> ## Documentation Index
> Fetch the complete documentation index at: https://docs.arcuserp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Void a posted order

> **Authorization:** requires `orders:write` API-key scope AND the per-user
`orders.delete` permission (SoD parity sweep 2026-05-16; the api-v1
wrapper used to gate on scope alone, which let any junior staff with a
`orders:write` API key bypass the role check the human-user path enforces).
Void is the heavier action than cancel: it reverses GL on partially
fulfilled orders too, so the per-user permission required is
`orders.delete` (NOT `orders.edit`). System-actor calls without an
identifiable principal are denied per AICPA SoC2 CC6.1. Idempotent via
`Idempotency-Key`.

Voids a sales order or invoice. Mirror of `POST /orders/{id}/cancel` with a
permissive fulfillment guard: `voidOrder` is the canonical handler for
reversing a partially-fulfilled or fulfilled order when an RMA is not the
right path (e.g. customer dispute, fraud, data entry error pre-shipment).
Voiding reverses every booked GL JE (FULFILLMENT / TAX / SHIPPING / DISCOUNT),
releases inventory reservations, voids Shippo labels carrier-side, voids the
AvaTax committed transaction, and auto-voids any uncaptured Stripe
PaymentIntents with `cancel_reason='order_voided'`.

The order must not be already voided, archived, fully fulfilled (use returns
instead), partially fulfilled (operator must void packages first), or have
active shipments. If the order has child drop-ship purchase orders or child
work orders auto-created on confirm via the forward cascade, the same atomic
cascade behavior as `POST /orders/{id}/cancel` applies:

- If any child drop-ship PO has received goods (purchase_receipts exist),
  HTTP 409 `dropship_po_received_blocks_so_void`.
- If any child drop-ship PO was sent to the vendor but has no receipts,
  HTTP 409 `dropship_po_sent_blocks_so_void`.
- If any child work order has status `completed` or `closed`, HTTP 409
  `manufactured_wo_completed_blocks_so_void`.
- If any child work order has status `in_progress`, HTTP 409
  `manufactured_wo_in_progress_blocks_so_void`.
- If any open RMA exists against the order, HTTP 409 `open_rma_blocks_void`.
- Otherwise (every child is in a cascade-eligible state), all child POs +
  WOs cancel atomically inside the same transaction as the SO void.
  The response surfaces `cascaded_drop_ship_pos[]` and `cascaded_work_orders[]`
  listing each child auto-cancelled by the cascade.

Behavior, atomicity, and error codes are guaranteed mirrors of the cancel
path (NEW-GAP-CANCEL-SALES-ORDER-ORPHANS-DROPSHIP-PO 2026-05-15 +
NEW-GAP-INVERSE-CASCADE-AUDIT-SWEEP Phase A 2026-05-15). For the underlying
invariants see [docs/context/ERP-CORRECTNESS-RULES.md §E3c + §E3d](https://github.com/reubenbroussard/arcus-erp-aws/blob/main/docs/context/ERP-CORRECTNESS-RULES.md).




## OpenAPI

````yaml /openapi.yaml post /orders/{id}/void
openapi: 3.1.0
info:
  title: Arcus ERP Public API
  version: 1.0.0
  description: >
    Arcus ERP public REST API. Designed for external integrations and data
    migration.


    **Authentication.** Bearer token (API key) via the `Authorization` header.

    Format: `Authorization: Bearer ark_live_ent_<code>_<random>` (or
    `ark_test_*` for sandbox).

    API keys are issued per-entity in **Settings > Developers > API Keys**.


    **Entity scoping.** The entity is encoded in the API key prefix; routes are
    flat

    (e.g. `/v1/accounts`, `/v1/orders`, `/v1/products`). A small set of platform
    endpoints

    (migration, reconciliation, events, webhook endpoints, API keys) use the

    `/v1/entities/{entity_id}/...` form -- those are noted in their tags.


    **Key capabilities.**
      - Related-resource hydration via `?expand[]=` (see `x-arcus-expand` on each resource).
      - Cursor-based pagination (`starting_after` / `ending_before` / `limit`).
      - Idempotency via the `Idempotency-Key` header.
      - Webhook events for asynchronous notification.
      - Conditional requests / ETag for cache validation.
servers:
  - url: https://api.arcuserp.com/v1
    description: Arcus ERP API (accepts both live `ark_live_*` and test `ark_test_*` keys)
  - url: https://dev-api.arcuserp.com/v1
    description: >-
      Dev sandbox API (test-only data, accepts `ark_test_*` keys against dev
      RDS)
security: []
paths:
  /orders/{id}/void:
    parameters:
      - name: id
        in: path
        required: true
        schema:
          type: string
          format: uuid
    post:
      tags:
        - Orders
      summary: Void a posted order
      description: >
        **Authorization:** requires `orders:write` API-key scope AND the
        per-user

        `orders.delete` permission (SoD parity sweep 2026-05-16; the api-v1

        wrapper used to gate on scope alone, which let any junior staff with a

        `orders:write` API key bypass the role check the human-user path
        enforces).

        Void is the heavier action than cancel: it reverses GL on partially

        fulfilled orders too, so the per-user permission required is

        `orders.delete` (NOT `orders.edit`). System-actor calls without an

        identifiable principal are denied per AICPA SoC2 CC6.1. Idempotent via

        `Idempotency-Key`.


        Voids a sales order or invoice. Mirror of `POST /orders/{id}/cancel`
        with a

        permissive fulfillment guard: `voidOrder` is the canonical handler for

        reversing a partially-fulfilled or fulfilled order when an RMA is not
        the

        right path (e.g. customer dispute, fraud, data entry error
        pre-shipment).

        Voiding reverses every booked GL JE (FULFILLMENT / TAX / SHIPPING /
        DISCOUNT),

        releases inventory reservations, voids Shippo labels carrier-side, voids
        the

        AvaTax committed transaction, and auto-voids any uncaptured Stripe

        PaymentIntents with `cancel_reason='order_voided'`.


        The order must not be already voided, archived, fully fulfilled (use
        returns

        instead), partially fulfilled (operator must void packages first), or
        have

        active shipments. If the order has child drop-ship purchase orders or
        child

        work orders auto-created on confirm via the forward cascade, the same
        atomic

        cascade behavior as `POST /orders/{id}/cancel` applies:


        - If any child drop-ship PO has received goods (purchase_receipts
        exist),
          HTTP 409 `dropship_po_received_blocks_so_void`.
        - If any child drop-ship PO was sent to the vendor but has no receipts,
          HTTP 409 `dropship_po_sent_blocks_so_void`.
        - If any child work order has status `completed` or `closed`, HTTP 409
          `manufactured_wo_completed_blocks_so_void`.
        - If any child work order has status `in_progress`, HTTP 409
          `manufactured_wo_in_progress_blocks_so_void`.
        - If any open RMA exists against the order, HTTP 409
        `open_rma_blocks_void`.

        - Otherwise (every child is in a cascade-eligible state), all child POs
        +
          WOs cancel atomically inside the same transaction as the SO void.
          The response surfaces `cascaded_drop_ship_pos[]` and `cascaded_work_orders[]`
          listing each child auto-cancelled by the cascade.

        Behavior, atomicity, and error codes are guaranteed mirrors of the
        cancel

        path (NEW-GAP-CANCEL-SALES-ORDER-ORPHANS-DROPSHIP-PO 2026-05-15 +

        NEW-GAP-INVERSE-CASCADE-AUDIT-SWEEP Phase A 2026-05-15). For the
        underlying

        invariants see [docs/context/ERP-CORRECTNESS-RULES.md §E3c +
        §E3d](https://github.com/reubenbroussard/arcus-erp-aws/blob/main/docs/context/ERP-CORRECTNESS-RULES.md).
      operationId: voidOrder
      parameters:
        - $ref: '#/components/parameters/IdempotencyKey'
      requestBody:
        content:
          application/json:
            schema:
              type: object
              properties:
                reason:
                  type: string
                  description: Operator-supplied void reason (audit-logged).
                skip_marketplace_sync:
                  type: boolean
                  description: |
                    Pending implementation. Reserved for the upcoming
                    NEW-GAP-API-CANONICAL-MARKETPLACE-SYNC-OPT-OUT change.
      responses:
        '200':
          description: >
            Voided order. Response may include `cascaded_drop_ship_pos[]`
            listing

            child drop-ship POs auto-cancelled by the cascade and

            `cascaded_work_orders[]` listing child work orders auto-cancelled by

            the cascade. Includes `voided_payment_intents[]` for any uncaptured

            Stripe PIs auto-voided post-commit (AUDIT-077b-G4) and
            `void_failures[]`

            for any post-commit non-blocking failures (Shopify sync, AvaTax
            void).
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Order'
        '400':
          description: >
            Pre-flight gate blocked the void. Possible `code` values:

            `fulfilled_blocks_void` (order is fully fulfilled, use returns
            instead),

            `partial_fulfillment_blocks_void` (operator must void packages
            first),

            `active_shipments_block_void` (labels still active).
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '401':
          $ref: '#/components/responses/Error'
        '403':
          $ref: '#/components/responses/Error'
        '404':
          $ref: '#/components/responses/Error'
        '409':
          description: >
            Conflict: a child resource state blocks the void. Possible `code`
            values:

            `open_rma_blocks_void`, `dropship_po_received_blocks_so_void`,

            `dropship_po_sent_blocks_so_void`,

            `manufactured_wo_completed_blocks_so_void`,

            `manufactured_wo_in_progress_blocks_so_void`.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
      security:
        - ApiKeyAuth: []
components:
  parameters:
    IdempotencyKey:
      name: Idempotency-Key
      in: header
      required: false
      description: |
        Client-generated unique key for idempotent POST/PATCH/DELETE operations.
        Alias for the Idempotency parameter. Max 255 chars. On retry with the
        same key, the original response is returned without re-executing the
        operation. Keys expire after 24 hours.
      schema:
        type: string
        maxLength: 255
  schemas:
    Order:
      type: object
      description: >
        An Arcus ERP order document. One table holds quotes, sales_orders,
        invoices,

        returns, and purchase_orders -- always filter by document_type.

        entity_id is always from the API key (Layer 1 isolation).
      properties:
        id:
          type: string
          format: uuid
        object:
          type: string
          enum:
            - order
        entity_id:
          type: string
          format: uuid
          readOnly: true
        order_number:
          type: string
          readOnly: true
        document_type:
          type: string
          enum:
            - quote
            - sales_order
            - invoice
            - return
            - purchase_order
        order_status:
          type: string
          enum:
            - draft
            - confirmed
            - partially_fulfilled
            - fulfilled
            - cancelled
            - voided
            - awaiting_ach_clearance
            - on_hold
        payment_status:
          type: string
          enum:
            - unpaid
            - partially_paid
            - paid
            - overpaid
            - refunded
            - partially_refunded
            - voided
        fulfillment_status:
          type: string
          enum:
            - unfulfilled
            - partially_fulfilled
            - fulfilled
        account_id:
          type: string
          format: uuid
          nullable: true
        location_id:
          type: string
          format: uuid
          nullable: true
        po_number:
          type: string
          nullable: true
        order_date:
          type: string
          format: date-time
          nullable: true
        due_date:
          type: string
          format: date-time
          nullable: true
        subtotal:
          type: number
        discount_total:
          type: number
        shipping_total:
          type: number
        tax_total:
          type: number
        fee_total:
          type: number
        order_total:
          type: number
        list_price_total:
          type: number
          readOnly: true
          description: >-
            Derived (display-only): SUM(list_price * qty) over non-kit lines.
            The gross baseline of the gross-to-net bridge (List price minus
            pricing_savings equals subtotal). Never part of order_total.
        pricing_savings:
          type: number
          readOnly: true
          description: >-
            Derived (display-only): SUM(pricing_rule_adjustment * qty) over
            non-kit lines (positive magnitude). Per-unit pricing-rule savings
            already baked into subtotal via sell_rate (ASC 606 transaction
            price); shown as an informational List-to-Subtotal bridge, never
            subtracted from order_total.
        amount_paid:
          type: number
          readOnly: true
          description: 'SSOT: utils/ar-helpers.mjs::updateARBalance. Do not write directly.'
        balance_due:
          type: number
          readOnly: true
        tax_exempt:
          type: boolean
        delivery_option:
          type: string
          enum:
            - ship
            - pick_up
            - local_delivery
        notes:
          type: string
          nullable: true
        internal_notes:
          type: string
          nullable: true
        invoice_number:
          type: string
          nullable: true
          readOnly: true
        invoice_type:
          type: string
          enum:
            - order
            - manual
            - proforma
            - correction
          nullable: true
        is_on_hold:
          type: boolean
          readOnly: true
        hold_type:
          type: string
          nullable: true
          readOnly: true
        ship_complete:
          type: boolean
        source_platform:
          type: string
          nullable: true
        external_order_id:
          type: string
          nullable: true
        external_order_number:
          type: string
          nullable: true
        metadata:
          type: object
          nullable: true
        created_at:
          type: string
          format: date-time
          readOnly: true
        updated_at:
          type: string
          format: date-time
          readOnly: true
    Error:
      description: |
        Alias for ErrorEnvelope. Canonical error response shape used by all
        API endpoints. Refer to ErrorEnvelope for the full field definition.
      allOf:
        - $ref: '#/components/schemas/ErrorEnvelope'
    ErrorEnvelope:
      type: object
      description: |
        Canonical error response envelope. All API errors use this shape.
      required:
        - error
        - code
      properties:
        error:
          type: string
          description: Machine-readable error key
          example: not_found
        code:
          type: string
          description: Machine-readable error code (often same as error)
          example: not_found
        type:
          type: string
          enum:
            - validation_error
            - permission_error
            - not_found
            - conflict
            - rate_limit
            - internal
            - expand_error
            - not_implemented
          example: not_found
        hint:
          type: string
          description: Human-readable one-sentence explanation (English)
          example: >-
            The requested order does not exist or does not belong to this
            entity.
        param:
          type: string
          description: The parameter that caused the error, if applicable
          example: expand[0]
        required:
          type: string
          description: The scope required (only on insufficient_scope errors)
          example: accounts:read
        request_id:
          type: string
          description: >-
            Unique request ID for support tracing (maps to CloudWatch log
            stream)
          example: req_abc123
  responses:
    Error:
      description: Error response (400/401/403/404/409/422/429/500)
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
  securitySchemes:
    ApiKeyAuth:
      type: http
      scheme: bearer
      description: |
        API key issued per entity via Settings > Developers > API Keys.
        Each key carries scopes (e.g. orders:read, products:write).
        Bearer token format: Authorization: Bearer ark_live_ent_<code>_<random>
        Test keys use ark_test_ent_<code>_<random>. Both are issued per entity
        via Settings > Developers > API Keys.

````