> ## Documentation Index
> Fetch the complete documentation index at: https://docs.arcuserp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List purchase orders

> Returns a paginated list of purchase orders for the entity. Supports filtering by
`vendor_id`, `status` (canonical `order_status` values OR comma-separated multi-value),
`location_id`, `created_after`, and `created_before`. Results are cursor-paginated using
`starting_after`. This is the dedicated PO resource; prefer this over the orders-family
`GET /orders/purchase-orders`. Requires `purchasing:read` scope.

**`status` filter -- accepted values (canonical):** `draft`, `open`, `processing`,
`fulfilled`, `cancelled`, `archived`, `expired`, `awaiting_ach_clearance`. Pass a
single value (`status=open`) or comma-separated for multi (`status=open,processing`).
The sentinel `all` returns every row (no status filter).

**`status` filter -- legacy aliases (translated server-side, accepted for backward
compatibility):** `sent` -> `open`, `partially_received` -> `processing`,
`received` -> `fulfilled`, `closed` -> `archived`, `on_hold` -> `awaiting_ach_clearance`.
New integrations SHOULD use canonical values.

Unknown status tokens return HTTP 400 `invalid_status` with the list of accepted
canonical + alias values in the `hint` field.




## OpenAPI

````yaml /openapi.yaml get /purchase-orders
openapi: 3.1.0
info:
  title: Arcus ERP Public API
  version: 1.0.0
  description: >
    Arcus ERP public REST API. Designed for external integrations and data
    migration.


    **Authentication.** Bearer token (API key) via the `Authorization` header.

    Format: `Authorization: Bearer ark_live_ent_<code>_<random>` (or
    `ark_test_*` for sandbox).

    API keys are issued per-entity in **Settings > Developers > API Keys**.


    **Entity scoping.** The entity is encoded in the API key prefix; routes are
    flat

    (e.g. `/v1/accounts`, `/v1/orders`, `/v1/products`). A small set of platform
    endpoints

    (migration, reconciliation, events, webhook endpoints, API keys) use the

    `/v1/entities/{entity_id}/...` form -- those are noted in their tags.


    **Key capabilities.**
      - Related-resource hydration via `?expand[]=` (see `x-arcus-expand` on each resource).
      - Cursor-based pagination (`starting_after` / `ending_before` / `limit`).
      - Idempotency via the `Idempotency-Key` header.
      - Webhook events for asynchronous notification.
      - Conditional requests / ETag for cache validation.
servers:
  - url: https://api.arcuserp.com/v1
    description: Arcus ERP API (accepts both live `ark_live_*` and test `ark_test_*` keys)
  - url: https://dev-api.arcuserp.com/v1
    description: >-
      Dev sandbox API (test-only data, accepts `ark_test_*` keys against dev
      RDS)
security: []
paths:
  /purchase-orders:
    get:
      tags:
        - Purchasing
      summary: List purchase orders
      description: >
        Returns a paginated list of purchase orders for the entity. Supports
        filtering by

        `vendor_id`, `status` (canonical `order_status` values OR
        comma-separated multi-value),

        `location_id`, `created_after`, and `created_before`. Results are
        cursor-paginated using

        `starting_after`. This is the dedicated PO resource; prefer this over
        the orders-family

        `GET /orders/purchase-orders`. Requires `purchasing:read` scope.


        **`status` filter -- accepted values (canonical):** `draft`, `open`,
        `processing`,

        `fulfilled`, `cancelled`, `archived`, `expired`,
        `awaiting_ach_clearance`. Pass a

        single value (`status=open`) or comma-separated for multi
        (`status=open,processing`).

        The sentinel `all` returns every row (no status filter).


        **`status` filter -- legacy aliases (translated server-side, accepted
        for backward

        compatibility):** `sent` -> `open`, `partially_received` ->
        `processing`,

        `received` -> `fulfilled`, `closed` -> `archived`, `on_hold` ->
        `awaiting_ach_clearance`.

        New integrations SHOULD use canonical values.


        Unknown status tokens return HTTP 400 `invalid_status` with the list of
        accepted

        canonical + alias values in the `hint` field.
      operationId: listPurchaseOrdersV2
      parameters:
        - name: status
          in: query
          description: >
            Single canonical status, comma-separated multi-value, or `all`.
            Accepts canonical

            `order_status` ENUM values and 5 legacy aliases (translated
            server-side).
          schema:
            type: string
            example: open,processing
        - name: vendor_id
          in: query
          description: UUID of the vendor account. Canonical filter name.
          schema:
            type: string
            format: uuid
        - name: account_id
          in: query
          description: |
            Legacy alias for `vendor_id`. Vendor records are account rows so
            both keys refer to the same vendor account UUID. If both are
            provided with different values, `vendor_id` wins and a server-side
            warning is logged. New integrations SHOULD use `vendor_id`.
          schema:
            type: string
            format: uuid
        - name: limit
          in: query
          schema:
            type: integer
            default: 25
            maximum: 100
        - name: starting_after
          in: query
          schema:
            type: string
        - name: expand[]
          in: query
          schema:
            type: array
            items:
              type: string
              enum:
                - data.line_items
                - data.line_items.product
                - data.vendor
                - data.receipts
                - data.bills
          style: form
          explode: true
      responses:
        '200':
          description: Paginated list of purchase orders
          content:
            application/json:
              schema:
                type: object
                properties:
                  object:
                    type: string
                    enum:
                      - list
                  data:
                    type: array
                    items:
                      $ref: '#/components/schemas/PurchaseOrder'
                  has_more:
                    type: boolean
        '401':
          $ref: '#/components/responses/Error'
        '403':
          $ref: '#/components/responses/Error'
      security:
        - ApiKeyAuth: []
components:
  schemas:
    PurchaseOrder:
      type: object
      description: A purchase order issued to a vendor.
      properties:
        id:
          type: string
          format: uuid
        object:
          type: string
          enum:
            - purchase_order
        entity_id:
          type: string
          format: uuid
          readOnly: true
        po_number:
          type: string
          readOnly: true
        vendor_id:
          type: string
          format: uuid
        location_id:
          type: string
          format: uuid
          nullable: true
        status:
          type: string
          enum:
            - draft
            - approved
            - sent
            - partially_received
            - received
            - closed
            - cancelled
          readOnly: true
        po_date:
          type: string
          format: date-time
        expected_date:
          type: string
          format: date-time
          nullable: true
        subtotal:
          type: number
        tax_total:
          type: number
        shipping_total:
          type: number
        po_total:
          type: number
        currency:
          type: string
          default: USD
        notes:
          type: string
          nullable: true
        internal_notes:
          type: string
          nullable: true
        metadata:
          type: object
          nullable: true
        created_at:
          type: string
          format: date-time
          readOnly: true
        updated_at:
          type: string
          format: date-time
          readOnly: true
    ErrorEnvelope:
      type: object
      description: |
        Canonical error response envelope. All API errors use this shape.
      required:
        - error
        - code
      properties:
        error:
          type: string
          description: Machine-readable error key
          example: not_found
        code:
          type: string
          description: Machine-readable error code (often same as error)
          example: not_found
        type:
          type: string
          enum:
            - validation_error
            - permission_error
            - not_found
            - conflict
            - rate_limit
            - internal
            - expand_error
            - not_implemented
          example: not_found
        hint:
          type: string
          description: Human-readable one-sentence explanation (English)
          example: >-
            The requested order does not exist or does not belong to this
            entity.
        param:
          type: string
          description: The parameter that caused the error, if applicable
          example: expand[0]
        required:
          type: string
          description: The scope required (only on insufficient_scope errors)
          example: accounts:read
        request_id:
          type: string
          description: >-
            Unique request ID for support tracing (maps to CloudWatch log
            stream)
          example: req_abc123
  responses:
    Error:
      description: Error response (400/401/403/404/409/422/429/500)
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
  securitySchemes:
    ApiKeyAuth:
      type: http
      scheme: bearer
      description: |
        API key issued per entity via Settings > Developers > API Keys.
        Each key carries scopes (e.g. orders:read, products:write).
        Bearer token format: Authorization: Bearer ark_live_ent_<code>_<random>
        Test keys use ark_test_ent_<code>_<random>. Both are issued per entity
        via Settings > Developers > API Keys.

````