Move increment_payment_attempt to API namespace and update JavaScript

- Add API route for increment_payment_attempt in config/routes.rb
- Update API OrdersController to handle increment_payment_attempt and skip API key authentication
- Update JavaScript code in checkout view to use API endpoint without CSRF tokens
- Remove CSRF token from API requests as it's not required for API endpoints
- Maintain backward compatibility by keeping original method in OrdersController

app/controllers/api/v1/orders_controller.rb

@@ -8,6 +8,9 @@ module Api
       before_action :set_order, only: [ :show, :checkout, :retry_payment, :increment_payment_attempt ]
       before_action :set_event, only: [ :new, :create ]
 
+      # Skip API key authentication for increment_payment_attempt action (used by frontend forms)
+      skip_before_action :authenticate_api_key, only: [ :increment_payment_attempt ]
+
       # GET /api/v1/orders/new
       # Returns data needed for new order form
       def new

app/views/orders/checkout.html.erb

@@ -200,10 +200,9 @@
                 try {
                   // Increment payment attempt counter
                   console.log('Incrementing payment attempt for order:', '<%= @order.id %>');
-                  const response = await fetch('<%= increment_payment_attempt_order_path(@order) %>', {
-                    method: 'POST',
+                  const response = await fetch('/api/v1/orders/<%= @order.id %>/increment_payment_attempt', {
+                    method: 'PATCH',
                     headers: {
-                      'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]').getAttribute('content'),
                       'Content-Type': 'application/json'
                     }
                   });