docs: sync Mintlify docs with recent schema changes

[claude]

Summary

Syncs Mintlify documentation with recent OpenAPI schema changes:

• Global Accounts auth docs: Add SMS_OTP credential type to the authentication table and update credential limit description (from PRs [grid] add SMS OTP auth API #617)
• Sandbox docs: Update to mention SMS OTP uses the same 000000 magic code as EMAIL_OTP
• Cards webhook examples: Add processorRef and issuerRef fields to match the updated Card schema (from PR docs(openapi): split Card processorRef (Lithic) from issuerRef (Lead) #620)

Changed Files

• mintlify/snippets/global-accounts/authentication.mdx - SMS_OTP credential type added
• mintlify/snippets/sandbox-global-account-magic.mdx - SMS OTP sandbox behavior documented
• mintlify/snippets/cards/webhooks.mdx - processorRef/issuerRef in example
• mintlify/snippets/cards/quickstart.mdx - processorRef/issuerRef in example

Test plan

• Verify docs render correctly with make mint
• Confirm SMS_OTP row displays properly in the credential types table
• Check webhook JSON examples include the new fields

🤖 Generated with Claude Code

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
grid-flow-builder	Ignored		Jun 27, 2026 9:02am
grid-wallet-demo	Ignored		Jun 27, 2026 9:02am

[mintlify]

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
Grid	🟢 Ready	View Preview	Jun 27, 2026, 9:04 AM

[greptile-apps]

Greptile Summary

This PR syncs four Mintlify doc snippets with schema changes introduced in PRs #617 and #620: it adds SMS_OTP as a fourth credential type for Global Accounts, extends sandbox testing guidance to cover the new type, and adds processorRef/issuerRef fields to the Card JSON examples in the cards quickstart and webhooks docs.

• authentication.mdx: New SMS_OTP row in the credential table and updated per-account limit sentence; a <Note> block and a prose sentence in the "Add an additional credential" section were not updated and still describe only the EMAIL_OTP single-credential constraint.
• sandbox-global-account-magic.mdx: Section headings and body copy correctly extended to cover SMS OTP; the anchor on the link to client-keys.mdx still reads #encrypt-the-otp-code-email_otp-only, pointing to a section heading that wasn't updated.
• cards/quickstart.mdx + cards/webhooks.mdx: Straightforward field additions to two JSON examples; no issues found.

Confidence Score: 4/5

Safe to merge with minor fixes; the card example changes are clean and the SMS_OTP additions are mostly correct, but two spots in authentication.mdx were missed and still describe only the EMAIL_OTP single-credential limit.

The cards changes are straightforward field additions with no issues. The sandbox doc is accurate. The main gap is in authentication.mdx: a Note block and an inline prose sentence still only describe the EMAIL_OTP per-account limit, which now contradicts the updated intro paragraph that says accounts can hold one SMS_OTP as well. Additionally, the anchor link to client-keys.mdx in the sandbox doc points to a heading that still says EMAIL_OTP only.

mintlify/snippets/global-accounts/authentication.mdx — two locations still describe only the EMAIL_OTP single-credential constraint and should mention SMS_OTP.

Important Files Changed

Filename	Overview
mintlify/snippets/global-accounts/authentication.mdx	Adds SMS_OTP to the credential types table and updates the per-account limit description; the inline Note about credential limits and the Add an additional credential prose were not updated to reflect the new SMS_OTP constraint.
mintlify/snippets/sandbox-global-account-magic.mdx	Correctly extends sandbox magic-code docs to cover SMS_OTP; the link anchor to client-keys.mdx still says EMAIL_OTP only, which contradicts the new statement that both OTP types follow the same flow.
mintlify/snippets/cards/webhooks.mdx	Adds processorRef and issuerRef fields to the webhook Card JSON example; change looks accurate and complete.
mintlify/snippets/cards/quickstart.mdx	Adds processorRef and issuerRef fields to the quickstart Card JSON example; change looks accurate and complete.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Global Account action] --> B{Credential type}
    B --> C[PASSKEY]
    B --> D[OAUTH]
    B --> E[EMAIL_OTP - 1 per account]
    B --> F[SMS_OTP - 1 per account, NEW]
    E --> G[POST /challenge]
    F --> G
    G --> H[HPKE-encrypt OTP]
    H --> I[POST /verify 202]
    I --> J[Sign payloadToSign with TEK]
    J --> K[200 AuthSession]
    C --> L[POST /challenge + /verify WebAuthn]
    L --> M[200 AuthSession + encryptedSessionSigningKey]
    D --> N[POST /verify with OIDC token]
    N --> M

Loading

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A[Global Account action] --> B{Credential type}
    B --> C[PASSKEY]
    B --> D[OAUTH]
    B --> E[EMAIL_OTP - 1 per account]
    B --> F[SMS_OTP - 1 per account, NEW]
    E --> G[POST /challenge]
    F --> G
    G --> H[HPKE-encrypt OTP]
    H --> I[POST /verify 202]
    I --> J[Sign payloadToSign with TEK]
    J --> K[200 AuthSession]
    C --> L[POST /challenge + /verify WebAuthn]
    L --> M[200 AuthSession + encryptedSessionSigningKey]
    D --> N[POST /verify with OIDC token]
    N --> M

Loading

Comments Outside Diff (2)

1. mintlify/snippets/global-accounts/authentication.mdx, line 730-732 (link)

   <Note> not updated to include SMS_OTP limit

   The intro paragraph was correctly updated to say accounts can hold "one EMAIL_OTP credential, one SMS_OTP credential", but this <Note> block still only calls out the EMAIL_OTP single-credential limit. A developer who reads only the note will have no idea the same constraint applies to SMS_OTP, and may attempt to add a second one without understanding why it fails.

   Prompt To Fix With AI

   This is a comment left during a code review.
   Path: mintlify/snippets/global-accounts/authentication.mdx
   Line: 730-732
   
   Comment:
   **`<Note>` not updated to include SMS_OTP limit**
   
   The intro paragraph was correctly updated to say accounts can hold "one `EMAIL_OTP` credential, one `SMS_OTP` credential", but this `<Note>` block still only calls out the `EMAIL_OTP` single-credential limit. A developer who reads only the note will have no idea the same constraint applies to `SMS_OTP`, and may attempt to add a second one without understanding why it fails.
   
   How can I resolve this? If you propose a fix, please make it concise.

   Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

2. mintlify/snippets/global-accounts/authentication.mdx, line 678 (link)

   The EMAIL_OTP single-credential constraint is described in isolation. Since SMS_OTP now has the same per-account limit it should be mentioned here too, keeping this consistent with the updated intro paragraph.

   Prompt To Fix With AI

   This is a comment left during a code review.
   Path: mintlify/snippets/global-accounts/authentication.mdx
   Line: 678
   
   Comment:
   The `EMAIL_OTP` single-credential constraint is described in isolation. Since `SMS_OTP` now has the same per-account limit it should be mentioned here too, keeping this consistent with the updated intro paragraph.
   
   
   
   How can I resolve this? If you propose a fix, please make it concise.

   Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

Prompt To Fix All With AI

Fix the following 3 code review issues. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 3
mintlify/snippets/global-accounts/authentication.mdx:730-732
**`<Note>` not updated to include SMS_OTP limit**

The intro paragraph was correctly updated to say accounts can hold "one `EMAIL_OTP` credential, one `SMS_OTP` credential", but this `<Note>` block still only calls out the `EMAIL_OTP` single-credential limit. A developer who reads only the note will have no idea the same constraint applies to `SMS_OTP`, and may attempt to add a second one without understanding why it fails.

### Issue 2 of 3
mintlify/snippets/global-accounts/authentication.mdx:678
The `EMAIL_OTP` single-credential constraint is described in isolation. Since `SMS_OTP` now has the same per-account limit it should be mentioned here too, keeping this consistent with the updated intro paragraph.

```suggestion
Requires an active session on an *existing* credential on the same account. The first call uses the normal credential-create body; Grid detects the pre-existing credential and responds `202` instead of `201`. `OAUTH` and `PASSKEY` are the typical additional credential types. `EMAIL_OTP` can be added back only after the existing email OTP credential has been removed, because each account supports one. The same applies to `SMS_OTP`.
```

### Issue 3 of 3
mintlify/snippets/sandbox-global-account-magic.mdx:11
**Stale anchor points to an `EMAIL_OTP`-only section heading**

The link `#encrypt-the-otp-code-email_otp-only` still resolves to a section in `client-keys.mdx` titled `## Encrypt the OTP code (EMAIL_OTP only)`. That heading wasn't updated in this PR, so visitors who follow the link will land on a section that explicitly says "EMAIL_OTP only" — directly contradicting the updated text here that says the flow is the same for both credential types. The `client-keys.mdx` heading should be updated to drop the "(EMAIL_OTP only)" qualifier, and the anchor in this file updated accordingly.

_{Reviews (1): Last reviewed commit: "docs: sync Mintlify docs with recent Ope..." | Re-trigger Greptile}

[greptile-apps]

Stale anchor points to an EMAIL_OTP-only section heading

The link #encrypt-the-otp-code-email_otp-only still resolves to a section in client-keys.mdx titled ## Encrypt the OTP code (EMAIL_OTP only). That heading wasn't updated in this PR, so visitors who follow the link will land on a section that explicitly says "EMAIL_OTP only" — directly contradicting the updated text here that says the flow is the same for both credential types. The client-keys.mdx heading should be updated to drop the "(EMAIL_OTP only)" qualifier, and the anchor in this file updated accordingly.

Context Used: mintlify/AGENTS.md (source)

Prompt To Fix With AI

This is a comment left during a code review.
Path: mintlify/snippets/sandbox-global-account-magic.mdx
Line: 11

Comment:
**Stale anchor points to an `EMAIL_OTP`-only section heading**

The link `#encrypt-the-otp-code-email_otp-only` still resolves to a section in `client-keys.mdx` titled `## Encrypt the OTP code (EMAIL_OTP only)`. That heading wasn't updated in this PR, so visitors who follow the link will land on a section that explicitly says "EMAIL_OTP only" — directly contradicting the updated text here that says the flow is the same for both credential types. The `client-keys.mdx` heading should be updated to drop the "(EMAIL_OTP only)" qualifier, and the anchor in this file updated accordingly.

**Context Used:** mintlify/AGENTS.md ([source](https://app.greptile.com/lightspark/github/lightsparkdev/grid-api/-/custom-context?memory=51934046-75fb-42d3-9870-f42d61cb60e3))

How can I resolve this? If you propose a fix, please make it concise.