Add idType/identifier to IndividualCustomerCreateRequest (ENG-10686)#637
Conversation
…0686) Individual account-holder CIP capture — accept the individual's tax identification (SSN/ITIN) on customer creation so sparkcore can bridge it to paycore EntUserInfo.tax_identifier for Lead onboarding. Write-only: added to the create request only (not the shared IndividualCustomerFields), so the SSN is never echoed in customer responses. Mirrors the flat idType/identifier shape beneficial owners already use.
|
The latest updates on your projects. Learn more about Vercel for GitHub. 2 Skipped Deployments
|
|
✱ Stainless preview builds for gridThis PR will update the cli csharp go kotlin openapi php python ruby typescript ✅ grid-ruby studio · code
|
|
Re-posting context from the original draft (#636) for the API reviewer, since the oasdiff
Verified in webdev#29658: the full existing create-customer suite (118 tests, none sending tax fields) passes unchanged. |
Greptile SummaryAdds
Confidence Score: 4/5Safe to merge after adding writeOnly: true to the identifier field; without it, generated clients may expose SSN/ITIN in deserialized GET responses. The identifier field carries sensitive PII (SSN/ITIN) and the schema description explicitly calls it write-only, but the writeOnly: true OpenAPI keyword is missing. Client generators used by the consuming webdev repo rely on this keyword to mark the field appropriately; its absence could cause the generated model to include the field when deserializing customer GET responses. openapi/components/schemas/customers/IndividualCustomerCreateRequest.yaml and its bundled copies in openapi.yaml and mintlify/openapi.yaml all need the writeOnly: true addition on the identifier property.
|
| Filename | Overview |
|---|---|
| openapi/components/schemas/customers/IndividualCustomerCreateRequest.yaml | Adds idType and identifier fields to the individual customer create request; missing writeOnly: true on identifier despite the description calling it write-only, and countryOfIssuance is absent compared to the BeneficialOwnerPersonalInfo pattern it claims to mirror. |
| openapi.yaml | Bundled output reflecting the same schema change; same writeOnly omission is present here. |
| mintlify/openapi.yaml | Mintlify documentation bundle regenerated from make build; mirrors the openapi.yaml changes faithfully. |
Sequence Diagram
%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
participant Client as Web Client
participant API as Grid API
participant Lead as Lead (Banking Partner)
Client->>API: "POST /customers/individual<br/>{idType, identifier, ...}"
Note over API: IndividualCustomerCreateRequest<br/>idType (SSN/ITIN)<br/>identifier (write-only)
API->>Lead: "Onboard US individual<br/>EntUserInfo.tax_identifier = identifier"
Lead-->>API: Onboarding result
API-->>Client: "Customer response<br/>(identifier NOT echoed back)"
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
participant Client as Web Client
participant API as Grid API
participant Lead as Lead (Banking Partner)
Client->>API: "POST /customers/individual<br/>{idType, identifier, ...}"
Note over API: IndividualCustomerCreateRequest<br/>idType (SSN/ITIN)<br/>identifier (write-only)
API->>Lead: "Onboard US individual<br/>EntUserInfo.tax_identifier = identifier"
Lead-->>API: Onboarding result
API-->>Client: "Customer response<br/>(identifier NOT echoed back)"
Prompt To Fix All With AI
Fix the following 2 code review issues. Work through them one at a time, proposing concise fixes.
---
### Issue 1 of 2
openapi/components/schemas/customers/IndividualCustomerCreateRequest.yaml:9-15
The description explicitly states this field is "Write-only — never returned in customer responses," but the `writeOnly: true` OpenAPI 3.0 property is missing. Without it, SDK/client generators (including the webdev `grid-api/update_schema.sh` mentioned in the PR) will not mark the field as write-only in generated models, potentially including it in GET response deserialization — a problem for a sensitive field like an SSN/ITIN.
```suggestion
identifier:
type: string
writeOnly: true
description: >-
The individual's tax identification number (SSN or ITIN for a US
account holder). Required to onboard the individual as a US account
holder. Write-only — never returned in customer responses.
example: 123-45-6789
```
### Issue 2 of 2
openapi/components/schemas/customers/IndividualCustomerCreateRequest.yaml:6-15
The PR description says this schema "mirrors the flat `idType`/`identifier`/`countryOfIssuance` shape beneficial owners already expose (`BeneficialOwnerPersonalInfo`)", but `countryOfIssuance` is absent here. The reused `IdentificationType` enum includes `NON_US_TAX_ID`, and without `countryOfIssuance` there's no way to identify which country issued a non-US tax ID — the field becomes ambiguous for any non-US account holder. If this endpoint is US-only, the description should say so explicitly and the available enum values should be narrowed accordingly.
Reviews (1): Last reviewed commit: "feat: add idType/identifier to Individua..." | Re-trigger Greptile
|
Are you going to add masked identifier to the response? |

Summary
Adds the individual account-holder's tax identification (SSN/ITIN) to
IndividualCustomerCreateRequestso Grid can capture it at customer creation and bridge it downstream toEntUserInfo.tax_identifierfor Lead (banking-partner) onboarding of a US individual.Part of ENG-10686 (Individual account-holder CIP). Consumed by the webdev PR (lightsparkdev/webdev#29658), which reads
idType/identifieroff the regenerated client model.Details
allOfinIndividualCustomerCreateRequest.yaml, not the sharedIndividualCustomerFields), so the identifier is write-only and never echoed in customer GET responses.IdentificationTypeenum (SSN/ITIN/EIN/NON_US_TAX_ID) and mirrors the flatidType/identifier/countryOfIssuanceshape beneficial owners already expose (BeneficialOwnerPersonalInfo).openapi.yaml,mintlify/openapi.yaml) viamake build;redocly lintclean.Test plan
npm run build:openapi+npx @redocly/cli lint openapi.yaml→ valid.grid-api/update_schema.sh) picks upid_type/identifier/country_of_issuanceon the individual create model.🤖 sovereign-nebula-2(#2) | Feedback
Original PR: #636