Verify a the billing provider checkout
POST/api/v1/credits/checkout/verify
Verify a the billing provider checkout and credit the organization if payment succeeded.
Intended to be called after the browser is redirected back from the billing provider hosted checkout. Cross-checks the checkout's metadata against the caller's organization to prevent credit cross-posting.
- Idempotent: a second call on a credited checkout returns
status="already_credited"instead of double-crediting. - 403 if the checkout metadata belongs to a different organization.
- 404 if the checkout id is unknown to the billing provider.
- 501 if the billing provider is not configured in this environment.
- Scope required:
billing:manage. - Rate-limit tier:
billing(10/hour per user).
Request
Responses
- 200
- 400
- 401
- 403
- 404
- 409
- 422
- 429
- 500
Successful Response
Bad request — malformed input or failed validation.
Missing, expired, or invalid credentials.
Authenticated but not authorized for this resource. Note: cross-organization reads return 404, not 403.
Resource not found, or hidden for tenant-enumeration safety (the caller lacks permission to know whether the resource exists).
Conflict — the current resource state does not allow this operation (e.g. assessment already started, email already in use).
Semantic validation failure — request shape was valid but contents were not.
Too many requests — rate limited. Retry after the window resets.
Internal server error — unexpected failure.