Skip to main content

POST /api/v1/orders

Create a new order through the public storefront checkout. Does not require authentication. Middleware: throttle:api.transactions
Authentication: Not required

Request body

customer_name
string
required
Full name of the customer. Maximum 255 characters.
customer_phone
string
required
Customer phone number. Maximum 20 characters.
customer_email
string
Customer email address.
customer_address
string
Delivery address. Maximum 500 characters.
customer_notes
string
Special instructions. Maximum 1000 characters.
delivery_type
string
required
Must be pickup or delivery.
payment_method
string
One of: cash, bank_transfer, card, pending. Defaults to pending.
coupon_code
string
Optional discount code. Normalized to uppercase before validation.
location_id
string
UUID of the pickup/delivery location. Defaults to the tenant’s primary active location.
items
object[]
required
Array of order line items. Minimum 1 item required.

Response 201 Created

data
object
curl -X POST https://yourdomain.com/api/v1/orders \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{
    "customer_name": "Carlos López",
    "customer_phone": "+50488887777",
    "delivery_type": "pickup",
    "payment_method": "cash",
    "items": [
      {"product_id": 101, "name": "Pupusas de Queso", "price": 25.00, "quantity": 2}
    ]
  }'

Error responses

StatusCause
422Validation failure (missing fields, invalid product_id, invalid delivery_type)
429Transaction rate limit exceeded

GET /api/v1/orders

List orders for the authenticated user’s tenant. Supports filtering by status. Middleware: auth:sanctum, tenant.ownership, throttle:api
Authentication: Required

Query parameters

status
string
Filter by order status. One of: pending, confirmed, processing, ready, delivered, cancelled.

Response 200 OK

Paginated collection of order objects (20 per page) scoped to the authenticated tenant. 
curl "https://yourdomain.com/api/v1/orders?status=pending" \
  -H "Accept: application/json" \
  -H "Authorization: Bearer YOUR_TOKEN"

GET /api/v1/orders/

Fetch a single order by ID. The order must belong to the authenticated tenant. Middleware: auth:sanctum, tenant.ownership, throttle:api
Authentication: Required

Path parameters

order
integer
required
Numeric order ID.

Error responses

StatusCause
404Order not found or does not belong to authenticated tenant

PATCH /api/v1/orders//status

Transition an order to a new status. Middleware: auth:sanctum, tenant.ownership, throttle:api
Authentication: Required

Path parameters

order
integer
required
Numeric order ID.

Request body

status
string
required
Target status. Must be one of the allowed order statuses: pending, confirmed, processing, ready, delivered, cancelled.

Response 200 OK

Updated order resource with the same shape as the list endpoint.

Error responses

StatusCause
404Order not found
422Invalid or disallowed status value

DELETE /api/v1/orders/

Cancel an order. Internally transitions the status to cancelled. Middleware: auth:sanctum, tenant.ownership, throttle:api
Authentication: Required

Path parameters

order
integer
required
Numeric order ID.

Response 204 No Content

Empty body on success.

Error responses

StatusCause
404Order not found or not owned by authenticated tenant