diff --git a/.stainless/stainless.yml b/.stainless/stainless.yml index feafbfed..7345cc18 100644 --- a/.stainless/stainless.yml +++ b/.stainless/stainless.yml @@ -437,6 +437,9 @@ resources: verify: endpoint: post /auth/credentials/{id}/verify body_param_name: AuthCredentialVerifyRequest + update: + endpoint: patch /auth/credentials/{id} + body_param_name: AuthCredentialUpdateRequest challenge: post /auth/credentials/{id}/challenge list: endpoint: get /auth/credentials @@ -448,6 +451,7 @@ resources: auth_session: '#/components/schemas/AuthSession' auth_credential_list_response: '#/components/schemas/AuthCredentialListResponse' auth_credential_create_request: '#/components/schemas/AuthCredentialCreateRequest' + auth_credential_update_request: '#/components/schemas/AuthCredentialUpdateRequest' auth_credential_verify_request: '#/components/schemas/AuthCredentialVerifyRequest' auth_credential_create_request_one_of: '#/components/schemas/AuthCredentialCreateRequestOneOf' auth_credential_verify_request_one_of: '#/components/schemas/AuthCredentialVerifyRequestOneOf' diff --git a/mintlify/openapi.yaml b/mintlify/openapi.yaml index ceb46df9..bf6fdd7b 100644 --- a/mintlify/openapi.yaml +++ b/mintlify/openapi.yaml @@ -3955,6 +3955,114 @@ paths: schema: $ref: '#/components/schemas/Error500' /auth/credentials/{id}: + patch: + summary: Update an authentication credential + description: | + Update mutable fields on an authentication credential for an Embedded Wallet internal account. Today this supports updating the email address used by an `EMAIL_OTP` credential. + + This is a two-step signed-retry flow: + + 1. Call `PATCH /auth/credentials/{id}` with the request body `{ "email": "new.email@example.com" }` and no signature headers. Grid returns `202` with `payloadToSign`, `requestId`, and `expiresAt`. + + 2. Use the session API keypair of a verified authentication credential on the same internal account to build an API-key stamp over `payloadToSign`, then retry with that full stamp as the `Grid-Wallet-Signature` header and the `requestId` echoed back as the `Request-Id` header. The retry body must carry the same update fields submitted in step 1. The signed retry returns `200` with the updated `AuthMethod`. + operationId: updateAuthCredential + tags: + - Embedded Wallet Auth + security: + - BasicAuth: [] + parameters: + - name: id + in: path + description: The id of the authentication credential to update (the `id` field of the `AuthMethod` returned from `POST /auth/credentials`). + required: true + schema: + type: string + - name: Grid-Wallet-Signature + in: header + required: false + description: Full API-key stamp built over the prior `payloadToSign` with the session API keypair of a verified authentication credential on the same internal account. Required on the signed retry; ignored on the initial call. + schema: + type: string + example: eyJwdWJsaWNLZXkiOiIwMmExYjIuLi4iLCJzaWduYXR1cmUiOiIzMDQ1MDIyMTAwLi4uIiwic2NoZW1lIjoiUDI1Nl9FQ0RTQV9TSEEyNTYifQ + - name: Request-Id + in: header + required: false + description: The `requestId` returned in a prior `202` response, echoed back on the signed retry so the server can correlate it with the issued challenge. Required on the signed retry; must be paired with `Grid-Wallet-Signature`. + schema: + type: string + example: 7c4a8d09-ca37-4e3e-9e0d-8c2b3e9a1f21 + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/AuthCredentialUpdateRequest' + examples: + updateEmail: + summary: Update email OTP address request (both steps) + value: + email: new.email@example.com + responses: + '200': + description: Signed retry accepted. Returns the updated authentication credential. + content: + application/json: + schema: + $ref: '#/components/schemas/AuthMethodResponse' + examples: + emailOtp: + summary: Email OTP credential updated + value: + id: AuthMethod:019542f5-b3e7-1d02-0000-000000000001 + accountId: InternalAccount:019542f5-b3e7-1d02-0000-000000000002 + type: EMAIL_OTP + nickname: new.email@example.com + createdAt: '2026-04-08T15:30:01Z' + updatedAt: '2026-04-08T15:35:02Z' + '202': + description: Challenge issued. The response contains `payloadToSign` plus a `requestId`. Build an API-key stamp over `payloadToSign` with the session API keypair and echo `requestId` on the retry. + content: + application/json: + schema: + $ref: '#/components/schemas/AuthSignedRequestChallenge' + examples: + emailOtp: + summary: Email OTP credential update challenge + value: + type: EMAIL_OTP + payloadToSign: '{"requestId":"7c4a8d09-ca37-4e3e-9e0d-8c2b3e9a1f21","id":"AuthMethod:019542f5-b3e7-1d02-0000-000000000001","email":"new.email@example.com","expiresAt":"2026-04-08T15:35:00Z"}' + requestId: 7c4a8d09-ca37-4e3e-9e0d-8c2b3e9a1f21 + expiresAt: '2026-04-08T15:35:00Z' + '400': + description: Bad request. Also returned when attempting to update a field that is not supported for the target credential type. + content: + application/json: + schema: + $ref: '#/components/schemas/Error400' + '401': + description: Unauthorized. Returned when the provided `Grid-Wallet-Signature` is missing, malformed, or does not match a pending credential update challenge, when the `Request-Id` does not match an unexpired pending challenge, or when the retry body does not match the update fields bound into `payloadToSign` on the initial call. + content: + application/json: + schema: + $ref: '#/components/schemas/Error401' + '404': + description: Authentication credential not found + content: + application/json: + schema: + $ref: '#/components/schemas/Error404' + '409': + description: Conflict. Returned when the supplied email address is already associated with an `EMAIL_OTP` credential on this or another internal account. + content: + application/json: + schema: + $ref: '#/components/schemas/Error409' + '500': + description: Internal service error + content: + application/json: + schema: + $ref: '#/components/schemas/Error500' delete: summary: Revoke an authentication credential description: | @@ -7869,9 +7977,11 @@ components: |------------|-------------| | TRANSACTION_NOT_PENDING_PLATFORM_APPROVAL | Transaction is not pending platform approval | | UMA_ADDRESS_EXISTS | UMA address already exists | + | EMAIL_OTP_EMAIL_ALREADY_EXISTS | Email address is already associated with an EMAIL_OTP credential | enum: - TRANSACTION_NOT_PENDING_PLATFORM_APPROVAL - UMA_ADDRESS_EXISTS + - EMAIL_OTP_EMAIL_ALREADY_EXISTS message: type: string description: Error message @@ -15602,7 +15712,7 @@ components: unevaluatedProperties: false AuthSignedRequestChallenge: title: Authentication Signed Request Challenge - description: 202 response returned from Embedded Wallet Auth endpoints that require a signed retry — `POST /auth/credentials` (adding an additional credential), `DELETE /auth/credentials/{id}` (revoking a credential), and `DELETE /auth/sessions/{id}` (revoking a session). Carries the signing fields from `SignedRequestChallenge` plus the `type` of the authentication credential involved (being added, being revoked, or that issued the session being revoked). The client already knows the target resource id from the request path / body it just sent, so nothing beyond `type` is echoed in the response. + description: 202 response returned from Embedded Wallet Auth endpoints that require a signed retry — `POST /auth/credentials` (adding an additional credential), `PATCH /auth/credentials/{id}` (updating a credential), `DELETE /auth/credentials/{id}` (revoking a credential), and `DELETE /auth/sessions/{id}` (revoking a session). Carries the signing fields from `SignedRequestChallenge` plus the `type` of the authentication credential involved (being added, updated, revoked, or that issued the session being revoked). The client already knows the target resource id from the request path / body it just sent, so nothing beyond `type` is echoed in the response. allOf: - $ref: '#/components/schemas/SignedRequestChallenge' - type: object @@ -15611,7 +15721,17 @@ components: properties: type: $ref: '#/components/schemas/AuthMethodType' - description: 'Credential type relevant to this challenge: the credential type being added (`POST /auth/credentials`), the credential type being revoked (`DELETE /auth/credentials/{id}`), or the type of credential that issued the session being revoked (`DELETE /auth/sessions/{id}`).' + description: 'Credential type relevant to this challenge: the credential type being added (`POST /auth/credentials`), updated (`PATCH /auth/credentials/{id}`), or revoked (`DELETE /auth/credentials/{id}`). For session revocation, this is the type of credential that issued the session (`DELETE /auth/sessions/{id}`).' + AuthCredentialUpdateRequest: + title: Authentication Credential Update Request + description: Partial request body for `PATCH /auth/credentials/{id}`. At least one update field must be provided. Today, only the email address on an `EMAIL_OTP` credential can be updated. On step 1 of the signed-retry flow Grid binds the submitted update fields into `payloadToSign`; on step 2 the client echoes the same fields back and Grid applies the update to the authentication credential. + type: object + properties: + email: + type: string + format: email + description: New email address to associate with the `EMAIL_OTP` credential. + example: new.email@example.com AuthCredentialVerifyRequest: type: object required: diff --git a/openapi.yaml b/openapi.yaml index ceb46df9..bf6fdd7b 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -3955,6 +3955,114 @@ paths: schema: $ref: '#/components/schemas/Error500' /auth/credentials/{id}: + patch: + summary: Update an authentication credential + description: | + Update mutable fields on an authentication credential for an Embedded Wallet internal account. Today this supports updating the email address used by an `EMAIL_OTP` credential. + + This is a two-step signed-retry flow: + + 1. Call `PATCH /auth/credentials/{id}` with the request body `{ "email": "new.email@example.com" }` and no signature headers. Grid returns `202` with `payloadToSign`, `requestId`, and `expiresAt`. + + 2. Use the session API keypair of a verified authentication credential on the same internal account to build an API-key stamp over `payloadToSign`, then retry with that full stamp as the `Grid-Wallet-Signature` header and the `requestId` echoed back as the `Request-Id` header. The retry body must carry the same update fields submitted in step 1. The signed retry returns `200` with the updated `AuthMethod`. + operationId: updateAuthCredential + tags: + - Embedded Wallet Auth + security: + - BasicAuth: [] + parameters: + - name: id + in: path + description: The id of the authentication credential to update (the `id` field of the `AuthMethod` returned from `POST /auth/credentials`). + required: true + schema: + type: string + - name: Grid-Wallet-Signature + in: header + required: false + description: Full API-key stamp built over the prior `payloadToSign` with the session API keypair of a verified authentication credential on the same internal account. Required on the signed retry; ignored on the initial call. + schema: + type: string + example: eyJwdWJsaWNLZXkiOiIwMmExYjIuLi4iLCJzaWduYXR1cmUiOiIzMDQ1MDIyMTAwLi4uIiwic2NoZW1lIjoiUDI1Nl9FQ0RTQV9TSEEyNTYifQ + - name: Request-Id + in: header + required: false + description: The `requestId` returned in a prior `202` response, echoed back on the signed retry so the server can correlate it with the issued challenge. Required on the signed retry; must be paired with `Grid-Wallet-Signature`. + schema: + type: string + example: 7c4a8d09-ca37-4e3e-9e0d-8c2b3e9a1f21 + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/AuthCredentialUpdateRequest' + examples: + updateEmail: + summary: Update email OTP address request (both steps) + value: + email: new.email@example.com + responses: + '200': + description: Signed retry accepted. Returns the updated authentication credential. + content: + application/json: + schema: + $ref: '#/components/schemas/AuthMethodResponse' + examples: + emailOtp: + summary: Email OTP credential updated + value: + id: AuthMethod:019542f5-b3e7-1d02-0000-000000000001 + accountId: InternalAccount:019542f5-b3e7-1d02-0000-000000000002 + type: EMAIL_OTP + nickname: new.email@example.com + createdAt: '2026-04-08T15:30:01Z' + updatedAt: '2026-04-08T15:35:02Z' + '202': + description: Challenge issued. The response contains `payloadToSign` plus a `requestId`. Build an API-key stamp over `payloadToSign` with the session API keypair and echo `requestId` on the retry. + content: + application/json: + schema: + $ref: '#/components/schemas/AuthSignedRequestChallenge' + examples: + emailOtp: + summary: Email OTP credential update challenge + value: + type: EMAIL_OTP + payloadToSign: '{"requestId":"7c4a8d09-ca37-4e3e-9e0d-8c2b3e9a1f21","id":"AuthMethod:019542f5-b3e7-1d02-0000-000000000001","email":"new.email@example.com","expiresAt":"2026-04-08T15:35:00Z"}' + requestId: 7c4a8d09-ca37-4e3e-9e0d-8c2b3e9a1f21 + expiresAt: '2026-04-08T15:35:00Z' + '400': + description: Bad request. Also returned when attempting to update a field that is not supported for the target credential type. + content: + application/json: + schema: + $ref: '#/components/schemas/Error400' + '401': + description: Unauthorized. Returned when the provided `Grid-Wallet-Signature` is missing, malformed, or does not match a pending credential update challenge, when the `Request-Id` does not match an unexpired pending challenge, or when the retry body does not match the update fields bound into `payloadToSign` on the initial call. + content: + application/json: + schema: + $ref: '#/components/schemas/Error401' + '404': + description: Authentication credential not found + content: + application/json: + schema: + $ref: '#/components/schemas/Error404' + '409': + description: Conflict. Returned when the supplied email address is already associated with an `EMAIL_OTP` credential on this or another internal account. + content: + application/json: + schema: + $ref: '#/components/schemas/Error409' + '500': + description: Internal service error + content: + application/json: + schema: + $ref: '#/components/schemas/Error500' delete: summary: Revoke an authentication credential description: | @@ -7869,9 +7977,11 @@ components: |------------|-------------| | TRANSACTION_NOT_PENDING_PLATFORM_APPROVAL | Transaction is not pending platform approval | | UMA_ADDRESS_EXISTS | UMA address already exists | + | EMAIL_OTP_EMAIL_ALREADY_EXISTS | Email address is already associated with an EMAIL_OTP credential | enum: - TRANSACTION_NOT_PENDING_PLATFORM_APPROVAL - UMA_ADDRESS_EXISTS + - EMAIL_OTP_EMAIL_ALREADY_EXISTS message: type: string description: Error message @@ -15602,7 +15712,7 @@ components: unevaluatedProperties: false AuthSignedRequestChallenge: title: Authentication Signed Request Challenge - description: 202 response returned from Embedded Wallet Auth endpoints that require a signed retry — `POST /auth/credentials` (adding an additional credential), `DELETE /auth/credentials/{id}` (revoking a credential), and `DELETE /auth/sessions/{id}` (revoking a session). Carries the signing fields from `SignedRequestChallenge` plus the `type` of the authentication credential involved (being added, being revoked, or that issued the session being revoked). The client already knows the target resource id from the request path / body it just sent, so nothing beyond `type` is echoed in the response. + description: 202 response returned from Embedded Wallet Auth endpoints that require a signed retry — `POST /auth/credentials` (adding an additional credential), `PATCH /auth/credentials/{id}` (updating a credential), `DELETE /auth/credentials/{id}` (revoking a credential), and `DELETE /auth/sessions/{id}` (revoking a session). Carries the signing fields from `SignedRequestChallenge` plus the `type` of the authentication credential involved (being added, updated, revoked, or that issued the session being revoked). The client already knows the target resource id from the request path / body it just sent, so nothing beyond `type` is echoed in the response. allOf: - $ref: '#/components/schemas/SignedRequestChallenge' - type: object @@ -15611,7 +15721,17 @@ components: properties: type: $ref: '#/components/schemas/AuthMethodType' - description: 'Credential type relevant to this challenge: the credential type being added (`POST /auth/credentials`), the credential type being revoked (`DELETE /auth/credentials/{id}`), or the type of credential that issued the session being revoked (`DELETE /auth/sessions/{id}`).' + description: 'Credential type relevant to this challenge: the credential type being added (`POST /auth/credentials`), updated (`PATCH /auth/credentials/{id}`), or revoked (`DELETE /auth/credentials/{id}`). For session revocation, this is the type of credential that issued the session (`DELETE /auth/sessions/{id}`).' + AuthCredentialUpdateRequest: + title: Authentication Credential Update Request + description: Partial request body for `PATCH /auth/credentials/{id}`. At least one update field must be provided. Today, only the email address on an `EMAIL_OTP` credential can be updated. On step 1 of the signed-retry flow Grid binds the submitted update fields into `payloadToSign`; on step 2 the client echoes the same fields back and Grid applies the update to the authentication credential. + type: object + properties: + email: + type: string + format: email + description: New email address to associate with the `EMAIL_OTP` credential. + example: new.email@example.com AuthCredentialVerifyRequest: type: object required: diff --git a/openapi/components/schemas/auth/AuthCredentialUpdateRequest.yaml b/openapi/components/schemas/auth/AuthCredentialUpdateRequest.yaml new file mode 100644 index 00000000..0c9d23b1 --- /dev/null +++ b/openapi/components/schemas/auth/AuthCredentialUpdateRequest.yaml @@ -0,0 +1,15 @@ +title: Authentication Credential Update Request +description: >- + Partial request body for `PATCH /auth/credentials/{id}`. At least one + update field must be provided. Today, only the email address on an + `EMAIL_OTP` credential can be updated. On step 1 of the signed-retry flow + Grid binds the submitted update fields into `payloadToSign`; on step 2 the + client echoes the same fields back and Grid applies the update to the + authentication credential. +type: object +properties: + email: + type: string + format: email + description: New email address to associate with the `EMAIL_OTP` credential. + example: new.email@example.com diff --git a/openapi/components/schemas/auth/AuthSignedRequestChallenge.yaml b/openapi/components/schemas/auth/AuthSignedRequestChallenge.yaml index 605aed4b..e7fb59c1 100644 --- a/openapi/components/schemas/auth/AuthSignedRequestChallenge.yaml +++ b/openapi/components/schemas/auth/AuthSignedRequestChallenge.yaml @@ -2,13 +2,14 @@ title: Authentication Signed Request Challenge description: >- 202 response returned from Embedded Wallet Auth endpoints that require a signed retry — `POST /auth/credentials` (adding an additional - credential), `DELETE /auth/credentials/{id}` (revoking a credential), - and `DELETE /auth/sessions/{id}` (revoking a session). Carries the - signing fields from `SignedRequestChallenge` plus the `type` of the - authentication credential involved (being added, being revoked, or - that issued the session being revoked). The client already knows the - target resource id from the request path / body it just sent, so - nothing beyond `type` is echoed in the response. + credential), `PATCH /auth/credentials/{id}` (updating a credential), + `DELETE /auth/credentials/{id}` (revoking a credential), and + `DELETE /auth/sessions/{id}` (revoking a session). Carries the signing + fields from `SignedRequestChallenge` plus the `type` of the authentication + credential involved (being added, updated, revoked, or that issued the + session being revoked). The client already knows the target resource id + from the request path / body it just sent, so nothing beyond `type` is + echoed in the response. allOf: - $ref: ../common/SignedRequestChallenge.yaml - type: object @@ -19,7 +20,8 @@ allOf: $ref: ./AuthMethodType.yaml description: >- Credential type relevant to this challenge: the credential type - being added (`POST /auth/credentials`), the credential type - being revoked (`DELETE /auth/credentials/{id}`), or the type of - credential that issued the session being revoked + being added (`POST /auth/credentials`), updated + (`PATCH /auth/credentials/{id}`), or revoked + (`DELETE /auth/credentials/{id}`). For session revocation, this is + the type of credential that issued the session (`DELETE /auth/sessions/{id}`). diff --git a/openapi/components/schemas/errors/Error409.yaml b/openapi/components/schemas/errors/Error409.yaml index b033a67f..86617563 100644 --- a/openapi/components/schemas/errors/Error409.yaml +++ b/openapi/components/schemas/errors/Error409.yaml @@ -16,9 +16,11 @@ properties: |------------|-------------| | TRANSACTION_NOT_PENDING_PLATFORM_APPROVAL | Transaction is not pending platform approval | | UMA_ADDRESS_EXISTS | UMA address already exists | + | EMAIL_OTP_EMAIL_ALREADY_EXISTS | Email address is already associated with an EMAIL_OTP credential | enum: - TRANSACTION_NOT_PENDING_PLATFORM_APPROVAL - UMA_ADDRESS_EXISTS + - EMAIL_OTP_EMAIL_ALREADY_EXISTS message: type: string description: Error message diff --git a/openapi/paths/auth/auth_credentials_{id}.yaml b/openapi/paths/auth/auth_credentials_{id}.yaml index a763eddc..b77d8e3e 100644 --- a/openapi/paths/auth/auth_credentials_{id}.yaml +++ b/openapi/paths/auth/auth_credentials_{id}.yaml @@ -1,3 +1,150 @@ +patch: + summary: Update an authentication credential + description: > + Update mutable fields on an authentication credential for an Embedded + Wallet internal account. Today this supports updating the email address + used by an `EMAIL_OTP` credential. + + + This is a two-step signed-retry flow: + + + 1. Call `PATCH /auth/credentials/{id}` with the request body + `{ "email": "new.email@example.com" }` and no signature headers. + Grid returns `202` with `payloadToSign`, `requestId`, and + `expiresAt`. + + + 2. Use the session API keypair of a verified authentication credential + on the same internal account to build an API-key stamp over + `payloadToSign`, then retry with that full stamp as the + `Grid-Wallet-Signature` header and the `requestId` echoed back as + the `Request-Id` header. The retry body must carry the same update + fields submitted in step 1. The signed retry returns `200` with the + updated `AuthMethod`. + operationId: updateAuthCredential + tags: + - Embedded Wallet Auth + security: + - BasicAuth: [] + parameters: + - name: id + in: path + description: >- + The id of the authentication credential to update (the `id` + field of the `AuthMethod` returned from + `POST /auth/credentials`). + required: true + schema: + type: string + - name: Grid-Wallet-Signature + in: header + required: false + description: >- + Full API-key stamp built over the prior `payloadToSign` with + the session API keypair of a verified authentication credential + on the same internal account. Required on the signed retry; + ignored on the initial call. + schema: + type: string + example: eyJwdWJsaWNLZXkiOiIwMmExYjIuLi4iLCJzaWduYXR1cmUiOiIzMDQ1MDIyMTAwLi4uIiwic2NoZW1lIjoiUDI1Nl9FQ0RTQV9TSEEyNTYifQ + - name: Request-Id + in: header + required: false + description: >- + The `requestId` returned in a prior `202` response, echoed back + on the signed retry so the server can correlate it with the + issued challenge. Required on the signed retry; must be paired + with `Grid-Wallet-Signature`. + schema: + type: string + example: 7c4a8d09-ca37-4e3e-9e0d-8c2b3e9a1f21 + requestBody: + required: true + content: + application/json: + schema: + $ref: ../../components/schemas/auth/AuthCredentialUpdateRequest.yaml + examples: + updateEmail: + summary: Update email OTP address request (both steps) + value: + email: new.email@example.com + responses: + '200': + description: Signed retry accepted. Returns the updated authentication credential. + content: + application/json: + schema: + $ref: ../../components/schemas/auth/AuthMethodResponse.yaml + examples: + emailOtp: + summary: Email OTP credential updated + value: + id: AuthMethod:019542f5-b3e7-1d02-0000-000000000001 + accountId: InternalAccount:019542f5-b3e7-1d02-0000-000000000002 + type: EMAIL_OTP + nickname: new.email@example.com + createdAt: '2026-04-08T15:30:01Z' + updatedAt: '2026-04-08T15:35:02Z' + '202': + description: >- + Challenge issued. The response contains `payloadToSign` plus a + `requestId`. Build an API-key stamp over `payloadToSign` with + the session API keypair and echo `requestId` on the retry. + content: + application/json: + schema: + $ref: ../../components/schemas/auth/AuthSignedRequestChallenge.yaml + examples: + emailOtp: + summary: Email OTP credential update challenge + value: + type: EMAIL_OTP + payloadToSign: '{"requestId":"7c4a8d09-ca37-4e3e-9e0d-8c2b3e9a1f21","id":"AuthMethod:019542f5-b3e7-1d02-0000-000000000001","email":"new.email@example.com","expiresAt":"2026-04-08T15:35:00Z"}' + requestId: 7c4a8d09-ca37-4e3e-9e0d-8c2b3e9a1f21 + expiresAt: '2026-04-08T15:35:00Z' + '400': + description: >- + Bad request. Also returned when attempting to update a field that is + not supported for the target credential type. + content: + application/json: + schema: + $ref: ../../components/schemas/errors/Error400.yaml + '401': + description: >- + Unauthorized. Returned when the provided `Grid-Wallet-Signature` + is missing, malformed, or does not match a pending credential + update challenge, when the `Request-Id` does not match an unexpired + pending challenge, or when the retry body does not match the update + fields bound into `payloadToSign` on the initial call. + content: + application/json: + schema: + $ref: ../../components/schemas/errors/Error401.yaml + '404': + description: Authentication credential not found + content: + application/json: + schema: + $ref: ../../components/schemas/errors/Error404.yaml + '409': + description: >- + Conflict. Returned when the supplied email address is already + associated with an `EMAIL_OTP` credential on this or another + internal account. + content: + application/json: + schema: + $ref: ../../components/schemas/errors/Error409.yaml + '500': + description: Internal service error + content: + application/json: + schema: + $ref: ../../components/schemas/errors/Error500.yaml + delete: summary: Revoke an authentication credential description: >