Skip to main content
POST
/
receipt
Generate a Receipt
curl --request POST \
  --url http://localhost:3000/receipt \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "businessTransactionId": "44b34a79-e0f2-49d7-a48e-e52fff88182e"
}
'
import requests

url = "http://localhost:3000/receipt"

payload = { "businessTransactionId": "44b34a79-e0f2-49d7-a48e-e52fff88182e" }
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.text)
const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({businessTransactionId: '44b34a79-e0f2-49d7-a48e-e52fff88182e'})
};

fetch('http://localhost:3000/receipt', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_PORT => "3000",
CURLOPT_URL => "http://localhost:3000/receipt",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'businessTransactionId' => '44b34a79-e0f2-49d7-a48e-e52fff88182e'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"strings"
"net/http"
"io"
)

func main() {

url := "http://localhost:3000/receipt"

payload := strings.NewReader("{\n \"businessTransactionId\": \"44b34a79-e0f2-49d7-a48e-e52fff88182e\"\n}")

req, _ := http.NewRequest("POST", url, payload)

req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.post("http://localhost:3000/receipt")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"businessTransactionId\": \"44b34a79-e0f2-49d7-a48e-e52fff88182e\"\n}")
.asString();
require 'uri'
require 'net/http'

url = URI("http://localhost:3000/receipt")

http = Net::HTTP.new(url.host, url.port)

request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"businessTransactionId\": \"44b34a79-e0f2-49d7-a48e-e52fff88182e\"\n}"

response = http.request(request)
puts response.read_body
{
  "receiptId": "ec0e71e6-e5af-4e14-8f65-13949fca9c6d",
  "businessTransactionId": "44b34a79-e0f2-49d7-a48e-e52fff88182e",
  "trustRecordHash": "e20a8861864f1a0a6c5fe00e64abca04de18a7d165a82ef9d7beb458c2096b3f",
  "receiptHash": "d443df31a6ad94e8d9758d5143afd0859984b935f3209c35a7d93aaf8cd9f0d0",
  "issuedAt": "2026-07-13T17:42:11.094Z",
  "algorithm": "ed25519",
  "signature": "uchgXRFJnByGu3F+NZSoq1Hwt6bBr3rRJjQGpLOULKJ7jR4NfE/P4g7loD4L5aADdYxUqLh6Yn7ngfnz2peCCA=="
}
{
"error": "businessTransactionId must be a valid UUID."
}
{
"error": "authentication required"
}
{
"error": "Execution Trust Record not found.",
"code": "VERIFICATION_FAILED"
}
{
"error": "Execution Trust Record must be successfully verified before a Receipt can be generated.",
"code": "RECEIPT_GENERATION_FAILED"
}

Authorizations

Authorization
string
header
required

Caller API key issued by scripts/generate-api-key.ts. Sent as Authorization: Bearer . Verified against a stored SHA-256 hash in constant time by packages/api/src/auth/StaticKeyAuthenticator.ts. Required on every route except GET /health. See /api-reference/authentication.

Body

application/json

Request payload for POST /receipt. businessTransactionId is required and must be a valid UUID; both are rejected with a 400, with distinct messages depending on which check fails.

businessTransactionId
string<uuid>
required

Business Transaction to generate a Receipt for. Its Execution Trust Record must already have a successful (VERIFIED) Verification, or the request fails with a 409.

Response

Receipt generated.

Cryptographically signed, immutable Execution Trust Receipt proving the outcome of an Execution Trust Record at the time it was issued.

receiptId
string
required

Unique Receipt identifier.

businessTransactionId
string
required

Business Transaction represented by this Receipt.

trustRecordHash
string
required

Canonical hash of the Execution Trust Record, used for independent verification.

receiptHash
string
required

Hash of this Receipt.

signature
string
required

Base64-encoded digital signature over the Receipt.

algorithm
string
required

Signing algorithm.

Example:

"ed25519"

issuedAt
string<date-time>
required

UTC timestamp when the Receipt was generated.

executionId
string

Execution represented by this Receipt. Absent when the Receipt represents the latest transaction state; every Receipt currently produced by ReceiptService omits this field.