API Integration Flows
Welcome to the Alberta Payments API documentation. This portal explains the step-by-step flows required to authenticate clients and interact with the protected store and transaction endpoints.
http://127.0.0.1:8000. All client routes are mounted under the
/v1/clients prefix.
429 Too Many Requests response.
Route Summary
Quick reference for every route exposed by routes/clients-api.php. Each row links to the
detailed flow below.
| Method | Path | Auth |
|---|---|---|
| POST | /v1/clients/register |
Public |
| POST | /v1/clients/stores/{sid}/login |
Public |
| POST | /v1/clients/logout |
Bearer JWT |
| POST | /v1/clients/forgot-password |
Public |
| POST | /v1/clients/{client}/reset-password |
Signed URL |
| GET | /v1/clients/stores/{sid}/terminal/{terminalId}/transactions/{transactionType} |
Bearer JWT |
1. Register Account
Before accessing any data, a client must register and specify which stores they need access to. Registration initiates a multi-step onboarding process.
- Registration: Client submits their details using the
/v1/clients/registerendpoint, including the list ofstore_idvalues they need access to. - Email Verification: The system emails a secure confirmation link to the client. The client must click this link to verify their email address.
- Per-Store Admin Approval: Once the email is confirmed, the system notifies an administrator. The administrator reviews and approves each requested store individually — every requested store id needs its own approval click.
- Ready for Login: A client can log in for a given store as soon as that store has been approved. The client receives a notification email each time one of their requested stores is approved.
Provide the following payload to create an account:
{
"name": "Jane Doe",
"email": "jane@example.com",
"phone": "1234567890",
"store_id": [105, 106],
"password": "SecurePassword123",
"password_confirmation": "SecurePassword123"
}Field rules
| Field | Rule |
|---|---|
name |
Required string, up to 255 characters. |
email |
Required valid email, must be unique on the clients table. |
phone |
Required, exactly 10 numeric digits. |
store_id |
Required array containing at least one integer store id. |
password |
Required, minimum 8 characters, letters and digits only, must contain at least one letter and one
digit, and must match password_confirmation.
|
On validation failure, the API responds with HTTP 422 and a per-field error map:
{
"success": false,
"data": [],
"message": "First error message.",
"errors": {
"phone": ["Phone number must be exactly 10 digits."],
"store_id": ["Please select at least one store."]
}
}2. Create a JWT (Login)
JSON Web Tokens (JWTs) are a token format used for authentication with our data APIs. You must exchange your approved client credentials for a JWT, and tokens are scoped to a single store at a time.
{sid} is part of the URL path. A client can only obtain a JWT for a store that
(a) was included in their original registration request, and (b) has been approved by an administrator.
"Access for this store is pending approval." If the store was never part of your request the
API responds with "You do not have access to this store."
Send the credentials to receive the token:
{
"email": "jane@example.com",
"password": "SecurePassword123"
}A successful response includes the JWT, its expiry, and the store id the token is scoped to:
{
"success": true,
"data": {
"client": { "id": 42, "name": "Jane Doe", "email": "jane@example.com" },
"store_id": 105,
"authorization": {
"token": "eyJhbGciOiJIUzI1Ni...",
"type": "bearer",
"exp": 1735689600
}
},
"message": "Token generated successfully"
}Using the JWT to authenticate
In order to authenticate with the API, provide the JWT as a Bearer token in the
Authorization header for all subsequent requests.
Authorization: Bearer eyJhbGciOiJIUzI1Ni...3. Logout
Invalidate the current JWT token. After logging out, the token can no longer be used for protected endpoints.
Requires Authorization: Bearer [JWT] header.
Forgot Password Flow
If a client loses their password, they must request a secure reset link. The system will dispatch a cryptographically signed URL to their email. The endpoint always returns the same generic success message regardless of whether the email is registered, to avoid leaking account existence.
Payload:
{
"email": "jane@example.com"
}Reset Password Flow
The user clicks the signed link in their email, which brings them to a web form. Submitting that form hits
the reset endpoint. The signature query parameters (expires and signature) come
from the email link and must be preserved.
Payload:
{
"password": "NewSecurePassword456",
"password_confirmation": "NewSecurePassword456"
}Password rules are identical to the ones enforced on registration (minimum 8 characters, alphanumeric, must include at least one letter and one digit, must match the confirmation field).
Get Transactions
Fetch paginated sales transactions for a specific store and terminal. Each page returns up to
per_page unique sale records, with each sale's line items nested inside an
items array. Data is sourced from trn_sales joined with
trn_salesdetail, ordered newest first.
Authorization: Bearer [JWT] header. The
authenticated client must have approved access to the requested {sid}.
Path parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
sid |
integer | Yes | Numeric store id. Must be a store approved for the calling client. |
terminalId |
integer | Yes | Mention terminal id viz 101 to get transactions specific to that particular register or use all to get records for all registers |
transactionType |
string | Yes |
Accepted values:
transaction, void, no_sale,
cash_pickup, add_cash, all.
|
Query parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
sequence |
string | No | allowed values: oldest_first and latest_first. Defaults to latest_first. |
page |
integer | No | Page number. Minimum 1. Defaults to 1. |
per_page |
integer | No | Number of transactions per page. Minimum 1, maximum 25.
Defaults to 10. |
Example request
GET /v1/clients/stores/105/terminal/1/transactions/transaction?page=1&per_page=10
Authorization: Bearer eyJhbGciOiJIUzI1Ni...Success response
HTTP 200. The top-level data object contains standard Laravel pagination
metadata alongside a data array where each element represents one sale and its
line items.
{
"success": true,
"data": {
"current_page": 1,
"data": [
{
"terminal_id": "101",
"sales_id": 1812231011,
"item_code": "23",
"item_name": "Instant Redeem",
"unit_cost": "0.0000",
"unit_price": "0.01",
"quantity_sold": "-1.00",
"total_cost": "0.00",
"total_price": "-0.01",
"transaction_type": "Void",
"transaction_date": "2018-12-23",
"transaction_time": "18:57:54"
},
{
"terminal_id": "101",
"sales_id": 1812231012,
"item_code": "23",
"item_name": "Instant Redeem",
"unit_cost": "0.0000",
"unit_price": "0.01",
"quantity_sold": "-1.00",
"total_cost": "0.00",
"total_price": "-0.01",
"transaction_type": "Void",
"transaction_date": "2018-12-23",
"transaction_time": "18:59:14"
},
{
"terminal_id": "101",
"sales_id": 1812231014,
"item_code": "23",
"item_name": "Instant Redeem",
"unit_cost": "0.0000",
"unit_price": "0.01",
"quantity_sold": "-1.00",
"total_cost": "0.00",
"total_price": "-0.01",
"transaction_type": "Void",
"transaction_date": "2018-12-23",
"transaction_time": "20:12:57"
},
{
"terminal_id": "101",
"sales_id": 1812231015,
"item_code": "2",
"item_name": "Taxable Item",
"unit_cost": "0.0000",
"unit_price": "0.04",
"quantity_sold": "1.00",
"total_cost": "0.00",
"total_price": "0.04",
"transaction_type": "Void",
"transaction_date": "2018-12-23",
"transaction_time": "21:09:02"
},
{
"terminal_id": "101",
"sales_id": 1812231017,
"item_code": "2",
"item_name": "Taxable Item",
"unit_cost": "0.0000",
"unit_price": "0.01",
"quantity_sold": "1.00",
"total_cost": "0.00",
"total_price": "0.01",
"transaction_type": "Void",
"transaction_date": "2018-12-23",
"transaction_time": "21:55:07"
}
],
"from": 1,
"last_page": 12,
"per_page": 5,
"to": 5,
"total": 60
},
"message": "Transaction details retrieved successfully."
}Error responses
| HTTP Status | Scenario |
|---|---|
401 Unauthorized |
Missing or expired JWT. |
403 Forbidden |
Client does not have access to the requested sid. |
404 Not Found |
No transactions found for the given filters, or an out-of-range page was requested. |
422 Unprocessable Entity |
Validation failed — invalid transactionType or per_page exceeds 25. |
429 Too Many Requests |
Rate limit exceeded (10 requests per minute). |