> ## Documentation Index
> Fetch the complete documentation index at: https://docs.breadbox.sh/llms.txt
> Use this file to discover all available pages before exploring further.

# Disable a provider

> Clears every `app_config` row tied to the named provider (Plaid:
client_id/secret/env; Teller: app_id/env/cert/key/webhook secret) and
re-runs the live provider init so the in-memory map drops the
provider. Existing connections stay in the DB and continue to surface
in listings, but sync attempts fail until credentials are restored.
CSV has no credentials and is a no-op.

**Requires `full_access` scope.**




## OpenAPI

````yaml https://raw.githubusercontent.com/canalesb93/breadbox/main/openapi.yaml delete /api/v1/providers/{name}
openapi: 3.1.0
info:
  title: Breadbox REST API
  version: 1.0.0
  summary: Self-hosted financial-data REST API for households and AI agents.
  description: >
    Machine-readable contract for the Breadbox REST API. Every `/api/v1/*`
    endpoint

    declared on the production chi router is represented here. The companion
    prose

    document at `docs/api-reference.md` may lag this spec; when in doubt, this
    file

    is canonical.


    ## Authentication


    All `/api/v1/*` endpoints require an API key passed via the `X-API-Key`
    header.

    Keys carry one of two scopes:


    - `read_only` — may call any read endpoint (`GET`).

    - `full_access` — may call read endpoints **and** all write endpoints
      (`POST`, `PATCH`, `PUT`, `DELETE`, plus a handful of `GET`s like `/api-keys`
      and `/users/{user_id}/login` that return sensitive data).

    Endpoints requiring `full_access` are flagged with the phrase **Requires

    `full_access` scope.** in their description. OpenAPI does not natively

    distinguish scopes on a single API-key scheme, so the enforcement boundary
    is

    documented per-operation rather than encoded in the security block.


    ## Amount convention


    Transaction amounts use `NUMERIC(12,2)` and are paired with
    `iso_currency_code`.

    Positive = money out (debits, purchases, fees). Negative = money in
    (credits,

    deposits, refunds). Never sum across `iso_currency_code`.


    ## Identifiers


    Every entity has both a UUID `id` and an 8-character base62 `short_id`. REST

    responses include both. Path parameters that accept `{id}` accept either
    form;

    short IDs are usually preferable for humans.


    ## Pagination


    Cursor pagination is used on transaction-shaped lists. Pass the previous

    response's `next_cursor` as `?cursor=` to fetch the next page. Bounded

    resources (accounts, users, connections, categories) return bare arrays.


    ## Errors


    All error responses share the envelope `{ "error": { "code": "...",

    "message": "..." } }`. Codes are stable contracts in `UPPER_SNAKE_CASE`.
  contact:
    name: Breadbox
    url: https://breadbox.sh
  license:
    name: AGPL-3.0-only
    url: https://www.gnu.org/licenses/agpl-3.0.html
servers:
  - url: https://breadbox.example.com
    description: Self-hosted Breadbox instance (replace host with your deployment).
security:
  - apiKeyAuth: []
tags:
  - name: Health
    description: Liveness and readiness probes. No authentication.
  - name: Version
    description: Server version metadata.
  - name: Auth
    description: Device-code grant and the unauthenticated headless bootstrap probe.
  - name: Accounts
    description: Household bank accounts synced from providers.
  - name: Transactions
    description: Cursor-paginated transactions, counts, summaries, and merchant rollups.
  - name: Comments
    description: Conversation comments attached to a transaction.
  - name: Annotations
    description: >-
      Activity-timeline events for a transaction (category changes, comments,
      tags, system events).
  - name: Tags
    description: Free-form labels applied to transactions.
  - name: Categories
    description: Two-level category tree, import/export, and merges.
  - name: Connections
    description: >-
      Bank-side links (Plaid items, Teller enrollments, CSV-import buckets) and
      the hosted-link page that mints them.
  - name: Sync
    description: Manual sync triggers, sync history, and per-provider health.
  - name: Rules
    description: Categorization rule engine with retroactive apply and preview.
  - name: Account Links
    description: >-
      Dependent-to-primary reconciliation links and transaction match
      management.
  - name: Reports
    description: Agent-submitted reports and the household read/unread state.
  - name: Users
    description: Household members and the login accounts attached to them.
  - name: API Keys
    description: Scoped credentials for REST and MCP clients.
  - name: Settings
    description: Provider credentials and other app-config knobs.
  - name: Counterparties
    description: >-
      The canonical, cross-provider "other side" of a charge (merchants and
      non-merchants), with manual enrichment.
  - name: Workflows
    description: >-
      Scheduled Claude Agent SDK definitions, run history, transcripts, and
      prompt blocks.
  - name: Webhooks
    description: Stored webhook events and on-demand replay.
paths:
  /api/v1/providers/{name}:
    parameters:
      - name: name
        in: path
        required: true
        schema:
          type: string
          enum:
            - plaid
            - teller
            - csv
    delete:
      tags:
        - Connections
      summary: Disable a provider
      description: |
        Clears every `app_config` row tied to the named provider (Plaid:
        client_id/secret/env; Teller: app_id/env/cert/key/webhook secret) and
        re-runs the live provider init so the in-memory map drops the
        provider. Existing connections stay in the DB and continue to surface
        in listings, but sync attempts fail until credentials are restored.
        CSV has no credentials and is a no-op.

        **Requires `full_access` scope.**
      responses:
        '200':
          description: Provider disabled.
          content:
            application/json:
              schema:
                type: object
                properties:
                  provider:
                    type: string
                  ok:
                    type: boolean
                  message:
                    type: string
        '404':
          $ref: '#/components/responses/NotFound'
components:
  responses:
    NotFound:
      description: Resource not found.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
  schemas:
    ErrorEnvelope:
      type: object
      required:
        - error
      properties:
        error:
          type: object
          required:
            - code
            - message
          properties:
            code:
              type: string
              description: Stable UPPER_SNAKE_CASE error code.
            message:
              type: string
  securitySchemes:
    apiKeyAuth:
      type: apiKey
      in: header
      name: X-API-Key
      description: |
        Breadbox API key with format `bb_<base62>`. Carries either `read_only`
        or `full_access` scope. Write endpoints (and a handful of sensitive
        reads — `/api-keys`, `/users/{user_id}/login`) require `full_access`;
        endpoints that require it are flagged in their description.

````