Download OpenAPI specification:
Payment and transaction management service.
Git Commit ID: 708e27d9aba23cb9c8413b0d91f92d9268c15352
Software Version: 1.0.0
Build: 2026-06-10 09:39:07
Returns the distinct non-null ticket IDs referenced by transactions.
This is a service endpoint - it can only be called by other microservices using a service JWT.
{- "ticket_ids": [
- 42,
- 31090
]
}Returns the list of available payment options for a given ticket. The caller must provide the ticket_id, ticket_status, template, and optionally metas.
This is a service endpoint - it can only be called by other microservices using a service JWT.
| ticket_id required | integer The ticket ID |
| ticket_status required | string Current status of the ticket |
| template required | object The ticket's template (getFormattedListItem format) |
Array of objects Ticket metas (needed for transferred tickets' transfer_price_eur/huf) |
{- "ticket_id": 42,
- "ticket_status": "registered",
- "template": { },
- "metas": [
- {
- "keyword": "string",
- "value": "string"
}
]
}{- "payment_options": [
- {
- "code": "string",
- "title": "string",
- "note": "string",
- "amount": 0,
- "currency": "string",
- "payment_mode": "string"
}
]
}Returns all transaction records associated with the given ticket ID, ordered by transaction ID ascending.
Requires the Priv payments_search permission.
Also requires ticket access via either Priv tickets_search_flags/years/events OR
Priv tickets_get_flags/years/events (all three of whichever set). The ticket must match
the user's allowed scope. Ticket access is verified via the tickets service.
| Privilege name | Sample values | Description |
|---|---|---|
| Priv payments_search * | true | Grants access to view transactions. Without it, the request is denied with 403. |
| Priv tickets_search_flags/years/events | HU,26,OZ | Alternative ticket access - all three required within this set. |
| Priv tickets_get_flags/years/events | HU,26,OZ | Alternative ticket access - all three required within this set. |
| * payments_search is required; either tickets_search or tickets_get set is also required. | ||
| ticket_id required | integer Ticket ID to retrieve transactions for |
{- "ticket_id": 42
}{- "transactions": [
- {
- "id": 1234,
- "created_at": "2026-04-10 14:30:00",
- "id_ticket": 42,
- "id_account": 32216,
- "product_kind": "ticket",
- "currency": "HUF",
- "debit": 15000,
- "payment_mode": "simplepay",
- "status": "finished",
- "document_type": "invoice",
- "document_no": "INV-2026-00123"
}
]
}Initiates a payment for a ticket. This is a public endpoint - no JWT required.
The endpoint validates the requested payment code against the template's available payment options, creates a transaction record, and calls the payment provider (SimplePay or Stripe). Returns the redirect URL (SimplePay) or client_secret (Stripe 3D Secure).
| ticket_id required | integer The ticket ID to pay for |
| code required | string The payment option code selected by the user.
Format: |
object Billing/invoicing data |
{- "ticket_id": 42,
- "code": "NORMAL-TOTAL-FEE-EUR-SIMPLE",
- "metas": {
- "billing_name": "string",
- "billing_address": "string",
- "billing_city": "string",
- "billing_country": "string",
- "billing_postcode": "string",
- "billing_vat": "string"
}
}{- "required_additional_action": true,
- "redirect_url": "string",
- "client_secret": "string",
- "transaction_id": 0
}Searches for a transaction by its integer ID. Returns at most one result.
This is a service endpoint — it is primarily called by the tickets service
(via payments_client.js) during ID searches, using a service JWT that carries
the original user's privileges. Direct user JWT calls are also accepted.
Requires the Priv payments_search permission.
For service JWT calls, the permission is checked from servicePrivs (forwarded user privs).
For direct user JWT calls, the permission is checked from privs.
| Privilege name | Sample values | Description |
|---|---|---|
| Priv payments_search * | true | Grants access to search for transactions. Without it, the request is denied with 403. |
| * required permission. | ||
| search_term required | integer The transaction ID to search for. |
{- "search_term": 1234
}{- "transactions": [
- {
- "id": 1234,
- "created_at": "2026-04-10 14:30:00",
- "id_ticket": 56789,
- "id_account": 32216,
- "product_kind": "ticket",
- "currency": "HUF",
- "debit": 15000,
- "payment_mode": "simplepay",
- "status": "finished",
- "document_type": "invoice",
- "document_no": "INV-2026-00123"
}
]
}Receives the SimplePay redirect (backref) after a payment attempt. Parses the encoded response, saves it into the transaction record, and returns the payment result status.
This is a public endpoint — no JWT required.
| r required | string Base64 encoded SimplePay response JSON |
| s required | string Signature of the decoded JSON string |
{- "r": "string",
- "s": "string"
}{- "message": "string"
}Receives the SimplePay IPN callback after a payment is completed/confirmed.
Saves the IPN data and status into the transaction record.
Responds with the HMAC-SHA384 signature in the Signature header (required by SimplePay protocol).
This is a public endpoint — no JWT required. Called directly by SimplePay servers.
| orderRef required | string Transaction reference (format "TR123") |
| status required | string Payment status from SimplePay (e.g. FINISHED) |
{- "orderRef": "string",
- "status": "string"
}Receives Stripe webhook events (e.g. payment_intent.succeeded, charge.succeeded). Verifies the webhook signature, saves the event into the transaction record, and updates the transaction status.
This is a public endpoint — no JWT required. Called directly by Stripe servers. The request body must be raw (not parsed as JSON) for signature verification.
{ }{- "message": "string"
}