Discussions

TL;DR: Creating an order with stops via PATCH /platformModel/objects fails with 403 — order.stops.order has 'viewer' permission, needs 'editor'. This happens even with an Admin service account, and the board's field-permission UI does not offer "editor" for that field. We're blocked from creating orders that have a valid leg (so commodities can't attach). What is the supported way to create an order with stops/legs via the API, and how do we grant write access to order.stops.order?

---

Context / impact: We're building a production integration that creates Rose Rocket orders from PDF load manifests. Everything works (customer, refNum, poNum, shipper/consignee addresses, commodity object) except attaching the commodity to a leg — which requires the order to have origin/destination stops. Until this is resolved, every created order shows "Commodities can only be assigned to a valid leg with an origin and destination," which blocks our go-live.

Request:
PATCH {network_api_url}/platformModel/objects
Envelope: { "boardId": "<orders board>", "objectKey": "order", "json": { ... } }

The json includes a nested stops array:

{
  "status": "new",
  "customer": { "id": "<customer-uuid>" },
  "externalId": "ORD-123",
  "refNum": "ORD-123",
  "stops": [
    {
      "stopType": ["origin"],
      "externalId": "ORD-123-O",
      "location": { "companyName": "...", "address1": "...", "city": "...", "state": "...", "country": "CA", "postalCode": "..." },
      "tasks": [ { "taskType": "pickup", "externalId": "ORD-123-PU", "commodities": [ { "description": "...", "quantity": 1, "weight": 150, "weightUnit": "lbs", "commodityType": "package" } ] } ]
    },
    {
      "stopType": ["destination"],
      "externalId": "ORD-123-D",
      "location": { "companyName": "...", "address1": "...", "city": "...", "state": "...", "country": "CA", "postalCode": "..." },
      "tasks": [ { "taskType": "delivery", "externalId": "ORD-123-DL" } ]
    }
  ]
}

Exact error (every attempt):

403 Forbidden
"User with role 'admin' does not have permission to update the following fields:
  - order.stops.order (has 'viewer' permission, needs 'editor')"

What we've already ruled out (please don't bounce — we've tried these):

• Role: the OAuth service account was raised Manager → Admin. The error only changed from "(needs editor)" to "(has 'viewer' permission, needs 'editor')" — so it is not an account-role issue.
• Field permissions UI: on the Orders board, order.stops.order is set to viewer, and "editor" is not a selectable option — so we cannot grant write access ourselves.
• v1 fallback: we tried the classic full-order-create (POST /api/v1/orders with origin/destination/commodities). It rejects the same customer UUID with "Customer not found" (works fine in platformModel), and GET /api/v1/customers returns 404 — so v1 appears to use a different id space we can't resolve.

Direct questions:

1. What is the supported, documented way to create an order with stops/legs through the API? Is the nested stops shape above correct, or is there a different endpoint/structure?
2. How do we obtain write/editor permission on order.stops.order for a service account, given "editor" is not selectable in the field-permission UI? Is this something only Rose Rocket can enable server-side?
3. If v1 is the intended path, how should the customer be referenced (the platformModel customer UUID is rejected)?

This is actively blocking a production go-live, so any guidance is much appreciated. I can share our org ID, board ID, and service-account email privately — just let me know where to send them. Thank you!