`PATCH /api/projects/{id}/backlog/order` (ADR 0039 S9 / L68). RBAC: workspace member (any role), via the same `authorized_workspace` gate as the single-item PATCH. Applies a WHOLE board-column reorder plan (`[{item_id, priority}]`) in ONE server-side transaction — the board sends its computed plan as a single request instead of N sequential per-card PATCHes. The project must own every targeted item (404 otherwise); a plan referencing a terminal (`done`) item is rejected whole (422). Audited + published over the WS hub once.
const url = 'https://example.com/api/projects/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/backlog/order';const options = { method: 'PATCH', headers: {'Content-Type': 'application/json'}, body: '{"items":[{"item_id":"2489E9AD-2EE2-8E00-8EC9-32D5F69181C0","priority":1}]}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request PATCH \ --url https://example.com/api/projects/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/backlog/order \ --header 'Content-Type: application/json' \ --data '{ "items": [ { "item_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0", "priority": 1 } ] }'Parameters
Section titled “Parameters”Path Parameters
Section titled “Path Parameters”Project ID
Request Bodyrequired
Section titled “Request Bodyrequired”The batch reorder body: the FULL priority plan the board computes once for a drag, applied in ONE request (L68 — no longer one PATCH per shifted card).
object
One entry of a batch reorder plan (ADR 0039 S9 / L68): assign priority to
item_id. priority is nullable (a null sinks the card, sorts NULLS LAST) —
mirroring the single-item PATCH’s priority semantics.
object
Examplegenerated
{ "items": [ { "item_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0", "priority": 1 } ]}Responses
Section titled “Responses”The batch reorder response: how many items were re-prioritized.
object
Examplegenerated
{ "reordered": 1}Reorder plan references a terminal (done) item; the whole plan is rejected
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}