> ## Documentation Index
> Fetch the complete documentation index at: https://docs.arcuserp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Record customer acknowledgment of a revised order or invoice

> Stamps `customer_acknowledged_revision = revision_count` on the order, lifting the
revision acknowledgment gate that blocks `POST /v1/orders/{id}/payments`,
`POST /v1/packages` (createPackage), and `POST /v1/orders/{id}/invoice`.

**Two call sites:**
1. **Staff API (this endpoint):** Entity-scoped API key with `orders:write` scope.
   The operator records the acknowledgment on the customer's behalf (e.g. after a
   phone call or in-person confirmation). `entity_id` is taken from the API key;
   never from the request body (Layer 1 isolation).
2. **Customer portal (token link):** `POST /public/order/{token}/acknowledge-revision`
   (called by the customer from the revision notification email link or the portal
   page). No API key required; authenticated by the order's `share_token`.

The operation is idempotent -- if `customer_acknowledged_revision` already equals
`revision_count`, the endpoint returns `{ already_acknowledged: true }` with HTTP 200.

On success, broadcasts `order.revision_customer_acknowledged` (or
`invoice.revision_customer_acknowledged` for invoice documents) via the realtime
channel so the operator-side UI immediately re-enables the gated action buttons
without a page refresh.

**Activity log:** writes an `order_revised_customer_acknowledged` (or
`invoice_revised_customer_acknowledged`) audit entry with `source: customer_portal`
(portal path) or `source: staff_api` (this endpoint).

**Requires:** `orders:write` scope.




## OpenAPI

````yaml /openapi.yaml post /orders/{id}/customer-acknowledge-revision
openapi: 3.1.0
info:
  title: Arcus ERP Public API
  version: 1.0.0
  description: >
    Arcus ERP public REST API. Designed for external integrations and data
    migration.


    **Authentication.** Bearer token (API key) via the `Authorization` header.

    Format: `Authorization: Bearer ark_live_ent_<code>_<random>` (or
    `ark_test_*` for sandbox).

    API keys are issued per-entity in **Settings > Developers > API Keys**.


    **Entity scoping.** The entity is encoded in the API key prefix; routes are
    flat

    (e.g. `/v1/accounts`, `/v1/orders`, `/v1/products`). A small set of platform
    endpoints

    (migration, reconciliation, events, webhook endpoints, API keys) use the

    `/v1/entities/{entity_id}/...` form -- those are noted in their tags.


    **Key capabilities.**
      - Related-resource hydration via `?expand[]=` (see `x-arcus-expand` on each resource).
      - Cursor-based pagination (`starting_after` / `ending_before` / `limit`).
      - Idempotency via the `Idempotency-Key` header.
      - Webhook events for asynchronous notification.
      - Conditional requests / ETag for cache validation.
servers:
  - url: https://api.arcuserp.com/v1
    description: Arcus ERP API (accepts both live `ark_live_*` and test `ark_test_*` keys)
  - url: https://dev-api.arcuserp.com/v1
    description: >-
      Dev sandbox API (test-only data, accepts `ark_test_*` keys against dev
      RDS)
security: []
paths:
  /orders/{id}/customer-acknowledge-revision:
    parameters:
      - name: id
        in: path
        required: true
        schema:
          type: string
          format: uuid
    post:
      tags:
        - Orders
      summary: Record customer acknowledgment of a revised order or invoice
      description: >
        Stamps `customer_acknowledged_revision = revision_count` on the order,
        lifting the

        revision acknowledgment gate that blocks `POST
        /v1/orders/{id}/payments`,

        `POST /v1/packages` (createPackage), and `POST /v1/orders/{id}/invoice`.


        **Two call sites:**

        1. **Staff API (this endpoint):** Entity-scoped API key with
        `orders:write` scope.
           The operator records the acknowledgment on the customer's behalf (e.g. after a
           phone call or in-person confirmation). `entity_id` is taken from the API key;
           never from the request body (Layer 1 isolation).
        2. **Customer portal (token link):** `POST
        /public/order/{token}/acknowledge-revision`
           (called by the customer from the revision notification email link or the portal
           page). No API key required; authenticated by the order's `share_token`.

        The operation is idempotent -- if `customer_acknowledged_revision`
        already equals

        `revision_count`, the endpoint returns `{ already_acknowledged: true }`
        with HTTP 200.


        On success, broadcasts `order.revision_customer_acknowledged` (or

        `invoice.revision_customer_acknowledged` for invoice documents) via the
        realtime

        channel so the operator-side UI immediately re-enables the gated action
        buttons

        without a page refresh.


        **Activity log:** writes an `order_revised_customer_acknowledged` (or

        `invoice_revised_customer_acknowledged`) audit entry with `source:
        customer_portal`

        (portal path) or `source: staff_api` (this endpoint).


        **Requires:** `orders:write` scope.
      operationId: customerAcknowledgeRevision
      parameters:
        - $ref: '#/components/parameters/IdempotencyKey'
      requestBody:
        required: false
        content:
          application/json:
            schema:
              type: object
              properties: {}
      responses:
        '200':
          description: >
            Acknowledgment recorded (or already up-to-date). Returns `{
            acknowledged: true, revision_count: N,
            customer_acknowledged_revision: N }` on first acknowledgment, or `{
            already_acknowledged: true, revision_count: N,
            customer_acknowledged_revision: N }` if the revision was already
            acknowledged.
          content:
            application/json:
              schema:
                type: object
                properties:
                  acknowledged:
                    type: boolean
                    description: >
                      True when this call recorded the acknowledgment. Absent
                      (see `already_acknowledged`) when the revision was already
                      up-to-date.
                  already_acknowledged:
                    type: boolean
                    description: >
                      True when `customer_acknowledged_revision` already equaled
                      `revision_count` before this call (idempotent success).
                  revision_count:
                    type: integer
                    description: Current value of `orders.revision_count`.
                  customer_acknowledged_revision:
                    type: integer
                    description: >-
                      Value of `orders.customer_acknowledged_revision` after
                      this call.
        '400':
          $ref: '#/components/responses/Error'
        '401':
          $ref: '#/components/responses/Error'
        '403':
          $ref: '#/components/responses/Error'
        '404':
          $ref: '#/components/responses/Error'
      security:
        - ApiKeyAuth: []
components:
  parameters:
    IdempotencyKey:
      name: Idempotency-Key
      in: header
      required: false
      description: |
        Client-generated unique key for idempotent POST/PATCH/DELETE operations.
        Alias for the Idempotency parameter. Max 255 chars. On retry with the
        same key, the original response is returned without re-executing the
        operation. Keys expire after 24 hours.
      schema:
        type: string
        maxLength: 255
  responses:
    Error:
      description: Error response (400/401/403/404/409/422/429/500)
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
  schemas:
    ErrorEnvelope:
      type: object
      description: |
        Canonical error response envelope. All API errors use this shape.
      required:
        - error
        - code
      properties:
        error:
          type: string
          description: Machine-readable error key
          example: not_found
        code:
          type: string
          description: Machine-readable error code (often same as error)
          example: not_found
        type:
          type: string
          enum:
            - validation_error
            - permission_error
            - not_found
            - conflict
            - rate_limit
            - internal
            - expand_error
            - not_implemented
          example: not_found
        hint:
          type: string
          description: Human-readable one-sentence explanation (English)
          example: >-
            The requested order does not exist or does not belong to this
            entity.
        param:
          type: string
          description: The parameter that caused the error, if applicable
          example: expand[0]
        required:
          type: string
          description: The scope required (only on insufficient_scope errors)
          example: accounts:read
        request_id:
          type: string
          description: >-
            Unique request ID for support tracing (maps to CloudWatch log
            stream)
          example: req_abc123
  securitySchemes:
    ApiKeyAuth:
      type: http
      scheme: bearer
      description: |
        API key issued per entity via Settings > Developers > API Keys.
        Each key carries scopes (e.g. orders:read, products:write).
        Bearer token format: Authorization: Bearer ark_live_ent_<code>_<random>
        Test keys use ark_test_ent_<code>_<random>. Both are issued per entity
        via Settings > Developers > API Keys.

````