Verify payment status
Verify the status of a payment transaction using the payment reference. This endpoint queries the payment provider’s API to get the current status.
⚠️ SECRET KEY REQUIRED
This endpoint requires a secret key (tybrite_sk_*). Publishable keys will return 403 Forbidden.
Why Secret Key? Payment verification accesses sensitive transaction data and provider APIs that should only be called from secure server-side environments. This prevents unauthorized access to payment status information.
Provider-Specific Verification:
Stripe:
- Queries Stripe Checkout Session API
- Returns payment status:
pending,paid,failed,cancelled - Includes payment intent details
Paystack:
- Queries Paystack Transaction Verification API
- Returns payment status and transaction details
- Includes gateway response and fees
M-Pesa:
- Queries M-Pesa STK Push Query API
- Returns transaction status from Safaricom
- Includes M-Pesa receipt number if successful
Airtel Money:
- Queries Airtel Money Transaction Status API
- Returns transaction status and details
- Includes Airtel transaction ID if successful
Note: Despite using POST method (for request body), this is a read operation that queries external payment provider APIs.
Key Type Support:
- ✅ Secret keys (full access)
- ❌ Publishable keys (forbidden - returns 403)
Documentation Index
Fetch the complete documentation index at: https://docs.tybritelabs.com/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
API Key Authentication
Use your API key in the Authorization header:
Authorization: Bearer tybrite_sk_live_YOUR_KEYKey Types:
Secret Keys (Server-Side Only):
- Format:
tybrite_sk_live_*(production) ortybrite_sk_test_*(sandbox) - Full read/write access to all endpoints
- ⚠️ NEVER expose in client-side code or public repositories
- Required for: write operations, authentication, payment verification, AI recommendations
Publishable Keys (Client-Safe):
- Format:
tybrite_pk_live_*(production) ortybrite_pk_test_*(sandbox) - Read-only access (GET requests only, plus POST semantic search)
- ✅ Safe for client-side JavaScript, mobile apps, and public code
- Allowed for: browsing products, search, CMS content, pricing queries
Endpoint-Specific Requirements:
- Authentication endpoints (
/v1/auth/*): Secret key required - Payment verification (
POST /v1/payments/verify): Secret key required - AI Recommendations (
POST /v1/recommendations): Secret key required - Semantic Search (
POST /v1/search): Both key types allowed (read-only operation) - All write operations: Secret key required
- All read operations: Both key types allowed
Using a publishable key for restricted operations returns 403 Forbidden.
Body
Response
Payment verification successful
- Option 1
- Option 2
- Option 3
- Option 4
Stripe verification response
"stripe"
Stripe Checkout Session ID
"cs_test_a1b2c3..."
Normalized status. Returns success when Stripe payment_status === 'paid',
otherwise the raw Stripe payment_status (e.g., unpaid, no_payment_required).
"success"
Amount in major currency units (converted from Stripe's minor units)
100
"usd"
"customer@example.com"
Stripe Payment Intent ID
"pi_3ABC123..."
Stripe session metadata (with store_id stripped)