Replay an Execution Trust Record
Re-verifies the stored signature on the Execution Trust Record for businessTransactionId and returns its hash alongside the verification result. Does not re-run Policy evaluation or re-execute anything. See ExecutionTrustApplication.replay. When businessTransactionId does not correspond to any Execution Trust Record, this throws VerificationFailedError (the same not-found error used by POST /verify), which the shared error handler maps to a 404 naming the missing resource. See the 404 response and its notFound example.
Authorizations
Caller API key issued by scripts/generate-api-key.ts. Sent as Authorization: Bearer . Verified against a stored SHA-256 hash in constant time by packages/api/src/auth/StaticKeyAuthenticator.ts. Required on every route except GET /health. See /api-reference/authentication.
Body
Request payload for POST /replay. businessTransactionId is required (rejected with a 400 if missing or empty), unlike POST /verify and POST /receipt, this route does not additionally validate UUID format.
Business Transaction to replay.
Response
Replay completed.
Response returned by POST /replay. A deliberately small shape distinct from the Execution Trust Record it replays: it re-verifies the record's stored signature via VerificationCrypto and reports only whether that succeeded, alongside the hash it checked.