Appearance
Surfaces
Interactive API Explorer: Explorer
The authoritative surface is the OpenAPI spec:
/pcm/openapi.yaml
Additional surfaces include MCP and CLI (see below). Direct Lambda is not offered for PCM.
Surface Types (explicit)
API Gateway
- Status: Available.
- Base:
https://api.g3nretailstack.com/pcm - Notes: Primary tenant surface for procurement workflows.
Direct Lambda
- Status: Not offered.
- Notes: No direct Lambda surface is documented for PCM.
CLI
- Status: Available.
- Command:
g3n pcm ...(API Gateway). - Notes: See
cli/README.md.
MCP
- Status: Available.
- Canonical protocol:
https://mcp.g3nretailstack.com/pcm/PROTOCOL.md - Mirror:
https://doc.g3nretailstack.com/pcm/PROTOCOL.md
Auth + tenancy
- Required headers:
x-orgcodeandx-session-guid(user session) orx-api-key(org-bound service account). - Header auth is canonical; body auth is accepted where documented. See /common/headers-identity.html.
- Optional cost attribution:
x-cccode(or request fieldcccode) where supported; see OpenAPI. - Non-associated callers receive
404 not-found(anti-enumeration). - Facility context:
x-logical-guid(required for operational actions; see OpenAPI per-path).x-channel-code(required where documented; see OpenAPI per-path).
Identifier policy
- Direct get/update/status calls require GUID/ID fields (
*_idor legacy*_guidwhere that is the canonical field name). Code-based lookups are resolve/search only. - Responses never include both
*_idand*_guidfor the same record (no dual-field output). - Exceptions (email-based UAS, PVM resolve, MRS
container+record_id) are listed in /common/ids-codes.html.
Request builder (API Gateway)
Headers (canonical)
bash
-H "x-orgcode: $ORGCODE"
-H "x-session-guid: $SESSION_GUID" # or: -H "x-api-key: $API_KEY"
-H "content-type: application/json"Template
bash
curl -sS -X POST "https://api.g3nretailstack.com/pcm/<endpoint>" \
-H "content-type: application/json" \
-H "x-orgcode: $ORGCODE" \
-H "x-session-guid: $SESSION_GUID" \
-d '{"...": "..."}'Notes
- Replace
<endpoint>with a route from the OpenAPI inventory. - Header auth is canonical; body
session_guid/api_keyis accepted where documented.
Endpoint inventory (OpenAPI parity)
Request/response schema names reference OpenAPI component schemas.
| Method | Path | Request schema | Response schema |
|---|---|---|---|
| POST | /comment | CommentAddRequest | CommentEnvelope |
| POST | /comment/get | CommentGetRequest | CommentEnvelope |
| POST | /comment/list | CommentListRequest | CommentListEnvelope |
| POST | /comment/report | CommentReportRequest | CommentReportEnvelope |
| POST | /comment/revise | CommentReviseRequest | CommentEnvelope |
| POST | /comment/status | CommentStatusRequest | CommentEnvelope |
| POST | /consignment/get | ConsignmentGetRequest | ConsignmentEnvelope |
| POST | /consignment/list | ConsignmentListRequest | ConsignmentListEnvelope |
| POST | /consignment/settle | ConsignmentSettleRequest | ConsignmentEnvelope |
| POST | /credit/apply | CreditApplyRequest | RtvEnvelope |
| POST | /inbox/create | InboxCreateRequest | InboxEnvelope |
| POST | /inbox/get | InboxGetRequest | InboxEnvelope |
| POST | /inbox/list | InboxListRequest | InboxListEnvelope |
| POST | /inbox/state | InboxStateRequest | InboxEnvelope |
| POST | /inbox/status | InboxStatusRequest | InboxEnvelope |
| POST | /invoice/dispute | InvoiceDisputeRequest | InvoiceEnvelope |
| POST | /invoice/get | InvoiceGetRequest | InvoiceEnvelope |
| POST | /invoice/list | InvoiceListRequest | InvoiceListEnvelope |
| POST | /invoice/match | InvoiceMatchRequest | InvoiceEnvelope |
| POST | /invoice/resolve | InvoiceResolveRequest | InvoiceEnvelope |
| POST | /npi/approve | NpiApproveRequest | NpiEnvelope |
| POST | /npi/create | NpiCreateRequest | NpiEnvelope |
| POST | /npi/get | NpiGetRequest | NpiEnvelope |
| POST | /npi/list | NpiListRequest | NpiListEnvelope |
| POST | /npi/submit | NpiSubmitRequest | NpiEnvelope |
| POST | /po/approve | PoApproveRequest | PoEnvelope |
| POST | /po/create | PoCreateRequest | PoEnvelope |
| POST | /po/get | PoGetRequest | PoEnvelope |
| POST | /po/issue | PoIssueRequest | PoEnvelope |
| POST | /po/list | PoListRequest | PoListEnvelope |
| POST | /receipt/get | ReceiptGetRequest | ReceiptEnvelope |
| POST | /receipt/list | ReceiptListRequest | ReceiptListEnvelope |
| POST | /receipt/record | ReceiptRecordRequest | ReceiptEnvelope |
| POST | /rtv/create | RtvCreateRequest | RtvEnvelope |
| POST | /rtv/get | RtvGetRequest | RtvEnvelope |
| POST | /rtv/list | RtvListRequest | RtvListEnvelope |
| POST | /rtv/receive | RtvReceiveRequest | RtvEnvelope |
| POST | /vendor/performance/list | VendorPerformanceListRequest | VendorPerformanceListEnvelope |
| POST | /worksheet/create | WorksheetCreateRequest | WorksheetEnvelope |
| POST | /worksheet/get | WorksheetGetRequest | WorksheetEnvelope |
| POST | /worksheet/list | WorksheetListRequest | WorksheetListEnvelope |
| POST | /worksheet/submit | WorksheetSubmitRequest | WorksheetEnvelope |
Error tags
Common tags (see /common/error-tags.html for definitions): validation-error, unauthorized, forbidden, not-found, expected-revision-required, conflict, invalid-state, throttled, internal-error.
Example envelopes
Success envelope (shape-only):
json
{
"success": true,
"data": { "example": "see schema for fields" },
"build": { "build_major": "MONDAY", "build_minor": "0000000000", "build_id": "MONDAY-0000000000" },
"stats": { "call": "example", "service": "pcm", "timestamp_utc": "2026-01-21T00:00:00Z" }
}Error envelope (shape-only):
json
{
"success": false,
"error": {
"error_code": "pcm.conflict_revision",
"http_status": 409,
"retryable": false,
"request_id": "req-123",
"trace_id": "trace-abc",
"major": { "tag": "conflict", "message": { "en_US": "Expected revision does not match the current record." } },
"details": { "expected_revision": "3", "current_revision": "4" },
"conflict_snapshot": { "revision": 4 }
},
"build": { "...": "..." },
"stats": { "call": "example", "service": "pcm", "timestamp_utc": "2026-01-21T00:00:00Z", "request_id": "req-123" }
}Role requirements (by endpoint family)
- Read/list/search:
pcm_view(or owner). - Worksheet/PO create:
pcm_buyer(or owner). - PO approvals:
pcm_po_approve(or owner). - Consignment:
pcm_consignment(or owner).
Idempotency & retries
- Use
expected_revisionfor state changes (submit/approve/issue). - Idempotent write endpoints accept
idempotency_key(ASCII <=128 chars). When supplied, the service replays the original response for 24h; replays with a different payload return 409idempotency-conflict. - Calls without a documented idempotency key are not idempotent.
Common pitfalls
- Facility-scoped calls require
logical_guid. - Matching flows require the correct receipt/invoice references.
- Comment/inbox lists default to
status=current/status=inbox; usestatus=allto include archived/doomed.
Examples (core families)
PO create
json
{ "worksheet_id": "WS_ID", "reason": "replenish", "source_refs": [{ "kind": "worksheet", "id": "WS_ID" }] }Response (shape):
json
{ "success": true, "data": { "po_id": "PO_ID" }, "build": { "...": "..." }, "stats": { "...": "..." } }Receipt record
json
{ "receipt": { "po_id": "PO_ID", "logical_guid": "LOGICAL_GUID", "lines": [{ "variant_id": "VARIANT_ID", "qty": 10 }] }, "reason": "receiving" }Response (shape):
json
{ "success": true, "data": { "receipt_id": "RECEIPT_ID" }, "build": { "...": "..." }, "stats": { "...": "..." } }