Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/astrxnomo/shop-microservers/llms.txt

Use this file to discover all available pages before exploring further.

Fetches a single order by its CUID, scoped strictly to the authenticated user. The lookup uses both the order id and the userId derived from the JWT simultaneously — if the order exists but belongs to a different user, the response is identical to a non-existent order. This prevents authenticated users from probing other users’ order IDs.

Endpoint

GET /api/orders/:id

Authentication

A valid JWT is required. The user identity extracted from the token is used as a second lookup condition alongside the order id.
Authorization: Bearer <token>

Parameters

id
string
required
CUID of the order to retrieve. Must be a valid order that belongs to the authenticated user.

Example Request

curl http://localhost/api/orders/clxxxxxxxxxxxxx \
  -H "Authorization: Bearer eyJhbGci..."

Response

200 — Success

Returns the matching Order object as a single data object, including the full array of line items.
{
  "success": true,
  "data": {
    "id": "clxxxxxxxxxxxxx",
    "userId": "clyyyyyyyyyyyyyy",
    "total": 159.98,
    "status": "PENDING",
    "createdAt": "2024-01-15T12:00:00.000Z",
    "updatedAt": "2024-01-15T12:00:00.000Z",
    "items": [
      {
        "id": "clzzzzzzzzzzzzz",
        "orderId": "clxxxxxxxxxxxxx",
        "productId": "claaaaaaaaaaaa",
        "name": "Wireless Headphones",
        "price": 79.99,
        "quantity": 2
      }
    ]
  },
  "error": null
}
The data object has the same shape as each entry returned by List Orders. Refer to that page for full field descriptions.

401 — Unauthorized

Returned when the Authorization header is missing or the JWT is invalid or expired.
{
  "success": false,
  "data": null,
  "error": "Unauthorized"
}

404 — Not Found

Returned when no order exists with the given id for the authenticated user. This is also returned when the order exists but was placed by a different user, preventing cross-user enumeration.
{
  "success": false,
  "data": null,
  "error": "Order not found"
}

Build docs developers (and LLMs) love