Skip to main content
POST
/
replay
Replay an Execution Trust Record
curl --request POST \
  --url http://localhost:3000/replay \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "businessTransactionId": "44b34a79-e0f2-49d7-a48e-e52fff88182e"
}
'
import requests

url = "http://localhost:3000/replay"

payload = { "businessTransactionId": "44b34a79-e0f2-49d7-a48e-e52fff88182e" }
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.text)
const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({businessTransactionId: '44b34a79-e0f2-49d7-a48e-e52fff88182e'})
};

fetch('http://localhost:3000/replay', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_PORT => "3000",
CURLOPT_URL => "http://localhost:3000/replay",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'businessTransactionId' => '44b34a79-e0f2-49d7-a48e-e52fff88182e'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"strings"
"net/http"
"io"
)

func main() {

url := "http://localhost:3000/replay"

payload := strings.NewReader("{\n \"businessTransactionId\": \"44b34a79-e0f2-49d7-a48e-e52fff88182e\"\n}")

req, _ := http.NewRequest("POST", url, payload)

req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.post("http://localhost:3000/replay")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"businessTransactionId\": \"44b34a79-e0f2-49d7-a48e-e52fff88182e\"\n}")
.asString();
require 'uri'
require 'net/http'

url = URI("http://localhost:3000/replay")

http = Net::HTTP.new(url.host, url.port)

request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"businessTransactionId\": \"44b34a79-e0f2-49d7-a48e-e52fff88182e\"\n}"

response = http.request(request)
puts response.read_body
{
  "businessTransactionId": "44b34a79-e0f2-49d7-a48e-e52fff88182e",
  "trustRecordHash": "e20a8861864f1a0a6c5fe00e64abca04de18a7d165a82ef9d7beb458c2096b3f",
  "verified": true
}
{
"error": "businessTransactionId is required."
}
{
"error": "authentication required"
}
{
"error": "Execution Trust Record not found.",
"code": "VERIFICATION_FAILED"
}

Authorizations

Authorization
string
header
required

Caller API key issued by scripts/generate-api-key.ts. Sent as Authorization: Bearer . Verified against a stored SHA-256 hash in constant time by packages/api/src/auth/StaticKeyAuthenticator.ts. Required on every route except GET /health. See /api-reference/authentication.

Body

application/json

Request payload for POST /replay. businessTransactionId is required (rejected with a 400 if missing or empty), unlike POST /verify and POST /receipt, this route does not additionally validate UUID format.

businessTransactionId
string
required

Business Transaction to replay.

Response

Replay completed.

Response returned by POST /replay. A deliberately small shape distinct from the Execution Trust Record it replays: it re-verifies the record's stored signature via VerificationCrypto and reports only whether that succeeded, alongside the hash it checked.

businessTransactionId
string
required

Business Transaction that was replayed.

trustRecordHash
string
required

Hash of the Execution Trust Record that was replayed.

verified
boolean
required

Whether the Execution Trust Record's stored signature verified successfully.