From d549dafa3be02d8da81d5e404cf3bce2bdc9dd4f Mon Sep 17 00:00:00 2001
From: Sweets Sweetman <sweetmantech@gmail.com>
Date: Tue, 10 Feb 2026 17:46:13 -0500
Subject: [PATCH 1/2] fix: add auth and correct query param for GET
 /api/organizations

The API now requires authentication and uses snake_case query params.
Added Bearer token auth via Privy and changed accountId to account_id.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 hooks/useAccountOrganizations.ts | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/hooks/useAccountOrganizations.ts b/hooks/useAccountOrganizations.ts
index 49c426372..bdabe8202 100644
--- a/hooks/useAccountOrganizations.ts
+++ b/hooks/useAccountOrganizations.ts
@@ -1,4 +1,5 @@
 import { useQuery, UseQueryResult } from "@tanstack/react-query";
+import { usePrivy } from "@privy-io/react-auth";
 import { useUserProvider } from "@/providers/UserProvder";
 import { NEW_API_BASE_URL } from "@/lib/consts";
 
@@ -17,9 +18,17 @@ interface OrganizationsResponse {
  * Fetch account's organizations from the API
  */
 const fetchAccountOrganizations = async (
-  accountId: string
+  accountId: string,
+  accessToken: string
 ): Promise<AccountOrganization[]> => {
-  const response = await fetch(`${NEW_API_BASE_URL}/api/organizations?accountId=${accountId}`);
+  const response = await fetch(
+    `${NEW_API_BASE_URL}/api/organizations?account_id=${accountId}`,
+    {
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+      },
+    }
+  );
   if (!response.ok) {
     throw new Error(`Error: ${response.status}`);
   }
@@ -32,9 +41,16 @@ const fetchAccountOrganizations = async (
  */
 const useAccountOrganizations = (): UseQueryResult<AccountOrganization[]> => {
   const { userData } = useUserProvider();
+  const { getAccessToken } = usePrivy();
   return useQuery({
     queryKey: ["accountOrganizations", userData?.account_id],
-    queryFn: () => fetchAccountOrganizations(userData?.account_id || ""),
+    queryFn: async () => {
+      const accessToken = await getAccessToken();
+      if (!accessToken) {
+        throw new Error("Not authenticated");
+      }
+      return fetchAccountOrganizations(userData?.account_id || "", accessToken);
+    },
     enabled: !!userData?.account_id,
     staleTime: 10 * 60 * 1000, // 10 minutes
     refetchOnWindowFocus: false,

From a802abbcf1d37ea0a7e71c3b4e16c305088bf248 Mon Sep 17 00:00:00 2001
From: Sweets Sweetman <sweetmantech@gmail.com>
Date: Wed, 11 Feb 2026 00:59:02 -0500
Subject: [PATCH 2/2] fix: drop account_id query param and use useAccessToken
 hook
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bearer tokens resolve to orgId=null (personal key behavior), so passing
account_id as a query param causes the API to reject with 400/403.
The API resolves the account from the Bearer token directly — no query
params needed. Also switched to the useAccessToken hook to match the
established pattern used by useConnectors.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 hooks/useAccountOrganizations.ts | 33 ++++++++++++--------------------
 1 file changed, 12 insertions(+), 21 deletions(-)

diff --git a/hooks/useAccountOrganizations.ts b/hooks/useAccountOrganizations.ts
index bdabe8202..0f735b9c1 100644
--- a/hooks/useAccountOrganizations.ts
+++ b/hooks/useAccountOrganizations.ts
@@ -1,6 +1,6 @@
 import { useQuery, UseQueryResult } from "@tanstack/react-query";
-import { usePrivy } from "@privy-io/react-auth";
 import { useUserProvider } from "@/providers/UserProvder";
+import { useAccessToken } from "@/hooks/useAccessToken";
 import { NEW_API_BASE_URL } from "@/lib/consts";
 
 export interface AccountOrganization {
@@ -15,20 +15,17 @@ interface OrganizationsResponse {
 }
 
 /**
- * Fetch account's organizations from the API
+ * Fetch account's organizations from the API.
+ * The API resolves the account from the Bearer token — no query params needed.
  */
 const fetchAccountOrganizations = async (
-  accountId: string,
-  accessToken: string
+  accessToken: string,
 ): Promise<AccountOrganization[]> => {
-  const response = await fetch(
-    `${NEW_API_BASE_URL}/api/organizations?account_id=${accountId}`,
-    {
-      headers: {
-        Authorization: `Bearer ${accessToken}`,
-      },
-    }
-  );
+  const response = await fetch(`${NEW_API_BASE_URL}/api/organizations`, {
+    headers: {
+      Authorization: `Bearer ${accessToken}`,
+    },
+  });
   if (!response.ok) {
     throw new Error(`Error: ${response.status}`);
   }
@@ -41,17 +38,11 @@ const fetchAccountOrganizations = async (
  */
 const useAccountOrganizations = (): UseQueryResult<AccountOrganization[]> => {
   const { userData } = useUserProvider();
-  const { getAccessToken } = usePrivy();
+  const accessToken = useAccessToken();
   return useQuery({
     queryKey: ["accountOrganizations", userData?.account_id],
-    queryFn: async () => {
-      const accessToken = await getAccessToken();
-      if (!accessToken) {
-        throw new Error("Not authenticated");
-      }
-      return fetchAccountOrganizations(userData?.account_id || "", accessToken);
-    },
-    enabled: !!userData?.account_id,
+    queryFn: () => fetchAccountOrganizations(accessToken!),
+    enabled: !!userData?.account_id && !!accessToken,
     staleTime: 10 * 60 * 1000, // 10 minutes
     refetchOnWindowFocus: false,
   });