> ## Documentation Index
> Fetch the complete documentation index at: https://docs.scalev.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a transfer proof upload URL

> Public storefront endpoint for manual `bank_transfer` payment confirmation. Returns a direct-to-storage `upload_url` plus the public `file_url`. Upload the image with `PUT upload_url`, then set the order's `transferproof_url` with `PATCH /v3/stores/{store_id}/public/orders/{secret_slug}`.




## OpenAPI

````yaml https://api-openapi.scalev.com/specs/v3/openapi.json post /v3/stores/{store_id}/public/orders/{secret_slug}/transfer-proof-upload
openapi: 3.0.3
info:
  title: Nexus Commerce API
  version: 3.0.0
  description: >
    Public v3 commerce contract for storefront, customer, and authenticated
    business

    commerce flows.


    This specification intentionally documents only the `/v3` namespace.

    Store-derived public storefront routes under
    `/v3/stores/{store_id}/public/*` require `X-Scalev-Storefront-Api-Key`.

    HTML Mode public page runtime routes under `/v3/pages/{page_unique_id}/*`
    require `X-Scalev-Page-Api-Key` and do not accept storefront public API
    keys.

    Storefront API requests made with `X-Scalev-Storefront-Api-Key`, page
    runtime requests made with `X-Scalev-Page-Api-Key`, and guest-cart requests
    made with `X-Scalev-Guest-Token` are browser client requests and use the
    direct client/IP rate limiter. Machine-authenticated business requests are
    rate-limited per API key or OAuth installation. Rate-limit metadata is
    returned in `X-Ratelimit-*` headers, and `429` responses may be plain text.
  license:
    name: Proprietary
servers:
  - url: https://api.scalev.com
    description: Production
security: []
tags:
  - name: Orders
    description: Authenticated business order management endpoints.
  - name: Storefront
    description: >-
      Public storefront catalog, guest cart, and guest checkout flows. All
      store-derived public storefront routes require
      `X-Scalev-Storefront-Api-Key`.
  - name: HTML Mode Pages
    description: >-
      Public HTML Mode runtime endpoints. These routes require
      `X-Scalev-Page-Api-Key` for the path page and reject storefront public API
      keys.
  - name: OAuth
    description: >-
      Public and machine OAuth token-management endpoints. The authorization
      code flow accepts the standard `scope` parameter; public OAuth clients may
      use PKCE with `token_endpoint_auth_method=none`, and metadata document
      clients may use `private_key_jwt`.
  - name: Identity
    description: Authenticated business identity context.
  - name: Business Users
    description: Authenticated business-user membership self-service endpoints.
  - name: Landing Pages
    description: >-
      Authenticated business landing page endpoints. The documented payloads
      focus on HTML Mode pages.
    externalDocs:
      description: >-
        Read the Landing Pages API guide before creating or publishing HTML Mode
        pages.
      url: https://docs.scalev.com/en/landing-pages-api
  - name: Analytics Setup
    description: >-
      Authenticated business analytics provider catalogs and pixel/container
      endpoints used when configuring landing page displays.
  - name: OAuth Billing
    description: OAuth billing runtime, refund, and developer finance endpoints.
  - name: Customer Auth
    description: Public customer authentication and password-reset endpoints.
  - name: Customer Account
    description: Authenticated customer profile endpoints.
  - name: Customer Cart
    description: Authenticated customer cart management endpoints.
  - name: Customer Checkout
    description: Authenticated customer checkout preparation and confirmation endpoints.
  - name: Customer Orders
    description: Authenticated customer order read endpoints.
  - name: Customer Subscriptions
    description: Authenticated customer subscription and subscription-item endpoints.
  - name: Customer Courses
    description: Authenticated customer digital course access and progress endpoints.
  - name: Discounts
    description: Discount-code validation and authenticated management endpoints.
  - name: Locations
    description: Authenticated business location lookup endpoints.
  - name: Business Stores
    description: >-
      Authenticated business store lookup endpoints. These routes use direct
      numeric Scalev store database IDs.
  - name: Storefront Setup
    description: >-
      Authenticated business setup endpoints for public storefront keys and CORS
      origins.
  - name: Shipping
    description: Authenticated business shipping lookup endpoints.
  - name: Business Products
    description: >-
      Authenticated business product, variant, taxonomy, and course management
      endpoints.
  - name: Business Bundles
    description: >-
      Authenticated business bundle, bundle-price-option, and related
      bundle-management endpoints.
  - name: Business Customers
    description: Authenticated business customer and customer-address management endpoints.
  - name: WABA
    description: >-
      Authenticated WhatsApp Business Account operations and related WABA
      resources.
  - name: WhatsApp Integrations
    description: Authenticated WhatsApp integration management endpoints.
paths:
  /v3/stores/{store_id}/public/orders/{secret_slug}/transfer-proof-upload:
    parameters:
      - $ref: '#/components/parameters/StoreId'
      - $ref: '#/components/parameters/StorefrontPublicApiKey'
      - $ref: '#/components/parameters/SecretSlug'
    post:
      tags:
        - Storefront
      summary: Create a transfer proof upload URL
      description: >
        Public storefront endpoint for manual `bank_transfer` payment
        confirmation. Returns a direct-to-storage `upload_url` plus the public
        `file_url`. Upload the image with `PUT upload_url`, then set the order's
        `transferproof_url` with `PATCH
        /v3/stores/{store_id}/public/orders/{secret_slug}`.
      operationId: createStorefrontPublicOrderTransferProofUpload
      requestBody:
        $ref: >-
          #/components/requestBodies/StorefrontPublicOrderTransferProofUploadRequestBody
      responses:
        '200':
          description: Transfer proof upload metadata
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/StorefrontPublicOrderTransferProofUpload'
        '400':
          $ref: '#/components/responses/BadRequestResponse'
        '404':
          $ref: '#/components/responses/NotFoundResponse'
components:
  parameters:
    StoreId:
      name: store_id
      in: path
      required: true
      schema:
        type: string
      description: Store `unique_id`.
    StorefrontPublicApiKey:
      name: X-Scalev-Storefront-Api-Key
      in: header
      required: true
      schema:
        type: string
      description: >-
        Publishable storefront public API key for the target store. Page public
        API keys are not accepted on Storefront public routes.
    SecretSlug:
      name: secret_slug
      in: path
      required: true
      schema:
        type: string
  requestBodies:
    StorefrontPublicOrderTransferProofUploadRequestBody:
      required: true
      content:
        application/json:
          schema:
            $ref: >-
              #/components/schemas/StorefrontPublicOrderTransferProofUploadRequest
  schemas:
    StorefrontPublicOrderTransferProofUpload:
      type: object
      required:
        - key
        - filename
        - content_type
        - size_in_bytes
        - file_url
        - upload_url
      properties:
        key:
          type: string
          description: Storage object key created by Scalev.
        filename:
          type: string
        content_type:
          type: string
        size_in_bytes:
          type: integer
        file_url:
          type: string
          format: uri
          description: >-
            Public file URL to send as `transferproof_url` after upload
            succeeds.
        upload_url:
          type: string
          format: uri
          description: Presigned URL for direct `PUT` upload.
      additionalProperties: false
    StorefrontPublicOrderTransferProofUploadRequest:
      type: object
      required:
        - filename
        - content_type
        - content_length
      properties:
        filename:
          type: string
          example: transfer-proof.png
        content_type:
          type: string
          enum:
            - image/jpeg
            - image/png
            - image/webp
        content_length:
          type: integer
          minimum: 1
          maximum: 10485760
          description: File size in bytes. Maximum 10 MB.
      additionalProperties: false
    ApiErrorResponse:
      type: object
      properties:
        error:
          $ref: '#/components/schemas/FlexibleValue'
        error_code:
          type: string
        message:
          type: string
          description: Error-only human-readable detail.
        errors:
          $ref: '#/components/schemas/FlexibleValue'
      additionalProperties: false
    FlexibleValue:
      oneOf:
        - $ref: '#/components/schemas/FlexibleObject'
        - type: array
          items: {}
        - type: string
        - type: number
        - type: boolean
    FlexibleObject:
      type: object
      additionalProperties: true
  responses:
    BadRequestResponse:
      description: Bad Request
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ApiErrorResponse'
    NotFoundResponse:
      description: Not Found
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ApiErrorResponse'

````