    "connected": true,
    "available": 12500,
    "pending": 3200
  }
}

GET /sell/transfers

List seller transfers (payout history).

Auth: Bearer token (required)

Example:

curl http://localhost:8080/api/v1/sell/transfers \
  -H "Authorization: Bearer eyJ..."

POST /sell/connect/onboard

Get Stripe Connect onboarding URL.

Auth: Bearer token (required)

Example:

curl -X POST http://localhost:8080/api/v1/sell/connect/onboard \
  -H "Authorization: Bearer eyJ..."

Response (200):

{
  "success": true,
  "data": {
    "onboarding_url": "https://connect.stripe.com/..."
  }
}

Admin

GET /admin/transfers

List all platform transfers (admin only, paginated).

Auth: Bearer token (admin role required)

Query params: status, seller_id, from, to, limit, offset

Example:

curl "http://localhost:8080/api/v1/admin/transfers?status=failed&limit=50&offset=0" \
  -H "Authorization: Bearer eyJ..."

Response (200):

{
  "success": true,
  "data": {
    "transfers": [
      {
        "id": "uuid",
        "seller_id": "uuid",
        "order_id": "uuid",
        "amount_cents": 2699,
        "platform_fee_cents": 300,
        "currency": "EUR",
        "status": "failed",
        "retry_count": 1,
        "next_retry_at": "2026-02-24T10:00:00Z",
        "created_at": "2026-02-23T12:00:00Z"
      }
    ],
    "total": 5
  }
}

POST /admin/transfers/:id/retry

Manually retry a failed transfer (admin only).

Auth: Bearer token (admin role required)

Example:

curl -X POST http://localhost:8080/api/v1/admin/transfers/uuid-here/retry \
  -H "Authorization: Bearer eyJ..."

Response (200):

{
  "success": true,
  "data": {
    "id": "uuid",
    "status": "completed",
    "retry_count": 2
  }
}

Health

GET /health

Simple health check (always returns OK).

Auth: None

Example:

curl http://localhost:8080/api/v1/health

Response (200):

{
  "success": true,
  "data": { "status": "ok" }
}

GET /health/deep

Deep health check (DB, Redis, S3, disk, config summary). v0.701

Auth: None

Example:

curl http://localhost:8080/api/v1/health/deep

Response (200 healthy/degraded, 503 unhealthy):

{
  "success": true,
  "data": {
    "status": "healthy",
    "timestamp": "2026-02-23T12:00:00Z",
    "checks": {
      "database": { "status": "ok" },
      "redis": { "status": "ok" },
      "disk": { "status": "ok", "details": { "free_gb": 42.5 } }
    },
    "config": {
      "jwt_secret_set": true,
      "stripe_connect_enabled": true,
      "platform_fee_rate": 0.10,
      "transfer_retry_enabled": true
    }
  }
}

GET /healthz

Liveness probe (Kubernetes).

Auth: None

GET /readyz

Readiness probe (Kubernetes). Returns ready, degraded, or not_ready.

Auth: None

Webhooks

POST /webhooks/hyperswitch

Hyperswitch payment webhook (signature verification required).

Auth: Webhook secret (signature header)

Example:

curl -X POST http://localhost:8080/api/v1/webhooks/hyperswitch \
  -H "Content-Type: application/json" \
  -H "X-Hyperswitch-Signature: ..." \
  -d '{"event":"payment.succeeded",...}'

Legacy routes (deprecated)

The following routes are also available at the root (without /api/v1 prefix) but are deprecated:

  • GET /health, GET /health/deep, GET /healthz, GET /readyz
  • GET /metrics

Use /api/v1/... for new integrations.