@mondaydotcomorg/monday-authorization 3.5.0-feat-use-profile-for-graph-can-action-in-scope-f1451ab → 3.5.0-feat-shaime-support-entity-attributes-in-authorization-sdk-c9e4cfc

package/dist/resource-attribute-assignment.d.ts

@@ -0,0 +1,25 @@
+import { ResourceType } from './resource-attributes-constants';
+export declare class ResourceAttributeAssignment {
+    readonly resourceId: number;
+    readonly resourceType: ResourceType;
+    readonly attributeKey: string;
+    readonly attributeValue: string;
+    constructor(resourceId: number, resourceType: string, attributeKey: string, attributeValue: string);
+    /**
+     * Converts the assignment to hash format with camelCase keys
+     * @returns Object with camelCase keys: { resourceId, resourceType, key, value }
+     */
+    toH(): {
+        resourceId: number;
+        resourceType: string;
+        key: string;
+        value: string;
+    };
+    /**
+     * Compares two assignments for equality
+     * @param other Another ResourceAttributeAssignment instance
+     * @returns true if all properties are equal
+     */
+    equals(other: ResourceAttributeAssignment): boolean;
+}
+//# sourceMappingURL=resource-attribute-assignment.d.ts.map

package/dist/resource-attribute-assignment.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resource-attribute-assignment.d.ts","sourceRoot":"","sources":["../src/resource-attribute-assignment.ts"],"names":[],"mappings":"AAAA,OAAO,EAAkB,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAG/E,qBAAa,2BAA2B;IACtC,SAAgB,UAAU,EAAE,MAAM,CAAC;IACnC,SAAgB,YAAY,EAAE,YAAY,CAAC;IAC3C,SAAgB,YAAY,EAAE,MAAM,CAAC;IACrC,SAAgB,cAAc,EAAE,MAAM,CAAC;gBAE3B,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM;IA8BlG;;;OAGG;IACH,GAAG,IAAI;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE;IAS/E;;;;OAIG;IACH,MAAM,CAAC,KAAK,EAAE,2BAA2B,GAAG,OAAO;CAWpD"}

package/dist/resource-attribute-assignment.js

@@ -0,0 +1,62 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+const resourceAttributesConstants = require('./resource-attributes-constants.js');
+const errors_argumentError = require('./errors/argument-error.js');
+
+class ResourceAttributeAssignment {
+    resourceId;
+    resourceType;
+    attributeKey;
+    attributeValue;
+    constructor(resourceId, resourceType, attributeKey, attributeValue) {
+        // Validate resourceId
+        if (!Number.isInteger(resourceId)) {
+            throw new errors_argumentError.ArgumentError(`resourceId must be an integer, got: ${resourceId}`);
+        }
+        // Validate resourceType
+        const validResourceTypes = Object.values(resourceAttributesConstants.RESOURCE_TYPES);
+        if (!validResourceTypes.includes(resourceType)) {
+            throw new errors_argumentError.ArgumentError(`resourceType must be one of [${validResourceTypes.join(', ')}], got: ${resourceType}`);
+        }
+        // Validate attributeKey
+        if (typeof attributeKey !== 'string') {
+            throw new errors_argumentError.ArgumentError(`attributeKey must be a string, got: ${typeof attributeKey}`);
+        }
+        // Validate attributeValue
+        if (typeof attributeValue !== 'string') {
+            throw new errors_argumentError.ArgumentError(`attributeValue must be a string, got: ${typeof attributeValue}`);
+        }
+        this.resourceId = resourceId;
+        this.resourceType = resourceType;
+        this.attributeKey = attributeKey;
+        this.attributeValue = attributeValue;
+    }
+    /**
+     * Converts the assignment to hash format with camelCase keys
+     * @returns Object with camelCase keys: { resourceId, resourceType, key, value }
+     */
+    toH() {
+        return {
+            resourceId: this.resourceId,
+            resourceType: this.resourceType,
+            key: this.attributeKey,
+            value: this.attributeValue,
+        };
+    }
+    /**
+     * Compares two assignments for equality
+     * @param other Another ResourceAttributeAssignment instance
+     * @returns true if all properties are equal
+     */
+    equals(other) {
+        if (!(other instanceof ResourceAttributeAssignment)) {
+            return false;
+        }
+        return (this.resourceId === other.resourceId &&
+            this.resourceType === other.resourceType &&
+            this.attributeKey === other.attributeKey &&
+            this.attributeValue === other.attributeValue);
+    }
+}
+
+exports.ResourceAttributeAssignment = ResourceAttributeAssignment;

package/dist/resource-attributes-constants.d.ts

@@ -0,0 +1,25 @@
+export declare const RESOURCE_TYPES: {
+    readonly ACCOUNT: "account";
+    readonly ACCOUNT_PRODUCT: "account_product";
+    readonly WORKSPACE: "workspace";
+    readonly BOARD: "board";
+    readonly ITEM: "item";
+    readonly TEAM: "team";
+    readonly OVERVIEW: "overview";
+    readonly DOCUMENT: "document";
+    readonly CRM: "crm";
+};
+export declare const RESOURCE_ATTRIBUTES_CONSTANTS: {
+    readonly ACCOUNT_RESOURCE_ATTRIBUTES: {
+        readonly ENABLE_MEMBERS_INVITE_FROM_NON_AUTH_DOMAIN: "enable_members_invite_from_non_auth_domain";
+    };
+    readonly WORKSPACE_RESOURCE_ATTRIBUTES: {
+        readonly IS_DEFAULT_WORKSPACE: "is_default_workspace";
+    };
+    readonly BOARD_RESOURCE_ATTRIBUTES: {
+        readonly IS_SYNCABLE_CHILD_ENTITY: "is_syncable_child_entity";
+        readonly SYSTEM_ENTITY_TYPE: "system_entity_type";
+    };
+};
+export type ResourceType = typeof RESOURCE_TYPES[keyof typeof RESOURCE_TYPES];
+//# sourceMappingURL=resource-attributes-constants.d.ts.map

package/dist/resource-attributes-constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resource-attributes-constants.d.ts","sourceRoot":"","sources":["../src/resource-attributes-constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,cAAc;;;;;;;;;;CAUjB,CAAC;AAEX,eAAO,MAAM,6BAA6B;;;;;;;;;;;CAWhC,CAAC;AAEX,MAAM,MAAM,YAAY,GAAG,OAAO,cAAc,CAAC,MAAM,OAAO,cAAc,CAAC,CAAC"}

package/dist/resource-attributes-constants.js

@@ -0,0 +1,28 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+const RESOURCE_TYPES = {
+    ACCOUNT: 'account',
+    ACCOUNT_PRODUCT: 'account_product',
+    WORKSPACE: 'workspace',
+    BOARD: 'board',
+    ITEM: 'item',
+    TEAM: 'team',
+    OVERVIEW: 'overview',
+    DOCUMENT: 'document',
+    CRM: 'crm',
+};
+const RESOURCE_ATTRIBUTES_CONSTANTS = {
+    ACCOUNT_RESOURCE_ATTRIBUTES: {
+        ENABLE_MEMBERS_INVITE_FROM_NON_AUTH_DOMAIN: 'enable_members_invite_from_non_auth_domain',
+    },
+    WORKSPACE_RESOURCE_ATTRIBUTES: {
+        IS_DEFAULT_WORKSPACE: 'is_default_workspace',
+    },
+    BOARD_RESOURCE_ATTRIBUTES: {
+        IS_SYNCABLE_CHILD_ENTITY: 'is_syncable_child_entity',
+        SYSTEM_ENTITY_TYPE: 'system_entity_type',
+    },
+};
+
+exports.RESOURCE_ATTRIBUTES_CONSTANTS = RESOURCE_ATTRIBUTES_CONSTANTS;
+exports.RESOURCE_TYPES = RESOURCE_TYPES;

package/dist/types/authorization-attributes-contracts.d.ts

@@ -1,13 +1,29 @@
 import { Resource } from './general';
+export type ResourceType = 'account' | 'account_product' | 'workspace' | 'board' | 'item' | 'team' | 'overview' | 'document' | 'crm';
+export type EntityType = 'user' | 'team' | 'account';
+export type CommonAttributeKey = string;
+export type ResourceAttributeKey = string;
+export type EntityAttributeKey = string;
+export type ResourceAttributeKeyType = CommonAttributeKey | ResourceAttributeKey;
+export type EntityAttributeKeyType = CommonAttributeKey | EntityAttributeKey;
 export interface ResourceAttributeAssignment {
-    resourceType: Resource['type'];
-    resourceId: Resource['id'];
-    key: string;
+    resourceId: number;
+    resourceType: ResourceType;
+    key: ResourceAttributeKeyType;
+    value: string;
+}
+export interface EntityAttributeAssignment {
+    entityId: number;
+    entityType: EntityType;
+    key: EntityAttributeKeyType;
     value: string;
 }
 export interface ResourceAttributeResponse {
     attributes: ResourceAttributeAssignment[];
 }
+export interface EntityAttributeResponse {
+    attributes: EntityAttributeAssignment[];
+}
 export interface ResourceAttributeDelete {
     resourceType: Resource['type'];
     resourceId: Resource['id'];

package/dist/types/authorization-attributes-contracts.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-attributes-contracts.d.ts","sourceRoot":"","sources":["../../src/types/authorization-attributes-contracts.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAErC,MAAM,WAAW,2BAA2B;IAC1C,YAAY,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC/B,UAAU,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC3B,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,yBAAyB;IACxC,UAAU,EAAE,2BAA2B,EAAE,CAAC;CAC3C;AAED,MAAM,WAAW,uBAAuB;IACtC,YAAY,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC/B,UAAU,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC3B,GAAG,EAAE,MAAM,CAAC;CACb;AAED,oBAAY,8BAA8B;IACxC,MAAM,WAAW;IACjB,MAAM,WAAW;CAClB;AAED,UAAU,gCAAiC,SAAQ,2BAA2B;IAC5E,aAAa,EAAE,8BAA8B,CAAC,MAAM,CAAC;CACtD;AAED,UAAU,gCAAiC,SAAQ,uBAAuB;IACxE,aAAa,EAAE,8BAA8B,CAAC,MAAM,CAAC;CACtD;AAED,MAAM,MAAM,2BAA2B,GAAG,gCAAgC,GAAG,gCAAgC,CAAC"}
+{"version":3,"file":"authorization-attributes-contracts.d.ts","sourceRoot":"","sources":["../../src/types/authorization-attributes-contracts.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAGrC,MAAM,MAAM,YAAY,GACpB,SAAS,GACT,iBAAiB,GACjB,WAAW,GACX,OAAO,GACP,MAAM,GACN,MAAM,GACN,UAAU,GACV,UAAU,GACV,KAAK,CAAC;AAGV,MAAM,MAAM,UAAU,GAClB,MAAM,GACN,MAAM,GACN,SAAS,CAAC;AAGd,MAAM,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAGxC,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC;AAG1C,MAAM,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAGxC,MAAM,MAAM,wBAAwB,GAAG,kBAAkB,GAAG,oBAAoB,CAAC;AACjF,MAAM,MAAM,sBAAsB,GAAG,kBAAkB,GAAG,kBAAkB,CAAC;AAG7E,MAAM,WAAW,2BAA2B;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,YAAY,CAAC;IAC3B,GAAG,EAAE,wBAAwB,CAAC;IAC9B,KAAK,EAAE,MAAM,CAAC;CACf;AAGD,MAAM,WAAW,yBAAyB;IACxC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,UAAU,CAAC;IACvB,GAAG,EAAE,sBAAsB,CAAC;IAC5B,KAAK,EAAE,MAAM,CAAC;CACf;AAGD,MAAM,WAAW,yBAAyB;IACxC,UAAU,EAAE,2BAA2B,EAAE,CAAC;CAC3C;AAED,MAAM,WAAW,uBAAuB;IACtC,UAAU,EAAE,yBAAyB,EAAE,CAAC;CACzC;AAGD,MAAM,WAAW,uBAAuB;IACtC,YAAY,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC/B,UAAU,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC3B,GAAG,EAAE,MAAM,CAAC;CACb;AAED,oBAAY,8BAA8B;IACxC,MAAM,WAAW;IACjB,MAAM,WAAW;CAClB;AAED,UAAU,gCAAiC,SAAQ,2BAA2B;IAC5E,aAAa,EAAE,8BAA8B,CAAC,MAAM,CAAC;CACtD;AAED,UAAU,gCAAiC,SAAQ,uBAAuB;IACxE,aAAa,EAAE,8BAA8B,CAAC,MAAM,CAAC;CACtD;AAED,MAAM,MAAM,2BAA2B,GAAG,gCAAgC,GAAG,gCAAgC,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mondaydotcomorg/monday-authorization",
-  "version": "3.5.0-feat-use-profile-for-graph-can-action-in-scope-f1451ab",
+  "version": "3.5.0-feat-shaime-support-entity-attributes-in-authorization-sdk-c9e4cfc",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "license": "BSD-3-Clause",

package/src/attributions-service.ts

@@ -53,6 +53,10 @@ export function getAttributionsFromApi(): { [key: string]: string } {
     const runtimeAttributionsOutgoingHeaders = runtimeAttributions?.buildOutgoingHeaders('HTTP_INTERNAL');
 
     if (!runtimeAttributionsOutgoingHeaders) {
+      logger.info(
+        { tag: 'authorization-service', runtimeAttributionsOutgoingHeaders },
+        'No runtime attributions outgoing headers'
+      );
       return callerAppNameFromSdk;
     }
 

package/src/authorization-attributes-ms-service.ts

@@ -0,0 +1,327 @@
+import { Api, HttpClient } from '@mondaydotcomorg/trident-backend-api';
+import { signAuthorizationHeader } from '@mondaydotcomorg/monday-jwt';
+import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
+import { ResourceAttributeAssignment } from './resource-attribute-assignment';
+import { ArgumentError } from './errors/argument-error';
+import { logger } from './authorization-internal-service';
+import { getAttributionsFromApi } from './attributions-service';
+import { AuthorizationInternalService } from './authorization-internal-service';
+import { APP_NAME } from './constants';
+
+const INTERNAL_APP_NAME = 'internal_ms';
+const UPSERT_RESOURCE_ATTRIBUTES_PATH = '/attributes/{accountId}/resource';
+const DELETE_RESOURCE_ATTRIBUTES_PATH = '/attributes/{accountId}/resource/{resourceType}/{resourceId}';
+
+interface Resource {
+  resourceType: string;
+  resourceId: number;
+}
+
+interface UpsertRequestBody {
+  resourceAttributeAssignments: Array<{
+    resourceId: number;
+    resourceType: string;
+    key: string;
+    value: string;
+  }>;
+}
+
+interface DeleteRequestBody {
+  keys: string[];
+}
+
+/**
+ * Service class for managing resource attributes in the authorization microservice.
+ * Provides synchronous HTTP operations to create/update and delete attributes on resources.
+ */
+export class AuthorizationAttributesMsService {
+  private static LOG_TAG = 'authorization_attributes_ms';
+
+  /**
+   * Gets request headers including Authorization, Content-Type, and optional attribution headers
+   */
+  private static getRequestHeaders(accountId: number, userId?: number): Record<string, string> {
+    const headers: Record<string, string> = {
+      'Content-Type': 'application/json',
+    };
+
+    // Generate Authorization token
+    const authToken = signAuthorizationHeader({
+      appName: INTERNAL_APP_NAME,
+      accountId,
+      userId,
+    });
+    headers.Authorization = authToken;
+
+    // Add attribution headers if available
+    const attributionHeaders = getAttributionsFromApi();
+    for (const key in attributionHeaders) {
+      if (attributionHeaders.hasOwnProperty(key)) {
+        headers[key] = attributionHeaders[key];
+      }
+    }
+
+    // Add X-REQUEST-ID if available from context
+    try {
+      const tridentContext = Api.getPart('context');
+      if (tridentContext?.runtimeAttributions) {
+        const outgoingHeaders = tridentContext.runtimeAttributions.buildOutgoingHeaders('HTTP_INTERNAL');
+        if (outgoingHeaders) {
+          const attributionHeadersMap: Record<string, string> = {};
+          for (const [key, value] of outgoingHeaders) {
+            attributionHeadersMap[key] = value;
+          }
+          if (attributionHeadersMap['x-request-id']) {
+            headers['X-REQUEST-ID'] = attributionHeadersMap['x-request-id'];
+          }
+        }
+      }
+    } catch (error) {
+      // Silently fail if context is not available
+      logger.debug({ tag: this.LOG_TAG, error }, 'Failed to get request ID from context');
+    }
+
+    // Add X-REQUEST-START timestamp
+    headers['X-REQUEST-START'] = Math.floor(Date.now() / 1000).toString();
+
+    return headers;
+  }
+
+  /**
+   * Validates that all messages are instances of the specified message class
+   */
+  private static validateMessages<T>(
+    attributesMessages: T[],
+    messageClass: new (...args: any[]) => T
+  ): void {
+    if (typeof messageClass !== 'function') {
+      throw new ArgumentError('messageClass must be a class/constructor function');
+    }
+
+    if (!Array.isArray(attributesMessages)) {
+      throw new ArgumentError('attributesMessages must be an array');
+    }
+
+    for (let i = 0; i < attributesMessages.length; i++) {
+      if (!(attributesMessages[i] instanceof messageClass)) {
+        const className = (messageClass as any).name || 'ResourceAttributeAssignment';
+        throw new ArgumentError(
+          `All attributesMessages must be instances of ${className}, but item at index ${i} is not`
+        );
+      }
+    }
+  }
+
+  /**
+   * Creates or updates resource attributes synchronously.
+   * @param accountId The account ID
+   * @param resourceAttributeAssignments Array of ResourceAttributeAssignment objects
+   * @returns Promise<void>
+   */
+  static async upsertResourceAttributesSync(
+    accountId: number,
+    resourceAttributeAssignments: ResourceAttributeAssignment[]
+  ): Promise<void> {
+    // Skip HTTP requests in test environment
+    if (process.env.NODE_ENV === 'test') {
+      logger.debug(
+        { tag: this.LOG_TAG, accountId, count: resourceAttributeAssignments.length },
+        'Skipping upsertResourceAttributesSync in test environment'
+      );
+      return;
+    }
+
+    // Validate inputs
+    if (!Number.isInteger(accountId)) {
+      throw new ArgumentError(`accountId must be an integer, got: ${accountId}`);
+    }
+
+    if (!Array.isArray(resourceAttributeAssignments)) {
+      throw new ArgumentError('resourceAttributeAssignments must be an array');
+    }
+
+    if (resourceAttributeAssignments.length === 0) {
+      logger.warn({ tag: this.LOG_TAG, accountId }, 'upsertResourceAttributesSync called with empty array');
+      return;
+    }
+
+    // Validate all assignments are instances of ResourceAttributeAssignment
+    this.validateMessages(resourceAttributeAssignments, ResourceAttributeAssignment);
+
+    // Convert assignments to hash format
+    const assignmentsHash = resourceAttributeAssignments.map(assignment => assignment.toH());
+
+    // Build request body
+    const requestBody: UpsertRequestBody = {
+      resourceAttributeAssignments: assignmentsHash,
+    };
+
+    const httpClient = Api.getPart('httpClient');
+    if (!httpClient) {
+      throw new Error('AuthorizationAttributesMsService: HTTP client is not initialized');
+    }
+    const path = UPSERT_RESOURCE_ATTRIBUTES_PATH.replace('{accountId}', accountId.toString());
+    const headers = this.getRequestHeaders(accountId);
+
+    try {
+      logger.info(
+        { tag: this.LOG_TAG, accountId, count: resourceAttributeAssignments.length },
+        'Upserting resource attributes'
+      );
+
+      await httpClient.fetch(
+        {
+          url: {
+            appName: APP_NAME,
+            path,
+          },
+          method: 'POST',
+          headers,
+          body: JSON.stringify(requestBody),
+        },
+        {
+          timeout: AuthorizationInternalService.getRequestTimeout(),
+          retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+        }
+      );
+
+      logger.info(
+        { tag: this.LOG_TAG, accountId, count: resourceAttributeAssignments.length },
+        'Successfully upserted resource attributes'
+      );
+    } catch (err) {
+      logger.error(
+        {
+          tag: this.LOG_TAG,
+          accountId,
+          method: 'upsertResourceAttributesSync',
+          error: err instanceof Error ? err.message : String(err),
+        },
+        'Failed to upsert resource attributes'
+      );
+
+      if (err instanceof HttpFetcherError) {
+        throw new Error(
+          `AuthorizationAttributesMsService: [upsertResourceAttributesSync] request failed with status ${err.status}: ${err.message}`
+        );
+      }
+      throw err;
+    }
+  }
+
+  /**
+   * Deletes specific attributes from a resource synchronously.
+   * @param accountId The account ID
+   * @param resource Object with resourceType (string) and resourceId (number)
+   * @param attributeKeys Array of attribute key strings to delete
+   * @returns Promise<void>
+   */
+  static async deleteResourceAttributesSync(
+    accountId: number,
+    resource: Resource,
+    attributeKeys: string[]
+  ): Promise<void> {
+    // Skip HTTP requests in test environment
+    if (process.env.NODE_ENV === 'test') {
+      logger.debug(
+        { tag: this.LOG_TAG, accountId, resource, attributeKeys },
+        'Skipping deleteResourceAttributesSync in test environment'
+      );
+      return;
+    }
+
+    // Validate inputs
+    if (!Number.isInteger(accountId)) {
+      throw new ArgumentError(`accountId must be an integer, got: ${accountId}`);
+    }
+
+    if (!resource || typeof resource !== 'object') {
+      throw new ArgumentError('resource must be an object');
+    }
+
+    if (!Number.isInteger(resource.resourceId)) {
+      throw new ArgumentError(`resource.resourceId must be an integer, got: ${resource.resourceId}`);
+    }
+
+    if (typeof resource.resourceType !== 'string') {
+      throw new ArgumentError(`resource.resourceType must be a string, got: ${typeof resource.resourceType}`);
+    }
+
+    if (!Array.isArray(attributeKeys)) {
+      throw new ArgumentError('attributeKeys must be an array');
+    }
+
+    if (attributeKeys.length === 0) {
+      logger.warn({ tag: this.LOG_TAG, accountId, resource }, 'deleteResourceAttributesSync called with empty keys array');
+      return;
+    }
+
+    // Validate all keys are strings
+    for (let i = 0; i < attributeKeys.length; i++) {
+      if (typeof attributeKeys[i] !== 'string') {
+        throw new ArgumentError(`All attributeKeys must be strings, but item at index ${i} is not`);
+      }
+    }
+
+    // Build request body
+    const requestBody: DeleteRequestBody = {
+      keys: attributeKeys,
+    };
+
+    const httpClient = Api.getPart('httpClient');
+    if (!httpClient) {
+      throw new Error('AuthorizationAttributesMsService: HTTP client is not initialized');
+    }
+    const path = DELETE_RESOURCE_ATTRIBUTES_PATH.replace('{accountId}', accountId.toString())
+      .replace('{resourceType}', resource.resourceType)
+      .replace('{resourceId}', resource.resourceId.toString());
+    const headers = this.getRequestHeaders(accountId);
+
+    try {
+      logger.info(
+        { tag: this.LOG_TAG, accountId, resource, keys: attributeKeys },
+        'Deleting resource attributes'
+      );
+
+      await httpClient.fetch(
+        {
+          url: {
+            appName: APP_NAME,
+            path,
+          },
+          method: 'DELETE',
+          headers,
+          body: JSON.stringify(requestBody),
+        },
+        {
+          timeout: AuthorizationInternalService.getRequestTimeout(),
+          retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+        }
+      );
+
+      logger.info(
+        { tag: this.LOG_TAG, accountId, resource, keys: attributeKeys },
+        'Successfully deleted resource attributes'
+      );
+    } catch (err) {
+      logger.error(
+        {
+          tag: this.LOG_TAG,
+          accountId,
+          method: 'deleteResourceAttributesSync',
+          resource,
+          error: err instanceof Error ? err.message : String(err),
+        },
+        'Failed to delete resource attributes'
+      );
+
+      if (err instanceof HttpFetcherError) {
+        throw new Error(
+          `AuthorizationAttributesMsService: [deleteResourceAttributesSync] request failed with status ${err.status}: ${err.message}`
+        );
+      }
+      throw err;
+    }
+  }
+}
+