Skip to main content
GET
/
transactions
List Business Transactions
curl --request GET \
  --url http://localhost:3000/transactions \
  --header 'Authorization: Bearer <token>'
import requests

url = "http://localhost:3000/transactions"

headers = {"Authorization": "Bearer <token>"}

response = requests.get(url, headers=headers)

print(response.text)
const options = {method: 'GET', headers: {Authorization: 'Bearer <token>'}};

fetch('http://localhost:3000/transactions', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_PORT => "3000",
CURLOPT_URL => "http://localhost:3000/transactions",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"net/http"
"io"
)

func main() {

url := "http://localhost:3000/transactions"

req, _ := http.NewRequest("GET", url, nil)

req.Header.Add("Authorization", "Bearer <token>")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.get("http://localhost:3000/transactions")
.header("Authorization", "Bearer <token>")
.asString();
require 'uri'
require 'net/http'

url = URI("http://localhost:3000/transactions")

http = Net::HTTP.new(url.host, url.port)

request = Net::HTTP::Get.new(url)
request["Authorization"] = 'Bearer <token>'

response = http.request(request)
puts response.read_body
[
  {
    "businessTransactionId": "44b34a79-e0f2-49d7-a48e-e52fff88182e",
    "metadata": {
      "businessTransactionId": "44b34a79-e0f2-49d7-a48e-e52fff88182e",
      "correlationId": "cc1ca975-4935-4e9a-a591-8897af6b56fb",
      "sourceSystem": "vendor-payment-service",
      "submittedBy": "ap-automation",
      "submittedAt": "2026-07-13T17:36:00.835Z"
    },
    "authority": {
      "authorityId": "db5c5260-bb4c-40a2-a081-2928b5fe7720",
      "authorityType": "SERVICE",
      "principalId": "ap-automation-svc",
      "displayName": "Accounts Payable Automation",
      "issuedAt": "2026-07-13T17:36:00.835Z"
    },
    "authorization": {
      "authorizationId": "63bdc429-14e4-4ef4-8007-f3c0c9564261",
      "authorityId": "db5c5260-bb4c-40a2-a081-2928b5fe7720",
      "purpose": "Authorize vendor payment disbursement",
      "issuedAt": "2026-07-13T17:36:00.835Z"
    },
    "intent": {
      "intentId": "1e77d0b3-2e57-4e31-b780-03abc92f1b69",
      "authorizationId": "63bdc429-14e4-4ef4-8007-f3c0c9564261",
      "action": "payments:execute",
      "target": "vendor/V-500",
      "parameters": {
        "amount": 5000,
        "currency": "USD"
      },
      "createdAt": "2026-07-13T17:36:00.835Z"
    },
    "policy": {
      "name": "vendor-payment",
      "version": "2.0.0",
      "schemaVersion": "1.0.0"
    },
    "signals": {
      "vendorVerified": true,
      "invoiceVerified": true,
      "paymentApproved": true,
      "sufficientFunds": true,
      "paymentAmount": 5000,
      "riskScore": 12
    },
    "status": "RECEIVED",
    "createdAt": "2026-07-13T17:36:00.965Z"
  },
  {
    "businessTransactionId": "f0a91005-de49-4f50-b6b0-c89f6b0cabb8",
    "metadata": {
      "businessTransactionId": "f0a91005-de49-4f50-b6b0-c89f6b0cabb8",
      "correlationId": "e24cb9aa-c5a6-475c-9a1b-4203a68d053a",
      "sourceSystem": "vendor-payment-service",
      "submittedBy": "ap-automation",
      "submittedAt": "2026-07-13T17:36:01.524Z"
    },
    "authority": {
      "authorityId": "e494f79a-a93d-492d-816f-96ed0624195b",
      "authorityType": "SERVICE",
      "principalId": "ap-automation-svc",
      "displayName": "Accounts Payable Automation",
      "issuedAt": "2026-07-13T17:36:01.524Z"
    },
    "authorization": {
      "authorizationId": "5802dbf2-13a6-4bf2-b515-0df13b5472c0",
      "authorityId": "e494f79a-a93d-492d-816f-96ed0624195b",
      "purpose": "Authorize vendor payment disbursement",
      "issuedAt": "2026-07-13T17:36:01.524Z"
    },
    "intent": {
      "intentId": "5707cd17-8b5a-455a-a6ee-50bebc619ebb",
      "authorizationId": "5802dbf2-13a6-4bf2-b515-0df13b5472c0",
      "action": "payments:execute",
      "target": "vendor/V-600",
      "parameters": {
        "amount": 6000,
        "currency": "USD"
      },
      "createdAt": "2026-07-13T17:36:01.524Z"
    },
    "policy": {
      "name": "vendor-payment",
      "version": "2.0.0",
      "schemaVersion": "1.0.0"
    },
    "signals": {
      "vendorVerified": true,
      "invoiceVerified": true,
      "paymentApproved": true,
      "sufficientFunds": true,
      "paymentAmount": 6000,
      "riskScore": 15
    },
    "status": "RECEIVED",
    "createdAt": "2026-07-13T17:36:01.629Z"
  },
  {
    "businessTransactionId": "a0477e25-db8d-447d-9dbe-633e4705275f",
    "metadata": {
      "businessTransactionId": "a0477e25-db8d-447d-9dbe-633e4705275f",
      "correlationId": "a6ea6a80-d032-4749-9872-1843efaac04c",
      "sourceSystem": "vendor-payment-service",
      "submittedBy": "ap-automation",
      "submittedAt": "2026-07-13T17:36:20.390Z"
    },
    "authority": {
      "authorityId": "a9c3938d-de22-454a-a75c-1666f3c1693d",
      "authorityType": "SERVICE",
      "principalId": "ap-automation-svc",
      "displayName": "Accounts Payable Automation",
      "issuedAt": "2026-07-13T17:36:20.390Z"
    },
    "authorization": {
      "authorizationId": "b45f2e89-6c0b-4534-8047-9a75734ccecf",
      "authorityId": "a9c3938d-de22-454a-a75c-1666f3c1693d",
      "purpose": "Authorize vendor payment disbursement",
      "issuedAt": "2026-07-13T17:36:20.390Z"
    },
    "intent": {
      "intentId": "578850fb-277a-4bb7-99dd-6761961e10e1",
      "authorizationId": "b45f2e89-6c0b-4534-8047-9a75734ccecf",
      "action": "payments:execute",
      "target": "vendor/V-700",
      "parameters": {
        "amount": 3300,
        "currency": "USD"
      },
      "createdAt": "2026-07-13T17:36:20.390Z"
    },
    "policy": {
      "name": "vendor-payment",
      "version": "2.0.0",
      "schemaVersion": "1.0.0"
    },
    "signals": {
      "vendorVerified": true,
      "invoiceVerified": true,
      "paymentApproved": true,
      "sufficientFunds": true,
      "paymentAmount": 3300,
      "riskScore": 9
    },
    "status": "RECEIVED",
    "createdAt": "2026-07-13T17:36:20.483Z"
  }
]
{
"error": "authentication required"
}

Authorizations

Authorization
string
header
required

Caller API key issued by scripts/generate-api-key.ts. Sent as Authorization: Bearer . Verified against a stored SHA-256 hash in constant time by packages/api/src/auth/StaticKeyAuthenticator.ts. Required on every route except GET /health. See /api-reference/authentication.

Query Parameters

page
integer
default:1
Required range: x >= 1
pageSize
integer
default:25
Required range: x >= 1

Response

Every accepted Business Transaction on the requested page.

businessTransactionId
string<uuid>
required

Unique Business Transaction identifier. Same value as metadata.businessTransactionId. Must be a valid UUID on both POST /execute and POST /transactions (rejected with a 400 otherwise).

metadata
Metadata · object
required

Immutable Business Transaction metadata supplied by the calling application. Not evaluated by Policy. businessTransactionId is the only required field; it must match the top-level businessTransactionId. Parmana rejects a mismatch with a 400.

Example:
{
"businessTransactionId": "eed2a972-1bf5-4166-8472-761f76fbf1b2",
"correlationId": "6b97caca-1605-4711-bf00-7e5a65434d93",
"sourceSystem": "vendor-payment-service",
"submittedBy": "ap-automation",
"submittedAt": "2026-07-07T16:38:59.285Z"
}
authority
Authority · object
required

Entity empowered to authorize execution within a trust domain. Immutable once issued.

Example:
{
"authorityId": "c0c01c23-04a2-45f2-a821-ef24bfca02d3",
"authorityType": "SERVICE",
"principalId": "ap-automation-svc",
"displayName": "Accounts Payable Automation",
"issuedAt": "2026-07-07T16:38:59.285Z"
}
authorization
Authorization · object
required

Immutable trust artifact proving that an Authority granted approval for an intended execution.

Example:
{
"authorizationId": "6e9d6aa6-6d20-40a8-b05d-383516365cc7",
"authorityId": "c0c01c23-04a2-45f2-a821-ef24bfca02d3",
"purpose": "Authorize vendor payment disbursement",
"issuedAt": "2026-07-07T16:38:59.285Z"
}
intent
Intent · object
required

Immutable declaration of the action an Authority intends to be executed under an Authorization.

Example:
{
"intentId": "ae5865f6-181b-409a-90ec-1b4b8b8414ba",
"authorizationId": "6e9d6aa6-6d20-40a8-b05d-383516365cc7",
"action": "payments:execute",
"target": "vendor/V-100",
"parameters": { "amount": 4500, "currency": "USD" },
"createdAt": "2026-07-07T16:38:59.285Z"
}
policy
Policy Reference · object
required

Exact Policy to evaluate. The client explicitly supplies name, version, and schemaVersion; Parmana does not automatically discover or select a policy. If no matching policy file exists at policies/{name}/{version}/policy.json, the request fails with a 404 (policyId/policyVersion on POST /policies/validate) or a RUNTIME_ERROR (name/version elsewhere, from PolicyNotFoundError not otherwise mapped by the shared error handler in every route, see the error envelope note).

Example:
{
"name": "vendor-payment",
"version": "2.0.0",
"schemaVersion": "1.0.0"
}
signals
Signals · object
required

Opaque runtime facts evaluated by the resolved Policy's rules. Parmana assigns no business meaning to these values and does not statically validate them beyond the Policy's own signalsSchema declaration (see policies/{name}/{version}/policy.json). Scaled integers, not floats, for numeric signals such as amounts (house convention across every reference policy).

Example:
{
"vendorVerified": true,
"invoiceVerified": true,
"paymentApproved": true,
"sufficientFunds": true,
"paymentAmount": 4500,
"riskScore": 10
}
status
enum<string>
required

Current Business Transaction lifecycle state. Always RECEIVED at creation on both POST /execute and POST /transactions. Parmana sets this field via BusinessTransactionMapper.fromRequest and ignores any status the client sends.

Available options:
RECEIVED,
POLICY_EVALUATED,
APPROVED,
REJECTED,
OVERRIDDEN,
EXECUTING,
EXECUTED,
FAILED,
VERIFIED
createdAt
string<date-time>
required

UTC timestamp when the Business Transaction was accepted by Parmana.