> ## Documentation Index
> Fetch the complete documentation index at: https://docs.arcuserp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a payment (charge) on an order

> Apply a payment to an invoice/order. Routes by payment_method:
card/ach -> Stripe PaymentIntent; cash/check/credit/terms -> manual record.
Overpayment automatically creates a credit memo. Requires both orders:write
AND payments:write scopes. R4: raw card credentials (card_number, cvc) are rejected.
Idempotent via Idempotency-Key header.

**Revision acknowledgment gate (HTTP 409 `revision_unacknowledged`).**
If the order was revised after the customer received their copy and the customer has not
yet acknowledged the new total, this endpoint returns HTTP 409 with
`code: revision_unacknowledged`. Lift the gate via
`POST /v1/orders/{id}/customer-acknowledge-revision`, or bypass with
`?override=true` / `{"skip_revision_ack": true}` (requires `orders.revision_override`
permission). Disable entity-wide via
`entities.settings.require_customer_ack_on_revision = false`.




## OpenAPI

````yaml /openapi.yaml post /orders/{id}/payments
openapi: 3.1.0
info:
  title: Arcus ERP Public API
  version: 1.0.0
  description: >
    Arcus ERP public REST API. Designed for external integrations and data
    migration.


    **Authentication.** Bearer token (API key) via the `Authorization` header.

    Format: `Authorization: Bearer ark_live_ent_<code>_<random>` (or
    `ark_test_*` for sandbox).

    API keys are issued per-entity in **Settings > Developers > API Keys**.


    **Entity scoping.** The entity is encoded in the API key prefix; routes are
    flat

    (e.g. `/v1/accounts`, `/v1/orders`, `/v1/products`). A small set of platform
    endpoints

    (migration, reconciliation, events, webhook endpoints, API keys) use the

    `/v1/entities/{entity_id}/...` form -- those are noted in their tags.


    **Key capabilities.**
      - Related-resource hydration via `?expand[]=` (see `x-arcus-expand` on each resource).
      - Cursor-based pagination (`starting_after` / `ending_before` / `limit`).
      - Idempotency via the `Idempotency-Key` header.
      - Webhook events for asynchronous notification.
      - Conditional requests / ETag for cache validation.
servers:
  - url: https://api.arcuserp.com/v1
    description: Arcus ERP API (accepts both live `ark_live_*` and test `ark_test_*` keys)
  - url: https://dev-api.arcuserp.com/v1
    description: >-
      Dev sandbox API (test-only data, accepts `ark_test_*` keys against dev
      RDS)
security: []
paths:
  /orders/{id}/payments:
    parameters:
      - name: id
        in: path
        required: true
        schema:
          type: string
          format: uuid
    post:
      tags:
        - Orders
        - Payments
      summary: Create a payment (charge) on an order
      description: >
        Apply a payment to an invoice/order. Routes by payment_method:

        card/ach -> Stripe PaymentIntent; cash/check/credit/terms -> manual
        record.

        Overpayment automatically creates a credit memo. Requires both
        orders:write

        AND payments:write scopes. R4: raw card credentials (card_number, cvc)
        are rejected.

        Idempotent via Idempotency-Key header.


        **Revision acknowledgment gate (HTTP 409 `revision_unacknowledged`).**

        If the order was revised after the customer received their copy and the
        customer has not

        yet acknowledged the new total, this endpoint returns HTTP 409 with

        `code: revision_unacknowledged`. Lift the gate via

        `POST /v1/orders/{id}/customer-acknowledge-revision`, or bypass with

        `?override=true` / `{"skip_revision_ack": true}` (requires
        `orders.revision_override`

        permission). Disable entity-wide via

        `entities.settings.require_customer_ack_on_revision = false`.
      operationId: createOrderPayment
      parameters:
        - $ref: '#/components/parameters/IdempotencyKey'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - payment_method
              properties:
                payment_method:
                  type: string
                  enum:
                    - card
                    - ach
                    - cash
                    - check
                    - credit
                    - terms
                    - external
                payment_method_id:
                  type: string
                  description: Stripe PM id for card/ach
                amount:
                  type: number
                  description: Partial payment in dollars; omit for full balance
                reference:
                  type: string
                  description: Check number, external reference, etc.
                notes:
                  type: string
                skip_revision_ack:
                  type: boolean
                  description: >
                    When true, bypasses the revision acknowledgment gate.
                    Requires the caller to have the `orders.revision_override`
                    permission; returns 403 otherwise. Equivalent to the
                    `?override=true` query parameter.
      responses:
        '200':
          description: Payment created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Payment'
        '400':
          $ref: '#/components/responses/Error'
        '401':
          $ref: '#/components/responses/Error'
        '402':
          description: Card declined
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '403':
          $ref: '#/components/responses/Error'
        '409':
          description: >
            Revision not yet acknowledged by customer (`code:
            revision_unacknowledged`). The order was revised after the customer
            received their copy. Use `POST
            /v1/orders/{id}/customer-acknowledge-revision` to record the
            customer's acknowledgment, or pass `skip_revision_ack: true` (body)
            / `?override=true` (query) with the `orders.revision_override`
            permission.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
      security:
        - ApiKeyAuth: []
components:
  parameters:
    IdempotencyKey:
      name: Idempotency-Key
      in: header
      required: false
      description: |
        Client-generated unique key for idempotent POST/PATCH/DELETE operations.
        Alias for the Idempotency parameter. Max 255 chars. On retry with the
        same key, the original response is returned without re-executing the
        operation. Keys expire after 24 hours.
      schema:
        type: string
        maxLength: 255
  schemas:
    Payment:
      type: object
      description: A customer-side payment applied to one or more orders. AR-facing.
      properties:
        id:
          type: string
          format: uuid
        object:
          type: string
          enum:
            - payment
        entity_id:
          type: string
          format: uuid
          readOnly: true
        account_id:
          type: string
          format: uuid
        order_id:
          type: string
          format: uuid
          nullable: true
          description: >-
            Set when payment is applied to a single order; null for
            unapplied/on-account payments.
        method:
          type: string
          enum:
            - cash
            - check
            - ach
            - wire
            - credit_card
            - debit_card
            - store_credit
            - stripe
            - other
        amount:
          type: number
          description: Gross amount received (always positive).
        amount_applied:
          type: number
          readOnly: true
          description: Portion applied to orders so far.
        amount_refunded:
          type: number
          readOnly: true
          description: Total refunded against this payment.
        currency:
          type: string
          default: USD
        reference:
          type: string
          nullable: true
          description: Check number, ACH trace, Stripe charge id, etc.
        stripe_payment_intent_id:
          type: string
          nullable: true
          readOnly: true
        payment_method_id:
          type: string
          format: uuid
          nullable: true
        status:
          type: string
          enum:
            - pending
            - succeeded
            - failed
            - refunded
            - partially_refunded
            - voided
          readOnly: true
        received_at:
          type: string
          format: date-time
        notes:
          type: string
          nullable: true
        metadata:
          type: object
          nullable: true
        created_at:
          type: string
          format: date-time
          readOnly: true
        updated_at:
          type: string
          format: date-time
          readOnly: true
    Error:
      description: |
        Alias for ErrorEnvelope. Canonical error response shape used by all
        API endpoints. Refer to ErrorEnvelope for the full field definition.
      allOf:
        - $ref: '#/components/schemas/ErrorEnvelope'
    ErrorEnvelope:
      type: object
      description: |
        Canonical error response envelope. All API errors use this shape.
      required:
        - error
        - code
      properties:
        error:
          type: string
          description: Machine-readable error key
          example: not_found
        code:
          type: string
          description: Machine-readable error code (often same as error)
          example: not_found
        type:
          type: string
          enum:
            - validation_error
            - permission_error
            - not_found
            - conflict
            - rate_limit
            - internal
            - expand_error
            - not_implemented
          example: not_found
        hint:
          type: string
          description: Human-readable one-sentence explanation (English)
          example: >-
            The requested order does not exist or does not belong to this
            entity.
        param:
          type: string
          description: The parameter that caused the error, if applicable
          example: expand[0]
        required:
          type: string
          description: The scope required (only on insufficient_scope errors)
          example: accounts:read
        request_id:
          type: string
          description: >-
            Unique request ID for support tracing (maps to CloudWatch log
            stream)
          example: req_abc123
  responses:
    Error:
      description: Error response (400/401/403/404/409/422/429/500)
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
  securitySchemes:
    ApiKeyAuth:
      type: http
      scheme: bearer
      description: |
        API key issued per entity via Settings > Developers > API Keys.
        Each key carries scopes (e.g. orders:read, products:write).
        Bearer token format: Authorization: Bearer ark_live_ent_<code>_<random>
        Test keys use ark_test_ent_<code>_<random>. Both are issued per entity
        via Settings > Developers > API Keys.

````