Business API Design Specification -
List Paymentcustomermethods
A Business API is a set of logical actions centered around a main data object. These actions can range from simple CRUD operations to complex workflows that implement intricate business logic.
While the term “API” traditionally refers to an interface that allows software systems to interact, in Mindbricks a Business API represents a broader concept. It encapsulates a business workflow around a data object, going beyond basic CRUD operations to include rich, internally coordinated actions that can be fully designed and customized.
This document provides an in-depth explanation of the architectural
design of the listPaymentCustomerMethods Business API. It
is intended to guide backend architects and developers in maintaining
the current design. Additionally, frontend developers and frontend AI
agents can use this document to understand how to properly consume
this API on the client side.
Main Data Object and CRUD Operation
The listPaymentCustomerMethods Business API is designed
to handle a list operation on the
Sys_paymentMethod data object. This operation is
performed under the specified conditions and may include additional,
coordinated actions as part of the workflow.
API Description
This route is used to list all payment customer methods.
API Options
-
Auto Params :
trueDetermines whether input parameters should be auto-generated from the schema of the associated data object. Set tofalseif you want to define all input parameters manually. -
Raise Api Event :
trueIndicates whether the Business API should emit an API-level event after successful execution. This is typically used for audit trails, analytics, or external integrations. The event will be emitted to thepaymentcustomermethods-listedKafka Topic Note that the DB-Level events forcreate,updateanddeleteoperations will always be raised for internal reasons. -
Active Check : `` Controls how the system checks if a record is active (not soft-deleted or inactive). Uses the
ApiCheckOptionto determine whether this is checked during the query or after fetching the instance. -
Read From Entity Cache :
falseIf enabled, the API will attempt to read the target object from the Redis entity cache before querying the database. This can improve performance for frequently accessed records.
API Controllers
A Mindbricks Business API can be accessed through multiple interfaces, including REST, gRPC, WebSocket, Kafka, or Cron. The controllers listed below map the business workflow to a specific interface, enabling consistent interaction regardless of the communication channel.
REST Controller
The listPaymentCustomerMethods Business API includes a
REST controller that can be triggered via the following route:
/v1/paymentcustomermethods/:userId
By sending a request to this route using the service API address, you can execute this Business API. Parameters can be provided in multiple HTTP locations, including the URL path, URL query, request body, and request headers. Detailed information about these parameters is provided in the Parameters section.
MCP Tool
REST controllers also expose the Business API as a tool in the MCP,
making it accessible to AI agents. This
listPaymentCustomerMethods Business API will be
registered as a tool on the MCP server within the service binding.
API Parameters
The listPaymentCustomerMethods Business API has 7
parameters that must be sent from the controller. Note that all
parameters, except session and Redis parameters, should be provided by
the client.
Business API parameters can be:
-
Auto-generated by Mindbricks — inferred from the
CRUD type and the property definitions of the main data object when
the
autoParametersoption is enabled. - Custom parameters added by the architect — these can supplement or override the auto-generated parameters.
Regular Parameters
| Name | Type | Required | Default | Location | Data Path |
|---|---|---|---|---|---|
userId |
ID |
Yes |
- |
session |
userId |
| Description: | An ID value to represent the user who owns the payment method. The parameter is used to query data. | ||||
Filter Parameters
The listPaymentCustomerMethods api supports 6 optional
filter parameters for filtering list results using URL query
parameters. These parameters are only available for
list type APIs.
paymentMethodId Filter
Type: String
Description: A string value to represent the id of
the payment method on the payment platform.
Location: Query Parameter
Usage:
Non-Array Property (Case-Insensitive Partial Matching):
-
Single value:
?paymentMethodId=<value>(matches any string containing the value, case-insensitive) -
Multiple values:
?paymentMethodId=<value1>&paymentMethodId=<value2>(matches records containing any of the values) - Null check:
?paymentMethodId=null
Examples:
// Find records with "john" in the field (case-insensitive partial match)
GET /v1/paymentcustomermethods/:userId?paymentMethodId=john
// Matches: "John", "Johnny", "johnson", "McJohn", etc.
// Find records with multiple values (use multiple parameters)
GET /v1/paymentcustomermethods/:userId?paymentMethodId=laptop&paymentMethodId=phone&paymentMethodId=tablet
// Matches records containing "laptop", "phone", or "tablet" anywhere in the field
// Find records without this field
GET /v1/paymentcustomermethods/:userId?paymentMethodId=null
customerId Filter
Type: String
Description: A string value to represent the customer
id which is generated on the payment gateway.
Location: Query Parameter
Usage:
Non-Array Property (Case-Insensitive Partial Matching):
-
Single value:
?customerId=<value>(matches any string containing the value, case-insensitive) -
Multiple values:
?customerId=<value1>&customerId=<value2>(matches records containing any of the values) - Null check:
?customerId=null
Examples:
// Find records with "john" in the field (case-insensitive partial match)
GET /v1/paymentcustomermethods/:userId?customerId=john
// Matches: "John", "Johnny", "johnson", "McJohn", etc.
// Find records with multiple values (use multiple parameters)
GET /v1/paymentcustomermethods/:userId?customerId=laptop&customerId=phone&customerId=tablet
// Matches records containing "laptop", "phone", or "tablet" anywhere in the field
// Find records without this field
GET /v1/paymentcustomermethods/:userId?customerId=null
cardHolderName Filter
Type: String
Description: A string value to represent the name of
the card holder. It can be different than the registered customer.
Location: Query Parameter
Usage:
Non-Array Property (Case-Insensitive Partial Matching):
-
Single value:
?cardHolderName=<value>(matches any string containing the value, case-insensitive) -
Multiple values:
?cardHolderName=<value1>&cardHolderName=<value2>(matches records containing any of the values) - Null check:
?cardHolderName=null
Examples:
// Find records with "john" in the field (case-insensitive partial match)
GET /v1/paymentcustomermethods/:userId?cardHolderName=john
// Matches: "John", "Johnny", "johnson", "McJohn", etc.
// Find records with multiple values (use multiple parameters)
GET /v1/paymentcustomermethods/:userId?cardHolderName=laptop&cardHolderName=phone&cardHolderName=tablet
// Matches records containing "laptop", "phone", or "tablet" anywhere in the field
// Find records without this field
GET /v1/paymentcustomermethods/:userId?cardHolderName=null
cardHolderZip Filter
Type: String
Description: A string value to represent the zip code
of the card holder. It is used for address verification in specific
countries.
Location: Query Parameter
Usage:
Non-Array Property (Case-Insensitive Partial Matching):
-
Single value:
?cardHolderZip=<value>(matches any string containing the value, case-insensitive) -
Multiple values:
?cardHolderZip=<value1>&cardHolderZip=<value2>(matches records containing any of the values) - Null check:
?cardHolderZip=null
Examples:
// Find records with "john" in the field (case-insensitive partial match)
GET /v1/paymentcustomermethods/:userId?cardHolderZip=john
// Matches: "John", "Johnny", "johnson", "McJohn", etc.
// Find records with multiple values (use multiple parameters)
GET /v1/paymentcustomermethods/:userId?cardHolderZip=laptop&cardHolderZip=phone&cardHolderZip=tablet
// Matches records containing "laptop", "phone", or "tablet" anywhere in the field
// Find records without this field
GET /v1/paymentcustomermethods/:userId?cardHolderZip=null
platform Filter
Type: String
Description: A String value to represent payment
platform which teh paymentMethod belongs. It is stripe as default. It
will be used to distinguesh the payment gateways in the future.
Location: Query Parameter
Usage:
Non-Array Property (Case-Insensitive Partial Matching):
-
Single value:
?platform=<value>(matches any string containing the value, case-insensitive) -
Multiple values:
?platform=<value1>&platform=<value2>(matches records containing any of the values) - Null check:
?platform=null
Examples:
// Find records with "john" in the field (case-insensitive partial match)
GET /v1/paymentcustomermethods/:userId?platform=john
// Matches: "John", "Johnny", "johnson", "McJohn", etc.
// Find records with multiple values (use multiple parameters)
GET /v1/paymentcustomermethods/:userId?platform=laptop&platform=phone&platform=tablet
// Matches records containing "laptop", "phone", or "tablet" anywhere in the field
// Find records without this field
GET /v1/paymentcustomermethods/:userId?platform=null
cardInfo Filter
Type: Object
Description: A Json value to store the card details
of the payment method.
Location: Query Parameter
Usage:
- Single value:
?cardInfo=<value> -
Multiple values:
?cardInfo=<value1>&cardInfo=<value2> - Null check:
?cardInfo=null
Examples:
// Get records with specific value
GET /v1/paymentcustomermethods/:userId?cardInfo=<value>
// Get records with multiple values (use multiple parameters)
GET /v1/paymentcustomermethods/:userId?cardInfo=<value1>&cardInfo=<value2>
// Get records without this field
GET /v1/paymentcustomermethods/:userId?cardInfo=null
Parameter Transformations
Some parameters are post-processed using
transform scripts after being read from the request
but before validation or workflow execution. Only parameters with a
transform script are listed below.
No parameters are transformed in this API.
AUTH Configuration
The
authentication and authorization configuration
defines the core access rules for the
listPaymentCustomerMethods Business API. These checks are
applied after parameter validation and before
executing the main business logic.
While these settings cover the most common scenarios, more
fine-grained or conditional access control—such as
permissions based on object context, nested memberships, or custom
workflows—should be implemented using explicit actions like
PermissionCheckAction,
MembershipCheckAction, or
ObjectPermissionCheckAction.
Login Requirement
This API requires login (loginRequired = true). Requests from non-logged-in users will return a
401 Unauthorized error. Login is necessary
but not sufficient, as additional role, permission,
or other authorization checks may still apply.
Ownership Checks
Role and Permission Settings
-
Absolute roles (bypass all auth checks):
Users with any of the following roles will bypass all authentication and authorization checks, including ownership, membership, and standard role/permission checks:
[superAdmin]
Select Clause
Specifies which fields will be selected from the main data object
during a get or list operation. Leave blank
to select all properties. This applies only to get and
list type APIs.",
``
Where Clause
Defines the criteria used to locate the target record(s) for the main
operation. This is expressed as a query object and applies to
get, list, update, and
delete APIs. All API types except list are
expected to affect a single record.
If nothing is configured for (get, update, delete) the id fields will be the select criteria.
Select By: A list of fields that must be matched
exactly as part of the WHERE clause. This is not a filter — it is a
required selection rule. In single-record APIs (get,
update, delete), it defines how a unique
record is located. In list APIs, it scopes the results to
only entries matching the given values. Note that
selectBy fields will be ignored if
fullWhereClause is set.
The business api configuration has a selectBy setting:
‘[’']`
Full Where Clause An MScript query expression that
overrides all default WHERE clause logic. Use this for fully
customized queries. When fullWhereClause is set,
selectBy is ignored, however additional selects will
still be applied to final where clause.
The business api configuration has no
fullWhereClause setting.
Additional Clauses A list of conditionally applied MScript query fragments. These clauses are appended only if their conditions evaluate to true. If no condition is set it will be applied to the where clause directly.
The business api configuration has no additionalClauses setting.
Actual Where Clause This where clause is built using whereClause configuration (if set) and default business logic.
{$and:[{userId:{"$eq":this.userId}},{isActive:true}]}
List Options
Defines list-specific options including filtering logic, default sorting, and result customization for APIs that return multiple records.
List Sort By Sort order definitions for the result set. Multiple fields can be provided with direction (asc/desc).
Specific sort order is not configure, natural order (ascending id) will be used.
List Group By Grouping definitions for the result set. This is typically used for visual or report-based grouping.
The list is not grouped.
setAsRead: An optional array of field-value mappings that will be updated after the read operation. Useful for marking items as read or viewed.
No setAsread field-value pair is configured.
Permission Filter Optional filter that applies permission constraints dynamically based on session or object roles. So that the list items are filtered by the user’s OBAC or ABAC permissions.
Permission filter is not active at the moment. Follow Mindbricks updates to be able to use it.
Pagination Options
Contains settings to configure pagination behavior for
list APIs. Includes options like page size, offset,
cursor support, and total count inclusion.
Business Logic Workflow
[1] Step : startBusinessApi
Initializes context with request and session objects. Prepares internal structures for parameter handling and milestone execution.
You can use the following settings to change some behavior of this
step. apiOptions, restSettings,
grpcSettings, kafkaSettings,
socketSettings, cronSettings
[2] Step : readParameters
Reads request and Redis parameters, applies defaults, and writes them to context for downstream processing.
You can use the following settings to change some behavior of this
step. customParameters, redisParameters
[3] Step : transposeParameters
Transforms and normalizes parameters, derives dependent values, and reshapes inputs for the main list query.
[4] Step : checkParameters
Executes validation logic on required and custom parameters, enforcing business rules and cross-field consistency.
[5] Step : checkBasicAuth
Performs role-based access checks and applies dynamic membership or session-based restrictions.
You can use the following settings to change some behavior of this
step. authOptions
[6] Step : buildWhereClause
Constructs the main query WHERE clause and applies optional filters or scoped access controls.
You can use the following settings to change some behavior of this
step. whereClause
[7] Step : mainListOperation
Executes the paginated database query, retrieves the list, and stores results in context for enrichment.
You can use the following settings to change some behavior of this
step. selectClause, listOptions,
paginationOptions
[8] Step : buildOutput
Assembles the list response, sanitizes sensitive fields, applies transformations, and injects extra context if needed.
[9] Step : sendResponse
Sends the paginated list to the client through the controller.
[10] Step : raiseApiEvent
Triggers optional post-workflow events, such as Kafka messages, logs, or system notifications.
Rest Usage
Rest Client Parameters
Client parameters are the api parameters that are visible to client and will be populated by the client. Note that some api parameters are not visible to client because they are populated by internal system, session, calculation or joint sources.
The listPaymentCustomerMethods api has 6 filter
parameters available for filtering list results. See the
Filter Parameters section above for
detailed usage examples.
| Filter Parameter | Type | Array Property | Description |
|---|---|---|---|
| paymentMethodId | String | No | A string value to represent the id of the payment method on the payment platform. |
| customerId | String | No | A string value to represent the customer id which is generated on the payment gateway. |
| cardHolderName | String | No | A string value to represent the name of the card holder. It can be different than the registered customer. |
| cardHolderZip | String | No | A string value to represent the zip code of the card holder. It is used for address verification in specific countries. |
| platform | String | No | A String value to represent payment platform which teh paymentMethod belongs. It is stripe as default. It will be used to distinguesh the payment gateways in the future. |
| cardInfo | Object | No | A Json value to store the card details of the payment method. |
REST Request
To access the api you can use the REST controller with the path GET /v1/paymentcustomermethods/:userId
axios({
method: 'GET',
url: `/v1/paymentcustomermethods/${userId}`,
data: {
},
params: {
// Filter parameters (see Filter Parameters section for usage examples)
// paymentMethodId: '<value>' // Filter by paymentMethodId
// customerId: '<value>' // Filter by customerId
// cardHolderName: '<value>' // Filter by cardHolderName
// cardHolderZip: '<value>' // Filter by cardHolderZip
// platform: '<value>' // Filter by platform
// cardInfo: '<value>' // Filter by cardInfo
}
});
REST Response
The API response is encapsulated within a JSON envelope. Successful
operations return an HTTP status code of 200 for get, list, update, or
delete requests, and 201 for create requests. Each successful response
includes a "status": "OK" property.
For error handling, refer to the “Error Response” section.
Following JSON represents the most comprehensive form of the
sys_paymentMethods object in the
respones. However, some properties may be omitted based on the
object’s internal logic.
{
"status": "OK",
"statusCode": "200",
"elapsedMs": 126,
"ssoTime": 120,
"source": "db",
"cacheKey": "hexCode",
"userId": "ID",
"sessionId": "ID",
"requestId": "ID",
"dataName": "sys_paymentMethods",
"method": "GET",
"action": "list",
"appVersion": "Version",
"rowCount": "\"Number\"",
"sys_paymentMethods": [
{
"id": "ID",
"paymentMethodId": "String",
"userId": "ID",
"customerId": "String",
"cardHolderName": "String",
"cardHolderZip": "String",
"platform": "String",
"cardInfo": "Object",
"isActive": true,
"recordVersion": "Integer",
"createdAt": "Date",
"updatedAt": "Date",
"_owner": "ID"
},
{},
{}
],
"paging": {
"pageNumber": "Number",
"pageRowCount": "NUmber",
"totalRowCount": "Number",
"pageCount": "Number"
},
"filters": [],
"uiPermissions": []
}