docs(openapi): derive delegated key funding source

[DhruvPareek]

Summary

• keep Card.fundingSources as internal-account id strings; do not expose CardFundingSource ids from card responses
• update POST /auth/delegated-keys to accept cardId and internalAccountId instead of fundingSourceId
• document that Grid derives the active card funding-source binding from the (cardId, internalAccountId) pair

Validation

• npm run build:openapi
• npm run lint:openapi

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
grid-flow-builder	Ignored	Preview	Jun 23, 2026 3:38am
grid-wallet-demo	Ignored	Preview	Jun 23, 2026 3:38am

[github-actions]

⚠️ Breaking OpenAPI changes detected

This PR introduces breaking changes to openapi.yaml:

API Changelog 2025-10-13 vs. 2025-10-13

API Changes

POST /auth/delegated-keys

• ⚠️ added the new required request property cardId
• ⚠️ added the new required request property internalAccountId
• ⚠️ removed the request property fundingSourceId

---

Detected by oasdiff. This PR will need approval from an API reviewer before merge.

[github-actions]

✱ Stainless preview builds for grid

This PR will update the grid SDKs with the following commit messages.

cli

docs(api): clarify account-id parameter description in cards list

csharp

feat(api): add FundingSource model to Card, rename CardTransaction Status enum

go

feat(api): return CardFundingSource objects in Card fundingSources field

kotlin

feat(api): add FundingSource model, update Card fundingSources to structured type

openapi

feat(api): add id and status fields to Card fundingSources

php

feat(api): add FundingSource model, expand Card.fundingSources to objects

python

feat(api): add FundingSource model and expand Card funding_sources field

ruby

fix(types): change card funding_sources from strings to FundingSource objects

typescript

feat(api): expand fundingSources to objects with status in cards responses

✅ grid-openapi studio · code

Your SDK build had at least one "note" diagnostic.
generate ✅

✅ grid-typescript studio · code

Your SDK build had at least one "note" diagnostic.
generate ✅ → build ⏭️ → lint ⏭️ → test ✅

✅ grid-ruby studio · code

Your SDK build had at least one "note" diagnostic.
generate ✅ → build ⏭️ → lint ✅ → test ✅

⚠️ grid-go studio · code

Your SDK build had a failure in the lint CI job, which is a regression from the base state.
generate ✅ → build ⏭️ → lint ❗ → test ❗

go get github.com/stainless-sdks/grid-go@46e6dafb7b3ad95576c24ed6da3e388898a7871e

✅ grid-kotlin studio · code

Your SDK build had at least one "note" diagnostic.
generate ✅ → build ⏭️ → lint ⏭️ → test ✅

⚠️ grid-python studio · code

Your SDK build had a failure in the test CI job, which is a regression from the base state.
generate ✅ → build ⏭️ → lint ⏭️ → test ❗

⚠️ grid-csharp studio · code

Your SDK build had a failure in the test CI job, which is a regression from the base state.
generate ⚠️ → build ⏭️ → lint ⏭️ → test ❗

✅ grid-php studio · code

Your SDK build had at least one "note" diagnostic.
generate ✅ → lint ✅ → test ✅

⚠️ grid-cli studio · code

Your SDK build had a failure in the test CI job, which is a regression from the base state.
generate ⚠️ → build ⏭️ → lint ⏭️ → test ❗

---

This comment is auto-generated by GitHub Actions and is automatically kept up to date as you push.
If you push custom code to the preview branch, re-run this workflow to update the comment.
Last updated: 2026-06-23 04:27:02 UTC

[greptile-apps]

Greptile Summary

This PR updates the POST /auth/delegated-keys OpenAPI spec to replace the single fundingSourceId field with cardId + internalAccountId, letting Grid derive the active card funding-source binding server-side rather than requiring the caller to know the opaque CardFundingSource ID. All prose, examples, and 404 descriptions are updated consistently.

• Schema change: DelegatedKeyCreateRequest now requires cardId (type Card:…) and internalAccountId (type InternalAccount:…); fundingSourceId is removed.
• Documentation: Step 2 of the three-leg flow, the post-activation paragraph, and the 404 description are all updated to reflect the new (cardId, internalAccountId) lookup model.
• Consistency: Changes are applied identically to the source YAML files (openapi/components/schemas/…, openapi/paths/…) and the generated bundles (openapi.yaml, mintlify/openapi.yaml).

Confidence Score: 5/5

Safe to merge — documentation-only change with no application logic affected.

All four changed files are OpenAPI YAML (two source files, two generated bundles). The schema replacement of fundingSourceId with cardId + internalAccountId is internally consistent across all files, examples use correctly prefixed IDs, and the three-leg flow description remains accurate. No logic, auth, or data paths are touched.

No files require special attention.

Important Files Changed

Filename	Overview
openapi/components/schemas/auth/DelegatedKeyCreateRequest.yaml	Replaces fundingSourceId with cardId + internalAccountId; both are required strings with correct example ID formats and clear descriptions.
openapi/paths/auth/auth_delegated-keys.yaml	Endpoint description and example updated to use cardId/internalAccountId; 404 description expanded to cover the new lookup steps; prose is consistent with the schema change.
openapi.yaml	Generated bundle — changes mirror the source YAML edits exactly; regenerated via make build as expected per CLAUDE.md.
mintlify/openapi.yaml	Mintlify-specific generated bundle — identical diff to root openapi.yaml, consistent with the build pipeline.

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
    participant Client
    participant Grid
    participant Turnkey

    Client->>Grid: "POST /auth/delegated-keys {cardId, internalAccountId, nickname}"
    Grid->>Grid: Derive active CardFundingSource from (cardId, internalAccountId)
    Grid->>Turnkey: Generate P-256 keypair, create non-root Turnkey user
    Grid-->>Client: "202 {payloadToSign, requestId, expiresAt}"

    Client->>Client: Stamp payloadToSign with session keypair of internalAccount credential
    Client->>Grid: POST /auth/delegated-keys + Grid-Wallet-Signature + Request-Id
    Grid-->>Client: "202 {payloadToSign, requestId, expiresAt}"

    Client->>Client: Stamp new payloadToSign with same session keypair
    Client->>Grid: POST /auth/delegated-keys + Grid-Wallet-Signature + Request-Id
    Grid->>Turnkey: Attach signing policy to user
    Grid-->>Client: "201 {DelegatedKey ACTIVE}"

Loading

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
    participant Client
    participant Grid
    participant Turnkey

    Client->>Grid: "POST /auth/delegated-keys {cardId, internalAccountId, nickname}"
    Grid->>Grid: Derive active CardFundingSource from (cardId, internalAccountId)
    Grid->>Turnkey: Generate P-256 keypair, create non-root Turnkey user
    Grid-->>Client: "202 {payloadToSign, requestId, expiresAt}"

    Client->>Client: Stamp payloadToSign with session keypair of internalAccount credential
    Client->>Grid: POST /auth/delegated-keys + Grid-Wallet-Signature + Request-Id
    Grid-->>Client: "202 {payloadToSign, requestId, expiresAt}"

    Client->>Client: Stamp new payloadToSign with same session keypair
    Client->>Grid: POST /auth/delegated-keys + Grid-Wallet-Signature + Request-Id
    Grid->>Turnkey: Attach signing policy to user
    Grid-->>Client: "201 {DelegatedKey ACTIVE}"

Loading

_{Reviews (3): Last reviewed commit: "docs(openapi): derive delegated key fund..." | Re-trigger Greptile}