Skip to main content
POST
/
api
/
pay
/
{projectId}
/
transactions
Create Transaction
curl --request POST \
  --url https://localhost:44371/api/pay/{projectId}/transactions \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{}'
{
  "success": true,
  "code": 200,
  "errorMessage": null,
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6"
}

Description

Processes a new payment transaction through the project’s configured payment processor. This endpoint supports sale (immediate capture), authorization (reserve funds for later capture), capture (settle previously authorized funds), refund, and void operations. The transaction is processed synchronously with the payment gateway, and the result is returned immediately including approval/decline status and processor response details.

Input

  • Path Parameter: projectId (guid, required) — Project identifier matching authenticated API key.
  • Body: model (TransactionCreateCommandRequest, required) — Transaction details including:
    • amount (decimal, required) — Transaction amount in USD.
    • transactionType (string, required) — Type (Sale, Auth, Capture, Refund, Void).
    • referenceId (string, optional) — Merchant reference ID.
    • paymentMethod (object, required) — Card details or payment token.
    • billingInfo (object, required) — Customer billing information.

Output

Returns a TransactionCreateCommandResponse containing the transaction ID, approval status, authorization code, and processor response details.

Example Request

POST /api/payment/projects/3fa85f64-5717-4562-b3fc-2c963f66afa6/transactions
Content-Type: application/json
Authorization: Bearer {project-api-key}

{
  "amount": 99.99,
  "transactionType": "Sale",
  "referenceId": "ORDER-12345",
  "paymentMethod": {
    "cardNumber": "4111111111111111",
    "expirationMonth": "12",
    "expirationYear": "2025",
    "cvv": "123"
  },
  "billingInfo": {
    "firstName": "John",
    "lastName": "Smith",
    "address": "123 Main St",
    "city": "New York",
    "state": "NY",
    "zipCode": "10001",
    "email": "[email protected]"
  }
}

Example Response

{
  "success": true,
  "code": 200,
  "errorMessage": null,
  "transactionId": "7b8c9d0e-1234-5678-9abc-def012345678",
  "status": "Approved",
  "authorizationCode": "ABC123",
  "processorResponse": {
    "responseCode": "1",
    "responseMessage": "Approved",
    "transactionId": "60123456789"
  }
}

Errors

  • 400 Bad Request — Missing required fields or invalid amount/card data.
  • 404 Not Found — Project not found or payment processor not configured.
  • 401 Unauthorized — Invalid or missing API key.
  • 500 Internal Server Error — Processor communication error.

Notes

  • Card data is never stored and is transmitted directly to the payment processor.
  • Declined transactions still create transaction records for audit purposes.
  • Use Sale for immediate capture; use Auth for later capture in two-step workflows.
  • ReferenceId should be unique per merchant for reconciliation.

Authorizations

Authorization
string
header
required

The access token received from the authorization server in the OAuth 2.0 flow.

Path Parameters

projectId
string<guid>
required

The unique identifier of the project for which to create the transaction (must match authenticated API key).

Body

application/json

The transaction creation request containing amount, payment method, customer information, and transaction type.

Base structure for command requests that modify data. Represents the legacy transaction creation payload for CyberSource and Payflow gateways. Submitted by payment clients when initiating authorizations, captures, and other transaction flows against a project.

securedProperties
string[] | null

Property paths that contain sensitive data requiring secure handling. Downstream services encrypt each path to comply with processor and PCI requirements.

processorType
enum<string>

Processor-specific request type being executed. Determines whether the operation is a credit card charge, PayPal express checkout, or another supported processor flow.

Available options:
CreditCard,
Amazon,
ExpressCheckout
type
enum<string>

Transaction action to perform with the selected processor. Supports authorizations, captures, credits, and other operations represented by TransactionType.

Available options:
Authorize,
Capture,
AuthorizeAndCapture,
CreditAuthorizeAndCapture,
CreditAuthorize,
CreditCapture,
PreAuthorize,
LiabilityChange,
LiabilityAssumption,
ChargeBackCredit,
ChargeBackDebit,
ChargebackInquiry
tags
object[] | null

Metadata tags attached to the transaction. Tags carry custom key-value pairs for reporting such as invoice or subscription identifiers.

additionalData
object

Additional contextual data included with the request. Currently captured to pass the originating customer IP address to fraud prevention systems.

paymentProcessorData
object

Supplemental information forwarded to the payment processor. Overrides project defaults such as soft descriptors and customer service contact numbers when supplied.

useAntiFraud
boolean

Indicates whether anti-fraud services should be invoked for the transaction. When true, the manager requests enhanced screening such as CyberSource Decision Manager.

browserFingerprint
string | null

Browser fingerprint provided by the client application. Used by fraud detection services to correlate customer sessions and device attributes.

Maximum string length: 100
sessionId
string | null

Client session identifier associated with the transaction. Supports linking multiple payment attempts to the same authenticated session for auditing purposes.

recaptchaV3Score
number<double> | null

reCAPTCHA v3 score asserted by the caller. Provides additional risk signals when payments originate from public web flows.

paymentGateway
enum<string>

Gateway provider that should process the transaction. Determines whether CyberSource or Payflow-specific payload sections must be populated.

Available options:
CyberSource,
PayPal,
Amazon
transactionCybersource
object

CyberSource-specific transaction data required when charging credit cards. Must be provided when PaymentGateway is set to ProcessorGateway.CyberSource.

transactionPayflow
object

Payflow-specific transaction data required when invoking PayPal flows. Must be present for express checkout transactions routed through Payflow.

Response

Always returned. Check the success property and status field in the response body to determine if the transaction was approved or declined.

Standard response structure containing operation status and error information. Standard command response indicating the result of a data modification. Create response containing the identifier of the newly created entity. Represents the result of executing a legacy transaction create request. Combines processor messages with gateway-specific payloads to surface success and failure details.

success
boolean

True if the operation completed successfully; false if an error occurred.

Example:

true

code
enum<string>

Result code indicating the outcome of the operation.

Available options:
Unknown,
Success,
BadRequest,
Unauthorized,
NotFound,
Error
Example:

200

errorMessage
string | null

Human-readable error message when an error occurs.

Example:

null

id
string<guid>

Unique identifier of the newly created entity.

Example:

"3fa85f64-5717-4562-b3fc-2c963f66afa6"

processorMessage
string | null

Human-readable message returned by the processor. Often includes approval codes or decline reasons supplied by the gateway.

errorType
string | null

High-level category for an encountered error. Populated when the command fails to execute successfully and helps clients surface user-friendly messaging.

cybersourceResponse
object

CyberSource-specific response payload. Provided when the transaction was processed through CyberSource.

payflowResponse
object

Payflow-specific response payload. Supplied for transactions handled by PayPal Payflow.