Skip to main content
GET
/
transactions
/
{id}
curl -X GET https://api.example.com/transactions/1 \
  -H "Authorization: Bearer YOUR_TOKEN"

{
  "id": 1,
  "userId": "550e8400-e29b-41d4-a716-446655440000",
  "total": 47.98,
  "coupon": "SUMMER20",
  "discount": 11.99,
  "transactionDate": "2024-03-15T14:30:00.000Z",
  "contents": [
    {
      "id": 1,
      "quantity": 2,
      "price": 19.99,
      "product": {
        "id": 1,
        "name": "Wireless Mouse",
        "description": "Ergonomic wireless mouse with 6 programmable buttons",
        "price": 19.99,
        "inventory": 48,
        "category": "Electronics"
      }
    },
    {
      "id": 2,
      "quantity": 1,
      "price": 19.99,
      "product": {
        "id": 5,
        "name": "USB Cable",
        "description": "USB-C to USB-A cable, 6ft length",
        "price": 9.99,
        "inventory": 199,
        "category": "Accessories"
      }
    }
  ]
}

Authentication

Requires JWT authentication. The authenticated user’s information is automatically extracted using the @CurrentUser decorator.

Path Parameters

id
number
required
Transaction ID to retrieveMust be a valid integer (validated by IdValidationPipe)

Response

id
number
Unique transaction identifier
userId
string
UUID of the user who created the transaction
total
number
Final total amount after discount
coupon
string
Coupon code applied (null if no coupon)
discount
number
Discount amount applied
transactionDate
string
ISO 8601 timestamp when the transaction was created
contents
array
Array of line items in the transaction
curl -X GET https://api.example.com/transactions/1 \
  -H "Authorization: Bearer YOUR_TOKEN"

{
  "id": 1,
  "userId": "550e8400-e29b-41d4-a716-446655440000",
  "total": 47.98,
  "coupon": "SUMMER20",
  "discount": 11.99,
  "transactionDate": "2024-03-15T14:30:00.000Z",
  "contents": [
    {
      "id": 1,
      "quantity": 2,
      "price": 19.99,
      "product": {
        "id": 1,
        "name": "Wireless Mouse",
        "description": "Ergonomic wireless mouse with 6 programmable buttons",
        "price": 19.99,
        "inventory": 48,
        "category": "Electronics"
      }
    },
    {
      "id": 2,
      "quantity": 1,
      "price": 19.99,
      "product": {
        "id": 5,
        "name": "USB Cable",
        "description": "USB-C to USB-A cable, 6ft length",
        "price": 9.99,
        "inventory": 199,
        "category": "Accessories"
      }
    }
  ]
}

Role-Based Access Control

Admin Users

Administrators can retrieve any transaction regardless of who created it: 
# Admin can access any transaction
GET /transactions/1  # ✓ Success (even if created by another user)

Regular Users

Regular users can only retrieve their own transactions: 
# User can only access their own transactions
GET /transactions/1  # ✓ Success (if userId matches)
GET /transactions/2  # ✗ 404 Not Found (if userId doesn't match)
Security Note: When a regular user attempts to access another user’s transaction, the API returns a 404 Not Found error (not 403 Forbidden) to prevent information disclosure about the existence of transactions.

ID Validation

The IdValidationPipe ensures that:
  • The ID parameter is a numeric string
  • The ID can be converted to a valid integer
  • Invalid formats (e.g., “abc”, “1.5”) are rejected with a 400 error

Valid ID Formats

GET /transactions/1      # ✓ Valid
GET /transactions/42     # ✓ Valid
GET /transactions/1000   # ✓ Valid

Invalid ID Formats

GET /transactions/abc    # ✗ Invalid (not numeric)
GET /transactions/1.5    # ✗ Invalid (not an integer)
GET /transactions/-1     # ✗ Invalid (negative)
The @CurrentUser decorator automatically extracts user information (id and role) from the JWT token to enforce role-based access control.
Transaction contents include eager-loaded product information. Note that the product price shown is the current price, which may differ from the transaction line item price (the price at the time of purchase).
Regular users receive a 404 error when trying to access transactions that don’t belong to them, making it indistinguishable from a non-existent transaction for security purposes.

Build docs developers (and LLMs) love

Get started for freeTalk to us