Payment Service โ API Reference ๐ณ
This document describes the payment-related APIs exposed by the Payment Service in ShopVerse.
Payments are handled securely using Razorpay and all APIs are accessed via the API Gateway.
๐ Base URLโ
/api/payments
๐ Authentication & Authorizationโ
- JWT is validated at the API Gateway
- Gateway injects:
X-User-EmailX-User-Role
- Only authenticated users can initiate payments
- Admin access is restricted to reporting APIs
๐ฐ Create Payment Orderโ
Initiate a payment for an existing order.
โค Endpointโ
POST /api/payments/create
โค Request Bodyโ
{
"orderId": "ORD789",
"amount": 5497
}
โค Success Response (200 OK)โ
{
"razorpayOrderId": "order_JH23KLM",
"amount": 5497,
"currency": "INR"
}
๐ Get My Paymentsโ
Fetch payment history of the authenticated user.
โค Endpointโ
GET /api/payments/my
โค Success Response (200 OK)โ
[
{
"paymentId": "PAY123",
"orderId": "ORD789",
"amount": 5497,
"status": "SUCCESS",
"createdAt": "2026-01-21T12:45:00"
}
]
๐ Payment Callback (Webhook)โ
Handle Razorpay payment callbacks.
This endpoint is internal and not exposed to clients.
โค Endpointโ
POST /api/payments/callback
โค Headersโ
X-Razorpay-Signature
โค Callback Payload (Example)โ
{
"razorpay_payment_id": "pay_JH23XYZ",
"razorpay_order_id": "order_JH23KLM",
"razorpay_signature": "abc123signature"
}
โค Success Response (200 OK)โ
{
"message": "Payment processed successfully"
}
๐ Payment Lifecycleโ
๐ก Events Publishedโ
| Event | Topic | Description |
|---|---|---|
| PAYMENT_CREATED | payment-events | Payment initiated |
| PAYMENT_SUCCESS | payment-events | Payment successful |
| PAYMENT_FAILED | payment-events | Payment failed |
Consumed by:
- Order Service
- Notification Service
- Analytics Service
๐ Request Flowโ
โ ๏ธ Common Errorsโ
| Status | Meaning |
|---|---|
| 400 | Invalid payment request |
| 401 | Unauthorized |
| 403 | Forbidden |
| 404 | Order not found |
| 500 | Payment gateway failure |
๐ก๏ธ Security Notesโ
- Razorpay signatures are verified
- Payment secrets stored in environment variables
- Callbacks are idempotent
- Duplicate callbacks are safely ignored
๐ Summaryโ
The Payment API provides:
- Secure payment initiation
- Reliable callback handling
- Event-driven post-payment workflows
- Clean integration with Razorpay
It ensures safe and consistent payment processing in ShopVerse.