@oxyhq/core 1.11.10 → 1.11.11

package/dist/types/HttpService.d.ts

@@ -50,6 +50,7 @@ export declare class HttpService {
     private tokenRefreshPromise;
     private tokenRefreshCooldownUntil;
     private _onTokenRefreshed;
+    private _actingAsUserId;
     private requestMetrics;
     constructor(config: OxyConfig);
     /**
@@ -93,6 +94,8 @@ export declare class HttpService {
     put<T = unknown>(url: string, data?: unknown, config?: Omit<RequestConfig, 'method' | 'url' | 'data'>): Promise<T>;
     patch<T = unknown>(url: string, data?: unknown, config?: Omit<RequestConfig, 'method' | 'url' | 'data'>): Promise<T>;
     delete<T = unknown>(url: string, config?: Omit<RequestConfig, 'method' | 'url'>): Promise<T>;
+    setActingAs(userId: string | null): void;
+    getActingAs(): string | null;
     setTokens(accessToken: string, refreshToken?: string): void;
     set onTokenRefreshed(callback: ((accessToken: string) => void) | null);
     clearTokens(): void;

package/dist/types/OxyServices.base.d.ts

@@ -81,6 +81,23 @@ export declare class OxyServicesBase {
      * Get the raw access token (for constructing anchor URLs when needed)
      */
     getAccessToken(): string | null;
+    /**
+     * Set the acting-as identity for managed accounts.
+     *
+     * When set, all subsequent API requests will include the `X-Acting-As` header,
+     * causing the server to attribute actions to the managed account. The
+     * authenticated user must be an authorized manager of the target account.
+     *
+     * Pass `null` to clear and revert to the authenticated user's own identity.
+     *
+     * @param userId - The managed account user ID, or null to clear
+     */
+    setActingAs(userId: string | null): void;
+    /**
+     * Get the current acting-as identity (managed account user ID), or null
+     * if operating as the authenticated user's own identity.
+     */
+    getActingAs(): string | null;
     /**
      * Wait for authentication to be ready
      *

package/dist/types/index.d.ts

@@ -25,6 +25,7 @@ export type { PopupAuthOptions } from './mixins/OxyServices.popup';
 export type { RedirectAuthOptions } from './mixins/OxyServices.redirect';
 export type { ServiceTokenResponse } from './mixins/OxyServices.auth';
 export type { ServiceApp } from './mixins/OxyServices.utility';
+export type { CreateManagedAccountInput, ManagedAccountManager, ManagedAccount } from './mixins/OxyServices.managedAccounts';
 export { KeyManager, SignatureService, RecoveryPhraseService } from './crypto';
 export type { KeyPair, SignedMessage, AuthChallenge, RecoveryPhraseResult } from './crypto';
 export * from './models/interfaces';

package/dist/types/mixins/OxyServices.analytics.d.ts

@@ -50,6 +50,8 @@ export declare function OxyServicesAnalyticsMixin<T extends typeof OxyServicesBa
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.assets.d.ts

@@ -128,6 +128,8 @@ export declare function OxyServicesAssetsMixin<T extends typeof OxyServicesBase>
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.auth.d.ts

@@ -206,6 +206,8 @@ export declare function OxyServicesAuthMixin<T extends typeof OxyServicesBase>(B
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.developer.d.ts

@@ -83,6 +83,8 @@ export declare function OxyServicesDeveloperMixin<T extends typeof OxyServicesBa
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.devices.d.ts

@@ -80,6 +80,8 @@ export declare function OxyServicesDevicesMixin<T extends typeof OxyServicesBase
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.features.d.ts

@@ -212,6 +212,8 @@ export declare function OxyServicesFeaturesMixin<T extends typeof OxyServicesBas
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;
@@ -223,7 +225,9 @@ export declare function OxyServicesFeaturesMixin<T extends typeof OxyServicesBas
         healthCheck(): Promise<{
             status: string;
             users?: number;
-            timestamp?: string;
+            timestamp? /**
+             * Get FAQs
+             */: string;
             [key: string]: any;
         }>;
     };

package/dist/types/mixins/OxyServices.fedcm.d.ts

@@ -188,6 +188,8 @@ export declare function OxyServicesFedCMMixin<T extends typeof OxyServicesBase>(
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.karma.d.ts

@@ -69,6 +69,8 @@ export declare function OxyServicesKarmaMixin<T extends typeof OxyServicesBase>(
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.language.d.ts

@@ -65,6 +65,8 @@ export declare function OxyServicesLanguageMixin<T extends typeof OxyServicesBas
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.location.d.ts

@@ -48,6 +48,8 @@ export declare function OxyServicesLocationMixin<T extends typeof OxyServicesBas
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.managedAccounts.d.ts

@@ -0,0 +1,125 @@
+/**
+ * Managed Accounts Methods Mixin
+ *
+ * Provides SDK methods for creating and managing sub-accounts (managed identities).
+ * Managed accounts are full User documents without passwords, accessible only
+ * by their owners/managers via the X-Acting-As header mechanism.
+ */
+import type { User } from '../models/interfaces';
+import type { OxyServicesBase } from '../OxyServices.base';
+export interface CreateManagedAccountInput {
+    username: string;
+    name?: {
+        first?: string;
+        last?: string;
+    };
+    bio?: string;
+    avatar?: string;
+}
+export interface ManagedAccountManager {
+    userId: string;
+    role: 'owner' | 'admin' | 'editor';
+    addedAt: string;
+    addedBy?: string;
+}
+export interface ManagedAccount {
+    accountId: string;
+    ownerId: string;
+    managers: ManagedAccountManager[];
+    account?: User;
+    createdAt?: string;
+    updatedAt?: string;
+}
+export declare function OxyServicesManagedAccountsMixin<T extends typeof OxyServicesBase>(Base: T): {
+    new (...args: any[]): {
+        /**
+         * Create a new managed account (sub-account).
+         *
+         * The server creates a User document with `isManagedAccount: true` and links
+         * it to the authenticated user as owner.
+         */
+        createManagedAccount(data: CreateManagedAccountInput): Promise<ManagedAccount>;
+        /**
+         * List all accounts the authenticated user manages.
+         */
+        getManagedAccounts(): Promise<ManagedAccount[]>;
+        /**
+         * Get details for a specific managed account.
+         */
+        getManagedAccountDetails(accountId: string): Promise<ManagedAccount>;
+        /**
+         * Update a managed account's profile data.
+         * Requires owner or admin role.
+         */
+        updateManagedAccount(accountId: string, data: Partial<CreateManagedAccountInput>): Promise<ManagedAccount>;
+        /**
+         * Delete a managed account permanently.
+         * Requires owner role.
+         */
+        deleteManagedAccount(accountId: string): Promise<void>;
+        /**
+         * Add a manager to a managed account.
+         * Requires owner or admin role on the account.
+         *
+         * @param accountId - The managed account to add the manager to
+         * @param userId - The user to grant management access
+         * @param role - The role to assign: 'admin' or 'editor'
+         */
+        addManager(accountId: string, userId: string, role: "admin" | "editor"): Promise<void>;
+        /**
+         * Remove a manager from a managed account.
+         * Requires owner role.
+         *
+         * @param accountId - The managed account
+         * @param userId - The manager to remove
+         */
+        removeManager(accountId: string, userId: string): Promise<void>;
+        httpService: import("../HttpService").HttpService;
+        cloudURL: string;
+        config: import("../OxyServices.base").OxyConfig;
+        __resetTokensForTests(): void;
+        makeRequest<T_1>(method: "GET" | "POST" | "PUT" | "PATCH" | "DELETE", url: string, data?: any, options?: import("../HttpService").RequestOptions): Promise<T_1>;
+        getBaseURL(): string;
+        getClient(): import("../HttpService").HttpService;
+        getMetrics(): {
+            totalRequests: number;
+            successfulRequests: number;
+            failedRequests: number;
+            cacheHits: number;
+            cacheMisses: number;
+            averageResponseTime: number;
+        };
+        clearCache(): void;
+        clearCacheEntry(key: string): void;
+        getCacheStats(): {
+            size: number;
+            hits: number;
+            misses: number;
+            hitRate: number;
+        };
+        getCloudURL(): string;
+        setTokens(accessToken: string, refreshToken?: string): void;
+        clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
+        getCurrentUserId(): string | null;
+        hasValidToken(): boolean;
+        getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
+        waitForAuth(timeoutMs?: number): Promise<boolean>;
+        withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
+            maxRetries?: number;
+            retryDelay?: number;
+            authTimeoutMs?: number;
+        }): Promise<T_1>;
+        validate(): Promise<boolean>;
+        handleError(error: unknown): Error;
+        healthCheck(): Promise<{
+            status: string;
+            users?: number;
+            timestamp?: string;
+            [key: string]: any;
+        }>;
+    };
+} & T;

package/dist/types/mixins/OxyServices.payment.d.ts

@@ -95,6 +95,8 @@ export declare function OxyServicesPaymentMixin<T extends typeof OxyServicesBase
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.popup.d.ts

@@ -185,6 +185,8 @@ export declare function OxyServicesPopupAuthMixin<T extends typeof OxyServicesBa
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.privacy.d.ts

@@ -106,6 +106,8 @@ export declare function OxyServicesPrivacyMixin<T extends typeof OxyServicesBase
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.redirect.d.ts

@@ -222,6 +222,8 @@ export declare function OxyServicesRedirectAuthMixin<T extends typeof OxyService
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.security.d.ts

@@ -62,6 +62,8 @@ export declare function OxyServicesSecurityMixin<T extends typeof OxyServicesBas
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.topics.d.ts

@@ -88,6 +88,8 @@ export declare function OxyServicesTopicsMixin<T extends typeof OxyServicesBase>
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.user.d.ts

@@ -205,6 +205,8 @@ export declare function OxyServicesUserMixin<T extends typeof OxyServicesBase>(B
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.utility.d.ts

@@ -1,5 +1,13 @@
 import type { ApiError } from '../models/interfaces';
 import type { OxyServicesBase } from '../OxyServices.base';
+/**
+ * Result from the managed-accounts verification endpoint.
+ * Indicates whether a user is authorized to act as a given managed account.
+ */
+interface ActingAsVerification {
+    authorized: boolean;
+    role: 'owner' | 'admin' | 'editor';
+}
 /**
  * Service app metadata attached to requests authenticated with service tokens
  */
@@ -28,6 +36,18 @@ interface AuthMiddlewareOptions {
 }
 export declare function OxyServicesUtilityMixin<T extends typeof OxyServicesBase>(Base: T): {
     new (...args: any[]): {
+        /** @internal In-memory cache for acting-as verification results (TTL: 5 min) */
+        _actingAsCache: Map<string, {
+            result: ActingAsVerification | null;
+            expiresAt: number;
+        }>;
+        /**
+         * Verify that a user is authorized to act as a managed account.
+         * Results are cached in-memory for 5 minutes to avoid repeated API calls.
+         *
+         * @internal Used by the auth() middleware — not part of the public API
+         */
+        verifyActingAs(userId: string, accountId: string): Promise<ActingAsVerification | null>;
         /**
          * Fetch link metadata
          */
@@ -157,6 +177,8 @@ export declare function OxyServicesUtilityMixin<T extends typeof OxyServicesBase
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/models/interfaces.d.ts

@@ -64,6 +64,8 @@ export interface User {
     automation?: {
         ownerId?: string;
     };
+    isManagedAccount?: boolean;
+    managedBy?: string;
     [key: string]: unknown;
 }
 export interface LoginResponse {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@oxyhq/core",
-  "version": "1.11.10",
+  "version": "1.11.11",
   "description": "OxyHQ SDK Foundation — API client, authentication, cryptographic identity, and shared utilities",
   "main": "dist/cjs/index.js",
   "module": "dist/esm/index.js",

package/src/HttpService.ts

@@ -131,6 +131,9 @@ export class HttpService {
   private tokenRefreshCooldownUntil: number = 0;
   private _onTokenRefreshed: ((accessToken: string) => void) | null = null;
 
+  // Acting-as identity for managed accounts
+  private _actingAsUserId: string | null = null;
+
   // Performance monitoring
   private requestMetrics = {
     totalRequests: 0,
@@ -291,6 +294,11 @@ export class HttpService {
           });
         }
 
+        // Add X-Acting-As header for managed account identity delegation
+        if (this._actingAsUserId) {
+          headers['X-Acting-As'] = this._actingAsUserId;
+        }
+
         // Merge custom headers if provided
         if (config.headers) {
           Object.entries(config.headers).forEach(([key, value]) => {
@@ -706,6 +714,15 @@ export class HttpService {
     return this.request<T>({ method: 'DELETE', url, ...config });
   }
 
+  // Acting-as identity management (managed accounts)
+  setActingAs(userId: string | null): void {
+    this._actingAsUserId = userId;
+  }
+
+  getActingAs(): string | null {
+    return this._actingAsUserId;
+  }
+
   // Token management
   setTokens(accessToken: string, refreshToken = ''): void {
     this.tokenStore.setTokens(accessToken, refreshToken);

package/src/OxyServices.base.ts

@@ -182,6 +182,29 @@ export class OxyServicesBase {
     return this.httpService.getAccessToken();
   }
 
+  /**
+   * Set the acting-as identity for managed accounts.
+   *
+   * When set, all subsequent API requests will include the `X-Acting-As` header,
+   * causing the server to attribute actions to the managed account. The
+   * authenticated user must be an authorized manager of the target account.
+   *
+   * Pass `null` to clear and revert to the authenticated user's own identity.
+   *
+   * @param userId - The managed account user ID, or null to clear
+   */
+  public setActingAs(userId: string | null): void {
+    this.httpService.setActingAs(userId);
+  }
+
+  /**
+   * Get the current acting-as identity (managed account user ID), or null
+   * if operating as the authenticated user's own identity.
+   */
+  public getActingAs(): string | null {
+    return this.httpService.getActingAs();
+  }
+
   /**
    * Wait for authentication to be ready
    * 

package/src/index.ts

@@ -32,6 +32,7 @@ export type { PopupAuthOptions } from './mixins/OxyServices.popup';
 export type { RedirectAuthOptions } from './mixins/OxyServices.redirect';
 export type { ServiceTokenResponse } from './mixins/OxyServices.auth';
 export type { ServiceApp } from './mixins/OxyServices.utility';
+export type { CreateManagedAccountInput, ManagedAccountManager, ManagedAccount } from './mixins/OxyServices.managedAccounts';
 
 // --- Crypto / Identity ---
 export { KeyManager, SignatureService, RecoveryPhraseService } from './crypto';

package/src/mixins/OxyServices.managedAccounts.ts

@@ -0,0 +1,147 @@
+/**
+ * Managed Accounts Methods Mixin
+ *
+ * Provides SDK methods for creating and managing sub-accounts (managed identities).
+ * Managed accounts are full User documents without passwords, accessible only
+ * by their owners/managers via the X-Acting-As header mechanism.
+ */
+import type { User } from '../models/interfaces';
+import type { OxyServicesBase } from '../OxyServices.base';
+
+export interface CreateManagedAccountInput {
+  username: string;
+  name?: { first?: string; last?: string };
+  bio?: string;
+  avatar?: string;
+}
+
+export interface ManagedAccountManager {
+  userId: string;
+  role: 'owner' | 'admin' | 'editor';
+  addedAt: string;
+  addedBy?: string;
+}
+
+export interface ManagedAccount {
+  accountId: string;
+  ownerId: string;
+  managers: ManagedAccountManager[];
+  account?: User;
+  createdAt?: string;
+  updatedAt?: string;
+}
+
+export function OxyServicesManagedAccountsMixin<T extends typeof OxyServicesBase>(Base: T) {
+  return class extends Base {
+    constructor(...args: any[]) {
+      super(...(args as [any]));
+    }
+
+    /**
+     * Create a new managed account (sub-account).
+     *
+     * The server creates a User document with `isManagedAccount: true` and links
+     * it to the authenticated user as owner.
+     */
+    async createManagedAccount(data: CreateManagedAccountInput): Promise<ManagedAccount> {
+      try {
+        return await this.makeRequest<ManagedAccount>('POST', '/managed-accounts', data, {
+          cache: false,
+        });
+      } catch (error) {
+        throw this.handleError(error);
+      }
+    }
+
+    /**
+     * List all accounts the authenticated user manages.
+     */
+    async getManagedAccounts(): Promise<ManagedAccount[]> {
+      try {
+        return await this.makeRequest<ManagedAccount[]>('GET', '/managed-accounts', undefined, {
+          cache: true,
+          cacheTTL: 2 * 60 * 1000, // 2 minutes cache
+        });
+      } catch (error) {
+        throw this.handleError(error);
+      }
+    }
+
+    /**
+     * Get details for a specific managed account.
+     */
+    async getManagedAccountDetails(accountId: string): Promise<ManagedAccount> {
+      try {
+        return await this.makeRequest<ManagedAccount>('GET', `/managed-accounts/${accountId}`, undefined, {
+          cache: true,
+          cacheTTL: 2 * 60 * 1000,
+        });
+      } catch (error) {
+        throw this.handleError(error);
+      }
+    }
+
+    /**
+     * Update a managed account's profile data.
+     * Requires owner or admin role.
+     */
+    async updateManagedAccount(accountId: string, data: Partial<CreateManagedAccountInput>): Promise<ManagedAccount> {
+      try {
+        return await this.makeRequest<ManagedAccount>('PUT', `/managed-accounts/${accountId}`, data, {
+          cache: false,
+        });
+      } catch (error) {
+        throw this.handleError(error);
+      }
+    }
+
+    /**
+     * Delete a managed account permanently.
+     * Requires owner role.
+     */
+    async deleteManagedAccount(accountId: string): Promise<void> {
+      try {
+        await this.makeRequest<void>('DELETE', `/managed-accounts/${accountId}`, undefined, {
+          cache: false,
+        });
+      } catch (error) {
+        throw this.handleError(error);
+      }
+    }
+
+    /**
+     * Add a manager to a managed account.
+     * Requires owner or admin role on the account.
+     *
+     * @param accountId - The managed account to add the manager to
+     * @param userId - The user to grant management access
+     * @param role - The role to assign: 'admin' or 'editor'
+     */
+    async addManager(accountId: string, userId: string, role: 'admin' | 'editor'): Promise<void> {
+      try {
+        await this.makeRequest<void>('POST', `/managed-accounts/${accountId}/managers`, { userId, role }, {
+          cache: false,
+        });
+      } catch (error) {
+        throw this.handleError(error);
+      }
+    }
+
+    /**
+     * Remove a manager from a managed account.
+     * Requires owner role.
+     *
+     * @param accountId - The managed account
+     * @param userId - The manager to remove
+     */
+    async removeManager(accountId: string, userId: string): Promise<void> {
+      try {
+        await this.makeRequest<void>('DELETE', `/managed-accounts/${accountId}/managers/${userId}`, undefined, {
+          cache: false,
+        });
+      } catch (error) {
+        throw this.handleError(error);
+      }
+    }
+  };
+}