Orders API
The Orders API handles order creation (public, for customers) and order management (authenticated, for restaurant owners). The Ordering Suite add-on must be active on the restaurant.
POST /api/orders
Create a new order. This is a public endpoint used by customers placing orders from the menu.
Auth: Public (no token required)
Rate limit: 5 requests per minute per IP
Request Body
{
"restaurantId": "uuid",
"tableId": "uuid",
"items": [
{
"menuItemId": "uuid",
"quantity": 2
},
{
"menuItemId": "uuid",
"quantity": 1
}
]
}Response (201 Created)
{
"success": true,
"data": {
"id": "uuid",
"status": "PENDING",
"tableLabel": "Table 5",
"items": [...],
"createdAt": "2026-02-19T14:30:00Z"
}
}GET /api/orders
Retrieve all orders for your restaurant. Supports filtering by status.
Auth: Required (Bearer token)
Query Parameters
status— Filter by order status (e.g.,?status=PENDING)
Response (200 OK)
{
"success": true,
"data": [
{
"id": "uuid",
"status": "PENDING",
"tableLabel": "Table 5",
"items": [...],
"createdAt": "2026-02-19T14:30:00Z"
}
]
}GET /api/orders/[id]
Retrieve a single order. This endpoint supports dual-mode access:
- Authenticated (owner): Returns full order data including all fields.
- Public (customer): Returns limited fields (status, items, table label). Requires
restaurantIdquery parameter.
PATCH /api/orders/[id]
Update an order's status. Used by restaurant owners to move orders through the lifecycle.
Auth: Required (Bearer token)
Request Body
{
"status": "CONFIRMED"
}Valid status transitions: PENDING to CONFIRMED, CONFIRMED to PREPARING, PREPARING to READY, READY to SERVED. Orders can be set to CANCELLED from PENDING or CONFIRMED.