diff --git a/mintlify/openapi.yaml b/mintlify/openapi.yaml index 37b71608..a510bc53 100644 --- a/mintlify/openapi.yaml +++ b/mintlify/openapi.yaml @@ -3734,6 +3734,97 @@ paths: application/json: schema: $ref: '#/components/schemas/Error500' + /internal-accounts/{id}/email: + patch: + summary: Update internal account email + description: | + Update the email address used for the `EMAIL_OTP` authentication credential on an Embedded Wallet internal account. + + This is a two-step signed-retry flow: + + 1. Call `PATCH /internal-accounts/{id}/email` with the request body `{ "email": "new.email@example.com" }` and no signature headers. Grid returns `202` with `payloadToSign`, `requestId`, and `expiresAt`. + + 2. Use the session API keypair of a verified authentication credential on the same internal account to build an API-key stamp over `payloadToSign`, then retry with that full stamp as the `Grid-Wallet-Signature` header and the `requestId` echoed back as the `Request-Id` header. The retry body must carry the same `email` submitted in step 1. The signed retry returns `200` with the updated email address. + operationId: updateInternalAccountEmail + tags: + - Internal Accounts + security: + - BasicAuth: [] + parameters: + - name: id + in: path + description: The id of the internal account whose email address should be updated. + required: true + schema: + type: string + - name: Grid-Wallet-Signature + in: header + required: false + description: Full API-key stamp built over the prior `payloadToSign` with the session API keypair of a verified authentication credential on the target internal account. Required on the signed retry; ignored on the initial call. + schema: + type: string + example: eyJwdWJsaWNLZXkiOiIwMmExYjIuLi4iLCJzaWduYXR1cmUiOiIzMDQ1MDIyMTAwLi4uIiwic2NoZW1lIjoiUDI1Nl9FQ0RTQV9TSEEyNTYifQ + - name: Request-Id + in: header + required: false + description: The `requestId` returned in a prior `202` response, echoed back on the signed retry so the server can correlate it with the issued challenge. Required on the signed retry; must be paired with `Grid-Wallet-Signature`. + schema: + type: string + example: 7c4a8d09-ca37-4e3e-9e0d-8c2b3e9a1f21 + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/InternalAccountEmailUpdateRequest' + examples: + updateEmail: + summary: Update email request (both steps) + value: + email: new.email@example.com + responses: + '200': + description: Signed retry accepted. Returns the updated email address. + content: + application/json: + schema: + $ref: '#/components/schemas/InternalAccountEmailUpdateResponse' + '202': + description: Challenge issued. The response contains `payloadToSign` plus a `requestId`. Build an API-key stamp over `payloadToSign` with the session API keypair and echo `requestId` on the retry. + content: + application/json: + schema: + $ref: '#/components/schemas/SignedRequestChallenge' + '400': + description: Bad request + content: + application/json: + schema: + $ref: '#/components/schemas/Error400' + '401': + description: Unauthorized. Returned when the provided `Grid-Wallet-Signature` is missing, malformed, or does not match a pending email update challenge for this internal account, when the `Request-Id` does not match an unexpired pending challenge, or when the retry's `email` does not match the one bound into `payloadToSign` on the initial call. + content: + application/json: + schema: + $ref: '#/components/schemas/Error401' + '404': + description: Internal account not found + content: + application/json: + schema: + $ref: '#/components/schemas/Error404' + '409': + description: Conflict. Returned when the supplied email address is already associated with an `EMAIL_OTP` credential on this or another internal account. + content: + application/json: + schema: + $ref: '#/components/schemas/Error409' + '500': + description: Internal service error + content: + application/json: + schema: + $ref: '#/components/schemas/Error500' /auth/credentials: post: summary: Create an authentication credential @@ -7869,9 +7960,11 @@ components: |------------|-------------| | TRANSACTION_NOT_PENDING_PLATFORM_APPROVAL | Transaction is not pending platform approval | | UMA_ADDRESS_EXISTS | UMA address already exists | + | EMAIL_OTP_EMAIL_ALREADY_EXISTS | Email address is already associated with an EMAIL_OTP credential | enum: - TRANSACTION_NOT_PENDING_PLATFORM_APPROVAL - UMA_ADDRESS_EXISTS + - EMAIL_OTP_EMAIL_ALREADY_EXISTS message: type: string description: Error message @@ -15415,6 +15508,40 @@ components: format: date-time description: Timestamp after which this challenge is no longer valid. The signed retry must be submitted before this time. example: '2026-04-08T15:35:00Z' + InternalAccountEmailUpdateRequest: + title: Internal Account Email Update Request + description: Request body for `PATCH /internal-accounts/{id}/email`. The `email` is required on both steps of the signed-retry flow. On step 1 Grid binds it into `payloadToSign`; on step 2 the client echoes the same `email` back and Grid updates the email address used for the internal account's `EMAIL_OTP` credential. + type: object + required: + - email + properties: + email: + type: string + format: email + description: New email address to associate with the internal account's `EMAIL_OTP` credential. + example: new.email@example.com + InternalAccountEmailUpdateResponse: + title: Internal Account Email Update Response + type: object + required: + - id + - email + - updatedAt + properties: + id: + type: string + description: The id of the internal account whose email address was updated. + example: InternalAccount:019542f5-b3e7-1d02-0000-000000000002 + email: + type: string + format: email + description: Updated email address associated with the internal account's `EMAIL_OTP` credential. + example: new.email@example.com + updatedAt: + type: string + format: date-time + description: Timestamp when the email address was updated. + example: '2026-04-08T15:35:02Z' AuthMethodType: type: string enum: diff --git a/openapi.yaml b/openapi.yaml index 37b71608..a510bc53 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -3734,6 +3734,97 @@ paths: application/json: schema: $ref: '#/components/schemas/Error500' + /internal-accounts/{id}/email: + patch: + summary: Update internal account email + description: | + Update the email address used for the `EMAIL_OTP` authentication credential on an Embedded Wallet internal account. + + This is a two-step signed-retry flow: + + 1. Call `PATCH /internal-accounts/{id}/email` with the request body `{ "email": "new.email@example.com" }` and no signature headers. Grid returns `202` with `payloadToSign`, `requestId`, and `expiresAt`. + + 2. Use the session API keypair of a verified authentication credential on the same internal account to build an API-key stamp over `payloadToSign`, then retry with that full stamp as the `Grid-Wallet-Signature` header and the `requestId` echoed back as the `Request-Id` header. The retry body must carry the same `email` submitted in step 1. The signed retry returns `200` with the updated email address. + operationId: updateInternalAccountEmail + tags: + - Internal Accounts + security: + - BasicAuth: [] + parameters: + - name: id + in: path + description: The id of the internal account whose email address should be updated. + required: true + schema: + type: string + - name: Grid-Wallet-Signature + in: header + required: false + description: Full API-key stamp built over the prior `payloadToSign` with the session API keypair of a verified authentication credential on the target internal account. Required on the signed retry; ignored on the initial call. + schema: + type: string + example: eyJwdWJsaWNLZXkiOiIwMmExYjIuLi4iLCJzaWduYXR1cmUiOiIzMDQ1MDIyMTAwLi4uIiwic2NoZW1lIjoiUDI1Nl9FQ0RTQV9TSEEyNTYifQ + - name: Request-Id + in: header + required: false + description: The `requestId` returned in a prior `202` response, echoed back on the signed retry so the server can correlate it with the issued challenge. Required on the signed retry; must be paired with `Grid-Wallet-Signature`. + schema: + type: string + example: 7c4a8d09-ca37-4e3e-9e0d-8c2b3e9a1f21 + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/InternalAccountEmailUpdateRequest' + examples: + updateEmail: + summary: Update email request (both steps) + value: + email: new.email@example.com + responses: + '200': + description: Signed retry accepted. Returns the updated email address. + content: + application/json: + schema: + $ref: '#/components/schemas/InternalAccountEmailUpdateResponse' + '202': + description: Challenge issued. The response contains `payloadToSign` plus a `requestId`. Build an API-key stamp over `payloadToSign` with the session API keypair and echo `requestId` on the retry. + content: + application/json: + schema: + $ref: '#/components/schemas/SignedRequestChallenge' + '400': + description: Bad request + content: + application/json: + schema: + $ref: '#/components/schemas/Error400' + '401': + description: Unauthorized. Returned when the provided `Grid-Wallet-Signature` is missing, malformed, or does not match a pending email update challenge for this internal account, when the `Request-Id` does not match an unexpired pending challenge, or when the retry's `email` does not match the one bound into `payloadToSign` on the initial call. + content: + application/json: + schema: + $ref: '#/components/schemas/Error401' + '404': + description: Internal account not found + content: + application/json: + schema: + $ref: '#/components/schemas/Error404' + '409': + description: Conflict. Returned when the supplied email address is already associated with an `EMAIL_OTP` credential on this or another internal account. + content: + application/json: + schema: + $ref: '#/components/schemas/Error409' + '500': + description: Internal service error + content: + application/json: + schema: + $ref: '#/components/schemas/Error500' /auth/credentials: post: summary: Create an authentication credential @@ -7869,9 +7960,11 @@ components: |------------|-------------| | TRANSACTION_NOT_PENDING_PLATFORM_APPROVAL | Transaction is not pending platform approval | | UMA_ADDRESS_EXISTS | UMA address already exists | + | EMAIL_OTP_EMAIL_ALREADY_EXISTS | Email address is already associated with an EMAIL_OTP credential | enum: - TRANSACTION_NOT_PENDING_PLATFORM_APPROVAL - UMA_ADDRESS_EXISTS + - EMAIL_OTP_EMAIL_ALREADY_EXISTS message: type: string description: Error message @@ -15415,6 +15508,40 @@ components: format: date-time description: Timestamp after which this challenge is no longer valid. The signed retry must be submitted before this time. example: '2026-04-08T15:35:00Z' + InternalAccountEmailUpdateRequest: + title: Internal Account Email Update Request + description: Request body for `PATCH /internal-accounts/{id}/email`. The `email` is required on both steps of the signed-retry flow. On step 1 Grid binds it into `payloadToSign`; on step 2 the client echoes the same `email` back and Grid updates the email address used for the internal account's `EMAIL_OTP` credential. + type: object + required: + - email + properties: + email: + type: string + format: email + description: New email address to associate with the internal account's `EMAIL_OTP` credential. + example: new.email@example.com + InternalAccountEmailUpdateResponse: + title: Internal Account Email Update Response + type: object + required: + - id + - email + - updatedAt + properties: + id: + type: string + description: The id of the internal account whose email address was updated. + example: InternalAccount:019542f5-b3e7-1d02-0000-000000000002 + email: + type: string + format: email + description: Updated email address associated with the internal account's `EMAIL_OTP` credential. + example: new.email@example.com + updatedAt: + type: string + format: date-time + description: Timestamp when the email address was updated. + example: '2026-04-08T15:35:02Z' AuthMethodType: type: string enum: diff --git a/openapi/components/schemas/errors/Error409.yaml b/openapi/components/schemas/errors/Error409.yaml index b033a67f..86617563 100644 --- a/openapi/components/schemas/errors/Error409.yaml +++ b/openapi/components/schemas/errors/Error409.yaml @@ -16,9 +16,11 @@ properties: |------------|-------------| | TRANSACTION_NOT_PENDING_PLATFORM_APPROVAL | Transaction is not pending platform approval | | UMA_ADDRESS_EXISTS | UMA address already exists | + | EMAIL_OTP_EMAIL_ALREADY_EXISTS | Email address is already associated with an EMAIL_OTP credential | enum: - TRANSACTION_NOT_PENDING_PLATFORM_APPROVAL - UMA_ADDRESS_EXISTS + - EMAIL_OTP_EMAIL_ALREADY_EXISTS message: type: string description: Error message diff --git a/openapi/components/schemas/internal_accounts/InternalAccountEmailUpdateRequest.yaml b/openapi/components/schemas/internal_accounts/InternalAccountEmailUpdateRequest.yaml new file mode 100644 index 00000000..3ea8aa7e --- /dev/null +++ b/openapi/components/schemas/internal_accounts/InternalAccountEmailUpdateRequest.yaml @@ -0,0 +1,16 @@ +title: Internal Account Email Update Request +description: >- + Request body for `PATCH /internal-accounts/{id}/email`. The `email` + is required on both steps of the signed-retry flow. On step 1 Grid + binds it into `payloadToSign`; on step 2 the client echoes the same + `email` back and Grid updates the email address used for the + internal account's `EMAIL_OTP` credential. +type: object +required: + - email +properties: + email: + type: string + format: email + description: New email address to associate with the internal account's `EMAIL_OTP` credential. + example: new.email@example.com diff --git a/openapi/components/schemas/internal_accounts/InternalAccountEmailUpdateResponse.yaml b/openapi/components/schemas/internal_accounts/InternalAccountEmailUpdateResponse.yaml new file mode 100644 index 00000000..069ad0cc --- /dev/null +++ b/openapi/components/schemas/internal_accounts/InternalAccountEmailUpdateResponse.yaml @@ -0,0 +1,21 @@ +title: Internal Account Email Update Response +type: object +required: + - id + - email + - updatedAt +properties: + id: + type: string + description: The id of the internal account whose email address was updated. + example: InternalAccount:019542f5-b3e7-1d02-0000-000000000002 + email: + type: string + format: email + description: Updated email address associated with the internal account's `EMAIL_OTP` credential. + example: new.email@example.com + updatedAt: + type: string + format: date-time + description: Timestamp when the email address was updated. + example: '2026-04-08T15:35:02Z' diff --git a/openapi/openapi.yaml b/openapi/openapi.yaml index 771b4131..d2ae90bf 100644 --- a/openapi/openapi.yaml +++ b/openapi/openapi.yaml @@ -201,6 +201,8 @@ paths: $ref: paths/tokens/tokens_{tokenId}.yaml /internal-accounts/{id}/export: $ref: paths/internal_accounts/internal_accounts_{id}_export.yaml + /internal-accounts/{id}/email: + $ref: paths/internal_accounts/internal_accounts_{id}_email.yaml /auth/credentials: $ref: paths/auth/auth_credentials.yaml /auth/credentials/{id}: diff --git a/openapi/paths/internal_accounts/internal_accounts_{id}_email.yaml b/openapi/paths/internal_accounts/internal_accounts_{id}_email.yaml new file mode 100644 index 00000000..709e0eb9 --- /dev/null +++ b/openapi/paths/internal_accounts/internal_accounts_{id}_email.yaml @@ -0,0 +1,123 @@ +patch: + summary: Update internal account email + description: > + Update the email address used for the `EMAIL_OTP` authentication + credential on an Embedded Wallet internal account. + + + This is a two-step signed-retry flow: + + + 1. Call `PATCH /internal-accounts/{id}/email` with the request body + `{ "email": "new.email@example.com" }` and no signature headers. + Grid returns `202` with `payloadToSign`, `requestId`, and + `expiresAt`. + + + 2. Use the session API keypair of a verified authentication credential + on the same internal account to build an API-key stamp over + `payloadToSign`, then retry with that full stamp as the + `Grid-Wallet-Signature` header and the `requestId` echoed back as + the `Request-Id` header. The retry body must carry the same `email` + submitted in step 1. The signed retry returns `200` with the updated + email address. + operationId: updateInternalAccountEmail + tags: + - Internal Accounts + security: + - BasicAuth: [] + parameters: + - name: id + in: path + description: The id of the internal account whose email address should be updated. + required: true + schema: + type: string + - name: Grid-Wallet-Signature + in: header + required: false + description: >- + Full API-key stamp built over the prior `payloadToSign` with + the session API keypair of a verified authentication credential + on the target internal account. Required on the signed retry; + ignored on the initial call. + schema: + type: string + example: eyJwdWJsaWNLZXkiOiIwMmExYjIuLi4iLCJzaWduYXR1cmUiOiIzMDQ1MDIyMTAwLi4uIiwic2NoZW1lIjoiUDI1Nl9FQ0RTQV9TSEEyNTYifQ + - name: Request-Id + in: header + required: false + description: >- + The `requestId` returned in a prior `202` response, echoed back + on the signed retry so the server can correlate it with the + issued challenge. Required on the signed retry; must be paired + with `Grid-Wallet-Signature`. + schema: + type: string + example: 7c4a8d09-ca37-4e3e-9e0d-8c2b3e9a1f21 + requestBody: + required: true + content: + application/json: + schema: + $ref: ../../components/schemas/internal_accounts/InternalAccountEmailUpdateRequest.yaml + examples: + updateEmail: + summary: Update email request (both steps) + value: + email: new.email@example.com + responses: + '200': + description: Signed retry accepted. Returns the updated email address. + content: + application/json: + schema: + $ref: ../../components/schemas/internal_accounts/InternalAccountEmailUpdateResponse.yaml + '202': + description: >- + Challenge issued. The response contains `payloadToSign` plus a + `requestId`. Build an API-key stamp over `payloadToSign` with + the session API keypair and echo `requestId` on the retry. + content: + application/json: + schema: + $ref: ../../components/schemas/common/SignedRequestChallenge.yaml + '400': + description: Bad request + content: + application/json: + schema: + $ref: ../../components/schemas/errors/Error400.yaml + '401': + description: >- + Unauthorized. Returned when the provided `Grid-Wallet-Signature` + is missing, malformed, or does not match a pending email update + challenge for this internal account, when the `Request-Id` does + not match an unexpired pending challenge, or when the retry's + `email` does not match the one bound into `payloadToSign` on + the initial call. + content: + application/json: + schema: + $ref: ../../components/schemas/errors/Error401.yaml + '409': + description: >- + Conflict. Returned when the supplied email address is already + associated with an `EMAIL_OTP` credential on this or another + internal account. + content: + application/json: + schema: + $ref: ../../components/schemas/errors/Error409.yaml + '404': + description: Internal account not found + content: + application/json: + schema: + $ref: ../../components/schemas/errors/Error404.yaml + '500': + description: Internal service error + content: + application/json: + schema: + $ref: ../../components/schemas/errors/Error500.yaml