Endpoints
| Method | Path | Description |
|---|---|---|
| GET | /v1/payments/accounts | List configured payment accounts (per provider). |
| POST | /v1/payments/accounts/upsert | Create or update an encrypted payment account configuration. |
| GET | /v1/payments/defaults | Resolve workspace/product payment defaults used by the booking engine. |
| POST | /v1/payments/bank/init | Start a bank transfer session for a booking or wizard. |
| POST | /v1/payments/bank/approve | Confirm receipt of a bank transfer and trigger fulfilment workflows. |
| POST | /v1/payments/start | Start an online payment session (Netopia adapter today). |
| POST | /v1/integrations/netopia/notify | Receive Netopia payment status webhooks. |
| GET | /v1/integrations/netopia/redirect | Handle customer return URLs after Netopia checkout. |
Workspace-scoped API keys are required for all
/v1/payments/* routes. The payments:read and payments:write scopes are enforced on the accounts APIs; the remaining endpoints rely on the base API guard. Inbound Netopia callbacks are unauthenticated and should be restricted via provider IP allow lists.Key concepts
- Payment account credentials (e.g. Netopia POS signature/API key) are encrypted with Google Cloud KMS before being stored. Ensure
GCP_SERVICE_ACCOUNT_KEYandGCP_KMS_INTEGRATIONS_KEY_NAME(or a fallbackKMS_ENCRYPTION_KEYin non-production) are configured. - Defaults merge workspace-level payment settings with optional product overrides located in
catalog.product_payment_overrides. The API returns whichever payload is currently effective for the caller. - Bank transfer flows create
payments.payment_sessionsrows and push notifications to Trigger.dev jobs (payments.bank-transfer-initandpayments.bank-transfer-approve) for invoicing, contracts, and messaging. - The generic
/v1/payments/startendpoint resolves the active provider for the workspace. Netopia is the only adapter implemented today; additional providers will extend the same entry point. - Netopia redirect + notify endpoints record webhook payloads, update payment sessions, and fan-out to Trigger.dev orchestrators for downstream fulfilment (invoices, contracts, notifications).