docs: add account emails endpoint reference

[arpitgupta1214]

Summary

• add to the API reference
• add the accounts/emails page to the Accounts navigation group
• document success, auth, and error responses to match current endpoint behavior

Testing

• node -e "JSON.parse(require('fs').readFileSync('api-reference/openapi.json','utf8')); console.log('ok')"

---

Summary by cubic

Added API reference for GET /api/accounts/emails to list account email rows with per-account access checks. The endpoint now requires at least one account_id; docs, OpenAPI, and nav updated.

• New Features

  • OpenAPI: GET /api/accounts/emails with required, repeatable account_id query; validates access for each ID; supports apiKeyAuth and bearerAuth.
  • Responses: 200 → AccountEmailsResponse (array; empty if no matches); 401 → StatusErrorResponse; 400 (missing account_id)/403/500 → AccountEmailsErrorResponse.
  • Docs: new “Get Account Emails” page and nav entry under Accounts with a multi-account_id example and requirement noted.

• Bug Fixes

  • Fixed OpenAPI schema for repeated account_id query parameter (array with explode: true).

^{Written for commit 0912f6f. Summary will update on new commits.}

Summary by CodeRabbit

• New Features

  • Added a new API endpoint to retrieve account emails, including support for requesting multiple accounts in one call and standard authentication protection.

• Documentation

  • Published API reference and navigation entry for the account emails endpoint with usage examples, parameters, response details, and error cases.

[coderabbitai]

📝 Walkthrough

Walkthrough

Added a new GET /api/accounts/emails API endpoint and corresponding OpenAPI schemas, plus an MDX reference page and docs navigation entry. The endpoint accepts repeatable account_id query parameters and requires authentication; responses and error schemas were added to the spec.

Changes

Cohort / File(s)	Summary
OpenAPI spec api-reference/openapi.json	Added GET /api/accounts/emails endpoint with optional repeatable account_id (UUID, explode: true). Added schemas: AccountEmailRow, AccountEmailsResponse, AccountEmailsErrorResponse, StatusErrorResponse. Documented responses for 200, 400, 401, 403, 500 and security via apiKeyAuth/bearerAuth.
API docs api-reference/accounts/emails.mdx	New MDX page "Get Account Emails" documenting the endpoint, query parameter usage (repeat account_id), curl example using x-api-key, and authorization behavior (403 if any requested account_id is unauthorized).
Docs navigation docs.json	Added route api-reference/accounts/emails to the Accounts nav group.

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant API as "API Server"
  participant Auth as "Auth Service"
  participant DB as "Database"

  Client->>API: GET /api/accounts/emails?account_id=<id>&...
  API->>Auth: Validate credentials (apiKey/bearer)
  Auth-->>API: 200 OK / 401 Unauthorized
  API->>DB: Query account_emails for requested account_id(s)
  DB-->>API: Return rows (may be empty)
  API->>Client: 200 AccountEmailsResponse / 403 / 400 / 500

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• sweetmantech

Poem

🐰 I hopped through schemas, tidy and bright,
Added an endpoint to fetch emails by night,
Repeat your account_ids, polite as can be,
Docs and OpenAPI — a carrot for thee! 📧🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding API reference documentation for the GET /api/accounts/emails endpoint.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@api-reference/openapi.json`:
- Around line 322-331: The OpenAPI parameter "account_id" is marked repeatable
(explode: true) but its schema is a scalar string; update the parameter
definition for "account_id" so schema.type is "array" with items.type "string"
and items.format "uuid" (preserve required:false and explode:true) so clients
will correctly send/receive multiple account_id values; adjust any examples or
docs referencing "account_id" to reflect an array of UUIDs if present.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 30afb5a7-f3d1-47ea-9144-a282f4b5a31e

📥 Commits

Reviewing files that changed from the base of the PR and between 7882837 and fd0b4b2.

📒 Files selected for processing (3)

• api-reference/accounts/emails.mdx
• api-reference/openapi.json
• docs.json

[cubic-dev-ai]

No issues found across 3 files

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@api-reference/accounts/emails.mdx`:
- Around line 6-16: This MDX page (accounts/emails.mdx) contains custom
descriptive sections and a curl example that must be removed so the file is
frontmatter-only; edit accounts/emails.mdx to delete the prose, curl snippet,
and the authorization note so only the existing frontmatter remains, and then
verify the endpoint's description, examples, and 403 authorization behavior are
present in the OpenAPI spec (api-reference/openapi.json) so Mintlify can
auto-generate the full reference page.

In `@api-reference/openapi.json`:
- Around line 316-323: The account_id query schema currently allows an unbounded
array ("schema" with "type": "array" and "items" of
"type":"string","format":"uuid"); add a "maxItems" (and optionally "minItems" if
empty arrays are invalid) to that schema to bound cardinality — e.g., add
"maxItems": <reasonable_limit> next to the existing "items" definition (and
"minItems": 1 if needed) so tooling/validation enforces the limit; update the
schema where the "account_id" parameter is defined (look for the parameter named
"account_id" and its "schema"/"items" block) and ensure any API docs/tests
reflect the new constraints.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 768d68fe-466b-4693-b2af-7f599f61336e

📥 Commits

Reviewing files that changed from the base of the PR and between fd0b4b2 and f9652dd.

📒 Files selected for processing (2)

• api-reference/accounts/emails.mdx
• api-reference/openapi.json

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

Remove custom content sections—API reference pages should be frontmatter-only.

This file contains custom description text, curl examples, and authorization notes. API reference MDX pages should only contain frontmatter and let Mintlify auto-generate all content from the OpenAPI specification. As per coding guidelines, "API reference MDX pages should be frontmatter-only - do NOT add custom sections (Overview, Availability, etc.) and let Mintlify auto-generate everything from the OpenAPI spec".

📝 Proposed fix to remove custom sections

 ---
 title: 'Get Account Emails'
 openapi: 'GET /api/accounts/emails'
 ---
-
-Retrieve raw `account_emails` rows for one or more accounts the authenticated caller can access.
-
-Repeat the `account_id` query parameter to request multiple accounts:
-
-```bash
-curl --request GET \
-  --url 'https://recoup-api.vercel.app/api/accounts/emails?account_id=24994fe8-e63c-4c4a-867e-f38976e3fd31&account_id=ab1c64cd-4364-415e-abb4-04abbbda368e' \
-  --header 'x-api-key: YOUR_API_KEY'
-```
-
-The server validates access for every requested `account_id`. If any requested account is unauthorized, the request returns `403`.

Ensure that the OpenAPI spec at api-reference/openapi.json contains complete documentation for this endpoint, including descriptions, examples, and authorization behavior, so Mintlify can auto-generate the full reference page.

🧰 Tools

🪛 Betterleaks (1.1.1)

[high] 11-13: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@api-reference/accounts/emails.mdx` around lines 6 - 16, This MDX page
(accounts/emails.mdx) contains custom descriptive sections and a curl example
that must be removed so the file is frontmatter-only; edit accounts/emails.mdx
to delete the prose, curl snippet, and the authorization note so only the
existing frontmatter remains, and then verify the endpoint's description,
examples, and 403 authorization behavior are present in the OpenAPI spec
(api-reference/openapi.json) so Mintlify can auto-generate the full reference
page.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Bound account_id array size in schema.

account_id is repeatable but unbounded. Add maxItems (and optionally minItems if empty requests are not meaningful) to prevent unbounded query cardinality in tooling and validation.

Proposed fix

             "schema": {
               "type": "array",
               "items": {
                 "type": "string",
                 "format": "uuid"
-              }
+              },
+              "maxItems": 100
             },
             "explode": true

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"schema": {
	"type": "array",
	"items": {
	"type": "string",
	"format": "uuid"
	}
	},
	"explode": true
	"schema": {
	"type": "array",
	"items": {
	"type": "string",
	"format": "uuid"
	},
	"maxItems": 100
	},
	"explode": true

🧰 Tools

🪛 Checkov (3.2.513)

[medium] 316-321: Ensure that arrays have a maximum number of items

(CKV_OPENAPI_21)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@api-reference/openapi.json` around lines 316 - 323, The account_id query
schema currently allows an unbounded array ("schema" with "type": "array" and
"items" of "type":"string","format":"uuid"); add a "maxItems" (and optionally
"minItems" if empty arrays are invalid) to that schema to bound cardinality —
e.g., add "maxItems": <reasonable_limit> next to the existing "items" definition
(and "minItems": 1 if needed) so tooling/validation enforces the limit; update
the schema where the "account_id" parameter is defined (look for the parameter
named "account_id" and its "schema"/"items" block) and ensure any API docs/tests
reflect the new constraints.

[cubic-dev-ai]

1 issue found across 2 files (changes from recent commits).

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="api-reference/accounts/emails.mdx">

<violation number="1" location="api-reference/accounts/emails.mdx:6">
P1: Custom agent: **Flag AI Slop and Fabricated Changes**

This MDX file should be frontmatter-only per the repository convention (`AGENTS.md` → "CRITICAL: API reference MDX pages should be frontmatter-only"). All other account endpoint pages (`get.mdx`, `create.mdx`, `id.mdx`, `update.mdx`, `add-artist.mdx`) follow this pattern. The description, parameter docs, curl example, and response behavior belong in `openapi.json` and will be auto-generated by Mintlify from the spec.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review, or fix all with cubic.}

[cubic-dev-ai]

P1: Custom agent: Flag AI Slop and Fabricated Changes

This MDX file should be frontmatter-only per the repository convention (AGENTS.md → "CRITICAL: API reference MDX pages should be frontmatter-only"). All other account endpoint pages (get.mdx, create.mdx, id.mdx, update.mdx, add-artist.mdx) follow this pattern. The description, parameter docs, curl example, and response behavior belong in openapi.json and will be auto-generated by Mintlify from the spec.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At api-reference/accounts/emails.mdx, line 6:

<comment>This MDX file should be frontmatter-only per the repository convention (`AGENTS.md` → "CRITICAL: API reference MDX pages should be frontmatter-only"). All other account endpoint pages (`get.mdx`, `create.mdx`, `id.mdx`, `update.mdx`, `add-artist.mdx`) follow this pattern. The description, parameter docs, curl example, and response behavior belong in `openapi.json` and will be auto-generated by Mintlify from the spec.</comment>

<file context>
@@ -2,3 +2,15 @@
 openapi: 'GET /api/accounts/emails'
 ---
+
+Retrieve raw `account_emails` rows for one or more accounts the authenticated caller can access.
+
+Repeat the `account_id` query parameter to request multiple accounts:
</file context>

[arpitgupta1214]

Closing this migration PR. We are switching to a new plan for the account emails change.