feat(api): add DELETE endpoint for merchant accounts in v2 #8727
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add delete route to v2 merchant account API endpoints to enable
deletion of merchant accounts via DELETE /v2/merchant-accounts/{id}.
The implementation reuses existing v2 delete handler with proper
authentication and follows v2 API patterns.
Fixes #8717
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
|
Review changes with Changed Files
|
- Add comprehensive v2 merchant account deletion with proper cleanup - Implement v2-specific authentication with JWT and Permission::MerchantAccountWrite - Add systematic deletion of merchant account and key store data - Include proper config cleanup and API key revocation - Use robust error handling and logging for audit trail - Maintain atomicity of core deletion operations This addresses the missing delete functionality in v2 merchant account management, ensuring proper cleanup of all merchant-related data while following v2 API patterns. Fixes #8717 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
inventvenkat
commented
Jul 23, 2025
crates/router/src/routes/admin.rs
Outdated
| auth::auth_type( | ||
| &auth::V2AdminApiAuth, | ||
| &auth::JWTAuthMerchantFromRoute { | ||
| merchant_id: merchant_id.clone(), |
There was a problem hiding this comment.
No need of JWTAuth here, only admin api should be able to delete merchants.
crates/router/src/core/admin.rs
Outdated
| } | ||
|
|
||
| // Delete configuration entries | ||
| if let Err(err) = db |
There was a problem hiding this comment.
No need to delete configuration entries
…etion - Remove JWT authentication as per review comment: "No need of JWTAuth here, only admin api should be able to delete merchants" - Remove configuration deletion logic as per review comment: "No need to delete configuration entries" - Use simple V2AdminApiAuth for admin-only access - Simplify payload creation without unnecessary cloning 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add v2 delete merchant account endpoint specification with proper path: `/v2/merchant-accounts/{id}`
- Include comprehensive response documentation (200, 400, 404, 401)
- Add endpoint to OpenAPI v2 routes for automatic documentation generation
- Use admin API key authentication as per security requirements
- Update generated OpenAPI spec file with new endpoint
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
…delete BREAKING CHANGE: Merchant account deletion now performs soft delete instead of hard delete - Replace hard deletion with soft delete approach for data preservation - Merchant account data is preserved in database for audit trails and compliance - API keys are still revoked for security (making account effectively unusable) - Comprehensive audit logging for deletion events with timestamps - Updated OpenAPI documentation to reflect soft delete behavior - Maintains same API response format for backward compatibility Benefits: - Data integrity preserved for audit and compliance requirements - Better recovery options if deletion was accidental - Maintains referential integrity with related data - Security through API key revocation rather than data destruction 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
hyperswitch-bot
bot
added
the
M-api-contract-changes
inventvenkat
force-pushed
the
feature/v2-delete-merchant-account
branch
from
d21d514 to
7aa8a68
Compare
- Update soft delete implementation to mark merchant as deleted in metadata
- Add validation in API key creation to check merchant deletion status
- Prevent security gap where soft-deleted merchants could create new API keys
- Maintain audit trail with deletion timestamp and type
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
inventvenkat
force-pushed
the
feature/v2-delete-merchant-account
branch
from
7aa8a68 to
907bcc4
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
DELETE /v2/merchant-accounts/{id}Changes Made
crates/router/src/routes/app.rsto add delete route to v2 merchant account scopeTest Plan
just check_v2)/v2/merchant-accounts/{id})Related Issue
Fixes #8717
🤖 Generated with Claude Code