Action Requests

The action_requests feature lets end users submit requests that your team can review and approve from the Orderly dashboard. This creates a structured workflow for order modifications without giving end users direct write access.

Enable it by adding action_requests to your enabled_features.

Request Types

Type	Description
`cancel`	Request to cancel an order
`hold`	Request to hold/pause an order
`expedite`	Request to expedite shipping
`address_change`	Request to change the shipping address
`note`	Add a note or special instruction
`other`	Custom request type

End User Endpoints

These require a valid est_ session token with actions:write scope.

Submit a Request


POST /api/embed/action-requests
Authorization: Bearer est_session-token
Content-Type: application/json
 
{
  "orderId": "order-uuid",
  "actionType": "cancel",
  "title": "Please cancel this order",
  "description": "I ordered the wrong size",
  "requestedChanges": {
    "reason": "wrong_item"
  }
}

Response:


{
  "data": {
    "id": "uuid",
    "order_id": "order-uuid",
    "action_type": "cancel",
    "status": "pending",
    "title": "Please cancel this order",
    "description": "I ordered the wrong size",
    "requested_changes": { "reason": "wrong_item" },
    "expires_at": "2026-03-28T18:00:00Z",
    "created_at": "2026-03-21T18:00:00Z"
  }
}

Requests expire after 7 days if not resolved.

List Requests


GET /api/embed/action-requests
Authorization: Bearer est_session-token

Returns all requests submitted by the authenticated end user.

Get Request Status


GET /api/embed/action-requests/:id
Authorization: Bearer est_session-token

Cancel a Pending Request


DELETE /api/embed/action-requests/:id
Authorization: Bearer est_session-token

Only pending requests can be cancelled by the end user.

Dashboard Endpoints

These require an oh_ API key with the embed:manage scope.

View Request Queue


GET /api/embed/action-requests/queue
Authorization: Bearer oh_your-api-key

Returns all pending requests across your organization, sorted by creation date. Use this to build a review queue in your dashboard.

Resolve a Request


PATCH /api/embed/action-requests/:id/resolve
Authorization: Bearer oh_your-api-key
Content-Type: application/json
 
{
  "status": "approved",
  "resolutionNote": "Order cancelled, refund initiated"
}

Set status to approved or denied. The resolved_by field is automatically set to the authenticated user, and resolved_at is set to the current time.

Response:


{
  "data": {
    "id": "uuid",
    "status": "approved",
    "resolved_by": "user-uuid",
    "resolved_at": "2026-03-21T19:00:00Z",
    "resolution_note": "Order cancelled, refund initiated"
  }
}

Request Lifecycle


pending → approved
pending → denied
pending → expired (automatic after 7 days)
pending → cancelled (by end user)

Address Change Example


POST /api/embed/action-requests
Authorization: Bearer est_session-token
Content-Type: application/json
 
{
  "orderId": "order-uuid",
  "actionType": "address_change",
  "title": "Update shipping address",
  "description": "Moving to a new office",
  "requestedChanges": {
    "address": {
      "street": "456 New Street",
      "city": "San Francisco",
      "state": "CA",
      "zip": "94102"
    }
  }
}