The Reconciliation API provides comprehensive revenue distribution reconciliation capabilities for the Revora platform. It ensures audit log consistency with chain events, validates Stellar/Horizon transactions, and maintains structured logging for security and compliance.
- Revenue Reconciliation: Comprehensive reconciliation between reported revenue and actual payouts
- Chain Event Validation: Optional validation of Stellar transactions for consistency
- Audit Logging: Complete audit trail for all reconciliation operations
- Structured Logging: Production-grade logging with correlation IDs
- Error Handling: Graceful handling of Stellar RPC failures with classification
- Role-based Access: Secure authorization based on user roles
- High Test Coverage: 95%+ test coverage with comprehensive edge case handling
Perform comprehensive reconciliation check for an offering.
Request Body:
{
"offeringId": "string",
"periodStart": "ISO 8601 datetime",
"periodEnd": "ISO 8601 datetime",
"options": {
"tolerance": 0.01,
"checkRoundingAdjustments": true,
"checkInvestorAllocations": true,
"validateChainEvents": true
}
}Response:
{
"success": true,
"data": {
"offeringId": "string",
"periodStart": "ISO 8601 datetime",
"periodEnd": "ISO 8601 datetime",
"isBalanced": true,
"discrepancies": [],
"summary": {
"totalRevenueReported": "1000.00",
"totalPayouts": "1000.00",
"discrepancyAmount": "0.00",
"investorCount": 5,
"payoutsProcessed": 5,
"payoutsFailed": 0
},
"checkedAt": "ISO 8601 datetime"
}
}Perform quick balance check without detailed discrepancy analysis.
Query Parameters:
periodStart: ISO 8601 datetimeperiodEnd: ISO 8601 datetime
Response:
{
"success": true,
"data": {
"isBalanced": true,
"difference": "0.00"
}
}Verify integrity of a distribution run (admin only).
Response:
{
"success": true,
"data": {
"isValid": true,
"errors": []
}
}Validate a revenue report before submission.
Request Body:
{
"offeringId": "string",
"amount": "1000.00",
"periodStart": "ISO 8601 datetime",
"periodEnd": "ISO 8601 datetime"
}Response:
{
"success": true,
"data": {
"isValid": true,
"errors": []
}
}The reconciliation API can detect the following discrepancy types:
REVENUE_MISMATCH: Reported revenue doesn't match total payoutsPAYOUT_SUM_MISMATCH: Sum of individual payouts doesn't match totalINVESTOR_ALLOCATION_ERROR: Incorrect investor allocation calculationsROUNDING_LOSS_UNACCOUNTED: Unaccounted rounding lossesMISSING_PAYOUT: Expected payout not foundDUPLICATE_PAYOUT: Duplicate payout detectedOVERPAYMENT: Payout exceeds expected amountUNDERPAYMENT: Payout is less than expected amountDISTRIBUTION_STATUS_INVALID: Invalid distribution statusCHAIN_EVENT_VALIDATION_FAILED: Chain event validation failedCHAIN_EVENT_MISMATCH: Chain event doesn't match expected dataSTELLAR_TX_NOT_FOUND: Stellar transaction not foundSTELLAR_TX_FAILED: Stellar transaction validation failed
- critical: Immediate attention required (e.g., transaction failures)
- error: Investigation required (e.g., data inconsistencies)
- warning: Review recommended (e.g., timing mismatches)
All endpoints require authentication. Role-based access control:
- admin: Full access to all reconciliation operations
- startup: Can reconcile offerings they own
- compliance: Read access to reconciliation data
- investor: Limited access based on investments
All reconciliation operations create comprehensive audit logs including:
- User ID and action performed
- Resource identifiers (offering ID, distribution run ID)
- Operation details (periods, amounts, results)
- IP address and user agent
- Request correlation ID
- Timestamp
When enabled, the API validates Stellar transactions:
- Verifies transaction existence on-chain
- Validates transaction amounts match expected payouts
- Checks transaction timestamps are within reconciliation periods
- Handles Stellar RPC failures gracefully
The API classifies Stellar RPC failures to prevent upstream error leakage:
TIMEOUT: Request timeoutRATE_LIMIT: Rate limit exceededUPSTREAM_ERROR: Stellar server errorMALFORMED_RESPONSE: Invalid response formatUNAUTHORIZED: Authentication failureUNKNOWN: Unclassified error
{
"code": "VALIDATION_ERROR",
"message": "offeringId is required and must be a string",
"requestId": "req-123",
"details": {}
}VALIDATION_ERROR: Invalid input parametersUNAUTHORIZED: Authentication requiredFORBIDDEN: Insufficient permissionsNOT_FOUND: Resource not foundINTERNAL_ERROR: Server errorSERVICE_UNAVAILABLE: External service unavailable
API_VERSION_PREFIX: API version prefix (default:/api/v1)LOG_LEVEL: Logging level (default:INFO)STELLAR_RPC_TIMEOUT: Stellar RPC timeout (default:30000ms)
tolerance: Amount tolerance for comparisons (default:0.01)checkRoundingAdjustments: Enable rounding checks (default:false)checkInvestorAllocations: Enable allocation checks (default:false)validateChainEvents: Enable chain validation (default:false)
- Reconciliation success rate
- Discrepancy detection rate
- Stellar RPC failure rate
- Audit log creation success rate
- Response times
- High reconciliation failure rate (>5%)
- High Stellar RPC failure rate (>10%)
- Audit log creation failures (>1%)
- Critical discrepancies detected
- Unit tests: 95%+ coverage
- Integration tests: Database and Stellar integration
- Security tests: Authorization and input validation
- Performance tests: Large dataset handling
# Run all tests
npm test
# Run reconciliation tests only
npm test -- --testNamePattern="reconciliation"
# Run with coverage
npm run test:coverage- All inputs are validated at runtime
- Amounts are handled as decimal strings
- Dates are validated for logical consistency
- SQL injection prevention via parameterized queries
- No raw error messages exposed to clients
- Structured error responses prevent information leakage
- Audit logs support forensic analysis
- Request correlation enables efficient debugging
- Awareness of Stellar rate limits
- Graceful degradation under high load
- Timeout handling for external service calls
- Check revenue report accuracy
- Verify payout calculations
- Review transaction timestamps
- Verify Stellar network connectivity
- Check transaction hash validity
- Review rate limit status
- Check database connectivity
- Verify audit log table permissions
- Review database transaction status
All requests include a correlation ID in logs and error responses for debugging purposes.
- Pagination for large result sets
- Efficient database queries with proper indexing
- Timeout handling for long-running operations
- Database transaction isolation
- Optimistic locking for data consistency
- Queue-based processing for bulk operations
- Real-time reconciliation monitoring
- Automated discrepancy resolution
- Advanced analytics and reporting
- Multi-chain support
- Caching for frequently accessed data
- Parallel processing for large reconciliations
- Optimized database queries
Current version: v1
Versioning follows semantic versioning. Breaking changes require version increment.
For support and questions:
- Review the troubleshooting section
- Check audit logs for detailed error information
- Contact the development team with correlation IDs
This API is part of the Revora-Backend project. See the main project license for details.