๐ณ Payments API โ
๐ฐ Create Stripe Payment Intent โ
POST /api/payments/create-intent
Authorization: Bearer <token> (optional)Request:
json
{
"orderId": "order-id"
}Response:
json
{
"success": true,
"data": {
"clientSecret": "pi_xxx_secret_xxx"
}
}Use the clientSecret with Stripe.js on the frontend to complete payment.
๐ Stripe Webhook โ
POST /api/payments/webhook
Content-Type: application/json (raw body)Called by Stripe when a payment event occurs. The endpoint verifies the webhook signature using STRIPE_WEBHOOK_SECRET.
Handled events:
- โ
payment_intent.succeededโ Marks the payment as completed and updates the order.
WARNING
This endpoint expects a raw request body (not JSON-parsed). It is registered before the JSON body parser in the middleware stack.
๐ต Mark Cash Payment โ
POST /api/payments/cash
Authorization: Bearer <staff-token>Request:
json
{
"orderId": "order-id",
"amount": 34.45
}Staff marks that cash has been received for an order.
๐ ฟ๏ธ Create PayPal Payment โ
POST /api/payments/paypal/create
Authorization: Bearer <token> (optional)Request:
json
{
"orderId": "order-id"
}Response:
json
{
"success": true,
"data": {
"paypalOrderId": "PAYPAL-ORDER-ID"
}
}โ Capture PayPal Payment โ
POST /api/payments/paypal/capture
Authorization: Bearer <token> (optional)Request:
json
{
"paypalOrderId": "PAYPAL-ORDER-ID"
}Called after the customer approves payment on PayPal.
๐ Permissions Summary โ
| Action | Required Role |
|---|---|
| ๐ณ Create Stripe intent | Customer or guest |
| ๐ Stripe webhook | Stripe (signature verified) |
| ๐ต Mark cash payment | Staff |
| ๐ ฟ๏ธ Create/capture PayPal | Customer or guest |