Billing & Payments API

Invoice management, payment initiation, transaction monitoring, callback handling, and development test routes. This page documents routes exposed from the billing blueprint. Base URL prefix: <API_BASE_URL>.

Access

Authentication and roles

Admin invoice, COD collection, and transaction monitoring endpoints require Authorization: Bearer <access_token> and admin role. Checkout/payment and callback endpoints are public by design. Test endpoints are enabled only in debug/testing or when test routes are explicitly enabled in config.

Admin

Invoice management

GET/admin/invoices

List all invoices.

GET/admin/invoices/pending

List pending invoices.

GET/admin/invoices/overdue

List overdue invoices.

GET/admin/invoices/paid

List paid invoices.

GET/admin/invoices/<invoice_id>

Get invoice details with items and payment summary.

POST/admin/invoices

Create invoice manually. Body supports customer fields, optional user_id, currency/tax IDs, destination country, payment terms, notes, and items.

PUT/admin/invoices/<invoice_id>

Update editable invoice fields and optional currency/tax selection.

POST/admin/invoices/<invoice_id>/items

Add item to invoice. Body: product_id, optional name/sku overrides, quantity, unit_price, tax_rate, variant_info.

DELETE/admin/invoices/<invoice_id>/items/<item_id>

Remove invoice item from a specific invoice.

PUT/admin/invoices/<invoice_id>/cancel

Cancel invoice when allowed by status.

Admin

COD and transactions

POST/admin/payments/cod/<cod_id>/collect

Mark COD transaction as collected. Body supports collector, delivery agent ID, and notes.

POST/admin/payments/cod/<cod_id>/verify

Verify COD payment using verification code.

GET/admin/transactions

List all payment transactions.

GET/admin/transactions/<reference>

Get transaction details including gateway-specific data.

GET/admin/transactions/invoice/<invoice_id>

List all transactions for an invoice.

Customer

Checkout and invoice payment

GET/payment-methods

List enabled payment methods for checkout.

GET/invoices/<invoice_number>

Get invoice by invoice number.

GET/invoices/<invoice_number>/pay

Get invoice payment payload with available methods.

POST/payments/mpesa/initiate

Initiate M-Pesa STK push. Body: invoice_id, phone_number, amount.

GET/payments/mpesa/<checkout_id>/status

Query M-Pesa transaction status by checkout request ID.

POST/payments/pesapal/initiate

Initiate Pesapal payment and return redirect URL. Body: invoice_id, amount, currency.

GET/payments/pesapal/<tracking_id>/status

Query Pesapal transaction status.

GET/payments/pesapal/return

Pesapal return URL target after customer payment flow.

POST/payments/cod/create

Create Cash on Delivery transaction. Body: invoice_id.

GET/payments/cod/<cod_id>/instructions

Get COD instructions and verification details.

GET/payments/<reference>/status

Get unified payment status by transaction reference.

Callbacks

Gateway callback routes

POST/callbacks/mpesa

M-Pesa STK callback handler.

POST/callbacks/mpesa/validation

Optional M-Pesa validation callback endpoint.

POST/callbacks/mpesa/confirmation

Optional M-Pesa confirmation callback endpoint.

POST/GET/callbacks/pesapal/ipn

Pesapal IPN callback endpoint supporting POST and GET delivery modes.

Development

Test routes

These endpoints are development-only and return 404 when test routes are disabled.

POST/test/invoice

Create sample invoice with test items.

POST/test/payment-methods/seed

Seed M-Pesa, Pesapal, and COD methods for local/dev testing.

POST/test/mpesa/callback

Simulate M-Pesa callback payload.

POST/test/pesapal/ipn

Simulate Pesapal IPN payload.

GET/test/invoice/<invoice_id>

Get full test invoice details with payments.

GET/test/transaction/<reference>

Get test transaction details including gateway data.

Errors

Common responses

Validation and state errors return 400. Missing resources return 404. Missing/invalid auth returns 401. Forbidden admin access returns 403. Gateway integration failures return 500 with a normalized {"error": "..."} response body.