API reference¶
Each backend HTTP surface ships an OpenAPI / Swagger document. Production-style
URLs below resolve against the dev2.mycashless.com ingress; replace the host
with localhost:<port> to hit a locally-running service.
Auth — cashless-auth¶
FastAPI service. Schema is auto-generated from the route signatures.
| Resource | URL |
|---|---|
| Swagger UI | auth.dev2.mycashless.com/docs |
| ReDoc | auth.dev2.mycashless.com/redoc |
| OpenAPI JSON | auth.dev2.mycashless.com/openapi.json |
Identity flows: password, phone OTP, Firebase token exchange, device, API key, and MFA. Issues short-lived access tokens + opaque refresh tokens backed by Redis.
Admin API — cashless-backend¶
Flask 2.0 service. v1 is at / and the v2 surface (cm_v2) is at /v2.
| Resource | URL |
|---|---|
| v1 OpenAPI | api.dev2.mycashless.com/openapi.json |
| v2 (cm_v2) OpenAPI | api.dev2.mycashless.com/v2/openapi.json |
| v2 Swagger UI | api.dev2.mycashless.com/v2/docs |
Background-job endpoints (notifications, NFC, sales aggregation, backups) are
called by cashless-worker and the operator UIs; consult the source under
backend/cashless-backend
for surface details.
Personal Account API — personalaccount-api¶
Flask 2.3 service. v1 / v2 / v3 are at /; v4 (pa_v4 modernization) is at /v4.
| Resource | URL |
|---|---|
| v1–v3 OpenAPI | pa-api.dev2.mycashless.com/openapi.json |
| v4 OpenAPI | pa-api.dev2.mycashless.com/v4/openapi.json |
| v4 Swagger UI | pa-api.dev2.mycashless.com/v4/docs |
Cardholder-facing surface: balance, top-up, refund, reservations, cart, push preferences. Stripe + Mercado Pago + Adyen + direct PayPal supported.
Authentication¶
All non-public endpoints require a Bearer token obtained from cashless-auth.
Tokens are scoped to a role (cardholder, operator, admin, device,
api-key). See the auth service for the full claim shape.
Versioning¶
| Service | Stable | In-flight |
|---|---|---|
cashless-backend |
v1 (/) |
v2 (/v2) — cm_v2 modernization |
personalaccount-api |
v3 (/) |
v4 (/v4) — pa_v4 modernization |
cashless-auth |
v1 | — |
The legacy versions remain online during the modernization waves; new integrations should target the highest available version.