Skip to content
Order Management
Close the order-to-approval gap.
Procurement
Source-to-pay without spreadsheets.
Inventory Control
Live stock across every warehouse.
OPEX Intelligence
Real-time budget vs actual.
Integrations
40+ native connectors, 2-hour setup.
AI Modules2026
Predictive reorder, risk, anomaly.
Manufacturing
BOM-aware procurement, multi-plant stock.
Retail & CPG
Shelf-to-supplier visibility at SKU depth.
Healthcare
HIPAA-aligned, lot-tracked, audit-ready.
Logistics
Fleet-aware procurement tied to route P&L.
Energy & Utilities
CapEx + OPEX unified for regulator review.
CustomersPricingResources
Sign in
Book a Demo
API Reference

A REST and GraphQL API for every piece of your operation.

240+ versioned REST endpoints, a GraphQL gateway over the same canonical ledger, OAuth 2.0 with short-lived tokens, and official SDKs in four languages. Contractually backed at 99.95% uptime on Enterprise and Elite tiers.
AuthenticationEndpoint categories
REST endpoints
240+

Versioned under /v1, with deprecation notices one full release ahead of removal.

Two transport layers
REST + GraphQL

Use REST for write paths and GraphQL for composable reads across the canonical ledger.

Uptime SLA
99.95%

Contractually backed on Enterprise and Elite tiers, with financial credits on miss.

Authentication

OAuth 2.0, short-lived tokens, SAML SSO on the human side.

  • Client credentials grant

    Server-to-server integrations exchange a client ID and secret for a bearer token with a 15-minute TTL.

  • SAML 2.0 SSO for users

    Human sessions authenticate through your IdP (Okta, Azure AD, Ping, Auth0) with SCIM 2.0 provisioning and group-scoped RBAC.

  • Scoped API keys for CI

    Long-lived keys scoped to a single capability (e.g. invoices:read) for build pipelines that can’t hold OAuth state.

request.sh
curl -X POST https://api.ordentra.com/oauth/token \
  -H "Content-Type: application/json" \
  -d '{
    "grant_type": "client_credentials",
    "client_id": "cid_01J9ZQR...",
    "client_secret": "sk_live_...",
    "scope": "orders:write invoices:read analytics:read"
  }'

# Response
{
  "access_token": "eyJhbGciOiJFZERTQSIs...",
  "token_type": "Bearer",
  "expires_in": 900,
  "scope": "orders:write invoices:read analytics:read"
}
Endpoint categories

Eight capability groups, 240+ endpoints in total.

Every endpoint is versioned under /v1, documented with a request and response schema, and covered by at least one SDK example.

28 endpoints

Orders

Intake, approval state, and dispatch for every purchase request.

GET    /v1/orders
POST   /v1/orders
PATCH  /v1/orders/:id
View all orders endpoints
36 endpoints

Procurement

Vendors, contracts, price books, and RFQ workflows.

GET    /v1/vendors
POST   /v1/contracts
POST   /v1/rfqs/:id/award
View all procurement endpoints
32 endpoints

Inventory

Multi-location stock, cycle counts, and serial/lot tracking.

GET    /v1/inventory/locations
POST   /v1/inventory/adjustments
GET    /v1/inventory/lots/:id
View all inventory endpoints
22 endpoints

Vendors

Onboarding, risk scoring, and diversity classification.

GET    /v1/vendors/:id
POST   /v1/vendors/:id/score
PATCH  /v1/vendors/:id/status
View all vendors endpoints
26 endpoints

Invoices

Three-way match, accruals, and exception handling.

GET    /v1/invoices
POST   /v1/invoices/:id/match
POST   /v1/invoices/:id/dispute
View all invoices endpoints
24 endpoints

Payments

Schedules, settlement runs, and remittance delivery.

GET    /v1/payments/runs
POST   /v1/payments/runs
POST   /v1/payments/:id/remit
View all payments endpoints
38 endpoints

Analytics

Ledger queries, aggregations, and the dashboard data surface.

POST   /v1/analytics/query
GET    /v1/analytics/dimensions
GET    /v1/analytics/exports/:id
View all analytics endpoints
34 endpoints

Admin

Users, roles, SCIM, audit logs, and tenant configuration.

GET    /v1/admin/users
POST   /v1/admin/roles
GET    /v1/admin/audit-log
View all admin endpoints
Rate limits

Clear limits, headers on every response.

Every response carries X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers. GraphQL node cost is returned under X-Query-Cost.

Growth

Standard

Starting tier for single-entity operations and first integrations.

REST requests
120 req/min
Burst window
Burst 240 req/min (60s)
GraphQL cost
1,500 node cost/min

Enterprise

Standard

Multi-entity, multi-region, with dedicated support and SSO.

REST requests
1,200 req/min
Burst window
Burst 3,000 req/min (60s)
GraphQL cost
15,000 node cost/min

Elite

Custom

Active-active deployments with custom limits and dedicated capacity.

REST requests
Custom (10k+)
Burst window
Custom burst windows
GraphQL cost
Unmetered under contract
Official SDKs

Four languages, all tracking the same version.

SDKs ship from the same generator that builds the reference docs — types, method signatures, and errors stay in lockstep with the API.

py

Python

v4.8.2

Async-first client with typed models, cursor pagination, and retry backoff.

pip install ordentra
github.com/ordentra/ordentra-python
ts

TypeScript

v4.8.2

Isomorphic client with full type inference, tree-shakeable, ESM + CJS.

npm install @ordentra/sdk
github.com/ordentra/ordentra-ts
go

Go

v4.7.0

Context-aware client with idiomatic error types and structured logging hooks.

go get github.com/ordentra/go-sdk
github.com/ordentra/go-sdk
jv

Java

v4.6.1

Java 17+ client with record types, virtual threads, and Micrometer hooks.

implementation 'com.ordentra:sdk:4.6.1'
github.com/ordentra/java-sdk
Webhooks

Push events when state changes, signed and replayable.

Subscribe any endpoint to the event bus. Deliveries are signed with HMAC-SHA256, retried with exponential backoff up to 24 hours, and replayable from the admin console for any 30-day window.

Retention
30 days
Delivery p99
< 150ms
Retries
9 attempts
order.approved

Fires when a purchase order clears the final approval stage.

invoice.matched

Fires when three-way match succeeds against PO and receipt.

vendor.risk_changed

Fires when a vendor's risk score crosses a configured threshold.

inventory.lot_expired

Fires for regulated lots within the configured expiry window.

Changelog

What shipped recently, breaking or not.

Every API change is published here first. Breaking changes announced one release ahead, with migration guides linked from the deprecation header.

  1. April 2, 2026
    v4.8.2

    Cursor pagination on /v1/analytics/query

    Non-breaking

    Large analytical queries now return a cursor instead of a page offset. Offset pagination is deprecated and will be removed in v5.0.

  2. March 18, 2026
    v4.8.0

    New webhook signature scheme (HMAC-SHA256)

    Breaking

    Webhook payloads are now signed with a rotating HMAC-SHA256 key. The previous MD5 scheme is removed.

  3. March 4, 2026
    v4.7.3

    GraphQL cost analysis in preview

    Non-breaking

    Query cost now returned in response headers for read-path tuning. No behavior change.

  4. February 20, 2026
    v4.7.0

    /v1/payments/runs supports partial remittance

    Non-breaking

    Settlement runs can now be partially remitted with explicit invoice scope.

  5. February 6, 2026
    v4.6.1

    Deprecation: /v1/orders?legacy_format=true

    Breaking

    Legacy order payload format removed. Migrate to the canonical schema documented under /v1/orders.

Questions?

Talk to a solutions engineer who has built against it.

Get a working integration review with an engineer who ships against the API every day. Bring an endpoint, a payload, or an architecture question — we’ll write it on the call.

Book an SE sessionBack to Documentation