Generate a Receipt
Generates a cryptographically signed Receipt for businessTransactionId. If no Execution Trust Record exists for businessTransactionId, this fails with a 404 (VerificationFailedError, the same not-found error used by POST /verify and POST /replay). If the record exists but its latest Verification does not have status VERIFIED, this fails with a 409 (ReceiptGenerationError) instead.
Authorizations
Caller API key issued by scripts/generate-api-key.ts. Sent as Authorization: Bearer . Verified against a stored SHA-256 hash in constant time by packages/api/src/auth/StaticKeyAuthenticator.ts. Required on every route except GET /health. See /api-reference/authentication.
Body
Request payload for POST /receipt. businessTransactionId is required and must be a valid UUID; both are rejected with a 400, with distinct messages depending on which check fails.
Business Transaction to generate a Receipt for. Its Execution Trust Record must already have a successful (VERIFIED) Verification, or the request fails with a 409.
Response
Receipt generated.
Cryptographically signed, immutable Execution Trust Receipt proving the outcome of an Execution Trust Record at the time it was issued.
Unique Receipt identifier.
Business Transaction represented by this Receipt.
Canonical hash of the Execution Trust Record, used for independent verification.
Hash of this Receipt.
Base64-encoded digital signature over the Receipt.
Signing algorithm.
"ed25519"
UTC timestamp when the Receipt was generated.
Execution represented by this Receipt. Absent when the Receipt represents the latest transaction state; every Receipt currently produced by ReceiptService omits this field.