> ## Documentation Index
> Fetch the complete documentation index at: https://docs.arcuserp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Add a line item to a purchase order

> Add a line item to an existing purchase order. The PO must be in
`draft` or `open` status. If the PO is in `draft` and this is the
first item, the PO auto-transitions to `open` and a
`purchase_order.sent` event is emitted.

If a line for the same `(product_id, variant_id)` already exists on
the PO, the incoming `quantity` is merged onto the existing line
(de-dupe) rather than creating a duplicate row.

`unit_cost` is optional. When omitted, the canonical
`findBestPurchasePolicy` resolver applies the best purchase pricing
policy (effective-date filter + multiplier support). Kit products
are rejected (create POs per component instead). Variant-parent
products are rejected unless a specific `variant_id` is provided.

Rejected with 422 if the PO is `pending_approval`; withdraw and revise.

<Note>Required API key scope: `purchasing:write`</Note>




## OpenAPI

````yaml /openapi.yaml post /purchase-orders/{id}/items
openapi: 3.1.0
info:
  title: Arcus ERP Public API
  version: 1.0.0
  description: >
    Arcus ERP public REST API. Designed for external integrations and data
    migration.


    **Authentication.** Bearer token (API key) via the `Authorization` header.

    Format: `Authorization: Bearer ark_live_ent_<code>_<random>` (or
    `ark_test_*` for sandbox).

    API keys are issued per-entity in **Settings > Developers > API Keys**.


    **Entity scoping.** The entity is encoded in the API key prefix; routes are
    flat

    (e.g. `/v1/accounts`, `/v1/orders`, `/v1/products`). A small set of platform
    endpoints

    (migration, reconciliation, events, webhook endpoints, API keys) use the

    `/v1/entities/{entity_id}/...` form -- those are noted in their tags.


    **Key capabilities.**
      - Related-resource hydration via `?expand[]=` (see `x-arcus-expand` on each resource).
      - Cursor-based pagination (`starting_after` / `ending_before` / `limit`).
      - Idempotency via the `Idempotency-Key` header.
      - Webhook events for asynchronous notification.
      - Conditional requests / ETag for cache validation.
servers:
  - url: https://api.arcuserp.com/v1
    description: Arcus ERP API (accepts both live `ark_live_*` and test `ark_test_*` keys)
  - url: https://dev-api.arcuserp.com/v1
    description: >-
      Dev sandbox API (test-only data, accepts `ark_test_*` keys against dev
      RDS)
security: []
paths:
  /purchase-orders/{id}/items:
    parameters:
      - name: id
        in: path
        required: true
        schema:
          type: string
          format: uuid
    post:
      tags:
        - Purchasing
      summary: Add a line item to a purchase order
      description: |
        Add a line item to an existing purchase order. The PO must be in
        `draft` or `open` status. If the PO is in `draft` and this is the
        first item, the PO auto-transitions to `open` and a
        `purchase_order.sent` event is emitted.

        If a line for the same `(product_id, variant_id)` already exists on
        the PO, the incoming `quantity` is merged onto the existing line
        (de-dupe) rather than creating a duplicate row.

        `unit_cost` is optional. When omitted, the canonical
        `findBestPurchasePolicy` resolver applies the best purchase pricing
        policy (effective-date filter + multiplier support). Kit products
        are rejected (create POs per component instead). Variant-parent
        products are rejected unless a specific `variant_id` is provided.

        Rejected with 422 if the PO is `pending_approval`; withdraw and revise.

        <Note>Required API key scope: `purchasing:write`</Note>
      operationId: addPurchaseOrderItemV1
      parameters:
        - name: Idempotency-Key
          in: header
          required: false
          schema:
            type: string
            maxLength: 255
          description: Optional idempotency key for safe retries (Stripe-style).
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - product_id
                - quantity
              properties:
                product_id:
                  type: string
                  format: uuid
                  description: >-
                    The product (SKU) to add. Cannot be a kit. If the product
                    has variants, `variant_id` is also required.
                variant_id:
                  type: string
                  format: uuid
                  nullable: true
                  description: Optional variant of `product_id`.
                quantity:
                  type: number
                  minimum: 0.0001
                  description: Quantity ordered. Must be positive.
                unit_cost:
                  type: number
                  nullable: true
                  description: >-
                    Optional unit cost override. Omit to auto-apply best
                    purchase-pricing policy.
                purchase_policy_id:
                  type: string
                  format: uuid
                  nullable: true
                  description: >-
                    Optional pricing policy id to lock against (for audit
                    trail).
                sort_order:
                  type: integer
                  nullable: true
                  description: Optional sort order on the PO; defaults to 0.
                product_vendor_id:
                  type: string
                  format: uuid
                  nullable: true
                  description: >
                    Optional pointer at the exact `product_vendors` row this PO
                    line is bound

                    to. Persisted on `order_items.product_vendor_id` so the PO
                    PDF / receiving

                    / vendor email surface the operator-chosen vendor-part
                    deterministically

                    when a product has 2+ `product_vendors` rows for the same
                    vendor.

                    Validated against this entity (product_vendors ->
                    products.entity_id) AND

                    the line's `(product_id, vendor_id)`; mismatched ids reject
                    with 400

                    (`invalid_product_vendor_id` /
                    `product_vendor_product_mismatch` /

                    `product_vendor_vendor_mismatch`). Omit to let the PO PDF
                    fall back to the

                    deterministic `LATERAL LIMIT 1` default-vendor-part pick.
      responses:
        '201':
          description: >-
            Line item added (or merged into existing line of same
            product+variant).
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/OrderItem'
        '400':
          $ref: '#/components/responses/Error'
        '401':
          $ref: '#/components/responses/Error'
        '403':
          $ref: '#/components/responses/Error'
        '404':
          $ref: '#/components/responses/Error'
        '422':
          description: >-
            PO is awaiting approval (`po_pending_approval_edit_locked`).
            Withdraw it for revision before editing.
          content:
            application/json:
              schema:
                $ref: '#/components/responses/Error'
      security:
        - ApiKeyAuth: []
components:
  schemas:
    OrderItem:
      type: object
      description: A line item on an order. Sub-resource of Order.
      properties:
        id:
          type: string
          format: uuid
        entity_id:
          type: string
          format: uuid
          readOnly: true
          description: >
            Multi-tenant scoping column (Layer 1 isolation). Set automatically

            from the parent `orders.entity_id` and enforced by Postgres trigger

            `trg_order_items_entity_parity` (P0-ENTITY-ID-CHILD-TABLES,
            2026-05-18).

            Cross-tenant writes are rejected at the database layer.
        order_id:
          type: string
          format: uuid
        product_id:
          type: string
          format: uuid
          nullable: true
        variant_id:
          type: string
          format: uuid
          nullable: true
        sku:
          type: string
          nullable: true
        title:
          type: string
        quantity:
          type: integer
        quantity_fulfilled:
          type: integer
          readOnly: true
        quantity_returned:
          type: integer
          readOnly: true
        sell_rate:
          type: number
          description: >-
            Canonical Arcus per-unit price column (matches
            order_items.sell_rate).
        unit_price:
          type: number
          description: >-
            Public-API alias of sell_rate (Stripe/Shopify/QuickBooks
            convention). Always populated on read; equal to sell_rate. Set per
            NEW-GAP-API-V1-CALLER-UNIT-PRICE-SILENTLY-OVERRIDDEN 2026-05-17
            closure.
        list_price:
          type: number
        pricing_rule_adjustment:
          type: number
          readOnly: true
          description: >-
            Per-unit pricing-rule savings (list_price minus sell_rate, positive
            magnitude). Already baked into sell_rate (and therefore
            line_subtotal) per ASC 606 transaction-price pricing; surfaced for
            the gross-to-net bridge display, never re-subtracted.
        coupon_adjustment:
          type: number
          readOnly: true
          description: >-
            Per-line allocated coupon/order-level discount (signed; negative for
            a discount). Reflected in line_subtotal.
        discount_amount:
          type: number
        line_subtotal:
          type: number
          readOnly: true
        tax_amount:
          type: number
          readOnly: true
        line_total:
          type: number
          readOnly: true
        adjustments:
          type: array
          readOnly: true
          description: >-
            Per-line, per-source adjustment breakdown from
            order_item_adjustments (the canonical SSOT). Each entry attributes a
            signed line_amount to a source (pricing_rule | order_adjustment |
            coupon | manual_line_override | return_refund_adjust |
            restocking_fee). Empty array for lines with no allocations (and on
            legacy orders predating the writer). Industry parity: Shopify Admin
            GraphQL LineItem.discountAllocations[].
          items:
            type: object
            properties:
              id:
                type: string
                format: uuid
              source_type:
                type: string
                description: >-
                  pricing_rule | order_adjustment | coupon |
                  manual_line_override | return_refund_adjust | restocking_fee
              source_id:
                type: string
                format: uuid
                nullable: true
              source_label:
                type: string
                nullable: true
              per_unit_amount:
                type: number
                nullable: true
              quantity:
                type: number
              line_amount:
                type: number
                description: >-
                  Signed per-line adjustment dollar amount (negative for
                  discounts, positive for fees).
              proration_ratio:
                type: number
                nullable: true
              applied_at:
                type: string
                format: date-time
                nullable: true
        unit_cost:
          type: number
          nullable: true
        weight:
          type: number
          nullable: true
        is_tax_exempt:
          type: boolean
        product_tax_code:
          type: string
          nullable: true
        sort_order:
          type: integer
        product_vendor_id:
          type: string
          format: uuid
          nullable: true
          description: >
            For `purchase_order` document_type lines only: exact
            `product_vendors`

            row this line is bound to
            (NEW-GAP-ORDER-ITEMS-PRODUCT-VENDOR-ID-PROVENANCE,

            2026-05-14). NULL for legacy PO lines and all non-PO doc types; PDF

            falls back to the deterministic default-vendor-part pick.
        created_at:
          type: string
          format: date-time
          readOnly: true
        updated_at:
          type: string
          format: date-time
          readOnly: true
    ErrorEnvelope:
      type: object
      description: |
        Canonical error response envelope. All API errors use this shape.
      required:
        - error
        - code
      properties:
        error:
          type: string
          description: Machine-readable error key
          example: not_found
        code:
          type: string
          description: Machine-readable error code (often same as error)
          example: not_found
        type:
          type: string
          enum:
            - validation_error
            - permission_error
            - not_found
            - conflict
            - rate_limit
            - internal
            - expand_error
            - not_implemented
          example: not_found
        hint:
          type: string
          description: Human-readable one-sentence explanation (English)
          example: >-
            The requested order does not exist or does not belong to this
            entity.
        param:
          type: string
          description: The parameter that caused the error, if applicable
          example: expand[0]
        required:
          type: string
          description: The scope required (only on insufficient_scope errors)
          example: accounts:read
        request_id:
          type: string
          description: >-
            Unique request ID for support tracing (maps to CloudWatch log
            stream)
          example: req_abc123
  responses:
    Error:
      description: Error response (400/401/403/404/409/422/429/500)
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
  securitySchemes:
    ApiKeyAuth:
      type: http
      scheme: bearer
      description: |
        API key issued per entity via Settings > Developers > API Keys.
        Each key carries scopes (e.g. orders:read, products:write).
        Bearer token format: Authorization: Bearer ark_live_ent_<code>_<random>
        Test keys use ark_test_ent_<code>_<random>. Both are issued per entity
        via Settings > Developers > API Keys.

````