diff --git a/.changeset/delete-organization-require-id.md b/.changeset/delete-organization-require-id.md new file mode 100644 index 00000000000..43cb092a00e --- /dev/null +++ b/.changeset/delete-organization-require-id.md @@ -0,0 +1,5 @@ +--- +'@clerk/backend': patch +--- + +`organizations.deleteOrganization()` now validates that an organization ID was provided. Calling it with an empty ID throws `A valid resource ID is required.` locally instead of issuing a `DELETE` request to the organizations collection endpoint, matching the other ID-based methods on the API. diff --git a/packages/backend/src/api/__tests__/OrganizationApi.test.ts b/packages/backend/src/api/__tests__/OrganizationApi.test.ts index 78510feb1a9..b8d7adfea74 100644 --- a/packages/backend/src/api/__tests__/OrganizationApi.test.ts +++ b/packages/backend/src/api/__tests__/OrganizationApi.test.ts @@ -185,6 +185,12 @@ describe('OrganizationAPI', () => { }); }); + describe('deleteOrganization', () => { + it('throws an error when the organization ID is missing', async () => { + await expect(apiClient.organizations.deleteOrganization('')).rejects.toThrow('A valid resource ID is required.'); + }); + }); + describe('createOrganizationInvitationBulk', () => { const mockInvitation = { object: 'organization_invitation', diff --git a/packages/backend/src/api/endpoints/OrganizationApi.ts b/packages/backend/src/api/endpoints/OrganizationApi.ts index 1f95786a3bd..fa3396871cf 100644 --- a/packages/backend/src/api/endpoints/OrganizationApi.ts +++ b/packages/backend/src/api/endpoints/OrganizationApi.ts @@ -361,6 +361,8 @@ export class OrganizationAPI extends AbstractAPI { } public async deleteOrganization(organizationId: string) { + this.requireId(organizationId); + return this.request({ method: 'DELETE', path: joinPaths(basePath, organizationId),