Order Service โ API Reference ๐งพ
This document describes the customer and admin APIs exposed by the Order Service in ShopVerse.
All APIs are accessed via the API Gateway.
Authorization is enforced using gateway-injected headers.
๐ Base URLโ
/api/orders
๐ Authentication & Authorizationโ
- JWT is validated at the API Gateway
- Gateway injects:
X-User-EmailX-User-Role
- Customers can access only their own orders
- Admins can access all orders
๐ Place Order (Customer)โ
Create a new order for the authenticated user.
โค Endpointโ
POST /api/orders
โค Request Bodyโ
{
"items": [
{
"productId": "PROD123",
"quantity": 2
},
{
"productId": "PROD456",
"quantity": 1
}
]
}
โค Success Response (201 CREATED)โ
{
"orderId": "ORD789",
"status": "CREATED",
"totalAmount": 5497
}
โค Error Responsesโ
| Status | Reason |
|---|---|
| 400 | Invalid request / insufficient stock |
| 401 | Unauthorized |
| 500 | Internal server error |
๐ Get Order by ID (Customer / Admin)โ
Fetch order details by order ID.
โค Endpointโ
GET /api/orders/{orderId}
โค Access Rulesโ
- CUSTOMER โ only own orders
- ADMIN โ any order
โค Success Response (200 OK)โ
{
"orderId": "ORD789",
"customerId": "user@example.com",
"status": "CREATED",
"orderDate": "2026-01-21T12:30:00",
"totalAmount": 5497,
"items": [
{
"productId": "PROD123",
"quantity": 2,
"price": 2499
}
]
}
๐ฆ Get My Orders (Customer)โ
Fetch all orders placed by the authenticated user.
โค Endpointโ
GET /api/orders/my
โค Success Response (200 OK)โ
[
{
"orderId": "ORD789",
"status": "CREATED",
"totalAmount": 5497,
"orderDate": "2026-01-21T12:30:00"
}
]
๐ Get All Orders (Admin)โ
Fetch all orders in the system.
โค Endpointโ
GET /api/orders
โค Role Requiredโ
ADMIN
โค Success Response (200 OK)โ
[
{
"orderId": "ORD789",
"customerId": "user@example.com",
"status": "CONFIRMED",
"totalAmount": 5497
}
]
๐ Update Order Status (Admin)โ
Update the status of an order.
โค Endpointโ
PUT /api/orders/{orderId}/status
โค Role Requiredโ
ADMIN
โค Request Bodyโ
{
"status": "CONFIRMED"
}
โค Allowed Status Transitionsโ
CREATED โ CONFIRMED
CONFIRMED โ CANCELLED
โค Success Response (200 OK)โ
{
"message": "Order status updated successfully"
}
๐ Order Lifecycleโ
๐ก Events Publishedโ
| Event | Topic | Description |
|---|---|---|
| ORDER_PLACED | order-events | New order created |
| ORDER_STATUS_UPDATED | order-events | Order status changed |
Consumed by:
- Notification Service
- Analytics Service
- Recommendation Service
๐ Request Flowโ
โ ๏ธ Common Errorsโ
| Status | Meaning |
|---|---|
| 400 | Invalid order / stock issue |
| 401 | Unauthorized |
| 403 | Forbidden |
| 404 | Order not found |
| 409 | Invalid status transition |
๐ Summaryโ
The Order API provides:
- Secure order creation
- Ownership-based access
- Admin-controlled order lifecycle
- Event-driven extensibility
It acts as the transactional core of ShopVerse.