@mondaydotcomorg/monday-authorization 3.3.2 → 3.4.0-feature-bashanye-add-membership-create-delete-api-234505c

package/README.md

@@ -25,7 +25,7 @@ import * as MondayAuthorization from '@mondaydotcomorg/monday-authorization';
 
 ...
 
-MondayAuthorization.init({
+await MondayAuthorization.init({
   prometheus: getPrometheus(),
   metrics: {
     serviceName: process.env.APP_NAME,
@@ -47,8 +47,8 @@ startServer(...)
 
 - `prometheus` (optional) enables the legacy Prometheus summary `authorization_check_response_time` with labels `resourceType`, `action`, `isAuthorized`, and `responseStatus`.
 - `metrics` (optional) enables StatsD emission through `@mondaydotcomorg/monday-observability-kit` with:
-  - `authorization.authorizationCheck.platform.duration` / `.graph.duration` (distributions per API path)
-  - `authorization.authorizationCheck.platform.error` / `.graph.error` counters (with `statusCode` tag)
+  - `authorization.authorizationCheck.platform.<API>.duration` / `.graph.<API>.duration` (distributions per API path)
+  - `authorization.authorizationCheck.platform.<API>.error` / `.graph.<API>.error` counters (with `statusCode` tag)
 - When `metrics.disabled` is omitted, the SDK automatically disables StatsD in `test`/`development` environments.
 - StatsD requires `DOGSTATSD_HOST` / `DOGSTATSD_PORT` (or the defaults `localhost:8125`). Errors are logged and skipped if the client is unavailable.
 
@@ -404,6 +404,129 @@ interface RolesResponse {
 }
 ```
 
+### Memberships API
+
+The Memberships API allows you to manage memberships (role assignments) for entities on resources. Use `MembershipsService` to create/update and delete memberships synchronously.
+
+Important note: there is no validations for the user that create/delete memberships on authorization side.
+It's on the caller responsibility to validate the user have the right permission to change these memberships.
+
+#### Create/Update Memberships
+
+Use `MembershipsService.upsertMemberships` to create or update memberships synchronously:
+
+```ts
+import { MembershipsService, MembershipForCreate } from '@mondaydotcomorg/monday-authorization';
+
+const membershipsService = new MembershipsService();
+const accountId = 739630;
+const memberships: MembershipForCreate[] = [
+  {
+    entityId: 123,
+    entityType: 'user',
+    resourceId: 456,
+    resourceType: 'workspace',
+    roleId: 5,
+    roleType: 'basic',
+    addedById: 789,
+  },
+];
+
+const response = await membershipsService.upsertMemberships(accountId, memberships);
+// Returns: { memberships: Membership[] }
+```
+
+**Parameters:**
+
+- `accountId` - The account ID
+- `memberships` - Array of `MembershipForCreate` objects
+
+#### Delete Memberships
+
+Use `MembershipsService.deleteMemberships` to delete memberships synchronously:
+
+```ts
+import { MembershipsService, MembershipForDelete } from '@mondaydotcomorg/monday-authorization';
+
+const membershipsService = new MembershipsService();
+const accountId = 739630;
+const memberships: MembershipForDelete[] = [
+  {
+    entityId: 123,
+    entityType: 'user',
+    resourceId: 456,
+    resourceType: 'workspace',
+  },
+];
+
+const response = await membershipsService.deleteMemberships(accountId, memberships);
+// Returns: { memberships: Membership[] }
+```
+
+**Parameters:**
+
+- `accountId` - The account ID
+- `memberships` - Array of `MembershipForDelete` objects
+
+#### Types
+
+The following types are available for working with memberships:
+
+```ts
+import {
+  MembershipForCreate,
+  MembershipForDelete,
+  Membership,
+  MembershipCreateResponse,
+  MembershipDeleteResponse,
+} from '@mondaydotcomorg/monday-authorization';
+
+// MembershipForCreate interface
+interface MembershipForCreate {
+  entityId: number;
+  entityType: string;
+  resourceId: number;
+  resourceType: string;
+  roleId: number;
+  roleType?: string;
+  addedById: number;
+}
+
+// MembershipForDelete interface
+interface MembershipForDelete {
+  entityId?: number;
+  entityType: string;
+  resourceId?: number;
+  resourceType: string;
+}
+
+// Membership interface
+interface Membership {
+  id: number;
+  entityId: number;
+  entityType: string;
+  resourceId: number;
+  resourceType: string;
+  roleId: number;
+  roleType: string;
+  addedById: null | number | undefined;
+  hops: number;
+  isNewRecord: boolean;
+  previousValues: Partial<Membership>;
+  walVersion: number | null | undefined;
+}
+
+// MembershipCreateResponse interface
+interface MembershipCreateResponse {
+  memberships: Membership[];
+}
+
+// MembershipDeleteResponse interface
+interface MembershipDeleteResponse {
+  memberships: Membership[];
+}
+```
+
 ## Development
 
 ### Local Development and Testing

package/dist/authorization-service.js

@@ -133,7 +133,7 @@ class AuthorizationService {
             const { resourceType } = utils_authorization_utils.scopeToResource(scope);
             const isAuthorized = obj.permit.can;
             prometheusService.sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, 200, time);
-            metricsService.recordAuthorizationTiming(apiType, time);
+            metricsService.recordAuthorizationTiming(apiType, time, 'canActionInScopeMultiple');
         }
         return scopedActionResponseObjects;
     }

package/dist/clients/graph-api.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../src/clients/graph-api.ts"],"names":[],"mappings":"AACA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AASlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAgCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
+{"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAgCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}

package/dist/clients/graph-api.js

@@ -1,11 +1,11 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 
 const tridentBackendApi = require('@mondaydotcomorg/trident-backend-api');
+const mondayJwt = require('@mondaydotcomorg/monday-jwt');
 const types_scopedActionsContracts = require('../types/scoped-actions-contracts.js');
 const authorizationInternalService = require('../authorization-internal-service.js');
 const attributionsService = require('../attributions-service.js');
 const utils_authorization_utils = require('../utils/authorization.utils.js');
-const mondayJwt = require('@mondaydotcomorg/monday-jwt');
 const constants = require('../constants.js');
 const utils_apiErrorHandler = require('../utils/api-error-handler.js');
 

package/dist/esm/authorization-service.mjs

@@ -131,7 +131,7 @@ class AuthorizationService {
             const { resourceType } = scopeToResource(scope);
             const isAuthorized = obj.permit.can;
             sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, 200, time);
-            recordAuthorizationTiming(apiType, time);
+            recordAuthorizationTiming(apiType, time, 'canActionInScopeMultiple');
         }
         return scopedActionResponseObjects;
     }

package/dist/esm/clients/graph-api.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../../src/clients/graph-api.ts"],"names":[],"mappings":"AACA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AASlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAgCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
+{"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAgCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}

package/dist/esm/clients/graph-api.mjs

@@ -1,9 +1,9 @@
 import { Api } from '@mondaydotcomorg/trident-backend-api';
+import { signAuthorizationHeader } from '@mondaydotcomorg/monday-jwt';
 import { PermitTechnicalReason } from '../types/scoped-actions-contracts.mjs';
 import { AuthorizationInternalService } from '../authorization-internal-service.mjs';
 import { getAttributionsFromApi } from '../attributions-service.mjs';
 import { scopeToResource } from '../utils/authorization.utils.mjs';
-import { signAuthorizationHeader } from '@mondaydotcomorg/monday-jwt';
 import { GRAPH_APP_NAME } from '../constants.mjs';
 import { handleApiError } from '../utils/api-error-handler.mjs';
 

package/dist/esm/index.d.ts

@@ -20,6 +20,7 @@ export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthoriza
 export { AuthorizationService, AuthorizeResponse } from './authorization-service';
 export { AuthorizationAttributesService } from './authorization-attributes-service';
 export { RolesService } from './roles-service';
+export { MembershipsService } from './memberships';
 export { AuthorizationObject, Resource, BaseRequest, ResourceGetter, ContextGetter } from './types/general';
 export { Translation, ScopedAction, ScopedActionResponseObject, ScopedActionPermit, } from './types/scoped-actions-contracts';
 export { CustomRole, BasicRole, RoleType, RoleCreateRequest, RoleUpdateRequest, RolesResponse } from './types/roles';

package/dist/esm/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAqB,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,UAAU,kBAAkB;IAC1B,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;IAChD,OAAO,CAAC,EAAE,kBAAkB,CAAC;CAC9B;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBA6BnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAErH,OAAO,EAAE,OAAO,EAAE,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAqB,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,UAAU,kBAAkB;IAC1B,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;IAChD,OAAO,CAAC,EAAE,kBAAkB,CAAC;CAC9B;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBA6BnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAErH,OAAO,EAAE,OAAO,EAAE,CAAC"}

package/dist/esm/index.mjs

@@ -7,6 +7,7 @@ export { testKit_index as TestKit };
 export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware } from './authorization-middleware.mjs';
 export { AuthorizationAttributesService } from './authorization-attributes-service.mjs';
 export { RolesService } from './roles-service.mjs';
+export { MembershipsService } from './memberships.mjs';
 export { RoleType } from './types/roles.mjs';
 
 async function init(options = {}) {

package/dist/esm/memberships.d.ts

@@ -0,0 +1,29 @@
+import { FetcherConfig, HttpClient } from '@mondaydotcomorg/trident-backend-api';
+import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
+import { MembershipCreateResponse, MembershipDeleteResponse, MembershipForCreate, MembershipForDelete } from './types/memberships';
+export declare class MembershipsService {
+    private static API_PATHS;
+    private httpClient;
+    private fetchOptions;
+    /**
+     * Public constructor to create the MembershipsService instance.
+     * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
+     * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
+     */
+    constructor(httpClient?: HttpClient, fetchOptions?: RecursivePartial<FetcherConfig>);
+    /**
+     * Upsert memberships synchronously, performing http call to the authorization MS to assign the given memberships.
+     * @param accountId
+     * @param memberships - Array of memberships to upsert
+     * @returns MembershipCreateResponse - The affected (created and updated) memberships.
+     */
+    upsertMemberships(accountId: number, memberships: MembershipForCreate[]): Promise<MembershipCreateResponse>;
+    /**
+     * Delete memberships synchronously, performing http call to the authorization MS to delete the given memberships.
+     * @param accountId
+     * @param memberships - Array of memberships to delete.
+     * @returns MembershipDeleteResponse - The affected (deleted) memberships.
+     */
+    deleteMemberships(accountId: number, memberships: MembershipForDelete[]): Promise<MembershipDeleteResponse>;
+}
+//# sourceMappingURL=memberships.d.ts.map

package/dist/esm/memberships.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memberships.d.ts","sourceRoot":"","sources":["../../src/memberships.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,aAAa,EAAE,UAAU,EAAE,MAAM,sCAAsC,CAAC;AACtF,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EACL,wBAAwB,EACxB,wBAAwB,EACxB,mBAAmB,EACnB,mBAAmB,EACpB,MAAM,mBAAmB,CAAC;AAM3B,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAC,SAAS,CAGb;IACX,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,YAAY,CAAkC;IAEtD;;;;OAIG;gBACS,UAAU,CAAC,EAAE,UAAU,EAAE,YAAY,CAAC,EAAE,gBAAgB,CAAC,aAAa,CAAC;IAoBnF;;;;;OAKG;IACG,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,wBAAwB,CAAC;IA0BjH;;;;;OAKG;IACG,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,wBAAwB,CAAC;CAyBlH"}

package/dist/esm/memberships.mjs

@@ -0,0 +1,97 @@
+import { Api } from '@mondaydotcomorg/trident-backend-api';
+import { handleApiError } from './utils/api-error-handler.mjs';
+import { getAttributionsFromApi } from './attributions-service.mjs';
+import { ERROR_MESSAGES, DEFAULT_FETCH_OPTIONS, APP_NAME } from './constants.mjs';
+
+class MembershipsService {
+    static API_PATHS = {
+        UPSERT_MEMBERSHIPS: '/memberships/account/{accountId}',
+        DELETE_MEMBERSHIPS: '/memberships/account/{accountId}',
+    };
+    httpClient;
+    fetchOptions;
+    /**
+     * Public constructor to create the MembershipsService instance.
+     * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
+     * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
+     */
+    constructor(httpClient, fetchOptions) {
+        if (!httpClient) {
+            httpClient = Api.getPart('httpClient');
+            if (!httpClient) {
+                throw new Error(ERROR_MESSAGES.HTTP_CLIENT_NOT_INITIALIZED);
+            }
+        }
+        if (!fetchOptions) {
+            fetchOptions = DEFAULT_FETCH_OPTIONS;
+        }
+        else {
+            fetchOptions = {
+                ...DEFAULT_FETCH_OPTIONS,
+                ...fetchOptions,
+            };
+        }
+        this.httpClient = httpClient;
+        this.fetchOptions = fetchOptions;
+    }
+    /**
+     * Upsert memberships synchronously, performing http call to the authorization MS to assign the given memberships.
+     * @param accountId
+     * @param memberships - Array of memberships to upsert
+     * @returns MembershipCreateResponse - The affected (created and updated) memberships.
+     */
+    async upsertMemberships(accountId, memberships) {
+        const attributionHeaders = getAttributionsFromApi();
+        try {
+            return await this.httpClient.fetch({
+                url: {
+                    appName: APP_NAME,
+                    path: MembershipsService.API_PATHS.UPSERT_MEMBERSHIPS.replace('{accountId}', accountId.toString()),
+                },
+                method: 'PUT',
+                query: {
+                    useAStyleRoleId: 'true',
+                },
+                headers: {
+                    'Content-Type': 'application/json',
+                    ...attributionHeaders,
+                },
+                body: JSON.stringify({ memberships }),
+            }, this.fetchOptions);
+        }
+        catch (err) {
+            return handleApiError(err, 'authorization', 'upsertMemberships');
+        }
+    }
+    /**
+     * Delete memberships synchronously, performing http call to the authorization MS to delete the given memberships.
+     * @param accountId
+     * @param memberships - Array of memberships to delete.
+     * @returns MembershipDeleteResponse - The affected (deleted) memberships.
+     */
+    async deleteMemberships(accountId, memberships) {
+        const attributionHeaders = getAttributionsFromApi();
+        try {
+            return await this.httpClient.fetch({
+                url: {
+                    appName: APP_NAME,
+                    path: MembershipsService.API_PATHS.DELETE_MEMBERSHIPS.replace('{accountId}', accountId.toString()),
+                },
+                method: 'DELETE',
+                query: {
+                    useAStyleRoleId: 'true',
+                },
+                headers: {
+                    'Content-Type': 'application/json',
+                    ...attributionHeaders,
+                },
+                body: JSON.stringify({ memberships }),
+            }, this.fetchOptions);
+        }
+        catch (err) {
+            return handleApiError(err, 'authorization', 'deleteMemberships');
+        }
+    }
+}
+
+export { MembershipsService };

package/dist/esm/metrics-service.d.ts

@@ -1,5 +1,5 @@
 import { Metric } from '@mondaydotcomorg/monday-observability-kit';
-type ApiType = 'platform' | 'graph';
+type ApiType = 'platform' | 'graph' | 'authorization';
 export type MetricsClient = Pick<typeof Metric, 'distribution' | 'increment'>;
 interface InitializeMetricsOptions {
     client?: MetricsClient;
@@ -9,7 +9,7 @@ interface InitializeMetricsOptions {
     disabled?: boolean;
 }
 export declare function initializeMetrics(options: InitializeMetricsOptions): void;
-export declare function recordAuthorizationTiming(apiType: ApiType, duration: number): void;
-export declare function recordAuthorizationError(apiType: ApiType, statusCode: number): void;
+export declare function recordAuthorizationTiming(apiType: ApiType, duration: number, placement: string): void;
+export declare function recordAuthorizationError(apiType: ApiType, statusCode: number, placement: string): void;
 export {};
 //# sourceMappingURL=metrics-service.d.ts.map

package/dist/esm/metrics-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"metrics-service.d.ts","sourceRoot":"","sources":["../../src/metrics-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AAGnE,KAAK,OAAO,GAAG,UAAU,GAAG,OAAO,CAAC;AAEpC,MAAM,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,MAAM,EAAE,cAAc,GAAG,WAAW,CAAC,CAAC;AAE9E,UAAU,wBAAwB;IAChC,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAID,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,wBAAwB,GAAG,IAAI,CAiCzE;AAED,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAmBlF;AAED,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,GAAG,IAAI,CAmBnF"}
+{"version":3,"file":"metrics-service.d.ts","sourceRoot":"","sources":["../../src/metrics-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AAGnE,KAAK,OAAO,GAAG,UAAU,GAAG,OAAO,GAAG,eAAe,CAAC;AAEtD,MAAM,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,MAAM,EAAE,cAAc,GAAG,WAAW,CAAC,CAAC;AAE9E,UAAU,wBAAwB;IAChC,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAID,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,wBAAwB,GAAG,IAAI,CAiCzE;AAED,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI,CAoBrG;AAED,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI,CAwBtG"}

package/dist/esm/metrics-service.mjs

@@ -32,35 +32,37 @@ function initializeMetrics(options) {
         logger.warn({ tag: 'monday-authorization-sdk', error }, 'Failed to initialize metrics');
     }
 }
-function recordAuthorizationTiming(apiType, duration) {
+function recordAuthorizationTiming(apiType, duration, placement) {
     if (!metricsClient) {
         return;
     }
     try {
-        metricsClient.distribution(`authorization.authorizationCheck.${apiType}.duration`, duration);
+        metricsClient.distribution(`authorization.authorizationCheck.${apiType}.${placement}.duration`, duration);
     }
     catch (error) {
         logger.warn({
             tag: 'monday-authorization-sdk',
             metric: 'authorizationCheckDuration',
             apiType,
+            placement,
             duration,
             error,
         }, 'Failed to emit authorization timing metric');
     }
 }
-function recordAuthorizationError(apiType, statusCode) {
+function recordAuthorizationError(apiType, statusCode, placement) {
     if (!metricsClient) {
         return;
     }
     try {
-        metricsClient.increment(`authorization.authorizationCheck.${apiType}.error`, { statusCode: String(statusCode) }, 1);
+        metricsClient.increment(`authorization.authorizationCheck.${apiType}.${placement}.error`, { statusCode: String(statusCode) }, 1);
     }
     catch (error) {
         logger.warn({
             tag: 'monday-authorization-sdk',
             metric: 'authorizationCheckError',
             apiType,
+            placement,
             statusCode,
             error,
         }, 'Failed to emit authorization error metric');

package/dist/esm/types/memberships.d.ts

@@ -0,0 +1,42 @@
+export interface MembershipForCreate {
+    entityId: number;
+    entityType: string;
+    resourceId: number;
+    resourceType: string;
+    roleId: number;
+    roleType?: string;
+    addedById: number;
+}
+export interface MembershipForDelete {
+    entityId?: number;
+    entityType: string;
+    resourceId: number;
+    resourceType: string;
+}
+export interface Membership {
+    id: number;
+    entityId: number;
+    entityType: string;
+    resourceId: number;
+    resourceType: string;
+    roleId: number;
+    roleType: string;
+    addedById: null | number | undefined;
+    hops: number;
+    isNewRecord: boolean;
+    previousValues: Partial<Membership>;
+    walVersion: number | null | undefined;
+}
+export interface MembershipCreateResponse {
+    memberships: Membership[];
+}
+export interface MembershipDeleteResponse {
+    memberships: Membership[];
+}
+export interface MembershipCreateRequest {
+    memberships: MembershipForCreate[];
+}
+export interface MembershipDeleteRequest {
+    memberships: MembershipForDelete[];
+}
+//# sourceMappingURL=memberships.d.ts.map

package/dist/esm/types/memberships.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memberships.d.ts","sourceRoot":"","sources":["../../../src/types/memberships.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,IAAI,GAAG,MAAM,GAAG,SAAS,CAAC;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,OAAO,CAAC;IACrB,cAAc,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IACpC,UAAU,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC;CACvC;AAED,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,UAAU,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,UAAU,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,mBAAmB,EAAE,CAAC;CACpC;AAED,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,mBAAmB,EAAE,CAAC;CACpC"}

package/dist/esm/types/memberships.mjs

@@ -0,0 +1 @@
+

package/dist/esm/utils/api-error-handler.d.ts

@@ -1,2 +1,2 @@
-export declare function handleApiError(err: unknown, apiType: 'platform' | 'graph', placement: string): never;
+export declare function handleApiError(err: unknown, apiType: 'platform' | 'graph' | 'authorization', placement: string): never;
 //# sourceMappingURL=api-error-handler.d.ts.map

package/dist/esm/utils/api-error-handler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"api-error-handler.d.ts","sourceRoot":"","sources":["../../../src/utils/api-error-handler.ts"],"names":[],"mappings":"AAIA,wBAAgB,cAAc,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,EAAE,SAAS,EAAE,MAAM,GAAG,KAAK,CAgBpG"}
+{"version":3,"file":"api-error-handler.d.ts","sourceRoot":"","sources":["../../../src/utils/api-error-handler.ts"],"names":[],"mappings":"AAIA,wBAAgB,cAAc,CAC5B,GAAG,EAAE,OAAO,EACZ,OAAO,EAAE,UAAU,GAAG,OAAO,GAAG,eAAe,EAC/C,SAAS,EAAE,MAAM,GAChB,KAAK,CAgBP"}

package/dist/esm/utils/api-error-handler.mjs

@@ -4,13 +4,13 @@ import { recordAuthorizationError } from '../metrics-service.mjs';
 
 function handleApiError(err, apiType, placement) {
     if (err instanceof HttpFetcherError) {
-        logger.error({ tag: `${apiType}-api`, status: err.status, error: err.message }, `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API authorization request failed`);
-        recordAuthorizationError(apiType, err.status);
+        logger.error({ tag: `${apiType}-api`, status: err.status, error: err.message }, `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API ${placement} request failed`);
+        recordAuthorizationError(apiType, err.status, placement);
         AuthorizationInternalService.throwOnHttpError(err.status, placement);
     }
     else {
-        logger.error({ tag: `${apiType}-api`, error: err instanceof Error ? err.message : String(err) }, `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API authorization request failed`);
-        recordAuthorizationError(apiType, 500);
+        logger.error({ tag: `${apiType}-api`, error: err instanceof Error ? err.message : String(err) }, `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API ${placement} request failed`);
+        recordAuthorizationError(apiType, 500, placement);
         throw err;
     }
 }

package/dist/index.d.ts

@@ -20,6 +20,7 @@ export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthoriza
 export { AuthorizationService, AuthorizeResponse } from './authorization-service';
 export { AuthorizationAttributesService } from './authorization-attributes-service';
 export { RolesService } from './roles-service';
+export { MembershipsService } from './memberships';
 export { AuthorizationObject, Resource, BaseRequest, ResourceGetter, ContextGetter } from './types/general';
 export { Translation, ScopedAction, ScopedActionResponseObject, ScopedActionPermit, } from './types/scoped-actions-contracts';
 export { CustomRole, BasicRole, RoleType, RoleCreateRequest, RoleUpdateRequest, RolesResponse } from './types/roles';

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAqB,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,UAAU,kBAAkB;IAC1B,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;IAChD,OAAO,CAAC,EAAE,kBAAkB,CAAC;CAC9B;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBA6BnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAErH,OAAO,EAAE,OAAO,EAAE,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAqB,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,UAAU,kBAAkB;IAC1B,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;IAChD,OAAO,CAAC,EAAE,kBAAkB,CAAC;CAC9B;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBA6BnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAErH,OAAO,EAAE,OAAO,EAAE,CAAC"}

package/dist/index.js

@@ -7,6 +7,7 @@ const testKit_index = require('./testKit/index.js');
 const authorizationMiddleware = require('./authorization-middleware.js');
 const authorizationAttributesService = require('./authorization-attributes-service.js');
 const rolesService = require('./roles-service.js');
+const memberships = require('./memberships.js');
 const types_roles = require('./types/roles.js');
 
 async function init(options = {}) {
@@ -44,6 +45,7 @@ exports.getAuthorizationMiddleware = authorizationMiddleware.getAuthorizationMid
 exports.skipAuthorizationMiddleware = authorizationMiddleware.skipAuthorizationMiddleware;
 exports.AuthorizationAttributesService = authorizationAttributesService.AuthorizationAttributesService;
 exports.RolesService = rolesService.RolesService;
+exports.MembershipsService = memberships.MembershipsService;
 Object.defineProperty(exports, 'RoleType', {
 enumerable: true,
 get: () => types_roles.RoleType

package/dist/memberships.d.ts

@@ -0,0 +1,29 @@
+import { FetcherConfig, HttpClient } from '@mondaydotcomorg/trident-backend-api';
+import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
+import { MembershipCreateResponse, MembershipDeleteResponse, MembershipForCreate, MembershipForDelete } from './types/memberships';
+export declare class MembershipsService {
+    private static API_PATHS;
+    private httpClient;
+    private fetchOptions;
+    /**
+     * Public constructor to create the MembershipsService instance.
+     * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
+     * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
+     */
+    constructor(httpClient?: HttpClient, fetchOptions?: RecursivePartial<FetcherConfig>);
+    /**
+     * Upsert memberships synchronously, performing http call to the authorization MS to assign the given memberships.
+     * @param accountId
+     * @param memberships - Array of memberships to upsert
+     * @returns MembershipCreateResponse - The affected (created and updated) memberships.
+     */
+    upsertMemberships(accountId: number, memberships: MembershipForCreate[]): Promise<MembershipCreateResponse>;
+    /**
+     * Delete memberships synchronously, performing http call to the authorization MS to delete the given memberships.
+     * @param accountId
+     * @param memberships - Array of memberships to delete.
+     * @returns MembershipDeleteResponse - The affected (deleted) memberships.
+     */
+    deleteMemberships(accountId: number, memberships: MembershipForDelete[]): Promise<MembershipDeleteResponse>;
+}
+//# sourceMappingURL=memberships.d.ts.map

package/dist/memberships.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memberships.d.ts","sourceRoot":"","sources":["../src/memberships.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,aAAa,EAAE,UAAU,EAAE,MAAM,sCAAsC,CAAC;AACtF,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EACL,wBAAwB,EACxB,wBAAwB,EACxB,mBAAmB,EACnB,mBAAmB,EACpB,MAAM,mBAAmB,CAAC;AAM3B,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAC,SAAS,CAGb;IACX,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,YAAY,CAAkC;IAEtD;;;;OAIG;gBACS,UAAU,CAAC,EAAE,UAAU,EAAE,YAAY,CAAC,EAAE,gBAAgB,CAAC,aAAa,CAAC;IAoBnF;;;;;OAKG;IACG,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,wBAAwB,CAAC;IA0BjH;;;;;OAKG;IACG,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,wBAAwB,CAAC;CAyBlH"}

package/dist/memberships.js

@@ -0,0 +1,99 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+const tridentBackendApi = require('@mondaydotcomorg/trident-backend-api');
+const utils_apiErrorHandler = require('./utils/api-error-handler.js');
+const attributionsService = require('./attributions-service.js');
+const constants = require('./constants.js');
+
+class MembershipsService {
+    static API_PATHS = {
+        UPSERT_MEMBERSHIPS: '/memberships/account/{accountId}',
+        DELETE_MEMBERSHIPS: '/memberships/account/{accountId}',
+    };
+    httpClient;
+    fetchOptions;
+    /**
+     * Public constructor to create the MembershipsService instance.
+     * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
+     * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
+     */
+    constructor(httpClient, fetchOptions) {
+        if (!httpClient) {
+            httpClient = tridentBackendApi.Api.getPart('httpClient');
+            if (!httpClient) {
+                throw new Error(constants.ERROR_MESSAGES.HTTP_CLIENT_NOT_INITIALIZED);
+            }
+        }
+        if (!fetchOptions) {
+            fetchOptions = constants.DEFAULT_FETCH_OPTIONS;
+        }
+        else {
+            fetchOptions = {
+                ...constants.DEFAULT_FETCH_OPTIONS,
+                ...fetchOptions,
+            };
+        }
+        this.httpClient = httpClient;
+        this.fetchOptions = fetchOptions;
+    }
+    /**
+     * Upsert memberships synchronously, performing http call to the authorization MS to assign the given memberships.
+     * @param accountId
+     * @param memberships - Array of memberships to upsert
+     * @returns MembershipCreateResponse - The affected (created and updated) memberships.
+     */
+    async upsertMemberships(accountId, memberships) {
+        const attributionHeaders = attributionsService.getAttributionsFromApi();
+        try {
+            return await this.httpClient.fetch({
+                url: {
+                    appName: constants.APP_NAME,
+                    path: MembershipsService.API_PATHS.UPSERT_MEMBERSHIPS.replace('{accountId}', accountId.toString()),
+                },
+                method: 'PUT',
+                query: {
+                    useAStyleRoleId: 'true',
+                },
+                headers: {
+                    'Content-Type': 'application/json',
+                    ...attributionHeaders,
+                },
+                body: JSON.stringify({ memberships }),
+            }, this.fetchOptions);
+        }
+        catch (err) {
+            return utils_apiErrorHandler.handleApiError(err, 'authorization', 'upsertMemberships');
+        }
+    }
+    /**
+     * Delete memberships synchronously, performing http call to the authorization MS to delete the given memberships.
+     * @param accountId
+     * @param memberships - Array of memberships to delete.
+     * @returns MembershipDeleteResponse - The affected (deleted) memberships.
+     */
+    async deleteMemberships(accountId, memberships) {
+        const attributionHeaders = attributionsService.getAttributionsFromApi();
+        try {
+            return await this.httpClient.fetch({
+                url: {
+                    appName: constants.APP_NAME,
+                    path: MembershipsService.API_PATHS.DELETE_MEMBERSHIPS.replace('{accountId}', accountId.toString()),
+                },
+                method: 'DELETE',
+                query: {
+                    useAStyleRoleId: 'true',
+                },
+                headers: {
+                    'Content-Type': 'application/json',
+                    ...attributionHeaders,
+                },
+                body: JSON.stringify({ memberships }),
+            }, this.fetchOptions);
+        }
+        catch (err) {
+            return utils_apiErrorHandler.handleApiError(err, 'authorization', 'deleteMemberships');
+        }
+    }
+}
+
+exports.MembershipsService = MembershipsService;

package/dist/metrics-service.d.ts

@@ -1,5 +1,5 @@
 import { Metric } from '@mondaydotcomorg/monday-observability-kit';
-type ApiType = 'platform' | 'graph';
+type ApiType = 'platform' | 'graph' | 'authorization';
 export type MetricsClient = Pick<typeof Metric, 'distribution' | 'increment'>;
 interface InitializeMetricsOptions {
     client?: MetricsClient;
@@ -9,7 +9,7 @@ interface InitializeMetricsOptions {
     disabled?: boolean;
 }
 export declare function initializeMetrics(options: InitializeMetricsOptions): void;
-export declare function recordAuthorizationTiming(apiType: ApiType, duration: number): void;
-export declare function recordAuthorizationError(apiType: ApiType, statusCode: number): void;
+export declare function recordAuthorizationTiming(apiType: ApiType, duration: number, placement: string): void;
+export declare function recordAuthorizationError(apiType: ApiType, statusCode: number, placement: string): void;
 export {};
 //# sourceMappingURL=metrics-service.d.ts.map

package/dist/metrics-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"metrics-service.d.ts","sourceRoot":"","sources":["../src/metrics-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AAGnE,KAAK,OAAO,GAAG,UAAU,GAAG,OAAO,CAAC;AAEpC,MAAM,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,MAAM,EAAE,cAAc,GAAG,WAAW,CAAC,CAAC;AAE9E,UAAU,wBAAwB;IAChC,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAID,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,wBAAwB,GAAG,IAAI,CAiCzE;AAED,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAmBlF;AAED,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,GAAG,IAAI,CAmBnF"}
+{"version":3,"file":"metrics-service.d.ts","sourceRoot":"","sources":["../src/metrics-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AAGnE,KAAK,OAAO,GAAG,UAAU,GAAG,OAAO,GAAG,eAAe,CAAC;AAEtD,MAAM,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,MAAM,EAAE,cAAc,GAAG,WAAW,CAAC,CAAC;AAE9E,UAAU,wBAAwB;IAChC,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAID,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,wBAAwB,GAAG,IAAI,CAiCzE;AAED,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI,CAoBrG;AAED,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI,CAwBtG"}

package/dist/metrics-service.js

@@ -34,35 +34,37 @@ function initializeMetrics(options) {
         authorizationInternalService.logger.warn({ tag: 'monday-authorization-sdk', error }, 'Failed to initialize metrics');
     }
 }
-function recordAuthorizationTiming(apiType, duration) {
+function recordAuthorizationTiming(apiType, duration, placement) {
     if (!metricsClient) {
         return;
     }
     try {
-        metricsClient.distribution(`authorization.authorizationCheck.${apiType}.duration`, duration);
+        metricsClient.distribution(`authorization.authorizationCheck.${apiType}.${placement}.duration`, duration);
     }
     catch (error) {
         authorizationInternalService.logger.warn({
             tag: 'monday-authorization-sdk',
             metric: 'authorizationCheckDuration',
             apiType,
+            placement,
             duration,
             error,
         }, 'Failed to emit authorization timing metric');
     }
 }
-function recordAuthorizationError(apiType, statusCode) {
+function recordAuthorizationError(apiType, statusCode, placement) {
     if (!metricsClient) {
         return;
     }
     try {
-        metricsClient.increment(`authorization.authorizationCheck.${apiType}.error`, { statusCode: String(statusCode) }, 1);
+        metricsClient.increment(`authorization.authorizationCheck.${apiType}.${placement}.error`, { statusCode: String(statusCode) }, 1);
     }
     catch (error) {
         authorizationInternalService.logger.warn({
             tag: 'monday-authorization-sdk',
             metric: 'authorizationCheckError',
             apiType,
+            placement,
             statusCode,
             error,
         }, 'Failed to emit authorization error metric');

package/dist/types/memberships.d.ts

@@ -0,0 +1,42 @@
+export interface MembershipForCreate {
+    entityId: number;
+    entityType: string;
+    resourceId: number;
+    resourceType: string;
+    roleId: number;
+    roleType?: string;
+    addedById: number;
+}
+export interface MembershipForDelete {
+    entityId?: number;
+    entityType: string;
+    resourceId: number;
+    resourceType: string;
+}
+export interface Membership {
+    id: number;
+    entityId: number;
+    entityType: string;
+    resourceId: number;
+    resourceType: string;
+    roleId: number;
+    roleType: string;
+    addedById: null | number | undefined;
+    hops: number;
+    isNewRecord: boolean;
+    previousValues: Partial<Membership>;
+    walVersion: number | null | undefined;
+}
+export interface MembershipCreateResponse {
+    memberships: Membership[];
+}
+export interface MembershipDeleteResponse {
+    memberships: Membership[];
+}
+export interface MembershipCreateRequest {
+    memberships: MembershipForCreate[];
+}
+export interface MembershipDeleteRequest {
+    memberships: MembershipForDelete[];
+}
+//# sourceMappingURL=memberships.d.ts.map

package/dist/types/memberships.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memberships.d.ts","sourceRoot":"","sources":["../../src/types/memberships.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,IAAI,GAAG,MAAM,GAAG,SAAS,CAAC;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,OAAO,CAAC;IACrB,cAAc,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IACpC,UAAU,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC;CACvC;AAED,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,UAAU,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,UAAU,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,mBAAmB,EAAE,CAAC;CACpC;AAED,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,mBAAmB,EAAE,CAAC;CACpC"}

package/dist/types/memberships.js

@@ -0,0 +1 @@
+

package/dist/utils/api-error-handler.d.ts

@@ -1,2 +1,2 @@
-export declare function handleApiError(err: unknown, apiType: 'platform' | 'graph', placement: string): never;
+export declare function handleApiError(err: unknown, apiType: 'platform' | 'graph' | 'authorization', placement: string): never;
 //# sourceMappingURL=api-error-handler.d.ts.map

package/dist/utils/api-error-handler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"api-error-handler.d.ts","sourceRoot":"","sources":["../../src/utils/api-error-handler.ts"],"names":[],"mappings":"AAIA,wBAAgB,cAAc,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,EAAE,SAAS,EAAE,MAAM,GAAG,KAAK,CAgBpG"}
+{"version":3,"file":"api-error-handler.d.ts","sourceRoot":"","sources":["../../src/utils/api-error-handler.ts"],"names":[],"mappings":"AAIA,wBAAgB,cAAc,CAC5B,GAAG,EAAE,OAAO,EACZ,OAAO,EAAE,UAAU,GAAG,OAAO,GAAG,eAAe,EAC/C,SAAS,EAAE,MAAM,GAChB,KAAK,CAgBP"}

package/dist/utils/api-error-handler.js

@@ -6,13 +6,13 @@ const metricsService = require('../metrics-service.js');
 
 function handleApiError(err, apiType, placement) {
     if (err instanceof mondayFetchApi.HttpFetcherError) {
-        authorizationInternalService.logger.error({ tag: `${apiType}-api`, status: err.status, error: err.message }, `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API authorization request failed`);
-        metricsService.recordAuthorizationError(apiType, err.status);
+        authorizationInternalService.logger.error({ tag: `${apiType}-api`, status: err.status, error: err.message }, `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API ${placement} request failed`);
+        metricsService.recordAuthorizationError(apiType, err.status, placement);
         authorizationInternalService.AuthorizationInternalService.throwOnHttpError(err.status, placement);
     }
     else {
-        authorizationInternalService.logger.error({ tag: `${apiType}-api`, error: err instanceof Error ? err.message : String(err) }, `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API authorization request failed`);
-        metricsService.recordAuthorizationError(apiType, 500);
+        authorizationInternalService.logger.error({ tag: `${apiType}-api`, error: err instanceof Error ? err.message : String(err) }, `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API ${placement} request failed`);
+        metricsService.recordAuthorizationError(apiType, 500, placement);
         throw err;
     }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mondaydotcomorg/monday-authorization",
-  "version": "3.3.2",
+  "version": "3.4.0-feature-bashanye-add-membership-create-delete-api-234505c",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "license": "BSD-3-Clause",

package/src/authorization-service.ts

@@ -213,7 +213,7 @@ export class AuthorizationService {
       const { resourceType } = scopeToResource(scope);
       const isAuthorized = obj.permit.can;
       sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, 200, time);
-      recordAuthorizationTiming(apiType, time);
+      recordAuthorizationTiming(apiType, time, 'canActionInScopeMultiple');
     }
 
     return scopedActionResponseObjects;

package/src/clients/graph-api.ts

@@ -1,4 +1,5 @@
 import { Api, HttpClient } from '@mondaydotcomorg/trident-backend-api';
+import { signAuthorizationHeader } from '@mondaydotcomorg/monday-jwt';
 import {
   ScopedAction,
   ScopedActionResponseObject,
@@ -17,7 +18,6 @@ import {
   GraphPermissionReason,
 } from '../types/graph-api.types';
 import { scopeToResource } from '../utils/authorization.utils';
-import { signAuthorizationHeader } from '@mondaydotcomorg/monday-jwt';
 import { GRAPH_APP_NAME } from '../constants';
 import { handleApiError } from '../utils/api-error-handler';
 

package/src/index.ts

@@ -59,6 +59,7 @@ export {
 export { AuthorizationService, AuthorizeResponse } from './authorization-service';
 export { AuthorizationAttributesService } from './authorization-attributes-service';
 export { RolesService } from './roles-service';
+export { MembershipsService } from './memberships';
 export { AuthorizationObject, Resource, BaseRequest, ResourceGetter, ContextGetter } from './types/general';
 export {
   Translation,

package/src/memberships.ts

@@ -0,0 +1,110 @@
+import { Api, FetcherConfig, HttpClient } from '@mondaydotcomorg/trident-backend-api';
+import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
+import {
+  MembershipCreateResponse,
+  MembershipDeleteResponse,
+  MembershipForCreate,
+  MembershipForDelete,
+} from 'types/memberships';
+import { handleApiError } from 'utils/api-error-handler';
+import { getAttributionsFromApi } from './attributions-service';
+
+import { APP_NAME, DEFAULT_FETCH_OPTIONS, ERROR_MESSAGES } from './constants';
+
+export class MembershipsService {
+  private static API_PATHS = {
+    UPSERT_MEMBERSHIPS: '/memberships/account/{accountId}',
+    DELETE_MEMBERSHIPS: '/memberships/account/{accountId}',
+  } as const;
+  private httpClient: HttpClient;
+  private fetchOptions: RecursivePartial<FetcherConfig>;
+
+  /**
+   * Public constructor to create the MembershipsService instance.
+   * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
+   * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
+   */
+  constructor(httpClient?: HttpClient, fetchOptions?: RecursivePartial<FetcherConfig>) {
+    if (!httpClient) {
+      httpClient = Api.getPart('httpClient');
+      if (!httpClient) {
+        throw new Error(ERROR_MESSAGES.HTTP_CLIENT_NOT_INITIALIZED);
+      }
+    }
+
+    if (!fetchOptions) {
+      fetchOptions = DEFAULT_FETCH_OPTIONS;
+    } else {
+      fetchOptions = {
+        ...DEFAULT_FETCH_OPTIONS,
+        ...fetchOptions,
+      };
+    }
+    this.httpClient = httpClient;
+    this.fetchOptions = fetchOptions;
+  }
+
+  /**
+   * Upsert memberships synchronously, performing http call to the authorization MS to assign the given memberships.
+   * @param accountId
+   * @param memberships - Array of memberships to upsert
+   * @returns MembershipCreateResponse - The affected (created and updated) memberships.
+   */
+  async upsertMemberships(accountId: number, memberships: MembershipForCreate[]): Promise<MembershipCreateResponse> {
+    const attributionHeaders = getAttributionsFromApi();
+    try {
+      return await this.httpClient.fetch<MembershipCreateResponse>(
+        {
+          url: {
+            appName: APP_NAME,
+            path: MembershipsService.API_PATHS.UPSERT_MEMBERSHIPS.replace('{accountId}', accountId.toString()),
+          },
+          method: 'PUT',
+          query: {
+            useAStyleRoleId: 'true',
+          },
+          headers: {
+            'Content-Type': 'application/json',
+            ...attributionHeaders,
+          },
+          body: JSON.stringify({ memberships }),
+        },
+        this.fetchOptions
+      );
+    } catch (err) {
+      return handleApiError(err, 'authorization', 'upsertMemberships');
+    }
+  }
+
+  /**
+   * Delete memberships synchronously, performing http call to the authorization MS to delete the given memberships.
+   * @param accountId
+   * @param memberships - Array of memberships to delete.
+   * @returns MembershipDeleteResponse - The affected (deleted) memberships.
+   */
+  async deleteMemberships(accountId: number, memberships: MembershipForDelete[]): Promise<MembershipDeleteResponse> {
+    const attributionHeaders = getAttributionsFromApi();
+    try {
+      return await this.httpClient.fetch<MembershipDeleteResponse>(
+        {
+          url: {
+            appName: APP_NAME,
+            path: MembershipsService.API_PATHS.DELETE_MEMBERSHIPS.replace('{accountId}', accountId.toString()),
+          },
+          method: 'DELETE',
+          query: {
+            useAStyleRoleId: 'true',
+          },
+          headers: {
+            'Content-Type': 'application/json',
+            ...attributionHeaders,
+          },
+          body: JSON.stringify({ memberships }),
+        },
+        this.fetchOptions
+      );
+    } catch (err) {
+      return handleApiError(err, 'authorization', 'deleteMemberships');
+    }
+  }
+}

package/src/metrics-service.ts

@@ -1,7 +1,7 @@
 import { Metric } from '@mondaydotcomorg/monday-observability-kit';
 import { logger } from './authorization-internal-service';
 
-type ApiType = 'platform' | 'graph';
+type ApiType = 'platform' | 'graph' | 'authorization';
 
 export type MetricsClient = Pick<typeof Metric, 'distribution' | 'increment'>;
 
@@ -50,19 +50,20 @@ export function initializeMetrics(options: InitializeMetricsOptions): void {
   }
 }
 
-export function recordAuthorizationTiming(apiType: ApiType, duration: number): void {
+export function recordAuthorizationTiming(apiType: ApiType, duration: number, placement: string): void {
   if (!metricsClient) {
     return;
   }
 
   try {
-    metricsClient.distribution(`authorization.authorizationCheck.${apiType}.duration`, duration);
+    metricsClient.distribution(`authorization.authorizationCheck.${apiType}.${placement}.duration`, duration);
   } catch (error) {
     logger.warn(
       {
         tag: 'monday-authorization-sdk',
         metric: 'authorizationCheckDuration',
         apiType,
+        placement,
         duration,
         error,
       },
@@ -71,19 +72,24 @@ export function recordAuthorizationTiming(apiType: ApiType, duration: number): v
   }
 }
 
-export function recordAuthorizationError(apiType: ApiType, statusCode: number): void {
+export function recordAuthorizationError(apiType: ApiType, statusCode: number, placement: string): void {
   if (!metricsClient) {
     return;
   }
 
   try {
-    metricsClient.increment(`authorization.authorizationCheck.${apiType}.error`, { statusCode: String(statusCode) }, 1);
+    metricsClient.increment(
+      `authorization.authorizationCheck.${apiType}.${placement}.error`,
+      { statusCode: String(statusCode) },
+      1
+    );
   } catch (error) {
     logger.warn(
       {
         tag: 'monday-authorization-sdk',
         metric: 'authorizationCheckError',
         apiType,
+        placement,
         statusCode,
         error,
       },

package/src/types/memberships.ts

@@ -0,0 +1,47 @@
+export interface MembershipForCreate {
+  entityId: number; // Which entity has the role?
+  entityType: string; // What type of entity is this?
+  resourceId: number; // What resource is this membership for?
+  resourceType: string; // What type of resource is this membership for?
+  roleId: number; // What role is this membership for?
+  roleType?: string; // What type of role is this membership for? (basic/custom)
+  addedById: number; // Who added this membership? for logging purposes
+}
+
+export interface MembershipForDelete {
+  entityId?: number; // Which entity has the role? omit to delete all memberships to the resource
+  entityType: string; // What type of entity is this?
+  resourceId: number; // What resource is this membership for?
+  resourceType: string; // What type of resource is this membership for?
+}
+
+export interface Membership {
+  id: number;
+  entityId: number;
+  entityType: string;
+  resourceId: number;
+  resourceType: string;
+  roleId: number;
+  roleType: string;
+  addedById: null | number | undefined;
+  hops: number;
+  isNewRecord: boolean;
+  previousValues: Partial<Membership>;
+  walVersion: number | null | undefined;
+}
+
+export interface MembershipCreateResponse {
+  memberships: Membership[];
+}
+
+export interface MembershipDeleteResponse {
+  memberships: Membership[];
+}
+
+export interface MembershipCreateRequest {
+  memberships: MembershipForCreate[];
+}
+
+export interface MembershipDeleteRequest {
+  memberships: MembershipForDelete[];
+}

package/src/utils/api-error-handler.ts

@@ -2,20 +2,24 @@ import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
 import { AuthorizationInternalService, logger } from '../authorization-internal-service';
 import { recordAuthorizationError } from '../metrics-service';
 
-export function handleApiError(err: unknown, apiType: 'platform' | 'graph', placement: string): never {
+export function handleApiError(
+  err: unknown,
+  apiType: 'platform' | 'graph' | 'authorization',
+  placement: string
+): never {
   if (err instanceof HttpFetcherError) {
     logger.error(
       { tag: `${apiType}-api`, status: err.status, error: err.message },
-      `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API authorization request failed`
+      `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API ${placement} request failed`
     );
-    recordAuthorizationError(apiType, err.status);
+    recordAuthorizationError(apiType, err.status, placement);
     AuthorizationInternalService.throwOnHttpError(err.status, placement);
   } else {
     logger.error(
       { tag: `${apiType}-api`, error: err instanceof Error ? err.message : String(err) },
-      `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API authorization request failed`
+      `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API ${placement} request failed`
     );
-    recordAuthorizationError(apiType, 500);
+    recordAuthorizationError(apiType, 500, placement);
     throw err;
   }
 }