List Business Transactions
Returns every accepted Business Transaction. page and pageSize are accepted and forwarded to the storage provider, but the response is a bare array with no pagination metadata (no page/pageSize/totalItems). See the response schema description.
Authorizations
Caller API key issued by scripts/generate-api-key.ts. Sent as Authorization: Bearer . Verified against a stored SHA-256 hash in constant time by packages/api/src/auth/StaticKeyAuthenticator.ts. Required on every route except GET /health. See /api-reference/authentication.
Query Parameters
x >= 1x >= 1Response
Every accepted Business Transaction on the requested page.
Unique Business Transaction identifier. Same value as metadata.businessTransactionId. Must be a valid UUID on both POST /execute and POST /transactions (rejected with a 400 otherwise).
Immutable Business Transaction metadata supplied by the calling application. Not evaluated by Policy. businessTransactionId is the only required field; it must match the top-level businessTransactionId. Parmana rejects a mismatch with a 400.
{
"businessTransactionId": "eed2a972-1bf5-4166-8472-761f76fbf1b2",
"correlationId": "6b97caca-1605-4711-bf00-7e5a65434d93",
"sourceSystem": "vendor-payment-service",
"submittedBy": "ap-automation",
"submittedAt": "2026-07-07T16:38:59.285Z"
}Entity empowered to authorize execution within a trust domain. Immutable once issued.
{
"authorityId": "c0c01c23-04a2-45f2-a821-ef24bfca02d3",
"authorityType": "SERVICE",
"principalId": "ap-automation-svc",
"displayName": "Accounts Payable Automation",
"issuedAt": "2026-07-07T16:38:59.285Z"
}Immutable trust artifact proving that an Authority granted approval for an intended execution.
{
"authorizationId": "6e9d6aa6-6d20-40a8-b05d-383516365cc7",
"authorityId": "c0c01c23-04a2-45f2-a821-ef24bfca02d3",
"purpose": "Authorize vendor payment disbursement",
"issuedAt": "2026-07-07T16:38:59.285Z"
}Immutable declaration of the action an Authority intends to be executed under an Authorization.
{
"intentId": "ae5865f6-181b-409a-90ec-1b4b8b8414ba",
"authorizationId": "6e9d6aa6-6d20-40a8-b05d-383516365cc7",
"action": "payments:execute",
"target": "vendor/V-100",
"parameters": { "amount": 4500, "currency": "USD" },
"createdAt": "2026-07-07T16:38:59.285Z"
}Exact Policy to evaluate. The client explicitly supplies name, version, and schemaVersion; Parmana does not automatically discover or select a policy. If no matching policy file exists at policies/{name}/{version}/policy.json, the request fails with a 404 (policyId/policyVersion on POST /policies/validate) or a RUNTIME_ERROR (name/version elsewhere, from PolicyNotFoundError not otherwise mapped by the shared error handler in every route, see the error envelope note).
{
"name": "vendor-payment",
"version": "2.0.0",
"schemaVersion": "1.0.0"
}Opaque runtime facts evaluated by the resolved Policy's rules. Parmana assigns no business meaning to these values and does not statically validate them beyond the Policy's own signalsSchema declaration (see policies/{name}/{version}/policy.json). Scaled integers, not floats, for numeric signals such as amounts (house convention across every reference policy).
{
"vendorVerified": true,
"invoiceVerified": true,
"paymentApproved": true,
"sufficientFunds": true,
"paymentAmount": 4500,
"riskScore": 10
}Current Business Transaction lifecycle state. Always RECEIVED at creation on both POST /execute and POST /transactions. Parmana sets this field via BusinessTransactionMapper.fromRequest and ignores any status the client sends.
RECEIVED, POLICY_EVALUATED, APPROVED, REJECTED, OVERRIDDEN, EXECUTING, EXECUTED, FAILED, VERIFIED UTC timestamp when the Business Transaction was accepted by Parmana.