> ## Documentation Index
> Fetch the complete documentation index at: https://docs.adipredictstreet.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Cancel a single order

> Idempotent — a never-existed or already-terminal id returns 200 with `status=not_found`, NOT 404. Authentication scope is checked against the order owner, not the JWT wallet alone.



## OpenAPI

````yaml /api-reference/openapi.json post /api/orders/cancel
openapi: 3.1.0
info:
  title: PredictStreet core-api
  description: >-
    Client-facing HTTP gateway for the PredictStreet prediction-market platform.
    **Partner kinds.** Every authenticated endpoint resolves a request's
    *effective wallet* from the partner row. `single_wallet` partners bind to
    one `associatedWallet` set at creation. `multi_wallet` partners declare the
    actor on every request via an `X-User-Wallet: 0x<40-hex>` header. See the
    [Partner kinds](/auth/api-keys#partner-kinds) doc for the full contract.
  version: '2026-04-25'
  contact:
    name: PredictStreet partners
    email: partners@predictstreet.com
servers:
  - url: https://core-api.adipredictstreet.com
    description: Production — replace with the API host issued at partner onboarding.
security: []
tags:
  - name: Events
    description: >-
      Polymarket-style event grouping with football metadata (group, stage,
      teams, tags).
  - name: Tags
    description: Curated tag taxonomy used to filter events.
  - name: Markets
    description: 'Public market data: list, detail, orderbook, trades, OHLC.'
  - name: Orders
    description: >-
      Signed-order place / cancel / read. Requires `X-Api-Key` with
      `orders:read` / `orders:write` scope; every write additionally requires an
      EIP-712 signature over the order.
  - name: Portfolio
    description: >-
      Balances, positions, trades, fees, vault info for the key's
      `associatedWallet`. Requires `X-Api-Key` with `portfolio:read` scope.
  - name: Matches
    description: >-
      admin.matches aggregate — groups several events into one fixture/card (1X2
      + first-scorer + over-under under one matchup).
  - name: Vault
    description: >-
      Backend co-signatures for ERC-1155 split / merge, and recovery for
      off-chain locks when the corresponding chain tx never confirmed. Requires
      `X-Api-Key` with `vault:write` scope plus an EIP-712 signature over the
      operation.
  - name: Leaderboard
    description: Public ranked leaderboard across PnL / volume buckets.
  - name: Search
    description: Global search across users, events, and matches.
paths:
  /api/orders/cancel:
    post:
      tags:
        - Orders
      summary: Cancel a single order
      description: >-
        Idempotent — a never-existed or already-terminal id returns 200 with
        `status=not_found`, NOT 404. Authentication scope is checked against the
        order owner, not the JWT wallet alone.
      operationId: OrdersController_cancel
      parameters:
        - $ref: '#/components/parameters/UserWalletHeader'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CancelOrderDto'
              type: object
              required:
                - orderId
              properties:
                orderId:
                  type: string
      responses:
        '200':
          description: ''
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CancelOrderRespDto'
        '201':
          description: >-
            Cancel request forwarded to exchange-service. Response mirrors the
            service's cancellation envelope.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorEnvelope'
                type: object
        '400':
          description: Missing or malformed orderId.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorEnvelope'
        '401':
          description: Missing or invalid auth.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorEnvelope'
        '403':
          description: API-key caller is missing the orders:write scope.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorEnvelope'
        '429':
          description: Rate-limited (20 per second per wallet).
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorEnvelope'
      security:
        - ApiKeyAuth:
            - orders:write
components:
  parameters:
    UserWalletHeader:
      name: X-User-Wallet
      in: header
      required: false
      description: >-
        **Required for `multi_wallet` partners on every authenticated request;
        ignored for `single_wallet`.** Declares the acting end-user wallet for
        this request — drives KYC checks, balances/positions/orders attribution,
        rate-limit buckets, and audit. Lower-cased server-side. Missing on a
        multi_wallet key → 401 `api_key_user_wallet_required`; malformed → 401
        `api_key_user_wallet_invalid`. The on-chain `CTFExchange`/`Vault`
        contracts still verify EIP-712 signer ↔ vault binding, so loosening
        API-layer attribution is safe by construction.
      schema:
        $ref: '#/components/schemas/EthereumAddress'
      example: '0x1234567890abcdef1234567890abcdef12345678'
  schemas:
    CancelOrderDto:
      type: object
      properties:
        orderId:
          type: string
          description: Server-side order id (UUID).
      required:
        - orderId
    CancelOrderRespDto:
      type: object
      properties:
        orderId:
          type: string
          description: Server-side order id (echoes the request).
        status:
          type: string
          enum:
            - cancelled
            - not_found
          description: >-
            Cancel outcome. `not_found` is returned (200, NOT 404) when the id
            never existed for this wallet OR was already terminal — keeps the
            cancel call idempotent (audit M6).
        unfilledQty:
          type: string
          description: >-
            Quantity that was still unfilled at cancel time (only set when
            status=cancelled).
      required:
        - orderId
        - status
    ErrorEnvelope:
      type: object
      required:
        - error
      properties:
        status:
          type: integer
          example: 400
        error:
          type: object
          required:
            - code
            - message
          properties:
            code:
              type: string
              example: bad_request
            message:
              type: string
            details:
              type: object
              additionalProperties: true
            trace_id:
              type: string
    EthereumAddress:
      type: string
      pattern: ^0x[a-fA-F0-9]{40}$
      example: '0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb3'
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: X-Api-Key
      description: >-
        Partner / integrator key — format `ps_live_<keyId>_<secret>`. Issued by
        PredictStreet ops on request; never self-service. Never ship to a
        browser. `multi_wallet` partners must additionally send `X-User-Wallet:
        0x<40-hex>` on every authenticated request to declare the acting wallet.
        See the [API keys guide](/auth/api-keys) for scope taxonomy, partner
        kinds, rate limits, and rotation procedure.

````