Retrieve Agreement
GET/v1/agreements/:id
Retrieve a single agreement, including every order submitted against it (brief view of each order).
Required permission: agreements_read.
Request
Path Parameters
Agreement UUID (internal database ID, not the merchant-chosen agreement_id).
Responses
- 200
- 401
- 403
- 404
The agreement with nested orders.
- application/json
- Schema
- Example (from schema)
Schema
Array [
1.00 SARis sent as1001.00 KWDis sent as10001 JPYis sent as1- Card
- DevicePayToken
]
Merchant-chosen agreement identifier (the id supplied in
new_agreement.id at creation). Use this value as
agreement_id on follow-up transactions.
Possible values: [unscheduled, recurring, registered, installment]
ID of the order that established this agreement.
Possible values: [fixed, variable]
false once the agreement has been disabled via
PUT /v1/agreements/:id/disable. Disabled agreements reject
new transactions.
ISO 8601 UTC timestamp with time zone designator.
ISO 8601 UTC timestamp with time zone designator.
orders
object[]
required
All orders submitted against this agreement (brief view of each).
A 36-character UUIDv7 identifier. When used as an idempotency key on write endpoints, the client is responsible for generating a fresh UUID for each logical operation and retaining it across retries.
merchant
object
required
Brief representation of the merchant that owns the resource.
A 36-character UUIDv7 identifier. When used as an idempotency key on write endpoints, the client is responsible for generating a fresh UUID for each logical operation and retaining it across retries.
Merchant display name (English).
Stable, human-readable merchant identifier assigned by the acquirer. Often used as the merchant's principal reference in scheme reports.
Merchant display name in Arabic, when configured.
Possible values: Value must match regular expression ^[A-Z]{3}$
ISO 4217 three-letter currency code in uppercase.
The currency must match the currency configured for the merchant's scheme-level terminals. Once an order is created, its currency is immutable: every subsequent capture, void, refund and extension is denominated in the same currency.
Possible values: <= 100000000
A non-negative integer representing a monetary value in the smallest
currency unit for the associated currency (minor units).
Examples:
For most order-creating endpoints the minimum is 100
(one full major unit). Endpoints that support zero-value operations
(such as /v1/orders/verify and /v1/orders/:id/extend) allow 0.
ISO 8601 UTC timestamp with time zone designator.
ISO 8601 UTC timestamp with time zone designator.
source
object
required
Polymorphic payment source. The type discriminator resolves to
either a Card or a DevicePayToken (Apple / Google / Samsung
Pay).
oneOf
Card payment source. Sensitive fields (full PAN, CVV) are never
returned; responses expose only BIN (first_digits) and PAN
last-four, plus network metadata resolved from the BIN tables.
Possible values: [card]
Human-readable issuing bank name, resolved from the BIN.
Card product type — CREDIT, DEBIT, CHARGE, etc.
Issuer product tier (e.g. PLATINUM, SIGNATURE,
INFINITE). Free-text, sourced from the BIN table.
Possible values: Value must match regular expression ^[A-Z]{2}$
Country where the card was issued (from BIN).
Possible values: [visa, mastercard, mada, amex]
The card scheme (network) associated with the card. mada is detected from the issuing BIN and takes precedence over Visa / Mastercard co-branding for Saudi-issued cards.
Scheme that performed 3DS authentication for this card. May
differ from scheme for co-branded cards (e.g. mada card
authenticated via Visa as the parent scheme).
First six digits of the PAN (the BIN).
Last four digits of the PAN.
Possible values: >= 1 and <= 12
Possible values: >= 2000
Apple Pay, Google Pay or Samsung Pay tokenised payment source. The
shape is identical to Card; the type discriminator indicates
which wallet produced the token and first_digits / last_digits
represent the DPAN (device PAN), not the underlying funding PAN.
Possible values: [apple_pay, google_pay, samsung_pay]
Possible values: Value must match regular expression ^[A-Z]{2}$
ISO 3166-1 alpha-2 country code in uppercase.
Possible values: [visa, mastercard, mada, amex]
The card scheme (network) associated with the card. mada is detected from the issuing BIN and takes precedence over Visa / Mastercard co-branding for Saudi-issued cards.
Possible values: >= 1 and <= 12
{
"id": "SUB-USER-42",
"type": "unscheduled",
"first_order_id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"max_use": 0,
"variability": "fixed",
"expiry": "2024-07-29",
"active": true,
"created_at": "2025-01-15T14:30:00Z",
"updated_at": "2025-01-15T14:30:00Z",
"orders": [
{
"id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"merchant": {
"id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"name": "Example Store",
"merchant_id": "MERCHANT001",
"arabic_name": "متجر الأمثلة"
},
"currency": "SAR",
"amount": 10000,
"captured_amount": 0,
"refunded_amount": 0,
"voided_amount": 0,
"description": "string",
"created_at": "2025-01-15T14:30:00Z",
"updated_at": "2025-01-15T14:30:00Z",
"source": {
"type": "card",
"issuer": "RIYAD BANK",
"card_type": "CREDIT",
"category": "SIGNATURE",
"country_alpha2": "SA",
"scheme": "visa",
"card_auth_scheme": "string",
"first_digits": "411111",
"last_digits": "1111",
"month": 12,
"year": 2030
}
}
]
}
Authentication failed.
- application/json
- Schema
- Example (from schema)
Schema
{
"message": "Missing authentication information"
}
The authenticated principal lacks the required permission.
- application/json
- Schema
- Example (from schema)
Schema
{
"message": "Unauthorized"
}
The referenced resource does not exist.
- application/json
- Schema
- Example (from schema)
Schema
{
"message": "The Order you are looking for was not found."
}