docs: account_id override for DELETE /api/artists/{id} and GET /api/chats/{id}/messages#247
Conversation
…hats/{id}/messages
Documents the optional admin/org account_id override on two account-scoped
endpoints (chat#1811):
- DELETE /api/artists/{id}: optional account_id request body + 400 for invalid UUID
- GET /api/chats/{id}/messages: optional account_id query param (accountId alias) + 400
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Warning Review limit reached
More reviews will be available in 38 minutes and 34 seconds. Learn how PR review limits work. Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file). ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate. For paid Pro and Pro+ PR reviews, CodeRabbit uses rolling per-developer review limits. Reviews become available again as older review attempts age out of the rolling limit window. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
| { | ||
| "name": "account_id", | ||
| "in": "query", | ||
| "description": "Read messages in the context of a specific account. Only applicable when the authenticated account has access to multiple accounts via organization membership or Recoup admin access. The camelCase alias accountId is also accepted. If not provided, access is resolved against the API key's own account.", |
There was a problem hiding this comment.
KISS
- why does this accept both snake and camel case? What is the general pattern in our docs / API? Does the pattern. here follow or deviate from the standard pattern?
There was a problem hiding this comment.
Good catch — it deviated from the standard, so I dropped the camelCase alias.
Standard pattern (query params): snake_case account_id only.
- API code: all 10 query-param handlers read only
searchParams.get("account_id")— there's zero precedent for reading a camelCaseaccountIdfrom the query string (validateGetChatsRequest,validateGetArtistsRequest,validateGetTaskRunQuery, sandbox/connectors/pulse/orgs/admin handlers). - Docs: none of the existing
account_idquery params (accounts.json,releases.json,content.json,social.json) document a camelCase alias.
So documenting accountId here would have advertised an alias the implementation won't honor. Fixed in 5a71523 — description is now snake-only and tightened to match the house wording. Flagging for the impl PR (recoupable/api#694): read the override from account_id only, to stay consistent with the other 10 handlers.
…param convention Query params across the API and docs use snake_case account_id only (10 handlers, all existing account_id query params). Removing the camelCase accountId alias and tightening the description per review. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
1 issue found across 2 files (changes from recent commits).
Tip: Review your code locally with the cubic CLI to iterate faster.
Re-trigger cubic
The override param is redundant for this endpoint: the chat is fully
identified by the path {id}, and selectRoom already resolves room.account_id,
so admin access should be handled by an admin-aware access check in
validateChatAccess (RECOUP_ORG bypass), not by an extra query param the
caller would have to supply. Keeps the DELETE /api/artists/{id} body
override, where the param is load-bearing (it names whose ownership link
to drop).
Refs recoupable/chat#1811
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Rolled back the This PR now scopes to the |
Contract for the admin account-override work tracked in recoupable/chat#1811. Documents the optional
account_idoverride on the first two flagged endpoints so the docs land before the API implementations.What changed
DELETE /api/artists/{id}(releases.json)account_idrequest body (UUID) — lets a caller with multi-account access (org members / Recoup admins) delete an artist in another account's context.400response for an invalidaccount_idUUID.GET /api/chats/{id}/messages(research.json)account_idquery param (camelCaseaccountIdalias also accepted) — lets a caller read another account's chat messages.400description to cover an invalidaccount_id.Both mirror the existing override docs on
POST /api/artists(body) andGET /api/artists(query). Diffs are additive; both JSON specs validate.Merge order
This docs PR lands first, then the two API PRs:
mainDELETE /api/artists/{id}override → apitestGET /api/chats/{id}/messagesoverride → apitestTracking issue: recoupable/chat#1811
Summary by cubic
Adds docs for an optional account_id override on DELETE /api/artists/{id} so org/admin users can delete an artist in another account’s context. Also documents a 400 error for an invalid account_id UUID.
Written for commit c3bf9bb. Summary will update on new commits.