diff --git a/.claude/memory/feedback_syncro_billing.md b/.claude/memory/feedback_syncro_billing.md index 8176b916..b7d6c13b 100644 --- a/.claude/memory/feedback_syncro_billing.md +++ b/.claude/memory/feedback_syncro_billing.md @@ -88,27 +88,32 @@ Always set `price_retail` explicitly — the rate doesn't auto-populate and the ## 8. API key follows the BILLING TECH — always -**Attribution is determined by which API key you use**, not the requesting user. Every call (add_line_item, remove_line_item, comments) is logged as the owner of that key. +**Attribution is determined by which API key you use.** Every `add_line_item` / `remove_line_item` call is logged as the owner of that key. `user_id` in the payload does NOT override this. -**Rule (confirmed by Howard 2026-06-23):** use the tech's own API key whenever billing is attributed to a specific person: -- Bill for Howard → `msp-tools/syncro-howard.sops.yaml` → `credentials.credential` -- Bill for Mike → `msp-tools/syncro.sops.yaml` → `credentials.credential` +**Common-sense defaults (confirmed by Howard 2026-06-23):** +- Howard asks for billing → use Howard's key (he's billing himself) +- Mike asks for billing → use Mike's key +- Told "put X hours in for [tech]" → use that tech's key, regardless of who is asking +- Split ticket ("2 hrs for Mike, 1 hr for Howard") → two separate `add_line_item` calls, each with the correct tech's key + +**Vault paths:** +- Howard → `msp-tools/syncro-howard.sops.yaml` → `credentials.credential` +- Mike → `msp-tools/syncro.sops.yaml` → `credentials.credential` ```bash -# Howard's key HOWARD_KEY=$(bash .claude/scripts/vault.sh get-field msp-tools/syncro-howard credentials.credential) -curl -s -X POST "...?api_key=${HOWARD_KEY}" ... - -# Mike's key (default / fallback) MIKE_KEY=$(bash .claude/scripts/vault.sh get-field msp-tools/syncro credentials.credential) -curl -s -X PUT "...?api_key=${MIKE_KEY}" ... + +# Each line item call uses the BILLING TECH's key as a query param: +curl -s -X POST "https://computerguru.syncromsp.com/api/v1/tickets/{id}/add_line_item?api_key=${HOWARD_KEY}" ... +curl -s -X POST "https://computerguru.syncromsp.com/api/v1/tickets/{id}/add_line_item?api_key=${MIKE_KEY}" ... ``` -Note: `add_line_item` and `remove_line_item` use `?api_key=` query param auth. The `Authorization: ` header also works for most endpoints but does NOT control attribution — `?api_key=` is the attribution mechanism. +**Auth note:** `?api_key=` is the attribution mechanism. The `Authorization: ` header works for reads but does NOT control line-item attribution — always use `?api_key=` for billing writes. -**Corrections:** if a line was added under the wrong key (wrong `user_id`), use `remove_line_item` then re-add with the correct tech's key. `update_line_item` does NOT change `user_id` even when you pass it explicitly. +**Corrections:** wrong key used → `remove_line_item` with any key (doesn't matter), then re-`add_line_item` with the correct tech's key. `update_line_item` does NOT fix `user_id`. -**Ticket ownership:** adding notes or labor does **NOT** change `.ticket.user_id`. Multiple techs routinely work the same ticket. Only change ticket ownership when explicitly asked. +**Ticket ownership:** adding notes or labor does NOT change `.ticket.user_id`. Multiple techs routinely work the same ticket. Only change ticket ownership when explicitly asked. Tech user_id table → [[feedback_syncro_history]].