Remove asset document association

Removes a document association row by document_associations.association_id for the authenticated tenant. The service deletes rows where association_id and tenant match and does not verify entity_type in this method. The controller intends to return an empty success response after deletion, but currently calls createApiResponse(null, 204) inside NextResponse.json, which can throw because JSON responses cannot use status 204 with a body. In the current route wiring, req.context may also be absent because no route-level API-key auth wrapper sets it, causing a 500 before deletion.

RBAC · asset

Path parameters

associationIdstring <uuid>Required

Document association UUID from document_associations.association_id.

Response codes

204

Intended successful deletion response with no body.

401

x-api-key is missing at middleware.

403

Authenticated request context lacks permission to update asset documents when auth wiring is present.

500

Unexpected error, including missing req.context or the current 204 JSON response construction issue.

DELETE /api/v1/assets/documents/{associationId}

cURL

curl -X DELETE "https://algapsa.com/api/v1/assets/documents/{associationId}" \
  -H "X-API-Key: $ALGA_API_KEY"

TypeScript

const response = await fetch("https://algapsa.com/api/v1/assets/documents/{associationId}", {
  method: "DELETE",
  headers: {
    "X-API-Key": "$ALGA_API_KEY",
  }
});
const data = await response.json();

using var client = new HttpClient();
using var request = new HttpRequestMessage(HttpMethod.Delete, "https://algapsa.com/api/v1/assets/documents/{associationId}");
request.Headers.TryAddWithoutValidation("X-API-Key", "$ALGA_API_KEY");
var response = await client.SendAsync(request);
var body = await response.Content.ReadAsStringAsync();