diff --git a/lib/sandbox/validateSnapshotPatchBody.ts b/lib/sandbox/validateSnapshotPatchBody.ts
index 9783d7db..08f33c17 100644
--- a/lib/sandbox/validateSnapshotPatchBody.ts
+++ b/lib/sandbox/validateSnapshotPatchBody.ts
@@ -1,18 +1,26 @@
 import type { NextRequest } from "next/server";
 import { NextResponse } from "next/server";
 import { getCorsHeaders } from "@/lib/networking/getCorsHeaders";
-import { validateAuthContext, type AuthContext } from "@/lib/auth/validateAuthContext";
+import { validateAuthContext } from "@/lib/auth/validateAuthContext";
 import { safeParseJson } from "@/lib/networking/safeParseJson";
 import { z } from "zod";
 
 export const snapshotPatchBodySchema = z.object({
   snapshotId: z.string({ message: "snapshotId is required" }).min(1, "snapshotId cannot be empty"),
+  account_id: z.string().uuid("account_id must be a valid UUID").optional(),
 });
 
-export type SnapshotPatchBody = z.infer<typeof snapshotPatchBodySchema> & AuthContext;
+export type SnapshotPatchBody = {
+  /** The account ID to update */
+  accountId: string;
+  /** The snapshot ID to set */
+  snapshotId: string;
+};
 
 /**
  * Validates auth and request body for PATCH /api/sandboxes/snapshot.
+ * Handles authentication via x-api-key or Authorization bearer token,
+ * body validation, and optional account_id override for organization API keys.
  *
  * @param request - The NextRequest object
  * @returns A NextResponse with an error if validation fails, or the validated body with auth context.
@@ -20,11 +28,6 @@ export type SnapshotPatchBody = z.infer<typeof snapshotPatchBodySchema> & AuthCo
 export async function validateSnapshotPatchBody(
   request: NextRequest,
 ): Promise<NextResponse | SnapshotPatchBody> {
-  const authResult = await validateAuthContext(request);
-  if (authResult instanceof NextResponse) {
-    return authResult;
-  }
-
   const body = await safeParseJson(request);
   const result = snapshotPatchBodySchema.safeParse(body);
 
@@ -43,8 +46,18 @@ export async function validateSnapshotPatchBody(
     );
   }
 
+  const { snapshotId, account_id: targetAccountId } = result.data;
+
+  const authResult = await validateAuthContext(request, {
+    accountId: targetAccountId,
+  });
+
+  if (authResult instanceof NextResponse) {
+    return authResult;
+  }
+
   return {
-    ...authResult,
-    ...result.data,
+    accountId: authResult.accountId,
+    snapshotId,
   };
 }