CLONESAHIBINDEN
FRONTEND GUIDE FOR AI CODING AGENTS - PART 13 - Payment Service
This document is a part of a REST API guide for the clonesahibinden project. It is designed for AI agents that will generate frontend code to consume the project’s backend.
This document provides extensive instruction for the usage of payment
Service Access
Payment service management is handled through service specific base urls.
Payment service may be deployed to the preview server, staging server, or production server. Therefore,it has 3 access URLs. The frontend application must support all deployment environments during development, and the user should be able to select the target API server on the login page (already handled in first part.).
For the payment service, the base URLs are:
-
Preview:
https://clonesahibinden.prw.mindbricks.com/payment-api -
Staging:
https://clonesahibinden-stage.mindbricks.co/payment-api -
Production:
https://clonesahibinden.mindbricks.co/payment-api
Scope
Payment Service Description
Handles Stripe payment flow for one-time premium upgrades on classified listings. Creates and tracks payment transactions, manages Stripe Checkout session and webhooks, and notifies the listing service to update premium status. Exposes payment history endpoints for users and reconciliation for admin.
Payment service provides apis and business logic for following data objects in clonesahibinden application. Each data object may be either a central domain of the application data structure or a related helper data object for a central concept. Note that data object concept is equal to table concept in the database, in the service database each data object is represented as a db table scheme and the object instances as table rows.
paymentTransaction Data Object:
Represents a Stripe-based payment for a one-time premium listing
upgrade. Linked to user and listing, with payment metadata, premium
details, status, and Stripe reconciliation fields. Immutable except
for webhook-driven status updates.
Payment Service Frontend Description By The Backend Architect
Payment Microservice – Frontend Integration Guidance
-
Payment/invoice history screen: Fetches via
listPaymentTransactions(lists only current user’s payments, with per-payment details for listing, premiumType, payment date, status, amount, and Stripe receipt info for confirmed transactions). -
Initiating premium: Use
createPaymentTransaction, pass required listingId and premiumType, receive Stripe checkout session URL for redirect. - Do not show payment info or status for listings not owned by current user. Display clear status – ‘pending’, ‘completed’, ‘failed’, ‘canceled’, etc.
- After payment, poll or wait for webhook-triggered listing upgrade (frontend should re-fetch own listings/status after payment confirmation).
- Admin interfaces may include advanced filters on user/paymentTransaction list views.
- No credit card or payment method UI required; all payments processed with Stripe Checkout via URL returned from backend.
- Error codes should be checked to differentiate payment failures, canceled, or retry situations.
API Structure
Object Structure of a Successful Response
When the service processes requests successfully, it wraps the requested resource(s) within a JSON envelope. This envelope includes the data and essential metadata such as configuration details and pagination information, providing context to the client.
HTTP Status Codes:
- 200 OK: Returned for successful GET, LIST, UPDATE, or DELETE operations, indicating that the request was processed successfully.
- 201 Created: Returned for CREATE operations, indicating that the resource was created successfully.
Success Response Format:
For successful operations, the response includes a
"status": "OK" property, signaling
that the request executed successfully. The structure of a successful
response is outlined below:
{
"status":"OK",
"statusCode": 200,
"elapsedMs":126,
"ssoTime":120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName":"products",
"method":"GET",
"action":"list",
"appVersion":"Version",
"rowCount":3,
"products":[{},{},{}],
"paging": {
"pageNumber":1,
"pageRowCount":25,
"totalRowCount":3,
"pageCount":1
},
"filters": [],
"uiPermissions": []
}
-
products: In this example, this key contains the actual response content, which may be a single object or an array of objects depending on the operation.
Additional Data
Each API may include additional data besides the main data object, depending on the business logic of the API. These will be provided in each API’s response signature.
Error Response
If a request encounters an issue—whether due to a logical fault or a technical problem—the service responds with a standardized JSON error structure. The HTTP status code indicates the nature of the error, using commonly recognized codes for clarity:
- 400 Bad Request: The request was improperly formatted or contained invalid parameters.
- 401 Unauthorized: The request lacked a valid authentication token; login is required.
- 403 Forbidden: The current token does not grant access to the requested resource.
- 404 Not Found: The requested resource was not found on the server.
- 500 Internal Server Error: The server encountered an unexpected condition.
Each error response is structured to provide meaningful insight into the problem, assisting in efficient diagnosis and resolution.
{
"result": "ERR",
"status": 400,
"message": "errMsg_organizationIdisNotAValidID",
"errCode": 400,
"date": "2024-03-19T12:13:54.124Z",
"detail": "String"
}
Bucket Management
(This information is also given in PART 1 prompt.)
This application has a bucket service used to store user files and other object-related files. The bucket service is login-agnostic, so for write operations or private reads, include a bucket token (provided by services) in the request’s Authorization header as a Bearer token.
Please note that all other business services require the access token in the Bearer header, while the bucket service expects a bucket token because it is login-agnostic. Ensure you manage the required token injection properly; any auth interceptor should not replace the bucket token with the access token.
User Bucket This bucket stores public user files for each user.
When a user logs in—or in the /currentuser response—there
is a userBucketToken to use when sending user-related
public files to the bucket service.
{
//...
"userBucketToken": "e56d...."
}
To upload a file
POST {baseUrl}/bucket/upload
The request body is form-data which includes the
bucketId and the file binary in the
files field.
{
bucketId: "{userId}-public-user-bucket",
files: {binary}
}
Response status is 200 on success, e.g., body:
{
"success": true,
"data": [
{
"fileId": "9da03f6d-0409-41ad-bb06-225a244ae408",
"originalName": "test (10).png",
"mimeType": "image/png",
"size": 604063,
"status": "uploaded",
"bucketName": "f7103b85-fcda-4dec-92c6-c336f71fd3a2-public-user-bucket",
"isPublic": true,
"downloadUrl": "https://babilcom.mindbricks.co/bucket/download/9da03f6d-0409-41ad-bb06-225a244ae408"
}
]
}
To download a file from the bucket, you need its fileId.
If you upload an avatar or other asset, ensure the download URL or the
fileId is stored in the backend.
Buckets are mostly used in object creations that require an additional file, such as a product image or user avatar. After uploading your image to the bucket, insert the returned download URL into the related property of the target object record.
Application Bucket
This Clonesahibinden application also includes a common public bucket
that anyone can read, but only users with the superAdmin,
admin, or saasAdmin roles can write (upload)
to it.
When a user with one of these admin roles is logged in, the
/login response or the /currentuser response
also returns an applicationBucketToken field, which is
used when uploading any file to the application bucket.
{
//...
"applicationBucketToken": "e23fd...."
}
The common public application bucket ID is
"clonesahibinden-public-common-bucket"
In certain admin areas—such as product management pages—since the user already has the application bucket token, they will be able to upload related object images.
Please configure your UI to upload files to the application bucket using this bucket token whenever needed.
Object Buckets Some objects may also return a bucket token for uploading or accessing files related to that object. For example, in a project management application, when you fetch a project’s data, a public or private bucket token may be provided to upload or download project-related files.
These buckets will be used as described in the relevant object definitions.
PaymentTransaction Data Object
Represents a Stripe-based payment for a one-time premium listing upgrade. Linked to user and listing, with payment metadata, premium details, status, and Stripe reconciliation fields. Immutable except for webhook-driven status updates.
PaymentTransaction Data Object Frontend Description By The Backend Architect
paymentTransaction Usage Guidance
- Shows a single payment event for a premium upgrade on a listing. Users see only their own payments; admin can query all.
-
Fields:
- status: ‘pending’, ‘awaiting_confirmation’, ‘success’, ‘failed’, ‘canceled’
- premiumType: ‘bronze’, ‘silver’, ‘gold’ (define more as business adds packages)
- paymentConfirmedAt is only set when Stripe confirms payment successfully. Null if failed/cancelled.
- stripeSessionId is for Stripe Checkout Session tracking (can help with failed payments or support).
- Payment records are immutable except for webhook-driven updates.
- Users cannot update/delete their records after creation.
- When transaction is successful, listing will be upgraded to specified premiumType; frontend should listen to listing object for upgrade status.
PaymentTransaction Data Object Properties
PaymentTransaction data object has got following properties that are represented as table fields in the database scheme. These properties don’t stand just for data storage, but each may have different settings to manage the business logic.
| Property | Type | IsArray | Required | Secret | Description |
|---|---|---|---|---|---|
amount |
Double | false | Yes | No | Payment amount for selected premiumType, in target currency. |
currency |
String | false | Yes | No | Currency in ISO-4217 format (e.g., ‘TRY’,‘USD’) used for Stripe checkout. |
listingId |
ID | false | Yes | No | Target classified listing being upgraded to premium. |
paymentConfirmedAt |
Date | false | No | No | Date/time when payment was confirmed and premium was granted. Null if never successful/aborted. |
premiumType |
Enum | false | Yes | No | Premium upgrade package: bronze, silver, gold (matches frontend/listing options). |
status |
Enum | false | Yes | No | Status of payment: pending, awaiting_confirmation (stripe checkout created, awaiting webhook), success (confirmed), failed (declined or errored), canceled (user canceled). |
stripeEventId |
String | false | No | No | Last Stripe event webhook ID processed for this payment (used for double-spend/deduplication of webhook). |
stripeSessionId |
String | false | No | No | Stripe Checkout Session ID associated with this payment (used for reconciling gateway callbacks). |
userId |
ID | false | Yes | No | User (buyer) who made the payment (auth:user) |
- Required properties are mandatory for creating objects and must be provided in the request body if no default value, formula or session bind is set.
Enum Properties
Enum properties are defined with a set of allowed values, ensuring that only valid options can be assigned to them. The enum options value will be stored as strings in the database, but when a data object is created an additional property with the same name plus an idx suffix will be created, which will hold the index of the selected enum option. You can use the {fieldName_idx} property to sort by the enum value or when your enum options represent a hiyerarchy of values. In the frontend input components, enum type properties should only accept values from an option component that lists the enum options.
-
premiumType: [bronze, silver, gold]
-
status: [pending, awaiting_confirmation, success, failed, canceled]
Relation Properties
listingId userId
Mindbricks supports relations between data objects, allowing you to define how objects are linked together. The relations may reference to a data object either in this service or in another service. Id the reference is remote, backend handles the relations through service communication or elastic search. These relations should be respected in the frontend so that instaead of showing the related objects id, the frontend should list human readable values from other data objects. If the relation points to another service, frontend should use the referenced service api in case it needs related data. The relation logic is montly handled in backend so the api responses feeds the frontend about the relational data. In mmost cases the api response will provide the relational data as well as the main one.
In frontend, please ensure that,
1- instaead of these relational ids you show the main human readable field of the related target data (like name), 2- if this data object needs a user input of these relational ids, you should provide a combobox with the list of possible records or (a searchbox) to select with the realted target data object main human readable field.
-
listingId: ID Relation to
listing.id
The target object is a parent object, meaning that the relation is a one-to-many relationship from target to this object.
Required: Yes
- userId: ID Relation to
user.id
The target object is a parent object, meaning that the relation is a one-to-many relationship from target to this object.
Required: Yes
Filter Properties
listingId paymentConfirmedAt
premiumType status userId
Filter properties are used to define parameters that can be used in query filters, allowing for dynamic data retrieval based on user input or predefined criteria. These properties are automatically mapped as API parameters in the listing API’s.
-
listingId: ID has a filter named
listingId -
paymentConfirmedAt: Date has a filter named
paymentConfirmedAt -
premiumType: Enum has a filter named
premiumType -
status: Enum has a filter named
status -
userId: ID has a filter named
userId
Default CRUD APIs
For each data object, the backend architect may designate
default APIs for standard operations (create, update,
delete, get, list). These are the APIs that frontend CRUD forms and AI
agents should use for basic record management. If no default is
explicitly set (isDefaultApi), the frontend generator
auto-discovers the most general API for each operation.
PaymentTransaction Default APIs
| Operation | API Name | Route | Explicitly Set |
|---|---|---|---|
| Create | createPaymentTransaction |
/v1/payments/create |
Auto |
| Update | stripeWebhookCallback |
/v1/payments/webhook |
Auto |
| Delete | none | - | Auto |
| Get | getPaymentTransaction |
/v1/payments/:id |
Auto |
| List | listPaymentTransactions |
/v1/payments |
System |
When building CRUD forms for a data object, use the default create/update APIs listed above. The form fields should correspond to the API’s body parameters. For relation fields, render a dropdown loaded from the related object’s list API using the display label property.
API Reference
Create Paymenttransaction API
Create a paymentTransaction to initiate a Stripe Checkout for premium upgrade on a listing. Checks listing and user, prevents duplicate active payments, creates transaction with status=‘pending’, triggers Stripe checkout, and returns checkout session URL/info.
API Frontend Description By The Backend Architect
Initiate Premium Payment
- Use to start payment for a premium listing upgrade. Must supply: listingId, premiumType.
- Only one pending/awaiting/successful payment per listing/user/premiumType allowed.
- Returns Stripe checkout URL/session info in response for frontend redirect.
Rest Route
The createPaymentTransaction API REST controller can be
triggered via the following route:
/v1/payments/create
Rest Request Parameters
The createPaymentTransaction api has got 2 regular
request parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| listingId | ID | true | request.body?.[“listingId”] |
| premiumType | String | true | request.body?.[“premiumType”] |
| listingId : ID of the listing to upgrade to premium | |||
| premiumType : PremiumType to purchase (‘bronze’, ‘silver’, ‘gold’) |
REST Request To access the api you can use the REST controller with the path POST /v1/payments/create
axios({
method: 'POST',
url: '/v1/payments/create',
data: {
listingId:"ID",
premiumType:"String",
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "201",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "paymentTransaction",
"method": "POST",
"action": "create",
"appVersion": "Version",
"rowCount": 1,
"paymentTransaction": {
"id": "ID",
"amount": "Double",
"currency": "String",
"listingId": "ID",
"paymentConfirmedAt": "Date",
"premiumType": "Enum",
"premiumType_idx": "Integer",
"status": "Enum",
"status_idx": "Integer",
"stripeEventId": "String",
"stripeSessionId": "String",
"userId": "ID",
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID",
"isActive": true
},
"paymentResult": {
"paymentTicketId": "ID",
"orderId": "ID",
"paymentId": "String",
"paymentStatus": "Enum",
"paymentIntentInfo": "Object",
"statusLiteral": "String",
"amount": "Double",
"currency": "String",
"success": true,
"description": "String",
"metadata": "Object",
"paymentUserParams": "Object"
}
}
Get Paymenttransaction API
Retrieve a paymentTransaction by ID. Only owner or admin may access. Used for order confirmation display, receipt, etc.
API Frontend Description By The Backend Architect
- Retrieves a single payment history entry (premium upgrade). Only accessible by creator or admin.
Rest Route
The getPaymentTransaction API REST controller can be
triggered via the following route:
/v1/payments/:id
Rest Request Parameters
The getPaymentTransaction api has got 2 regular request
parameters
| Parameter | Type | Required | Population |
|---|---|---|---|
| paymentTransactionId | ID | true | request.params?.[“paymentTransactionId”] |
| id | String | true | request.params?.[“id”] |
| paymentTransactionId : This id paremeter is used to query the required data object. | |||
| id : This parameter will be used to select the data object that is queried |
REST Request To access the api you can use the REST controller with the path GET /v1/payments/:id
axios({
method: 'GET',
url: `/v1/payments/${id}`,
data: {
},
params: {
}
});
REST Response
This route’s response is constrained to a select list of properties, and therefore does not encompass all attributes of the resource.
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "paymentTransaction",
"method": "GET",
"action": "get",
"appVersion": "Version",
"rowCount": 1,
"paymentTransaction": {
"listingInfo": {
"categoryId": "ID",
"isPremium": "Boolean",
"premiumExpiry": "Date",
"premiumType": "Enum",
"premiumType_idx": "Integer",
"subcategoryId": "ID",
"title": "String"
},
"isActive": true
}
}
List Paymenttransactions API
List all paymentTransactions for current user, paginated. Admin can query all users. Used for user payment history and admin reconciliation.
API Frontend Description By The Backend Architect
- Shows payment history rows for logged-in user. Admin can access all or filter by user/listing.
- For normal users, always filtered to session.userId.
Rest Route
The listPaymentTransactions API REST controller can be
triggered via the following route:
/v1/payments
Rest Request Parameters The
listPaymentTransactions api has got no request
parameters.
REST Request To access the api you can use the REST controller with the path GET /v1/payments
axios({
method: 'GET',
url: '/v1/payments',
data: {
},
params: {
}
});
REST Response
This route’s response is constrained to a select list of properties, and therefore does not encompass all attributes of the resource.
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "paymentTransactions",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"paymentTransactions": [
{
"listingInfo": [
{
"categoryId": "ID",
"isPremium": "Boolean",
"premiumExpiry": "Date",
"premiumType": "Enum",
"premiumType_idx": "Integer",
"subcategoryId": "ID",
"title": "String"
},
{},
{}
],
"isActive": true
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
Stripe Webhookcallback API
Receives Stripe webhook events, updates corresponding paymentTransaction (status, confirmation), triggers listing premium upgrade via interservice call. Only accepts trusted Stripe event payloads. No login required.
API Frontend Description By The Backend Architect
- INTERNAL USE ONLY. Called by Stripe, not by user. Receives POSTed webhook from Stripe.
- Verifies event with Stripe secret. Updates paymentTransaction record matched via sessionId. If payment is successful, confirms premium upgrade in listing service.
Rest Route
The stripeWebhookCallback API REST controller can be
triggered via the following route:
/v1/payments/webhook
Rest Request Parameters
The stripeWebhookCallback api has got 1 regular request
parameter
| Parameter | Type | Required | Population |
|---|---|---|---|
| paymentTransactionId | ID | true | request.params?.[“paymentTransactionId”] |
| paymentTransactionId : This id paremeter is used to select the required data object that will be updated |
REST Request To access the api you can use the REST controller with the path POST /v1/payments/webhook
axios({
method: 'POST',
url: '/v1/payments/webhook',
data: {
},
params: {
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "paymentTransaction",
"method": "POST",
"action": "update",
"appVersion": "Version",
"rowCount": 1,
"paymentTransaction": {
"id": "ID",
"amount": "Double",
"currency": "String",
"listingId": "ID",
"paymentConfirmedAt": "Date",
"premiumType": "Enum",
"premiumType_idx": "Integer",
"status": "Enum",
"status_idx": "Integer",
"stripeEventId": "String",
"stripeSessionId": "String",
"userId": "ID",
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID",
"isActive": true
}
}
_fetch Listpaymenttransaction API
System API to fetch list of paymentTransaction records for frontend application. Auto-generated, not visible in design.
Rest Route
The _fetchListPaymentTransaction API REST controller can
be triggered via the following route:
/v1/_fetchlistpaymenttransaction
Rest Request Parameters
Filter Parameters
The _fetchListPaymentTransaction api supports 5 optional
filter parameters for filtering list results:
listingId (ID): Target classified
listing being upgraded to premium.
- Single:
?listingId=<value> -
Multiple:
?listingId=<value1>&listingId=<value2> - Null:
?listingId=null
paymentConfirmedAt (Date): Date/time
when payment was confirmed and premium was granted. Null if never
successful/aborted.
- Single date:
?paymentConfirmedAt=2024-01-15 -
Multiple dates:
?paymentConfirmedAt=2024-01-15&paymentConfirmedAt=2024-01-20 -
Special:
$today,$ltoday,$week,$lweek,$month,$leq-<date>,$lin-<date> - Null:
?paymentConfirmedAt=null
premiumType (Enum): Premium upgrade
package: bronze, silver, gold (matches frontend/listing options).
-
Single:
?premiumType=<value>(case-insensitive) -
Multiple:
?premiumType=<value1>&premiumType=<value2> - Null:
?premiumType=null
status (Enum): Status of payment:
pending, awaiting_confirmation (stripe checkout created, awaiting
webhook), success (confirmed), failed (declined or errored), canceled
(user canceled).
- Single:
?status=<value>(case-insensitive) -
Multiple:
?status=<value1>&status=<value2> - Null:
?status=null
userId (ID): User (buyer) who made the
payment (auth:user)
- Single:
?userId=<value> -
Multiple:
?userId=<value1>&userId=<value2> - Null:
?userId=null
REST Request To access the api you can use the REST controller with the path GET /v1/_fetchlistpaymenttransaction
axios({
method: 'GET',
url: '/v1/_fetchlistpaymenttransaction',
data: {
},
params: {
// Filter parameters (see Filter Parameters section above)
// listingId: '<value>' // Filter by listingId
// paymentConfirmedAt: '<value>' // Filter by paymentConfirmedAt
// premiumType: '<value>' // Filter by premiumType
// status: '<value>' // Filter by status
// userId: '<value>' // Filter by userId
}
});
REST Response
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "paymentTransactions",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"paymentTransactions": [
{
"id": "ID",
"amount": "Double",
"currency": "String",
"listingId": "ID",
"paymentConfirmedAt": "Date",
"premiumType": "Enum",
"premiumType_idx": "Integer",
"status": "Enum",
"status_idx": "Integer",
"stripeEventId": "String",
"stripeSessionId": "String",
"userId": "ID",
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID",
"listing": [
{
"attributes": "Object",
"categoryId": "ID",
"condition": "Enum",
"condition_idx": "Integer",
"contactEmail": "String",
"contactPhone": "String",
"currency": "String",
"description": "Text",
"expiresAt": "Date",
"favoriteCount": "Integer",
"isPremium": "Boolean",
"listingType": "Enum",
"listingType_idx": "Integer",
"locationId": "ID",
"_paymentConfirmation": "String",
"premiumExpiry": "Date",
"premiumType": "Enum",
"premiumType_idx": "Integer",
"price": "Double",
"status": "Enum",
"status_idx": "Integer",
"subcategoryId": "ID",
"title": "String",
"userId": "ID",
"viewsCount": "Integer",
"paymentConfirmation": "Enum",
"paymentConfirmation_idx": "Integer"
},
{},
{}
],
"buyer": [
{
"fullname": "String"
},
{},
{}
],
"isActive": true
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}
After this prompt, the user may give you new instructions to update the output of this prompt or provide subsequent prompts about the project.