docs: update GET /api/artists to use auth-derived account_id#37
Conversation
Refactor endpoint docs to match the validateAuthContext + buildGet*Params pattern. Rename params to snake_case, make account_id optional, remove personal param, and add 401/403 responses. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
📝 WalkthroughWalkthroughThe OpenAPI specification for the Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~15 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
| "/api/artists": { | ||
| "get": { | ||
| "description": "Retrieve artists accessible to an account. Supports filtering by organization or showing only personal (non-organization) artists.", | ||
| "description": "Retrieve artists accessible to the authenticated account. Requires an API key via x-api-key header or Authorization bearer token.\n\nFor personal API keys: Returns only the key owner's personal artists (not in any organization). The account_id parameter cannot be used.\n\nFor organization API keys: With no filters, returns the key owner's personal artists. Use organization_id to get that organization's artists. Use account_id to filter to a specific member's artists.\n\nFor Recoup admin keys: Same behavior, but account_id can target any account.", |
There was a problem hiding this comment.
Align the security scheme with the bearer-token wording.
The description says bearer tokens are supported, but this operation doesn’t declare bearerAuth, so generated docs/clients will only show x-api-key. Either add the security block or update the description/401 text to API key only.
🔧 Suggested OpenAPI update
"get": {
"description": "Retrieve artists accessible to the authenticated account. Requires an API key via x-api-key header or Authorization bearer token.\n\nFor personal API keys: Returns only the key owner's personal artists (not in any organization). The account_id parameter cannot be used.\n\nFor organization API keys: With no filters, returns the key owner's personal artists. Use organization_id to get that organization's artists. Use account_id to filter to a specific member's artists.\n\nFor Recoup admin keys: Same behavior, but account_id can target any account.",
+ "security": [
+ { "apiKeyAuth": [] },
+ { "bearerAuth": [] }
+ ],
"parameters": [
{
"name": "account_id",
@@
- "401": {
- "description": "Unauthorized - invalid or missing API key",
+ "401": {
+ "description": "Unauthorized - invalid or missing credentials",Also applies to: 480-482
1 participant
Summary
GET /api/artistsdocs to match thevalidateAuthContext+buildGet*ParamspatternaccountId→account_idandorgId→organization_id(snake_case)account_idoptional (derived from auth) and removedpersonalparameterTest plan
🤖 Generated with Claude Code
Summary by CodeRabbit
Release Notes
/api/artistsendpoint specification with clarified authentication requirements and multi-key behavior guidance.accountId→account_id,orgId→organization_id, and replacedpersonalparameter withorganization_id.