> ## Documentation Index
> Fetch the complete documentation index at: https://docs.parmanasystems.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Business Transaction

> Returns a bare Business Transaction by ID. No format validation is applied to the path parameter.



## OpenAPI

````yaml /openapi.bundled.yaml get /transactions/{businessTransactionId}
openapi: 3.1.0
info:
  title: Parmana API
  version: 1.0.0
  description: >
    Parmana is an Execution Trust Infrastructure that ensures there is no gap
    between what humans decide and what AI systems do. The API enables creation,
    execution, verification, replay, and auditing of Business Transactions
    through cryptographically verifiable Execution Trust Records.


    **Every route requires a caller bearer key, except GET /health.** Send
    `Authorization: Bearer <key>` on every other request. Keys are issued by
    `scripts/generate-api-key.ts` and configured server-side via
    `PARMANA_API_KEYS`; only a hash of each key is ever held by the server,
    verified in constant time. A missing or invalid credential returns 401
    before a Business Transaction is even constructed, independent of Policy
    evaluation and gateway attestation, see
    `packages/api/src/middleware/caller-auth.ts` and
    [Authentication](/api-reference/authentication). Local development may set
    `PARMANA_AUTH_DISABLED=true` to skip this middleware entirely; that flag
    must never be set in a real deployment.
  contact:
    name: Parmana
    email: support@parmana.ai
  license:
    name: Apache-2.0
    identifier: Apache-2.0
servers:
  - url: http://localhost:3000
    description: Local (packages/api, PORT env var, default 3000)
security:
  - bearerAuth: []
tags:
  - name: Execution
    description: >-
      Executes a Business Transaction through the complete Execution Trust
      pipeline
  - name: Transactions
    description: Business Transaction creation and retrieval
  - name: Verification
    description: Deterministic verification of an Execution Trust Record
  - name: Receipts
    description: Cryptographically signed Execution Trust Receipts
  - name: Trust Records
    description: Execution Trust Record retrieval
  - name: Replay
    description: Deterministic replay of a recorded Execution Trust Record
  - name: Policies
    description: Policy existence/readability check
  - name: System
    description: Operational endpoints
paths:
  /transactions/{businessTransactionId}:
    get:
      tags:
        - Transactions
      summary: Get Business Transaction
      description: >-
        Returns a bare Business Transaction by ID. No format validation is
        applied to the path parameter.
      operationId: getTransaction
      parameters:
        - name: businessTransactionId
          in: path
          required: true
          description: Unique Business Transaction identifier.
          schema:
            type: string
      responses:
        '200':
          description: Business Transaction found.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/business-transaction.schema'
              examples:
                vendor-payment-flow-transactions-endpoint:
                  summary: Real captured response
                  value:
                    businessTransactionId: 44b34a79-e0f2-49d7-a48e-e52fff88182e
                    metadata:
                      businessTransactionId: 44b34a79-e0f2-49d7-a48e-e52fff88182e
                      correlationId: cc1ca975-4935-4e9a-a591-8897af6b56fb
                      sourceSystem: vendor-payment-service
                      submittedBy: ap-automation
                      submittedAt: '2026-07-13T17:36:00.835Z'
                    authority:
                      authorityId: db5c5260-bb4c-40a2-a081-2928b5fe7720
                      authorityType: SERVICE
                      principalId: ap-automation-svc
                      displayName: Accounts Payable Automation
                      issuedAt: '2026-07-13T17:36:00.835Z'
                    authorization:
                      authorizationId: 63bdc429-14e4-4ef4-8007-f3c0c9564261
                      authorityId: db5c5260-bb4c-40a2-a081-2928b5fe7720
                      purpose: Authorize vendor payment disbursement
                      issuedAt: '2026-07-13T17:36:00.835Z'
                    intent:
                      intentId: 1e77d0b3-2e57-4e31-b780-03abc92f1b69
                      authorizationId: 63bdc429-14e4-4ef4-8007-f3c0c9564261
                      action: payments:execute
                      target: vendor/V-500
                      parameters:
                        amount: 5000
                        currency: USD
                      createdAt: '2026-07-13T17:36:00.835Z'
                    policy:
                      name: vendor-payment
                      version: 2.0.0
                      schemaVersion: 1.0.0
                    signals:
                      vendorVerified: true
                      invoiceVerified: true
                      paymentApproved: true
                      sufficientFunds: true
                      paymentAmount: 5000
                      riskScore: 12
                    status: RECEIVED
                    createdAt: '2026-07-13T17:36:00.965Z'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          description: Business Transaction not found.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error.schema'
              examples:
                notFound:
                  summary: Real captured response
                  value:
                    error: Business Transaction not found.
components:
  schemas:
    business-transaction.schema:
      $schema: https://json-schema.org/draft/2020-12/schema
      $id: https://schemas.parmana.ai/common/business-transaction.schema.json
      title: Business Transaction
      description: >-
        Canonical immutable business context accepted by Parmana for execution:
        Authority -> Authorization -> Intent -> Business Transaction -> Policy.
        Every Business Transaction produces exactly one Decision, one Execution,
        and one Execution Trust Record.
      type: object
      additionalProperties: true
      required:
        - businessTransactionId
        - metadata
        - authority
        - authorization
        - intent
        - policy
        - signals
        - status
        - createdAt
      properties:
        businessTransactionId:
          type: string
          format: uuid
          description: >-
            Unique Business Transaction identifier. Same value as
            metadata.businessTransactionId. Must be a valid UUID on both POST
            /execute and POST /transactions (rejected with a 400 otherwise).
        metadata:
          $ref: '#/components/schemas/metadata.schema'
        authority:
          $ref: '#/components/schemas/authority.schema'
        authorization:
          $ref: '#/components/schemas/authorization.schema'
        intent:
          $ref: '#/components/schemas/intent.schema'
        policy:
          $ref: '#/components/schemas/policy.schema'
        signals:
          $ref: '#/components/schemas/signals.schema'
        status:
          type: string
          description: >-
            Current Business Transaction lifecycle state. Always RECEIVED at
            creation on both POST /execute and POST /transactions. Parmana sets
            this field via BusinessTransactionMapper.fromRequest and ignores any
            status the client sends.
          enum:
            - RECEIVED
            - POLICY_EVALUATED
            - APPROVED
            - REJECTED
            - OVERRIDDEN
            - EXECUTING
            - EXECUTED
            - FAILED
            - VERIFIED
        createdAt:
          type: string
          format: date-time
          description: UTC timestamp when the Business Transaction was accepted by Parmana.
      examples:
        - businessTransactionId: eed2a972-1bf5-4166-8472-761f76fbf1b2
          metadata:
            businessTransactionId: eed2a972-1bf5-4166-8472-761f76fbf1b2
            correlationId: 6b97caca-1605-4711-bf00-7e5a65434d93
            sourceSystem: vendor-payment-service
            submittedBy: ap-automation
            submittedAt: '2026-07-07T16:38:59.285Z'
          authority:
            authorityId: c0c01c23-04a2-45f2-a821-ef24bfca02d3
            authorityType: SERVICE
            principalId: ap-automation-svc
            displayName: Accounts Payable Automation
            issuedAt: '2026-07-07T16:38:59.285Z'
          authorization:
            authorizationId: 6e9d6aa6-6d20-40a8-b05d-383516365cc7
            authorityId: c0c01c23-04a2-45f2-a821-ef24bfca02d3
            purpose: Authorize vendor payment disbursement
            issuedAt: '2026-07-07T16:38:59.285Z'
          intent:
            intentId: ae5865f6-181b-409a-90ec-1b4b8b8414ba
            authorizationId: 6e9d6aa6-6d20-40a8-b05d-383516365cc7
            action: payments:execute
            target: vendor/V-100
            parameters:
              amount: 4500
              currency: USD
            createdAt: '2026-07-07T16:38:59.285Z'
          policy:
            name: vendor-payment
            version: 2.0.0
            schemaVersion: 1.0.0
          signals:
            vendorVerified: true
            invoiceVerified: true
            paymentApproved: true
            sufficientFunds: true
            paymentAmount: 4500
            riskScore: 10
          status: RECEIVED
          createdAt: '2026-07-07T16:38:59.325Z'
    error.schema:
      $schema: https://json-schema.org/draft/2020-12/schema
      $id: https://schemas.parmana.ai/common/error.schema.json
      title: Error Response
      description: >-
        Shared error envelope produced by
        packages/api/src/middleware/error-handler.ts and by every route's inline
        validation checks. error is always a plain human-readable string (never
        a nested object). code is present only when the failure was a
        RuntimeError subclass reaching the centralized error handler
        (VerificationFailedError, ReceiptGenerationError, or an uncategorized
        RuntimeError); it is absent from every inline route-level check
        (businessTransactionId format/required checks) and from
        BusinessTransactionValidationError, PolicyValidationError,
        SignalValidationError, PolicyNotFoundError,
        DuplicateBusinessTransactionError, and the generic 500 fallback. POST
        /policies/validate does NOT use this envelope at all. See its own
        response schema. For the triggering condition and recommended caller
        action behind any specific error/code/status combination, see the Error
        catalog at /api-reference/error-catalog.
      type: object
      additionalProperties: false
      required:
        - error
      properties:
        error:
          type: string
          description: Human-readable error message.
        code:
          type: string
          description: >-
            Stable machine-readable error code. Only present for errors that
            reach the handler as a RuntimeError.
          examples:
            - RUNTIME_ERROR
            - VERIFICATION_FAILED
            - RECEIPT_GENERATION_FAILED
      examples:
        - error: businessTransactionId must be a valid UUID.
        - error: >-
            Business Transaction 'eed2a972-1bf5-4166-8472-761f76fbf1b2' already
            exists.
        - error: >-
            Execution rejected: Vendor payment rejected because the assessed
            payment risk exceeds the maximum permitted threshold.
          code: RUNTIME_ERROR
    metadata.schema:
      $schema: https://json-schema.org/draft/2020-12/schema
      $id: https://schemas.parmana.ai/common/metadata.schema.json
      title: Metadata
      description: >-
        Immutable Business Transaction metadata supplied by the calling
        application. Not evaluated by Policy. businessTransactionId is the only
        required field; it must match the top-level businessTransactionId.
        Parmana rejects a mismatch with a 400.
      type: object
      additionalProperties: true
      required:
        - businessTransactionId
      properties:
        businessTransactionId:
          type: string
          format: uuid
          description: Unique Business Transaction identifier. Must be a valid UUID.
        correlationId:
          type: string
          description: Optional correlation identifier used by the calling application.
        tenantId:
          type: string
          description: Optional tenant identifier for multi-tenant deployments.
        sourceSystem:
          type: string
          description: Originating application or service.
        submittedBy:
          type: string
          description: Identity of the calling application or principal.
        submittedAt:
          type: string
          format: date-time
          description: UTC timestamp when the Business Transaction was submitted.
      examples:
        - businessTransactionId: eed2a972-1bf5-4166-8472-761f76fbf1b2
          correlationId: 6b97caca-1605-4711-bf00-7e5a65434d93
          sourceSystem: vendor-payment-service
          submittedBy: ap-automation
          submittedAt: '2026-07-07T16:38:59.285Z'
    authority.schema:
      $schema: https://json-schema.org/draft/2020-12/schema
      $id: https://schemas.parmana.ai/common/authority.schema.json
      title: Authority
      description: >-
        Entity empowered to authorize execution within a trust domain. Immutable
        once issued.
      type: object
      additionalProperties: true
      required:
        - authorityId
        - authorityType
        - principalId
        - issuedAt
      properties:
        authorityId:
          type: string
          description: Unique Authority identifier.
        authorityType:
          type: string
          description: Type of authority.
          enum:
            - USER
            - ROLE
            - SERVICE
            - ORGANIZATION
        principalId:
          type: string
          description: Principal identifier.
        displayName:
          type: string
          description: Human-readable display name.
        issuedAt:
          type: string
          format: date-time
          description: UTC timestamp when Authority became effective.
      examples:
        - authorityId: c0c01c23-04a2-45f2-a821-ef24bfca02d3
          authorityType: SERVICE
          principalId: ap-automation-svc
          displayName: Accounts Payable Automation
          issuedAt: '2026-07-07T16:38:59.285Z'
    authorization.schema:
      $schema: https://json-schema.org/draft/2020-12/schema
      $id: https://schemas.parmana.ai/common/authorization.schema.json
      title: Authorization
      description: >-
        Immutable trust artifact proving that an Authority granted approval for
        an intended execution.
      type: object
      additionalProperties: true
      required:
        - authorizationId
        - authorityId
        - purpose
        - issuedAt
      properties:
        authorizationId:
          type: string
          description: Unique Authorization identifier.
        authorityId:
          type: string
          description: >-
            Authority issuing this Authorization. Must match
            authority.authorityId. Parmana rejects a mismatch with a 400.
        purpose:
          type: string
          description: Business purpose for which the Authorization was granted.
        issuedAt:
          type: string
          format: date-time
          description: UTC timestamp when the Authorization was issued.
        expiresAt:
          type: string
          format: date-time
          description: >-
            Optional expiration timestamp. After this time the Authorization is
            no longer valid.
      examples:
        - authorizationId: 6e9d6aa6-6d20-40a8-b05d-383516365cc7
          authorityId: c0c01c23-04a2-45f2-a821-ef24bfca02d3
          purpose: Authorize vendor payment disbursement
          issuedAt: '2026-07-07T16:38:59.285Z'
    intent.schema:
      $schema: https://json-schema.org/draft/2020-12/schema
      $id: https://schemas.parmana.ai/common/intent.schema.json
      title: Intent
      description: >-
        Immutable declaration of the action an Authority intends to be executed
        under an Authorization.
      type: object
      additionalProperties: true
      required:
        - intentId
        - authorizationId
        - action
        - target
        - parameters
        - createdAt
      properties:
        intentId:
          type: string
          description: Unique Intent identifier.
        authorizationId:
          type: string
          description: >-
            Authorization under which this Intent was created. Must match
            authorization.authorizationId. Parmana rejects a mismatch with a
            400.
        action:
          type: string
          description: >-
            Business action being requested. Required and non-empty. Parmana
            rejects an empty action with a 400.
          examples:
            - VendorPayment
            - TransferFunds
            - DeployApplication
        target:
          type: string
          description: Target of the intended action.
          examples:
            - vendor/V-100
            - account/12345
        parameters:
          type: object
          description: >-
            Immutable business parameters describing the intended action. Not
            evaluated by policy, see signals.
          additionalProperties: true
        createdAt:
          type: string
          format: date-time
          description: UTC timestamp when the Intent was created.
      examples:
        - intentId: ae5865f6-181b-409a-90ec-1b4b8b8414ba
          authorizationId: 6e9d6aa6-6d20-40a8-b05d-383516365cc7
          action: payments:execute
          target: vendor/V-100
          parameters:
            amount: 4500
            currency: USD
          createdAt: '2026-07-07T16:38:59.285Z'
    policy.schema:
      $schema: https://json-schema.org/draft/2020-12/schema
      $id: https://schemas.parmana.ai/common/policy.schema.json
      title: Policy Reference
      description: >-
        Exact Policy to evaluate. The client explicitly supplies name, version,
        and schemaVersion; Parmana does not automatically discover or select a
        policy. If no matching policy file exists at
        policies/{name}/{version}/policy.json, the request fails with a 404
        (policyId/policyVersion on POST /policies/validate) or a RUNTIME_ERROR
        (name/version elsewhere, from PolicyNotFoundError not otherwise mapped
        by the shared error handler in every route, see the error envelope
        note).
      type: object
      additionalProperties: true
      required:
        - name
        - version
        - schemaVersion
      properties:
        name:
          type: string
          description: >-
            Policy name. Required and non-empty. Parmana rejects an empty name
            with a 400.
          minLength: 1
        version:
          type: string
          description: >-
            Business policy version. Required and non-empty. Parmana rejects an
            empty version with a 400.
          minLength: 1
          examples:
            - 2.0.0
            - 1.0.0
        schemaVersion:
          type: string
          description: Signals schema version expected by the policy.
          examples:
            - 1.0.0
      examples:
        - name: vendor-payment
          version: 2.0.0
          schemaVersion: 1.0.0
    signals.schema:
      $schema: https://json-schema.org/draft/2020-12/schema
      $id: https://schemas.parmana.ai/common/signals.schema.json
      title: Signals
      description: >-
        Opaque runtime facts evaluated by the resolved Policy's rules. Parmana
        assigns no business meaning to these values and does not statically
        validate them beyond the Policy's own signalsSchema declaration (see
        policies/{name}/{version}/policy.json). Scaled integers, not floats, for
        numeric signals such as amounts (house convention across every reference
        policy).
      type: object
      additionalProperties: true
      examples:
        - vendorVerified: true
          invoiceVerified: true
          paymentApproved: true
          sufficientFunds: true
          paymentAmount: 4500
          riskScore: 10
  responses:
    Unauthorized:
      description: >-
        Missing or invalid caller credential (StaticKeyAuthenticator returned no
        identity). Real captured response,
        packages/api/src/middleware/caller-auth.ts.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/error.schema'
          examples:
            authRequired:
              summary: Real captured response, missing or invalid Authorization header
              value:
                error: authentication required
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: >
        Caller API key issued by scripts/generate-api-key.ts. Sent as
        Authorization: Bearer <key>. Verified against a stored SHA-256 hash in
        constant time by packages/api/src/auth/StaticKeyAuthenticator.ts.
        Required on every route except GET /health. See
        /api-reference/authentication.

````