## GET /api/v2/orders/{id}

**Get order details**

Return a created order with invoice reference, payment state, ordered resources, and retry/cancel action gates. The shape matches successful order creation. Use `read:orders` for least-privilege API keys; existing `read:billing` and domain-scoped read keys are accepted where they can view the owned order.

### Related Endpoints

- `POST /api/v2/orders/{id}/actions/cancel`: Cancel order
- `POST /api/v2/orders`: Create an order
- `POST /api/v2/orders/preview`: Preview an order

### Headers

- `Accept`: application/json
- `Authorization`: Bearer YOUR_API_KEY
- Required API scope: `read:orders`

### Parameters

- `id` (path, string, required): Public order ID. Get it from GET /api/v2/orders `data[].id` or the POST /api/v2/orders response `id`. Do not invent this value; use the exact ID returned by the referenced API response. Example: `ord_01hxa3b4c5d6e7f8g9h0j1k2m3`

### Request Example

```bash
curl -X GET "https://cloud.hostup.se/api/v2/orders/ord_01hxa3b4c5d6e7f8g9h0j1k2m3" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json"
```

### Response Schema

- `id` (string, optional) Example: `ord_01hxa3b4c5d6e7f8g9h0j1k2m3`
- `number` (string, optional) Example: `O-HXA3B4C5`
- `status` (string, optional) Example: `pending`
  Allowed values: pending, active, completed, cancelled, failed
- `type` (string, optional) Example: `new`
  Allowed values: new, renew, upgrade, transfer
- `invoiceId` (string,null, optional) Example: `inv_01hxa3b4c5d6e7f8g9h0j1k2m3`
- `checkoutUrl` (string,null, optional): Compatibility alias used by older clients. New integrations should read `invoice.paymentUrl` when `invoice` is present. Example: `https://cloud.hostup.se/billing?invoice=202600001`
- `client` (object, optional)
- `client.id` (string,null, optional) Example: `null`
- `client.email` (string,null, optional) Example: `user@example.com`
- `client.firstName` (string,null, optional) Example: `Anna`
- `client.lastName` (string,null, optional) Example: `Svensson`
- `client.companyName` (string,null, optional) Example: `null`
- `billing` (object, optional)
- `billing.amount` (number, required) Example: `199`
- `billing.currencyCode` (string, required) Example: `SEK`
- `billing.billingCycle` (string,null, required): Canonical billing cycle. VPS services with `isPayg: true` still report `monthly` for summary display; use `isPayg` to distinguish PAYG Cloud VPS from fixed-cycle VPS. Example: `annually`
  Allowed values: monthly, quarterly, semiannually, annually, biennially, triennially, free, 
- `billing.isPayg` (boolean, required): For VPS service/order billing, true means pay-as-you-go Cloud VPS and false means fixed-cycle/prepaid VPS. Non-VPS resources normally return false. Example: `false`
- `billing.periodYears` (integer,null, optional) Example: `1`
- `invoice` (object | null, optional)
- `invoice.id` (string, required) Example: `inv_01hxa3b4c5d6e7f8g9h0j1k2m3`
- `invoice.number` (string,null, required) Example: `202600001`
- `invoice.amount` (number, required) Example: `159`
- `invoice.currencyCode` (string, required) Example: `SEK`
- `invoice.dueAt` (string,null, required) Example: `2026-05-11T23:59:59.000Z`
- `invoice.status` (string, required) Example: `unpaid`
  Allowed values: paid, unpaid, partially_paid, draft, cancelled, refunded
- `invoice.paymentUrl` (string,null, required) Example: `/billing?invoice=202600001`
- `invoice.totals` (object, required)
- `invoice.dates` (object, required)
- `paymentStatus` (object, optional)
- `paymentStatus.status` (string, optional) Example: `unpaid`
  Allowed values: paid, unpaid, credit_note, pending, unknown
- `paymentStatus.reason` (string,null, optional) Example: `Invoice is unpaid.`
- `actions` (object, optional)
- `actions.canRetry` (object, optional)
- `actions.canRetry.allowed` (boolean, required) Example: `true`
- `actions.canRetry.reason` (string,null, required) Example: `null`
- `actions.canRetry.code` (string,null, optional): Machine-readable reason code when an action is blocked. Example: `pending_order`
- `actions.canCancel` (object, optional)
- `actions.canCancel.allowed` (boolean, required) Example: `true`
- `actions.canCancel.reason` (string,null, required) Example: `null`
- `actions.canCancel.code` (string,null, optional): Machine-readable reason code when an action is blocked. Example: `pending_order`
- `domains` (array<object>, optional)
- `hosting` (array<object>, optional)
- `addons` (array<object>, optional)
- `upgrades` (array<object>, optional)
- `invoiceLookupPending` (boolean, optional) Example: `false`
- `createdAt` (string,null, optional)
- `contractAcceptedAt` (string,null, optional) Example: `null`
- `notes` (string,null, optional) Example: `null`
- `referenceNumber` (string,null, optional) Example: `null`

### Responses

#### 200 - Order details.
```json
{
  "id": "ord_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "number": "1072061075",
  "status": "active",
  "type": "new",
  "invoiceId": "inv_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "client": {
    "id": "client_01hxa3b4c5d6e7f8g9h0j1k2m3",
    "email": null,
    "firstName": "Example",
    "lastName": "Customer",
    "companyName": "Example AB"
  },
  "billing": {
    "amount": 1050.8,
    "currencyCode": "SEK",
    "billingCycle": null,
    "isPayg": false
  },
  "invoice": {
    "id": "inv_01hxa3b4c5d6e7f8g9h0j1k2m3",
    "number": "202600001",
    "amount": 1050.8,
    "currencyCode": "SEK",
    "dueAt": "2026-05-11T23:59:59.000Z",
    "status": "paid",
    "paymentUrl": "/billing?invoice=202600001",
    "totals": {
      "currencyCode": "SEK",
      "total": 1050.8,
      "amountPaid": 1050.8,
      "outstanding": 0
    },
    "dates": {
      "dueAt": "2026-05-11T23:59:59.000Z"
    }
  },
  "paymentStatus": {
    "status": "paid",
    "reason": "Invoice is fully paid."
  },
  "actions": {
    "canRetry": {
      "allowed": false,
      "reason": "Order is already completed."
    },
    "canCancel": {
      "allowed": false,
      "reason": "Active orders cannot be cancelled."
    }
  },
  "domains": [
    {
      "name": "example.com",
      "tld": "com",
      "amount": 164.78,
      "currencyCode": "SEK"
    }
  ],
  "hosting": [],
  "addons": [],
  "upgrades": [],
  "invoiceLookupPending": false,
  "createdAt": "2026-04-27T12:00:00.000Z",
  "contractAcceptedAt": null,
  "notes": null,
  "referenceNumber": null
}
```

#### 400 - Invalid request. The response body is an RFC 7807 Problem Details document.
```json
{
  "type": "https://developer.hostup.se/errors/invalid_request",
  "title": "Invalid request",
  "status": 400,
  "detail": "The request body failed validation.",
  "code": "invalid_request",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z",
  "errors": [
    {
      "pointer": "/items/0/domainName",
      "detail": "`domainName` is required.",
      "code": "invalid_request"
    }
  ]
}
```

#### 401 - Unauthorized. Authentication is required.
```json
{
  "type": "https://developer.hostup.se/errors/unauthorized",
  "title": "Unauthorized",
  "status": 401,
  "detail": "Authentication is required.",
  "code": "unauthorized",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 403 - Forbidden. The caller lacks a required scope or does not own the resource.
```json
{
  "type": "https://developer.hostup.se/errors/forbidden",
  "title": "Forbidden",
  "status": 403,
  "detail": "The caller lacks a required scope or does not own the resource.",
  "code": "forbidden",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 404 - Not found. The resource does not exist or is not owned by the caller.
```json
{
  "type": "https://developer.hostup.se/errors/not_found",
  "title": "Not found",
  "status": 404,
  "detail": "The requested resource could not be found.",
  "code": "not_found",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 429 - Rate limited. Retry after the limit resets. 429 responses include `Retry-After` seconds plus `X-RateLimit-*` headers.
```json
{
  "type": "https://developer.hostup.se/errors/rate_limit_exceeded",
  "title": "Too many requests",
  "status": 429,
  "detail": "Too many requests. Retry after the limit resets.",
  "code": "rate_limit_exceeded",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 500 - Internal error. Retry later or contact support if the issue persists.
```json
{
  "type": "https://developer.hostup.se/errors/internal_error",
  "title": "Internal server error",
  "status": 500,
  "detail": "An unexpected error occurred. Retry later or contact support if the issue persists.",
  "code": "internal_error",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```