Skip to content

docs: account_id override for DELETE /api/artists/{id} and GET /api/chats/{id}/messages#247

Merged
sweetmantech merged 5 commits into
mainfrom
docs/admin-override-delete-artist-chat-messages
Jun 23, 2026
Merged

docs: account_id override for DELETE /api/artists/{id} and GET /api/chats/{id}/messages#247
sweetmantech merged 5 commits into
mainfrom
docs/admin-override-delete-artist-chat-messages

Conversation

@sweetmantech

@sweetmantech sweetmantech commented Jun 22, 2026

Copy link
Copy Markdown
Collaborator

Contract for the admin account-override work tracked in recoupable/chat#1811. Documents the optional account_id override on the first two flagged endpoints so the docs land before the API implementations.

What changed

DELETE /api/artists/{id} (releases.json)

  • Adds an optional account_id request body (UUID) — lets a caller with multi-account access (org members / Recoup admins) delete an artist in another account's context.
  • Adds a 400 response for an invalid account_id UUID.
  • Updates the endpoint description.

GET /api/chats/{id}/messages (research.json)

  • Adds an optional account_id query param (camelCase accountId alias also accepted) — lets a caller read another account's chat messages.
  • Broadens the 400 description to cover an invalid account_id.
  • Updates the endpoint description.

Both mirror the existing override docs on POST /api/artists (body) and GET /api/artists (query). Diffs are additive; both JSON specs validate.

Merge order

This docs PR lands first, then the two API PRs:

  1. 📄 docs (this PR) → main
  2. ⚙️ DELETE /api/artists/{id} override → api test
  3. ⚙️ GET /api/chats/{id}/messages override → api test

Tracking issue: recoupable/chat#1811


Summary by cubic

Adds docs for an optional account_id override on DELETE /api/artists/{id} so org/admin users can delete an artist in another account’s context. Also documents a 400 error for an invalid account_id UUID.

  • New Features
    • DELETE /api/artists/{id}: optional account_id in JSON body; 400 for invalid UUID.

Written for commit c3bf9bb. Summary will update on new commits.

Review in cubic

…hats/{id}/messages

Documents the optional admin/org account_id override on two account-scoped
endpoints (chat#1811):
- DELETE /api/artists/{id}: optional account_id request body + 400 for invalid UUID
- GET /api/chats/{id}/messages: optional account_id query param (accountId alias) + 400

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jun 22, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@sweetmantech, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 38 minutes and 34 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses rolling per-developer review limits. Reviews become available again as older review attempts age out of the rolling limit window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0b4c5a4d-e260-4b3f-a5e3-df55b46293c4

📥 Commits

Reviewing files that changed from the base of the PR and between f2d9387 and c3bf9bb.

📒 Files selected for processing (1)
  • api-reference/openapi/releases.json
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch docs/admin-override-delete-artist-chat-messages

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@mintlify

mintlify Bot commented Jun 22, 2026

Copy link
Copy Markdown

Preview deployment for your docs. Learn more about Mintlify Previews.

Project Status Preview Updated (UTC)
recoup-docs 🟢 Ready View Preview Jun 22, 2026, 12:19 AM

💡 Tip: Enable Workflows to automatically generate PRs for you.

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

Re-trigger cubic

Comment thread api-reference/openapi/releases.json Outdated
Comment thread api-reference/openapi/research.json Outdated
Comment thread api-reference/openapi/research.json Outdated
{
"name": "account_id",
"in": "query",
"description": "Read messages in the context of a specific account. Only applicable when the authenticated account has access to multiple accounts via organization membership or Recoup admin access. The camelCase alias accountId is also accepted. If not provided, access is resolved against the API key's own account.",

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

KISS

  • why does this accept both snake and camel case? What is the general pattern in our docs / API? Does the pattern. here follow or deviate from the standard pattern?

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch — it deviated from the standard, so I dropped the camelCase alias.

Standard pattern (query params): snake_case account_id only.

  • API code: all 10 query-param handlers read only searchParams.get("account_id") — there's zero precedent for reading a camelCase accountId from the query string (validateGetChatsRequest, validateGetArtistsRequest, validateGetTaskRunQuery, sandbox/connectors/pulse/orgs/admin handlers).
  • Docs: none of the existing account_id query params (accounts.json, releases.json, content.json, social.json) document a camelCase alias.

So documenting accountId here would have advertised an alias the implementation won't honor. Fixed in 5a71523 — description is now snake-only and tightened to match the house wording. Flagging for the impl PR (recoupable/api#694): read the override from account_id only, to stay consistent with the other 10 handlers.

…param convention

Query params across the API and docs use snake_case account_id only
(10 handlers, all existing account_id query params). Removing the
camelCase accountId alias and tightening the description per review.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 issue found across 2 files (changes from recent commits).

Tip: Review your code locally with the cubic CLI to iterate faster.

Re-trigger cubic

Comment thread api-reference/openapi/research.json
The override param is redundant for this endpoint: the chat is fully
identified by the path {id}, and selectRoom already resolves room.account_id,
so admin access should be handled by an admin-aware access check in
validateChatAccess (RECOUP_ORG bypass), not by an extra query param the
caller would have to supply. Keeps the DELETE /api/artists/{id} body
override, where the param is load-bearing (it names whose ownership link
to drop).

Refs recoupable/chat#1811

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@sweetmantech sweetmantech merged commit 3137c0c into main Jun 23, 2026
3 checks passed
@sweetmantech

Copy link
Copy Markdown
Collaborator Author

Rolled back the account_id query param on GET /api/chats/{id}/messages (c3bf9bb). On review, the override is redundant for that endpoint: the chat is fully identified by the path {id} and selectRoom already resolves room.account_id, so admin access belongs in an admin-aware access check (RECOUP_ORG bypass in validateChatAccess), not in an extra query param the caller would have to supply. api#694 will implement the bypass; no contract change needed for that endpoint.

This PR now scopes to the DELETE /api/artists/{id} body override only, where the param is load-bearing (it names whose ownership link to drop). Rationale + corrected root-cause analysis in recoupable/chat#1811.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant