Orders

Purchase orders from clients to suppliers, including the supplier-side reverse view.

9 endpoints·Scopes: orders:read, orders:write

GET/api/orders#

List orders

scope · orders:read

Lists orders the caller can see. Results are filtered by the caller's accessible organizations; many routes paginate via page and limit.

Scope: orders:read
Endpoint: GET /api/orders

Example request

curl "https://guliel.com/api/orders?organizationId=value" \
  -H "Authorization: Bearer $GULIEL_API_KEY"

Query parameters

organizationIdreq
string
pagereq
integer
limitreq
integer
searchreq
string
status
string
supplierId
string
sortByreq
enum<5>
orderNumber · orderDate · subtotal · status · createdAt
sortOrderreq
enum<2>
asc · desc

Response (200/201)

ordersreq
array<object>
- idreq
  string
- organizationIdreq
  string
- supplierIdreq
  string
- orderNumberreq
  string
- statusreq
  stringDRAFT | SENT | APPROVED | INVOICED | REJECTED | PAID
- currencyreq
  string
- subtotalreq
  number
- totalAmountreq
  number
- orderDatereq
  string
- expectedDeliveryDatereq
  string | null
- notesreq
  string | null
- supplierreq
  object | null
- items
  array<object>
- createdAtreq
  string
- updatedAtreq
  string
paginationreq
object
- pagereq
  integer
- limitreq
  integer
- totalreq
  integer
- totalPagesreq
  integer

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`500`	Internal

POST/api/orders#

Create an order

scope · orders:writerole · CONTRIBUTOR+

Creates a new order in the target organization. Returns the created record on success.

Scope: orders:write
Min role: CONTRIBUTOR or higher
Endpoint: POST /api/orders

Example request

curl -X POST "https://guliel.com/api/orders" \
  -H "Authorization: Bearer $GULIEL_API_KEY" \
  -H "Content-Type: application/json" \
  --data '{
  "organizationId": "abc123",
  "supplierId": "abc123",
  "currency": "USD",
  "items": [
    {
      "description": "string",
      "quantity": 0,
      "unitPrice": 0
    }
  ]
}'

Request body

organizationIdreq
string
supplierIdreq
string
currencyreq
string
notes
string
expectedDate
string
itemsreq
array<object>
- itemId
  string
- descriptionreq
  string
- quantityreq
  number
- unitPricereq
  number

Response (200/201)

idreq
string
organizationIdreq
string
supplierIdreq
string
orderNumberreq
string
statusreq
stringDRAFT | SENT | APPROVED | INVOICED | REJECTED | PAID
currencyreq
string
subtotalreq
number
totalAmountreq
number
orderDatereq
string
expectedDeliveryDatereq
string | null
notesreq
string | null
supplierreq
object | null
items
array<object>
createdAtreq
string
updatedAtreq
string

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`429`	RateLimit
`500`	Internal

DELETE/api/orders/{id}#

Delete an order

scope · orders:write

Deletes the order. Some endpoints hard-delete the row, others soft-revoke (set revokedAt). Check the response shape.

Scope: orders:write
Endpoint: DELETE /api/orders/{id}

Example request

curl -X DELETE "https://guliel.com/api/orders/abc123?id=value" \
  -H "Authorization: Bearer $GULIEL_API_KEY"

Query parameters

idreq
string

Response (200/201)

successreq
boolean

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`429`	RateLimit
`500`	Internal

GET/api/orders/{id}#

Get an order

scope · orders:read

Fetches a single order by id. Returns 404 if the order isn't in the caller's accessible organizations.

Scope: orders:read
Endpoint: GET /api/orders/{id}

Example request

curl "https://guliel.com/api/orders/abc123?id=value" \
  -H "Authorization: Bearer $GULIEL_API_KEY"

Query parameters

idreq
string

Response (200/201)

idreq
string
organizationIdreq
string
supplierIdreq
string
orderNumberreq
string
statusreq
string
currencyreq
string
subtotalreq
number
totalAmountreq
number
orderDatereq
string
expectedDatereq
string | null
notesreq
string | null
supplierreq
object | null
itemsreq
array<object>
- idreq
  string
- itemIdreq
  string | null
- descriptionreq
  string
- quantityreq
  number
- unitPricereq
  number
- amountreq
  number
- itemreq
  object | null
invoicesreq
array<object>
- idreq
  string
- invoiceNumberreq
  string
- statusreq
  string
- totalreq
  number
- currencyreq
  string
expensereq
object | null
createdByreq
object | null
createdAtreq
string
updatedAtreq
string

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`500`	Internal

PATCH/api/orders/{id}#

Update an order

scope · orders:write

Updates an existing order. Only the fields present in the request body are changed; omitted fields stay as-is.

Scope: orders:write
Endpoint: PATCH /api/orders/{id}

Example request

curl -X PATCH "https://guliel.com/api/orders/abc123" \
  -H "Authorization: Bearer $GULIEL_API_KEY" \
  -H "Content-Type: application/json" \
  --data '{
  "id": "abc123"
}'

Request body

idreq
string
currency
string
notes
string | null
expectedDate
string | null
items
array<object>
- itemId
  string | null
- descriptionreq
  string
- quantityreq
  number
- unitPricereq
  number

Response (200/201)

idreq
string
organizationIdreq
string
supplierIdreq
string
orderNumberreq
string
statusreq
string
currencyreq
string
subtotalreq
number
totalAmountreq
number
orderDatereq
string
expectedDatereq
string | null
notesreq
string | null
supplierreq
object | null
itemsreq
array<object>
- idreq
  string
- itemIdreq
  string | null
- descriptionreq
  string
- quantityreq
  number
- unitPricereq
  number
- amountreq
  number
- itemreq
  object | null
invoices
array<object>
- idreq
  string
- invoiceNumberreq
  string
- statusreq
  string
- totalreq
  number
- currencyreq
  string
expense
object | null
createdBy
object | null
createdAtreq
string
updatedAtreq
string

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`429`	RateLimit
`500`	Internal

PUT/api/orders/{id}#

Update an order

scope · orders:write

Replaces an existing order. All required fields must be supplied — omitted fields revert to their schema defaults.

Scope: orders:write
Endpoint: PUT /api/orders/{id}

Example request

curl -X PUT "https://guliel.com/api/orders/abc123" \
  -H "Authorization: Bearer $GULIEL_API_KEY" \
  -H "Content-Type: application/json" \
  --data '{
  "id": "abc123"
}'

Request body

idreq
string
currency
string
notes
string | null
expectedDate
string | null
items
array<object>
- itemId
  string | null
- descriptionreq
  string
- quantityreq
  number
- unitPricereq
  number

Response (200/201)

idreq
string
organizationIdreq
string
supplierIdreq
string
orderNumberreq
string
statusreq
string
currencyreq
string
subtotalreq
number
totalAmountreq
number
orderDatereq
string
expectedDatereq
string | null
notesreq
string | null
supplierreq
object | null
itemsreq
array<object>
- idreq
  string
- itemIdreq
  string | null
- descriptionreq
  string
- quantityreq
  number
- unitPricereq
  number
- amountreq
  number
- itemreq
  object | null
invoices
array<object>
- idreq
  string
- invoiceNumberreq
  string
- statusreq
  string
- totalreq
  number
- currencyreq
  string
expense
object | null
createdBy
object | null
createdAtreq
string
updatedAtreq
string

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`429`	RateLimit
`500`	Internal

POST/api/orders/{id}/status#

Update the order status

scope · orders:write

Mutates the state machine of the order. Some transitions are restricted by role.

Scope: orders:write
Endpoint: POST /api/orders/{id}/status

Example request

curl -X POST "https://guliel.com/api/orders/abc123/status" \
  -H "Authorization: Bearer $GULIEL_API_KEY" \
  -H "Content-Type: application/json" \
  --data '{
  "id": "abc123",
  "status": "APPROVED"
}'

Request body

idreq
string
statusreq
enum<2>
APPROVED · REJECTED
note
string

Response (200/201)

JSON object. The exact response shape is being progressively documented — call the endpoint with a real access token to see the live structure, or check the type definitions exposed by the official client libraries.

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`429`	RateLimit
`500`	Internal

GET/api/supplier-orders#

List supplier orders

scope · orders:read

Lists supplier orders the caller can see. Results are filtered by the caller's accessible organizations; many routes paginate via page and limit.

Scope: orders:read
Endpoint: GET /api/supplier-orders

Example request

curl "https://guliel.com/api/supplier-orders?organizationId=value" \
  -H "Authorization: Bearer $GULIEL_API_KEY"

Query parameters

organizationIdreq
string
pagereq
integer
limitreq
integer
status
string
searchreq
string
clientOrgId
string

Response (200/201)

ordersreq
array<object>
- idreq
  string
- organizationIdreq
  stringThe CLIENT org that placed the order (not the supplier-side org).
- supplierIdreq
  string
- orderNumberreq
  string
- statusreq
  string
- currencyreq
  string
- subtotalreq
  number
- totalAmountreq
  number
- orderDatereq
  string
- expectedDatereq
  string | null
- organizationreq
  object | null
- supplierreq
  object | null
- itemsreq
  array<object>
- _count
  object
  - invoicesreq
    integer
- createdAtreq
  string
- updatedAtreq
  string
paginationreq
object
- pagereq
  integer
- limitreq
  integer
- totalreq
  integer
- totalPagesreq
  integer

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`500`	Internal

GET/api/supplier-orders/{id}#

Get a supplier order

scope · orders:read

Fetches a single supplier order by id. Returns 404 if the supplier order isn't in the caller's accessible organizations.

Scope: orders:read
Endpoint: GET /api/supplier-orders/{id}

Example request

curl "https://guliel.com/api/supplier-orders/abc123?id=value" \
  -H "Authorization: Bearer $GULIEL_API_KEY"

Query parameters

idreq
string

Response (200/201)

idreq
string
organizationIdreq
string
supplierIdreq
string
orderNumberreq
string
statusreq
string
currencyreq
string
subtotalreq
number
totalAmountreq
number
orderDatereq
string
expectedDatereq
string | null
notesreq
string | null
organizationreq
object | null
supplierreq
object | null
itemsreq
array<object>
- idreq
  string
- itemIdreq
  string | null
- descriptionreq
  string
- quantityreq
  number
- unitPricereq
  number
- amountreq
  number
- itemreq
  object | null
invoicesreq
array<object>
- idreq
  string
- invoiceNumberreq
  string
- statusreq
  string
- totalreq
  number
- currencyreq
  string
createdByreq
object | null
createdAtreq
string
updatedAtreq
string

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`500`	Internal