Skip to main content

POST /api/v1/orders

Create a new order through the public storefront checkout. Does not require authentication. Middleware: throttle:api.transactions
Authentication: Not required

Request body

customer_name
string
required
Full name of the customer. Maximum 255 characters.
customer_phone
string
required
Customer phone number. Maximum 20 characters.
customer_email
string
Customer email address.
customer_address
string
Delivery address. Maximum 500 characters.
customer_notes
string
Special instructions. Maximum 1000 characters.
delivery_type
string
required
Must be pickup or delivery.
payment_method
string
One of: cash, bank_transfer, card, pending. Defaults to pending.
coupon_code
string
Optional discount code. Normalized to uppercase before validation.
location_id
string
UUID of the pickup/delivery location. Defaults to the tenant’s primary active location.
items
object[]
required
Array of order line items. Minimum 1 item required.

Response 201 Created

data
object
curl -X POST https://yourdomain.com/api/v1/orders \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{
    "customer_name": "Carlos López",
    "customer_phone": "+50488887777",
    "delivery_type": "pickup",
    "payment_method": "cash",
    "items": [
      {"product_id": 101, "name": "Pupusas de Queso", "price": 25.00, "quantity": 2}
    ]
  }'

Error responses

StatusCause
422Validation failure (missing fields, invalid product_id, invalid delivery_type)
429Transaction rate limit exceeded

GET /api/v1/orders

List orders for the authenticated user’s tenant. Supports filtering by status. Middleware: auth:sanctum, tenant.ownership, throttle:api
Authentication: Required

Query parameters

status
string
Filter by order status. One of: pending, confirmed, processing, ready, delivered, cancelled.

Response 200 OK

Paginated collection of order objects (20 per page) scoped to the authenticated tenant. 
curl "https://yourdomain.com/api/v1/orders?status=pending" \
  -H "Accept: application/json" \
  -H "Authorization: Bearer YOUR_TOKEN"

GET /api/v1/orders/

Fetch a single order by ID. The order must belong to the authenticated tenant. Middleware: auth:sanctum, tenant.ownership, throttle:api
Authentication: Required

Path parameters

order
integer
required
Numeric order ID.

Error responses

StatusCause
404Order not found or does not belong to authenticated tenant

PATCH /api/v1/orders//status

Transition an order to a new status. Middleware: auth:sanctum, tenant.ownership, throttle:api
Authentication: Required

Path parameters

order
integer
required
Numeric order ID.

Request body

status
string
required
Target status. Must be one of the allowed order statuses: pending, confirmed, processing, ready, delivered, cancelled.

Response 200 OK

Updated order resource with the same shape as the list endpoint.

Error responses

StatusCause
404Order not found
422Invalid or disallowed status value

DELETE /api/v1/orders/

Cancel an order. Internally transitions the status to cancelled. Middleware: auth:sanctum, tenant.ownership, throttle:api
Authentication: Required

Path parameters

order
integer
required
Numeric order ID.

Response 204 No Content

Empty body on success.

Error responses

StatusCause
404Order not found or not owned by authenticated tenant

Build docs developers (and LLMs) love

Get started for freeTalk to us