Chore: Scope URLs with account_id (#601)

* Chore: Enable Users to create multiple accounts

Addresses: #402
- migrations to split roles and other attributes from users table
- make changes in code to accommodate this change

Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com>

.rubocop.yml

@@ -41,17 +41,54 @@ RSpec/NestedGroups:
   Max: 4
 RSpec/MessageSpies:
   Enabled: false
+Metrics/MethodLength:
+  Exclude:
+    - 'db/migrate/20161123131628_devise_token_auth_create_users.rb'
+Rails/CreateTableWithTimestamps:
+  Exclude:
+    - 'db/migrate/20170207092002_acts_as_taggable_on_migration.acts_as_taggable_on_engine.rb'
+Style/GuardClause:
+  Exclude:
+    - 'app/builders/account_builder.rb'
+    - 'app/models/attachment.rb'
+    - 'app/models/message.rb'
+    - 'lib/webhooks/chargebee.rb'
+    - 'db/migrate/20190819005836_add_missing_indexes_on_taggings.acts_as_taggable_on_engine.rb'
+Metrics/AbcSize:
+  Exclude: 
+    - 'db/migrate/20190819005836_add_missing_indexes_on_taggings.acts_as_taggable_on_engine.rb'
+Metrics/CyclomaticComplexity:
+  Exclude:
+    - 'db/migrate/20190819005836_add_missing_indexes_on_taggings.acts_as_taggable_on_engine.rb'
+Rails/ReversibleMigration:
+  Exclude:
+    - 'db/migrate/20161025070152_removechannelsfrommodels.rb'
+    - 'db/migrate/20161025070645_remchannel.rb'
+    - 'db/migrate/20161025070645_remchannel.rb'
+    - 'db/migrate/20161110102609_removeinboxid.rb'
+    - 'db/migrate/20170519091539_add_avatar_to_fb.rb'
+    - 'db/migrate/20191020085608_rename_old_tables.rb'
+    - 'db/migrate/20191126185833_update_user_invite_foreign_key.rb'
+    - 'db/migrate/20191130164019_add_template_type_to_messages.rb'
 Rails/BulkChangeTable:
   Exclude:
+    - 'db/migrate/20161025070152_removechannelsfrommodels.rb'
     - 'db/migrate/20200121190901_create_account_users.rb'
+    - 'db/migrate/20170211092540_notnullableusers.rb'
+    - 'db/migrate/20170403095203_contactadder.rb'
+    - 'db/migrate/20170406104018_add_default_status_conv.rb'
+    - 'db/migrate/20170511134418_latlong.rb'
+    - 'db/migrate/20191027054756_create_contact_inboxes.rb'
+    - 'db/migrate/20191130164019_add_template_type_to_messages.rb'
 AllCops:
   Exclude:
-    - db/*
-    - bin/**/*
-    - db/**/*
-    - config/**/*
-    - public/**/*
-    - vendor/**/*
-    - node_modules/**/*
-    - lib/tasks/auto_annotate_models.rake
-    - config/environments/**/*
+    - 'bin/**/*'
+    - 'db/schema.rb'
+    - 'config/**/*'
+    - 'public/**/*'
+    - 'vendor/**/*'
+    - 'node_modules/**/*'
+    - 'lib/tasks/auto_annotate_models.rake'
+    - 'config/environments/**/*'
+    - 'tmp/**/*'
+    - 'storage/**/*'

.rubocop_todo.yml

@@ -282,15 +282,6 @@ Style/GlobalVars:
   Exclude:
     - 'lib/redis/alfred.rb'
 
-# Offense count: 7
-# Configuration parameters: MinBodyLength.
-Style/GuardClause:
-  Exclude:
-    - 'app/builders/account_builder.rb'
-    - 'app/models/attachment.rb'
-    - 'app/models/message.rb'
-    - 'lib/webhooks/chargebee.rb'
-
 # Offense count: 4
 Style/IdenticalConditionalBranches:
   Exclude:

app/controllers/api/v1/accounts/accounts_controller.rb

@@ -1,4 +1,4 @@
-class Api::V1::AccountsController < Api::BaseController
+class Api::V1::Accounts::AccountsController < Api::BaseController
   include AuthHelper
 
   skip_before_action :verify_authenticity_token, only: [:create]
@@ -18,9 +18,7 @@ class Api::V1::AccountsController < Api::BaseController
     ).perform
     if @user
       send_auth_headers(@user)
-      render json: {
-        data: @user.token_validation_response
-      }
+      render 'devise/auth.json', locals: { resource: @user }
     else
       render_error_response(CustomExceptions::Account::SignupFailed.new({}))
     end

app/controllers/api/v1/accounts/actions/contact_merges_controller.rb

@@ -1,4 +1,4 @@
-class Api::V1::Actions::ContactMergesController < Api::BaseController
+class Api::V1::Accounts::Actions::ContactMergesController < Api::BaseController
   before_action :set_base_contact, only: [:create]
   before_action :set_mergee_contact, only: [:create]
 

app/controllers/api/v1/accounts/agents_controller.rb

@@ -1,4 +1,4 @@
-class Api::V1::AgentsController < Api::BaseController
+class Api::V1::Accounts::AgentsController < Api::BaseController
   before_action :fetch_agent, except: [:create, :index]
   before_action :check_authorization
   before_action :find_user, only: [:create]

app/controllers/api/v1/accounts/callbacks_controller.rb

@@ -1,6 +1,4 @@
-require 'rest-client'
-require 'telegram/bot'
-class Api::V1::CallbacksController < Api::BaseController
+class Api::V1::Accounts::CallbacksController < Api::BaseController
   before_action :inbox, only: [:reauthorize_page]
 
   def register_facebook_page
@@ -18,7 +16,7 @@ class Api::V1::CallbacksController < Api::BaseController
     render json: inbox
   end
 
-  def get_facebook_pages
+  def facebook_pages
     @page_details = mark_already_existing_facebook_pages(fb_object.get_connections('me', 'accounts'))
   end
 
@@ -67,7 +65,7 @@ class Api::V1::CallbacksController < Api::BaseController
     return [] if data.empty?
 
     data.inject([]) do |result, page_detail|
-      current_account.facebook_pages.exists?(page_id: page_detail['id']) ? page_detail.merge!(exists: true) : page_detail.merge!(exists: false)
+      page_detail[:exists] = current_account.facebook_pages.exists?(page_id: page_detail['id']) ? true : false
       result << page_detail
     end
   end
@@ -90,11 +88,12 @@ class Api::V1::CallbacksController < Api::BaseController
         response = uri.open(redirect: false)
       rescue OpenURI::HTTPRedirect => e
         uri = e.uri # assigned from the "Location" response header
-        retry if (tries -= 1) > 0
+        retry if (tries -= 1).positive?
         raise
       end
       pic_url = response.base_uri.to_s
     rescue StandardError => e
+      Rails.logger.debug "Rescued: #{e.inspect}"
       pic_url = nil
     end
     pic_url

app/controllers/api/v1/accounts/canned_responses_controller.rb

@@ -1,4 +1,4 @@
-class Api::V1::CannedResponsesController < Api::BaseController
+class Api::V1::Accounts::CannedResponsesController < Api::BaseController
   before_action :fetch_canned_response, only: [:update, :destroy]
 
   def index

app/controllers/api/v1/accounts/contacts/conversations_controller.rb

@@ -1,4 +1,4 @@
-class Api::V1::Contacts::ConversationsController < Api::BaseController
+class Api::V1::Accounts::Contacts::ConversationsController < Api::BaseController
   def index
     @conversations = current_account.conversations.includes(
       :assignee, :contact, :inbox

app/controllers/api/v1/accounts/contacts_controller.rb

@@ -1,4 +1,4 @@
-class Api::V1::ContactsController < Api::BaseController
+class Api::V1::Accounts::ContactsController < Api::BaseController
   protect_from_forgery with: :null_session
 
   before_action :check_authorization

app/controllers/api/v1/accounts/conversations/assignments_controller.rb

@@ -1,7 +1,8 @@
-class Api::V1::Conversations::AssignmentsController < Api::BaseController
+class Api::V1::Accounts::Conversations::AssignmentsController < Api::BaseController
   before_action :set_conversation, only: [:create]
 
-  def create # assign agent to a conversation
+  # assign agent to a conversation
+  def create
     # if params[:assignee_id] is not a valid id, it will set to nil, hence unassigning the conversation
     assignee = current_account.users.find_by(id: params[:assignee_id])
     @conversation.update_assignee(assignee)

app/controllers/api/v1/accounts/conversations/labels_controller.rb

@@ -1,4 +1,4 @@
-class Api::V1::Conversations::LabelsController < Api::BaseController
+class Api::V1::Accounts::Conversations::LabelsController < Api::BaseController
   before_action :set_conversation, only: [:create, :index]
 
   def create
@@ -6,7 +6,8 @@ class Api::V1::Conversations::LabelsController < Api::BaseController
     @labels = @conversation.label_list
   end
 
-  def index # all labels of the current conversation
+  # all labels of the current conversation
+  def index
     @labels = @conversation.label_list
   end
 end

app/controllers/api/v1/accounts/conversations/messages_controller.rb

@@ -1,4 +1,4 @@
-class Api::V1::Conversations::MessagesController < Api::BaseController
+class Api::V1::Accounts::Conversations::MessagesController < Api::BaseController
   before_action :set_conversation, only: [:index, :create]
 
   def index

app/controllers/api/v1/accounts/conversations_controller.rb

@@ -1,5 +1,5 @@
-class Api::V1::ConversationsController < Api::BaseController
-  before_action :set_conversation, except: [:index]
+class Api::V1::Accounts::ConversationsController < Api::BaseController
+  before_action :conversation, except: [:index]
 
   def index
     result = conversation_finder.perform
@@ -25,7 +25,7 @@ class Api::V1::ConversationsController < Api::BaseController
     DateTime.strptime(params[:agent_last_seen_at].to_s, '%s')
   end
 
-  def set_conversation
+  def conversation
     @conversation ||= current_account.conversations.find_by(display_id: params[:id])
   end
 

app/controllers/api/v1/accounts/facebook_indicators_controller.rb

@@ -1,4 +1,4 @@
-class Api::V1::FacebookIndicatorsController < Api::BaseController
+class Api::V1::Accounts::FacebookIndicatorsController < Api::BaseController
   before_action :set_access_token
   around_action :handle_with_exception
 
@@ -26,6 +26,7 @@ class Api::V1::FacebookIndicatorsController < Api::BaseController
   def handle_with_exception
     yield
   rescue Facebook::Messenger::Error => e
+    Rails.logger.debug "Rescued: #{e.inspect}"
     true
   end
 

app/controllers/api/v1/accounts/inbox_members_controller.rb

@@ -1,4 +1,4 @@
-class Api::V1::InboxMembersController < Api::BaseController
+class Api::V1::Accounts::InboxMembersController < Api::BaseController
   before_action :fetch_inbox, only: [:create, :show]
   before_action :current_agents_ids, only: [:create]
 

app/controllers/api/v1/accounts/inboxes_controller.rb

@@ -1,4 +1,4 @@
-class Api::V1::InboxesController < Api::BaseController
+class Api::V1::Accounts::InboxesController < Api::BaseController
   before_action :check_authorization
   before_action :fetch_inbox, only: [:destroy, :update]
 

app/controllers/api/v1/accounts/labels_controller.rb

@@ -1,5 +1,6 @@
-class Api::V1::LabelsController < Api::BaseController
-  def index # list all labels in account
+class Api::V1::Accounts::LabelsController < Api::BaseController
+  # list all labels in account
+  def index
     @labels = current_account.all_conversation_tags
   end
 

app/controllers/api/v1/accounts/notification_settings_controller.rb

@@ -1,4 +1,4 @@
-class Api::V1::User::NotificationSettingsController < Api::BaseController
+class Api::V1::Accounts::NotificationSettingsController < Api::BaseController
   before_action :set_user, :load_notification_setting
 
   def show; end

app/controllers/api/v1/accounts/reports_controller.rb

@@ -1,4 +1,4 @@
-class Api::V1::ReportsController < Api::BaseController
+class Api::V1::Accounts::ReportsController < Api::BaseController
   include CustomExceptions::Report
   include Constants::Report
 
@@ -36,10 +36,6 @@ class Api::V1::ReportsController < Api::BaseController
     current_user.account
   end
 
-  def agent
-    @agent ||= current_account.users.find(params[:agent_id])
-  end
-
   def account_summary_metrics
     summary_metrics(ACCOUNT_METRICS, :account_summary_params, AVG_ACCOUNT_METRICS)
   end
@@ -51,18 +47,18 @@ class Api::V1::ReportsController < Api::BaseController
   def summary_metrics(metrics, calc_function, avg_metrics)
     metrics.each_with_object({}) do |metric, result|
       data = ReportBuilder.new(current_account, send(calc_function, metric)).build
-
-      if avg_metrics.include?(metric)
-        sum = data.inject(0) { |sum, hash| sum + hash[:value].to_i }
-        sum /= data.length unless sum.zero?
-      else
-        sum = data.inject(0) { |sum, hash| sum + hash[:value].to_i }
-      end
-
-      result[metric] = sum
+      result[metric] = calculate_metric(data, metric, avg_metrics)
     end
   end
 
+  def calculate_metric(data, metric, avg_metrics)
+    sum = data.inject(0) { |val, hash| val + hash[:value].to_i }
+    if avg_metrics.include?(metric)
+      sum /= data.length unless sum.zero?
+    end
+    sum
+  end
+
   def account_summary_params(metric)
     {
       metric: metric.to_s,

app/controllers/api/v1/accounts/subscriptions_controller.rb

@@ -1,4 +1,4 @@
-class Api::V1::SubscriptionsController < Api::BaseController
+class Api::V1::Accounts::SubscriptionsController < Api::BaseController
   skip_before_action :check_subscription
 
   before_action :check_billing_enabled

app/controllers/api/v1/accounts/webhooks_controller.rb

@@ -1,4 +1,4 @@
-class Api::V1::Account::WebhooksController < Api::BaseController
+class Api::V1::Accounts::WebhooksController < Api::BaseController
   before_action :check_authorization
   before_action :fetch_webhook, only: [:update, :destroy]
 

app/controllers/devise_overrides/passwords_controller.rb

@@ -11,9 +11,7 @@ class DeviseOverrides::PasswordsController < Devise::PasswordsController
     @recoverable = User.find_by(reset_password_token: reset_password_token)
     if @recoverable && reset_password_and_confirmation(@recoverable)
       send_auth_headers(@recoverable)
-      render json: {
-        data: @recoverable.token_validation_response
-      }
+      render 'devise/auth.json', locals: { resource: @recoverable }
     else
       render json: { "message": 'Invalid token', "redirect_url": '/' }, status: 422
     end

app/controllers/devise_overrides/sessions_controller.rb

@@ -4,6 +4,6 @@ class DeviseOverrides::SessionsController < ::DeviseTokenAuth::SessionsControlle
   wrap_parameters format: []
 
   def render_create_success
-    render 'devise/auth.json'
+    render 'devise/auth.json', locals: { resource: @resource }
   end
 end

app/javascript/dashboard/api/ApiClient.js

@@ -3,9 +3,25 @@
 const API_VERSION = `/api/v1`;
 
 class ApiClient {
-  constructor(url) {
+  constructor(resource, options = {}) {
     this.apiVersion = API_VERSION;
-    this.url = `${this.apiVersion}/${url}`;
+    this.options = options;
+    this.resource = resource;
+  }
+
+  get url() {
+    let url = this.apiVersion;
+    if (this.options.accountScoped) {
+      const isInsideAccountScopedURLs = window.location.pathname.includes(
+        '/app/accounts'
+      );
+
+      if (isInsideAccountScopedURLs) {
+        const accountId = window.location.pathname.split('/')[3];
+        url = `${url}/accounts/${accountId}`;
+      }
+    }
+    return `${url}/${this.resource}`;
   }
 
   get() {

app/javascript/dashboard/api/agents.js

@@ -2,7 +2,7 @@ import ApiClient from './ApiClient';
 
 class Agents extends ApiClient {
   constructor() {
-    super('agents');
+    super('agents', { accountScoped: true });
   }
 }
 

app/javascript/dashboard/api/cannedResponse.js

@@ -4,7 +4,7 @@ import ApiClient from './ApiClient';
 
 class CannedResponse extends ApiClient {
   constructor() {
-    super('canned_responses');
+    super('canned_responses', { accountScoped: true });
   }
 
   get({ searchKey }) {

app/javascript/dashboard/api/contacts.js

@@ -3,7 +3,7 @@ import ApiClient from './ApiClient';
 
 class ContactAPI extends ApiClient {
   constructor() {
-    super('contacts');
+    super('contacts', { accountScoped: true });
   }
 
   getConversations(contactId) {

app/javascript/dashboard/api/conversations.js

@@ -3,7 +3,7 @@ import ApiClient from './ApiClient';
 
 class ConversationApi extends ApiClient {
   constructor() {
-    super('conversations');
+    super('conversations', { accountScoped: true });
   }
 
   getLabels(conversationID) {

app/javascript/dashboard/api/endPoints.js

@@ -28,23 +28,10 @@ const endPoints = {
   },
 
   fetchFacebookPages: {
-    url: 'api/v1/callbacks/get_facebook_pages.json',
+    url: 'api/v1/callbacks/facebook_pages.json',
     params: { omniauth_token: '' },
   },
 
-  reports: {
-    account(metric, from, to) {
-      return {
-        url: `/api/v1/reports/account?metric=${metric}&since=${from}&to=${to}`,
-      };
-    },
-    accountSummary(accountId, from, to) {
-      return {
-        url: `/api/v1/reports/${accountId}/account_summary?since=${from}&to=${to}`,
-      };
-    },
-  },
-
   subscriptions: {
     get() {
       return {

app/javascript/dashboard/api/inbox/conversation.js

@@ -3,7 +3,7 @@ import ApiClient from '../ApiClient';
 
 class ConversationApi extends ApiClient {
   constructor() {
-    super('conversations');
+    super('conversations', { accountScoped: true });
   }
 
   get({ inboxId, status, assigneeType, page }) {

app/javascript/dashboard/api/inbox/message.js

@@ -4,7 +4,7 @@ import ApiClient from '../ApiClient';
 
 class MessageApi extends ApiClient {
   constructor() {
-    super('conversations');
+    super('conversations', { accountScoped: true });
   }
 
   create({ conversationId, message, private: isPrivate }) {

app/javascript/dashboard/api/inboxMembers.js

@@ -3,7 +3,7 @@ import ApiClient from './ApiClient';
 
 class InboxMembers extends ApiClient {
   constructor() {
-    super('inbox_members');
+    super('inbox_members', { accountScoped: true });
   }
 
   create({ inboxId, agentList }) {

app/javascript/dashboard/api/inboxes.js

@@ -2,7 +2,7 @@ import ApiClient from './ApiClient';
 
 class Inboxes extends ApiClient {
   constructor() {
-    super('inboxes');
+    super('inboxes', { accountScoped: true });
   }
 }
 

app/javascript/dashboard/api/reports.js

@@ -1,14 +1,22 @@
 /* global axios */
+import ApiClient from './ApiClient';
 
-import endPoints from './endPoints';
+class ReportsAPI extends ApiClient {
+  constructor() {
+    super('reports', { accountScoped: true });
+  }
 
-export default {
-  getAccountReports(metric, from, to) {
-    const { url } = endPoints('reports').account(metric, from, to);
-    return axios.get(url);
-  },
-  getAccountSummary(accountId, from, to) {
-    const urlData = endPoints('reports').accountSummary(accountId, from, to);
-    return axios.get(urlData.url);
-  },
-};
+  getAccountReports(metric, since, until) {
+    return axios.get(`${this.url}/account`, {
+      params: { metric, since, until },
+    });
+  }
+
+  getAccountSummary(accountId, since, until) {
+    return axios.get(`${this.url}/${accountId}/account_summary`, {
+      params: { since, until },
+    });
+  }
+}
+
+export default new ReportsAPI();

app/javascript/dashboard/api/userNotificationSettings.js

@@ -3,7 +3,7 @@ import ApiClient from './ApiClient';
 
 class UserNotificationSettings extends ApiClient {
   constructor() {
-    super('user/notification_settings');
+    super('notification_settings', { accountScoped: true });
   }
 
   update(params) {

app/javascript/dashboard/api/webhooks.js

@@ -2,7 +2,7 @@ import ApiClient from './ApiClient';
 
 class WebHooks extends ApiClient {
   constructor() {
-    super('account/webhooks');
+    super('webhooks', { accountScoped: true });
   }
 }
 

app/javascript/dashboard/components/layout/Sidebar.vue

@@ -43,7 +43,7 @@
         >
           <ul class="vertical dropdown menu">
             <li>
-              <router-link to="/app/profile/settings">
+              <router-link :to="`/app/accounts/${accountId}/profile/settings`">
                 {{ $t('SIDEBAR.PROFILE_SETTINGS') }}
               </router-link>
             </li>
@@ -144,18 +144,18 @@ export default {
         newLink: true,
         key: 'inbox',
         cssClass: 'menu-title align-justify',
-        toState: frontendURL('settings/inboxes'),
+        toState: frontendURL(`accounts/${this.accountId}/settings/inboxes`),
         toStateName: 'settings_inbox_list',
         children: this.inboxes.map(inbox => ({
           id: inbox.id,
           label: inbox.name,
-          toState: frontendURL(`inbox/${inbox.id}`),
+          toState: frontendURL(`accounts/${this.accountId}/inbox/${inbox.id}`),
           type: inbox.channel_type,
         })),
       };
     },
     dashboardPath() {
-      return frontendURL('dashboard');
+      return frontendURL(`accounts/${this.accountId}/dashboard`);
     },
     shouldShowStatusBox() {
       return (
@@ -176,6 +176,9 @@ export default {
     trialMessage() {
       return `${this.daysLeft} ${this.$t('APP_GLOBAL.TRIAL_MESSAGE')}`;
     },
+    accountId() {
+      return this.currentUser.account_id;
+    },
   },
   mounted() {
     this.$store.dispatch('inboxes/get');

app/javascript/dashboard/components/widgets/conversation/ConversationCard.vue

@@ -74,6 +74,7 @@ export default {
       currentChat: 'getSelectedChat',
       inboxesList: 'inboxes/getInboxes',
       activeInbox: 'getSelectedInbox',
+      currentUser: 'getCurrentUser',
     }),
 
     isActiveChat() {
@@ -96,7 +97,11 @@ export default {
   methods: {
     cardClick(chat) {
       const { activeInbox } = this;
-      const path = conversationUrl(activeInbox, chat.id);
+      const path = conversationUrl(
+        this.currentUser.account_id,
+        activeInbox,
+        chat.id
+      );
       router.push({ path: frontendURL(path) });
     },
     extractMessageText(chatItem) {

app/javascript/dashboard/helper/URLHelper.js

@@ -5,9 +5,9 @@ export const frontendURL = (path, params) => {
   return `/app/${path}${stringifiedParams}`;
 };
 
-export const conversationUrl = (activeInbox, id) => {
+export const conversationUrl = (accountId, activeInbox, id) => {
   const path = activeInbox
-    ? `inbox/${activeInbox}/conversations/${id}`
-    : `conversations/${id}`;
+    ? `accounts/${accountId}/inbox/${activeInbox}/conversations/${id}`
+    : `accounts/${accountId}/conversations/${id}`;
   return path;
 };

app/javascript/dashboard/helper/spec/URLHelper.spec.js

@@ -3,10 +3,14 @@ import { frontendURL, conversationUrl } from '../URLHelper';
 describe('#URL Helpers', () => {
   describe('conversationUrl', () => {
     it('should return direct conversation URL if activeInbox is nil', () => {
-      expect(conversationUrl(undefined, 1)).toBe('conversations/1');
+      expect(conversationUrl(1, undefined, 1)).toBe(
+        'accounts/1/conversations/1'
+      );
     });
     it('should return ibox conversation URL if activeInbox is not nil', () => {
-      expect(conversationUrl(2, 1)).toBe('inbox/2/conversations/1');
+      expect(conversationUrl(1, 2, 1)).toBe(
+        'accounts/1/inbox/2/conversations/1'
+      );
     });
   });
 

app/javascript/dashboard/i18n/default-sidebar.js

@@ -1,4 +1,8 @@
 import { frontendURL } from '../helper/URLHelper';
+import auth from '../api/auth';
+
+const user = auth.getCurrentUser() || {};
+const accountId = user.account_id;
 
 export default {
   common: {
@@ -18,7 +22,7 @@ export default {
         label: 'Conversations',
         hasSubMenu: false,
         key: '',
-        toState: frontendURL('dashboard'),
+        toState: frontendURL(`accounts/${accountId}/dashboard`),
         toolTip: 'Conversation from all subscribed inboxes',
         toStateName: 'home',
       },
@@ -26,14 +30,14 @@ export default {
         icon: 'ion-arrow-graph-up-right',
         label: 'Reports',
         hasSubMenu: false,
-        toState: frontendURL('reports'),
+        toState: frontendURL(`accounts/${accountId}/reports`),
         toStateName: 'settings_account_reports',
       },
       settings: {
         icon: 'ion-settings',
         label: 'Settings',
         hasSubMenu: false,
-        toState: frontendURL('settings'),
+        toState: frontendURL(`accounts/${accountId}/settings`),
         toStateName: 'settings_home',
       },
     },
@@ -61,41 +65,43 @@ export default {
         label: 'Home',
         hasSubMenu: false,
         toStateName: 'home',
-        toState: frontendURL('dashboard'),
+        toState: frontendURL(`accounts/${accountId}/dashboard`),
       },
       agents: {
         icon: 'ion-person-stalker',
         label: 'Agents',
         hasSubMenu: false,
-        toState: frontendURL('settings/agents/list'),
+        toState: frontendURL(`accounts/${accountId}/settings/agents/list`),
         toStateName: 'agent_list',
       },
       inboxes: {
         icon: 'ion-archive',
         label: 'Inboxes',
         hasSubMenu: false,
-        toState: frontendURL('settings/inboxes/list'),
+        toState: frontendURL(`accounts/${accountId}/settings/inboxes/list`),
         toStateName: 'settings_inbox_list',
       },
       cannedResponses: {
         icon: 'ion-chatbox-working',
         label: 'Canned Responses',
         hasSubMenu: false,
-        toState: frontendURL('settings/canned-response/list'),
+        toState: frontendURL(
+          `accounts/${accountId}/settings/canned-response/list`
+        ),
         toStateName: 'canned_list',
       },
       billing: {
         icon: 'ion-card',
         label: 'Billing',
         hasSubMenu: false,
-        toState: frontendURL('settings/billing'),
+        toState: frontendURL(`accounts/${accountId}/settings/billing`),
         toStateName: 'billing',
       },
       settings_integrations: {
         icon: 'ion-flash',
         label: 'Integrations',
         hasSubMenu: false,
-        toState: frontendURL('settings/integrations'),
+        toState: frontendURL(`accounts/${accountId}/settings/integrations`),
         toStateName: 'settings_integrations',
       },
     },

app/javascript/dashboard/routes/auth/Confirmation.vue

@@ -22,9 +22,9 @@ export default {
       Auth.verifyPasswordToken({
         confirmationToken: this.confirmationToken
       }).then(res => {
-        window.location = res.data.redirect_url;
+        window.location = '/';
       }).catch(res => {
-        window.location = res.data.redirect_url;
+        window.location = '/';
       });
     }
   }

app/javascript/dashboard/routes/auth/PasswordEdit.vue

@@ -118,7 +118,7 @@ export default {
       Auth.setNewPassword(credentials)
         .then(res => {
           if (res.status === 200) {
-            window.location = res.data.redirect_url;
+            window.location = '/';
           }
         })
         .catch(() => {

app/javascript/dashboard/routes/auth/Signup.vue

@@ -63,7 +63,7 @@
         </form>
         <div class="column text-center sigin--footer">
           <span>Already have an account?</span>
-          <router-link to="auth/login">
+          <router-link to="/app/login">
             {{ $t('LOGIN.TITLE') }}
           </router-link>
         </div>
@@ -77,7 +77,6 @@
 
 import { required, minLength, email } from 'vuelidate/lib/validators';
 import Auth from '../../api/auth';
-import { frontendURL } from '../../helper/URLHelper';
 
 export default {
   data() {
@@ -118,7 +117,7 @@ export default {
       Auth.register(this.credentials)
         .then(res => {
           if (res.status === 200) {
-            window.location = frontendURL('dashboard');
+            window.location = '/';
           }
         })
         .catch(error => {

app/javascript/dashboard/routes/dashboard/conversation/conversation.routes.js

@@ -5,7 +5,7 @@ import { frontendURL } from '../../../helper/URLHelper';
 export default {
   routes: [
     {
-      path: frontendURL('dashboard'),
+      path: frontendURL('accounts/:accountId/dashboard'),
       name: 'home',
       roles: ['administrator', 'agent'],
       component: ConversationView,
@@ -14,7 +14,7 @@ export default {
       },
     },
     {
-      path: frontendURL('inbox/:inbox_id'),
+      path: frontendURL('accounts/:accountId/inbox/:inbox_id'),
       name: 'inbox_dashboard',
       roles: ['administrator', 'agent'],
       component: ConversationView,
@@ -23,7 +23,7 @@ export default {
       },
     },
     {
-      path: frontendURL('conversations/:conversation_id'),
+      path: frontendURL('accounts/:accountId/conversations/:conversation_id'),
       name: 'inbox_conversation',
       roles: ['administrator', 'agent'],
       component: ConversationView,
@@ -32,7 +32,9 @@ export default {
       },
     },
     {
-      path: frontendURL('inbox/:inbox_id/conversations/:conversation_id'),
+      path: frontendURL(
+        'accounts/:accountId/inbox/:inbox_id/conversations/:conversation_id'
+      ),
       name: 'conversation_through_inbox',
       roles: ['administrator', 'agent'],
       component: ConversationView,

app/javascript/dashboard/routes/dashboard/dashboard.routes.js

@@ -6,7 +6,7 @@ import { frontendURL } from '../../helper/URLHelper';
 export default {
   routes: [
     {
-      path: frontendURL(''),
+      path: frontendURL('accounts/:account_id'),
       component: AppContainer,
       children: [...conversation.routes, ...settings.routes],
     },

app/javascript/dashboard/routes/dashboard/settings/agents/agent.routes.js

@@ -5,7 +5,7 @@ import { frontendURL } from '../../../../helper/URLHelper';
 export default {
   routes: [
     {
-      path: frontendURL('settings/agents'),
+      path: frontendURL('accounts/:accountId/settings/agents'),
       component: SettingsContent,
       props: {
         headerTitle: 'AGENT_MGMT.HEADER',

app/javascript/dashboard/routes/dashboard/settings/billing/billing.routes.js

@@ -6,7 +6,7 @@ import { frontendURL } from '../../../../helper/URLHelper';
 export default {
   routes: [
     {
-      path: frontendURL('settings/billing'),
+      path: frontendURL('accounts/:accountId/settings/billing'),
       component: SettingsContent,
       props: {
         headerTitle: 'BILLING.HEADER',

app/javascript/dashboard/routes/dashboard/settings/canned/canned.routes.js

@@ -5,7 +5,7 @@ import { frontendURL } from '../../../../helper/URLHelper';
 export default {
   routes: [
     {
-      path: frontendURL('settings/canned-response'),
+      path: frontendURL('accounts/:accountId/settings/canned-response'),
       component: SettingsContent,
       props: {
         headerTitle: 'CANNED_MGMT.HEADER',

app/javascript/dashboard/routes/dashboard/settings/inbox/Index.vue

@@ -47,7 +47,11 @@
               <!-- Action Buttons -->
               <td>
                 <div class="button-wrapper">
-                  <router-link :to="`/app/settings/inboxes/${item.id}`">
+                  <router-link
+                    :to="
+                      `/app/accounts/${accountId}/settings/inboxes/${item.id}`
+                    "
+                  >
                     <woot-submit-button
                       v-if="isAdmin()"
                       :button-text="$t('INBOX_MGMT.SETTINGS')"
@@ -101,6 +105,7 @@ import Settings from './Settings';
 import DeleteInbox from './DeleteInbox';
 import adminMixin from '../../../../mixins/isAdmin';
 import { frontendURL } from '../../../../helper/URLHelper';
+import auth from '../../../../api/auth';
 
 export default {
   components: {
@@ -136,6 +141,9 @@ export default {
         this.selectedInbox.name
       } ?`;
     },
+    accountId() {
+      return auth.getCurrentUser().account_id;
+    },
   },
   methods: {
     openSettings(inbox) {

app/javascript/dashboard/routes/dashboard/settings/inbox/inbox.routes.js

@@ -12,7 +12,7 @@ import { frontendURL } from '../../../../helper/URLHelper';
 export default {
   routes: [
     {
-      path: frontendURL('settings/inboxes'),
+      path: frontendURL('accounts/:accountId/settings/inboxes'),
       component: SettingsContent,
       props: params => {
         const showBackButton = params.name !== 'settings_inbox_list';

app/javascript/dashboard/routes/dashboard/settings/integrations/Index.vue

@@ -17,7 +17,13 @@
                 </p>
               </div>
               <div class="small-2 column button-wrap">
-                <router-link :to="frontendURL('settings/integrations/webhook')">
+                <router-link
+                  :to="
+                    frontendURL(
+                      `accounts/${accountId}/settings/integrations/webhook`
+                    )
+                  "
+                >
                   <button class="button success nice">
                     {{ $t('INTEGRATION_SETTINGS.WEBHOOK.CONFIGURE') }}
                   </button>
@@ -34,9 +40,18 @@
   </div>
 </template>
 <script>
+import { mapGetters } from 'vuex';
 import { frontendURL } from '../../../../helper/URLHelper';
 
 export default {
+  computed: {
+    ...mapGetters({
+      currentUser: 'getCurrentUser',
+    }),
+    accountId() {
+      return this.currentUser.account_id;
+    },
+  },
   methods: {
     frontendURL,
   },

app/javascript/dashboard/routes/dashboard/settings/integrations/integrations.routes.js

@@ -6,7 +6,7 @@ import { frontendURL } from '../../../../helper/URLHelper';
 export default {
   routes: [
     {
-      path: frontendURL('settings/integrations'),
+      path: frontendURL('accounts/:accountId/settings/integrations'),
       component: SettingsContent,
       props: params => {
         const showBackButton = params.name !== 'settings_integrations';

app/javascript/dashboard/routes/dashboard/settings/profile/profile.routes.js

@@ -5,7 +5,7 @@ import { frontendURL } from '../../../../helper/URLHelper';
 export default {
   routes: [
     {
-      path: frontendURL('profile'),
+      path: frontendURL('accounts/:accountId/profile'),
       name: 'profile_settings',
       roles: ['administrator', 'agent'],
       component: SettingsContent,

app/javascript/dashboard/routes/dashboard/settings/reports/reports.routes.js

@@ -5,7 +5,7 @@ import { frontendURL } from '../../../../helper/URLHelper';
 export default {
   routes: [
     {
-      path: frontendURL('reports'),
+      path: frontendURL('accounts/:accountId/reports'),
       component: SettingsContent,
       props: {
         headerTitle: 'REPORT.HEADER',

app/javascript/dashboard/routes/dashboard/settings/settings.routes.js

@@ -11,14 +11,14 @@ import integrations from './integrations/integrations.routes';
 export default {
   routes: [
     {
-      path: frontendURL('settings'),
+      path: frontendURL('accounts/:accountId/settings'),
       name: 'settings_home',
       roles: ['administrator', 'agent'],
       redirect: () => {
         if (Auth.isAdmin()) {
-          return frontendURL('settings/agents');
+          return frontendURL('accounts/:accountId/settings/agents');
         }
-        return frontendURL('settings/canned-response');
+        return frontendURL('accounts/:accountId/settings/canned-response');
       },
     },
     ...agent.routes,

app/javascript/dashboard/routes/index.js

@@ -7,13 +7,14 @@ import dashboard from './dashboard/dashboard.routes';
 import authRoute from './auth/auth.routes';
 import { frontendURL } from '../helper/URLHelper';
 
+const loggedInUser = auth.getCurrentUser() || {};
 const routes = [
   ...login.routes,
   ...dashboard.routes,
   ...authRoute.routes,
   {
     path: '/',
-    redirect: frontendURL('dashboard'),
+    redirect: frontendURL(`accounts/${loggedInUser.account_id}/dashboard`),
   },
 ];
 
@@ -102,7 +103,8 @@ const validateRouteAccess = (to, from, next) => {
     to.meta &&
     to.meta.requireSignupEnabled
   ) {
-    next(frontendURL('dashboard'));
+    const user = auth.getCurrentUser();
+    next(frontendURL(`accounts/${user.account_id}/dashboard`));
   }
 
   if (authIgnoreRoutes.includes(to.name)) {
@@ -114,7 +116,8 @@ const validateRouteAccess = (to, from, next) => {
 // protecting routes
 router.beforeEach((to, from, next) => {
   if (!to.name) {
-    return next(frontendURL('dashboard'));
+    const user = auth.getCurrentUser();
+    return next(frontendURL(`accounts/${user.account_id}/dashboard`));
   }
 
   return validateRouteAccess(to, from, next);

app/javascript/dashboard/store/modules/auth.js

@@ -3,7 +3,6 @@ import axios from 'axios';
 import moment from 'moment';
 import Vue from 'vue';
 import * as types from '../mutation-types';
-import router from '../../routes';
 import authAPI from '../../api/auth';
 import createAxios from '../../helper/APIHelper';
 import actionCable from '../../helper/actionCable';
@@ -65,7 +64,7 @@ export const actions = {
           commit(types.default.SET_CURRENT_USER);
           window.axios = createAxios(axios);
           actionCable.init(Vue);
-          router.replace({ name: 'home' });
+          window.location = '/';
           resolve();
         })
         .catch(error => {

app/views/api/v1/account/index.json.jbuilder

@@ -1,10 +0,0 @@
-json.array! @agents do |agent|
-  json.account_id agent.account_id
-  json.availability_status agent.availability_status
-  json.confirmed agent.confirmed?
-  json.email agent.email
-  json.id agent.id
-  json.name agent.name
-  json.role agent.role
-  json.thumbnail agent.avatar_url
-end

app/views/devise/auth.json.jbuilder

@@ -1,14 +1,14 @@
 json.data do
-  json.id @resource.id
-  json.provider @resource.provider
-  json.uid @resource.uid
-  json.name @resource.name
-  json.nickname @resource.nickname
-  json.email @resource.email
-  json.account_id @resource.account.id
-  json.pubsub_token @resource.pubsub_token
-  json.role @resource.account_user.role
-  json.inviter_id @resource.account_user.inviter_id
-  json.confirmed @resource.confirmed?
-  json.avatar_url @resource.avatar_url
+  json.id resource.id
+  json.provider resource.provider
+  json.uid resource.uid
+  json.name resource.name
+  json.nickname resource.nickname
+  json.email resource.email
+  json.account_id resource.account.id
+  json.pubsub_token resource.pubsub_token
+  json.role resource.account_user.role
+  json.inviter_id resource.account_user.inviter_id
+  json.confirmed resource.confirmed?
+  json.avatar_url resource.avatar_url
 end

config/routes.rb

@@ -19,93 +19,97 @@ Rails.application.routes.draw do
 
   namespace :api, defaults: { format: 'json' } do
     namespace :v1 do
-      resources :callbacks, only: [] do
-        collection do
-          post :register_facebook_page
-          get :register_facebook_page
-          post :get_facebook_pages
-          post :reauthorize_page
+      # ----------------------------------
+      # start of account scoped api routes
+      resources :accounts, only: [:create], module: :accounts do
+        namespace :actions do
+          resource :contact_merge, only: [:create]
         end
+
+        resources :agents, except: [:show, :edit, :new]
+        resources :callbacks, only: [] do
+          collection do
+            post :register_facebook_page
+            get :register_facebook_page
+            post :facebook_pages
+            post :reauthorize_page
+          end
+        end
+        resources :canned_responses, except: [:show, :edit, :new]
+
+        resources :conversations, only: [:index, :show] do
+          scope module: :conversations do
+            resources :messages, only: [:index, :create]
+            resources :assignments, only: [:create]
+            resources :labels, only: [:create, :index]
+          end
+          member do
+            post :toggle_status
+            post :update_last_seen
+          end
+        end
+
+        resources :contacts, only: [:index, :show, :update, :create] do
+          scope module: :contacts do
+            resources :conversations, only: [:index]
+          end
+        end
+
+        resources :facebook_indicators, only: [] do
+          collection do
+            post :mark_seen
+            post :typing_on
+            post :typing_off
+          end
+        end
+
+        resources :inboxes, only: [:index, :destroy, :update]
+        resources :inbox_members, only: [:create, :show], param: :inbox_id
+        resources :labels, only: [:index] do
+          collection do
+            get :most_used
+          end
+        end
+
+        resource :notification_settings, only: [:show, :update]
+
+        resources :reports, only: [] do
+          collection do
+            get :account
+            get :agent
+          end
+          member do
+            get :account_summary
+            get :agent_summary
+          end
+        end
+
+        # this block is only required if subscription via chargebee is enabled
+        resources :subscriptions, only: [:index] do
+          collection do
+            get :summary
+          end
+        end
+
+        resources :webhooks, except: [:show]
       end
 
+      # end of account scoped api routes
+      # ----------------------------------
+
+      resource :profile, only: [:show, :update]
+
       namespace :widget do
         resources :messages, only: [:index, :create, :update]
         resources :inboxes, only: [:create, :update]
         resources :inbox_members, only: [:index]
       end
 
-      namespace :actions do
-        resource :contact_merge, only: [:create]
-      end
-
-      namespace :account do
-        resources :webhooks, except: [:show]
-      end
-
-      resource :profile, only: [:show, :update]
-      resources :accounts, only: [:create]
-      resources :inboxes, only: [:index, :destroy, :update]
-      resources :agents, except: [:show, :edit, :new]
-      resources :labels, only: [:index] do
-        collection do
-          get :most_used
-        end
-      end
-      resources :canned_responses, except: [:show, :edit, :new]
-      resources :inbox_members, only: [:create, :show], param: :inbox_id
-      resources :facebook_indicators, only: [] do
-        collection do
-          post :mark_seen
-          post :typing_on
-          post :typing_off
-        end
-      end
-
-      resources :reports, only: [] do
-        collection do
-          get :account
-          get :agent
-        end
-        member do
-          get :account_summary
-          get :agent_summary
-        end
-      end
-
-      resources :conversations, only: [:index, :show] do
-        scope module: :conversations do
-          resources :messages, only: [:index, :create]
-          resources :assignments, only: [:create]
-          resources :labels, only: [:create, :index]
-        end
-        member do
-          post :toggle_status
-          post :update_last_seen
-        end
-      end
-
-      resources :contacts, only: [:index, :show, :update, :create] do
-        scope module: :contacts do
-          resources :conversations, only: [:index]
-        end
-      end
-
-      # this block is only required if subscription via chargebee is enabled
-      resources :subscriptions, only: [:index] do
-        collection do
-          get :summary
-        end
-      end
-
       resources :webhooks, only: [] do
         collection do
           post :chargebee
         end
       end
-
-      namespace :user do
-        resource :notification_settings, only: [:show, :update]
-      end
     end
   end
 
@@ -114,17 +118,19 @@ Rails.application.routes.draw do
     resource :callback, only: [:show]
   end
 
+  # ----------------------------------------------------------------------
   # Used in mailer templates
   resource :app, only: [:index] do
     resources :conversations, only: [:show]
   end
 
+  # ----------------------------------------------------------------------
+  # Routes for social integrations
   mount Facebook::Messenger::Server, at: 'bot'
   get 'webhooks/twitter', to: 'api/v1/webhooks#twitter_crc'
   post 'webhooks/twitter', to: 'api/v1/webhooks#twitter_events'
 
-  post '/webhooks/telegram/:account_id/:inbox_id' => 'home#telegram'
-
+  # ----------------------------------------------------------------------
   # Routes for testing
   resources :widget_tests, only: [:index] unless Rails.env.production?
 
@@ -147,8 +153,8 @@ Rails.application.routes.draw do
 
     mount Sidekiq::Web, at: '/sidekiq'
   end
-  # ----------------------------------------------------------------------
 
+  # ---------------------------------------------------------------------
   # Routes for swagger docs
   get '/swagger/*path', to: 'swagger#respond'
   get '/swagger', to: 'swagger#respond'

db/migrate/20191209195420_create_active_storage_tables.active_storage.rb

@@ -10,7 +10,7 @@ class CreateActiveStorageTables < ActiveRecord::Migration[5.2]
       t.string   :checksum,   null: false
       t.datetime :created_at, null: false
 
-      t.index [ :key ], unique: true
+      t.index [:key], unique: true
     end
 
     create_table :active_storage_attachments do |t|
@@ -20,7 +20,7 @@ class CreateActiveStorageTables < ActiveRecord::Migration[5.2]
 
       t.datetime :created_at, null: false
 
-      t.index [ :record_type, :record_id, :name, :blob_id ], name: "index_active_storage_attachments_uniqueness", unique: true
+      t.index [:record_type, :record_id, :name, :blob_id], name: 'index_active_storage_attachments_uniqueness', unique: true
       t.foreign_key :active_storage_blobs, column: :blob_id
     end
   end

db/migrate/20200225160650_rename_urls_to_url.rb

@@ -2,4 +2,4 @@ class RenameUrlsToUrl < ActiveRecord::Migration[6.0]
   def change
     rename_column :webhooks, :urls, :url
   end
-end
+end

db/migrate/20200225162150_add_type_to_webhook.rb

@@ -2,4 +2,4 @@ class AddTypeToWebhook < ActiveRecord::Migration[6.0]
   def change
     add_column :webhooks, :webhook_type, :integer, default: '0'
   end
-end
+end

spec/controllers/api/v1/accounts/actions/contact_merges_controller_spec.rb

@@ -5,10 +5,10 @@ RSpec.describe 'Contact Merge Action API', type: :request do
   let!(:base_contact) { create(:contact, account: account) }
   let!(:mergee_contact) { create(:contact, account: account) }
 
-  describe 'POST /api/v1/actions/contact_merge' do
+  describe 'POST /api/v1/accounts/{account.id}/actions/contact_merge' do
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        post '/api/v1/actions/contact_merge'
+        post "/api/v1/accounts/#{account.id}/actions/contact_merge"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -24,7 +24,7 @@ RSpec.describe 'Contact Merge Action API', type: :request do
       end
 
       it 'merges two contacts by calling contact merge action' do
-        post '/api/v1/actions/contact_merge',
+        post "/api/v1/accounts/#{account.id}/actions/contact_merge",
              params: { base_contact_id: base_contact.id, mergee_contact_id: mergee_contact.id },
              headers: agent.create_new_auth_token,
              as: :json

spec/controllers/api/v1/accounts/agents_controller_spec.rb

@@ -3,20 +3,20 @@ require 'rails_helper'
 RSpec.describe 'Agents API', type: :request do
   let(:account) { create(:account) }
 
-  describe 'GET /api/v1/agents' do
+  describe 'GET /api/v1/accounts/{account.id}/agents' do
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        get '/api/v1/agents'
+        get "/api/v1/accounts/#{account.id}/agents"
 
         expect(response).to have_http_status(:unauthorized)
       end
     end
 
     context 'when it is an authenticated user' do
-      let(:agent) { create(:user, account: account, role: :agent) }
+      let!(:agent) { create(:user, account: account, role: :agent) }
 
       it 'returns all agents of account' do
-        get '/api/v1/agents',
+        get "/api/v1/accounts/#{account.id}/agents",
             headers: agent.create_new_auth_token,
             as: :json
 
@@ -26,12 +26,12 @@ RSpec.describe 'Agents API', type: :request do
     end
   end
 
-  describe 'DELETE /api/v1/agents/:id' do
+  describe 'DELETE /api/v1/accounts/{account.id}/agents/:id' do
     let(:other_agent) { create(:user, account: account, role: :agent) }
 
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        delete "/api/v1/agents/#{other_agent.id}"
+        delete "/api/v1/accounts/#{account.id}/agents/#{other_agent.id}"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -41,7 +41,7 @@ RSpec.describe 'Agents API', type: :request do
       let(:admin) { create(:user, account: account, role: :administrator) }
 
       it 'deletes an agent' do
-        delete "/api/v1/agents/#{other_agent.id}",
+        delete "/api/v1/accounts/#{account.id}/agents/#{other_agent.id}",
                headers: admin.create_new_auth_token,
                as: :json
 
@@ -51,12 +51,12 @@ RSpec.describe 'Agents API', type: :request do
     end
   end
 
-  describe 'PUT /api/v1/agents/:id' do
+  describe 'PUT /api/v1/accounts/{account.id}/agents/:id' do
     let(:other_agent) { create(:user, account: account, role: :agent) }
 
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        put "/api/v1/agents/#{other_agent.id}"
+        put "/api/v1/accounts/#{account.id}/agents/#{other_agent.id}"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -68,7 +68,7 @@ RSpec.describe 'Agents API', type: :request do
       params = { name: 'TestUser' }
 
       it 'modifies an agent' do
-        put "/api/v1/agents/#{other_agent.id}",
+        put "/api/v1/accounts/#{account.id}/agents/#{other_agent.id}",
             params: params,
             headers: admin.create_new_auth_token,
             as: :json
@@ -79,12 +79,12 @@ RSpec.describe 'Agents API', type: :request do
     end
   end
 
-  describe 'POST /api/v1/agents' do
+  describe 'POST /api/v1/accounts/{account.id}/agents' do
     let(:other_agent) { create(:user, account: account, role: :agent) }
 
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        post '/api/v1/agents'
+        post "/api/v1/accounts/#{account.id}/agents"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -96,7 +96,7 @@ RSpec.describe 'Agents API', type: :request do
       params = { name: 'NewUser', email: Faker::Internet.email, role: :agent }
 
       it 'creates a new agent' do
-        post '/api/v1/agents',
+        post "/api/v1/accounts/#{account.id}/agents",
              params: params,
              headers: admin.create_new_auth_token,
              as: :json

spec/controllers/api/v1/accounts/callbacks_controller_spec.rb

@@ -22,10 +22,10 @@ RSpec.describe 'Callbacks API', type: :request do
     allow(koala_oauth).to receive(:exchange_access_token_info).and_return('access_token' => SecureRandom.hex(10))
   end
 
-  describe 'POST /api/v1/callbacks/register_facebook_page' do
+  describe 'POST /api/v1/accounts/{account.id}/callbacks/register_facebook_page' do
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        post '/api/v1/callbacks/register_facebook_page'
+        post "/api/v1/accounts/#{account.id}/callbacks/register_facebook_page"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -35,7 +35,7 @@ RSpec.describe 'Callbacks API', type: :request do
       let(:admin) { create(:user, account: account, role: :administrator) }
 
       it 'registers a new facebook page with no avatar' do
-        post '/api/v1/callbacks/register_facebook_page',
+        post "/api/v1/accounts/#{account.id}/callbacks/register_facebook_page",
              headers: admin.create_new_auth_token,
              params: valid_params,
              as: :json
@@ -49,7 +49,7 @@ RSpec.describe 'Callbacks API', type: :request do
         io.base_uri = URI.parse('https://example.org')
         allow_any_instance_of(URI::HTTP).to receive(:open).and_return(io) # rubocop:disable RSpec/AnyInstance
 
-        post '/api/v1/callbacks/register_facebook_page',
+        post "/api/v1/accounts/#{account.id}/callbacks/register_facebook_page",
              headers: admin.create_new_auth_token,
              params: valid_params,
              as: :json
@@ -60,7 +60,7 @@ RSpec.describe 'Callbacks API', type: :request do
       it 'registers a new facebook page with avatar on redirect' do
         allow_any_instance_of(URI::HTTP).to receive(:open).and_raise(OpenURI::HTTPRedirect.new(nil, nil, URI.parse('https://example.org'))) # rubocop:disable RSpec/AnyInstance
 
-        post '/api/v1/callbacks/register_facebook_page',
+        post "/api/v1/accounts/#{account.id}/callbacks/register_facebook_page",
              headers: admin.create_new_auth_token,
              params: valid_params,
              as: :json
@@ -70,10 +70,10 @@ RSpec.describe 'Callbacks API', type: :request do
     end
   end
 
-  describe 'POST /api/v1/callbacks/get_facebook_pages' do
+  describe 'POST /api/v1/accounts/{account.id}/callbacks/facebook_pages' do
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        post '/api/v1/callbacks/get_facebook_pages'
+        post "/api/v1/accounts/#{account.id}/callbacks/facebook_pages"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -83,7 +83,7 @@ RSpec.describe 'Callbacks API', type: :request do
       let(:admin) { create(:user, account: account, role: :administrator) }
 
       it 'returns facebook pages of account' do
-        post '/api/v1/callbacks/get_facebook_pages',
+        post "/api/v1/accounts/#{account.id}/callbacks/facebook_pages",
              headers: admin.create_new_auth_token,
              as: :json
 
@@ -93,10 +93,10 @@ RSpec.describe 'Callbacks API', type: :request do
     end
   end
 
-  describe 'POST /api/v1/callbacks/reauthorize_page' do
+  describe 'POST /api/v1/accounts/{account.id}/callbacks/reauthorize_page' do
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        post '/api/v1/callbacks/reauthorize_page'
+        post "/api/v1/accounts/#{account.id}/callbacks/reauthorize_page"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -108,7 +108,7 @@ RSpec.describe 'Callbacks API', type: :request do
       it 'reauthorizes the page' do
         params = { inbox_id: inbox.id }
 
-        post '/api/v1/callbacks/reauthorize_page',
+        post "/api/v1/accounts/#{account.id}/callbacks/reauthorize_page",
              headers: admin.create_new_auth_token,
              params: params,
              as: :json
@@ -120,7 +120,7 @@ RSpec.describe 'Callbacks API', type: :request do
         allow(koala_api).to receive(:get_connections).and_return([])
         params = { inbox_id: inbox.id }
 
-        post '/api/v1/callbacks/reauthorize_page',
+        post "/api/v1/accounts/#{account.id}/callbacks/reauthorize_page",
              headers: admin.create_new_auth_token,
              params: params,
              as: :json

spec/controllers/api/v1/accounts/canned_responses_controller_spec.rb

@@ -7,10 +7,10 @@ RSpec.describe 'Canned Responses API', type: :request do
     create(:canned_response, account: account)
   end
 
-  describe 'GET /api/v1/canned_responses' do
+  describe 'GET /api/v1/accounts/{account.id}/canned_responses' do
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        get '/api/v1/canned_responses'
+        get "/api/v1/accounts/#{account.id}/canned_responses"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -20,7 +20,7 @@ RSpec.describe 'Canned Responses API', type: :request do
       let(:agent) { create(:user, account: account, role: :agent) }
 
       it 'returns all the canned responses' do
-        get '/api/v1/canned_responses',
+        get "/api/v1/accounts/#{account.id}/canned_responses",
             headers: agent.create_new_auth_token,
             as: :json
 
@@ -33,7 +33,7 @@ RSpec.describe 'Canned Responses API', type: :request do
 
         params = { search: CannedResponse.last.short_code }
 
-        get '/api/v1/canned_responses',
+        get "/api/v1/accounts/#{account.id}/canned_responses",
             params: params,
             headers: agent.create_new_auth_token,
             as: :json
@@ -44,10 +44,10 @@ RSpec.describe 'Canned Responses API', type: :request do
     end
   end
 
-  describe 'POST /api/v1/canned_responses' do
+  describe 'POST /api/v1/accounts/{account.id}/canned_responses' do
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        post '/api/v1/canned_responses'
+        post "/api/v1/accounts/#{account.id}/canned_responses"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -59,7 +59,7 @@ RSpec.describe 'Canned Responses API', type: :request do
       it 'creates a new canned response' do
         params = { short_code: 'short', content: 'content' }
 
-        post '/api/v1/canned_responses',
+        post "/api/v1/accounts/#{account.id}/canned_responses",
              params: params,
              headers: agent.create_new_auth_token,
              as: :json
@@ -70,12 +70,12 @@ RSpec.describe 'Canned Responses API', type: :request do
     end
   end
 
-  describe 'PUT /api/v1/canned_responses/:id' do
+  describe 'PUT /api/v1/accounts/{account.id}/canned_responses/:id' do
     let(:canned_response) { CannedResponse.last }
 
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        put "/api/v1/canned_responses/#{canned_response.id}"
+        put "/api/v1/accounts/#{account.id}/canned_responses/#{canned_response.id}"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -87,7 +87,7 @@ RSpec.describe 'Canned Responses API', type: :request do
       it 'updates an existing canned response' do
         params = { short_code: 'B' }
 
-        put "/api/v1/canned_responses/#{canned_response.id}",
+        put "/api/v1/accounts/#{account.id}/canned_responses/#{canned_response.id}",
             params: params,
             headers: agent.create_new_auth_token,
             as: :json
@@ -98,12 +98,12 @@ RSpec.describe 'Canned Responses API', type: :request do
     end
   end
 
-  describe 'DELETE /api/v1/canned_responses/:id' do
+  describe 'DELETE /api/v1/accounts/{account.id}/canned_responses/:id' do
     let(:canned_response) { CannedResponse.last }
 
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        delete "/api/v1/canned_responses/#{canned_response.id}"
+        delete "/api/v1/accounts/#{account.id}/canned_responses/#{canned_response.id}"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -113,7 +113,7 @@ RSpec.describe 'Canned Responses API', type: :request do
       let(:agent) { create(:user, account: account, role: :agent) }
 
       it 'destroys the canned response' do
-        delete "/api/v1/canned_responses/#{canned_response.id}",
+        delete "/api/v1/accounts/#{account.id}/canned_responses/#{canned_response.id}",
                headers: agent.create_new_auth_token,
                as: :json
 

spec/controllers/api/v1/accounts/contacts/conversations_controller_spec.rb

@@ -1,6 +1,6 @@
 require 'rails_helper'
 
-RSpec.describe '/api/v1/contacts/:id/conversations', type: :request do
+RSpec.describe '/api/v1/accounts/{account.id}/contacts/:id/conversations', type: :request do
   let(:account) { create(:account) }
   let(:contact) { create(:contact, account: account) }
   let(:inbox_1) { create(:inbox, account: account) }
@@ -17,10 +17,10 @@ RSpec.describe '/api/v1/contacts/:id/conversations', type: :request do
     2.times.each { create(:conversation, account: account, inbox: inbox_2, contact: contact, contact_inbox: contact_inbox_2) }
   end
 
-  describe 'GET /api/v1/contacts/:id/conversations' do
+  describe 'GET /api/v1/accounts/{account.id}/contacts/:id/conversations' do
     context 'when unauthenticated user' do
       it 'returns unauthorized' do
-        get "/api/v1/contacts/#{contact.id}/conversations"
+        get "/api/v1/accounts/#{account.id}/contacts/#{contact.id}/conversations"
         expect(response).to have_http_status(:unauthorized)
       end
     end
@@ -28,7 +28,7 @@ RSpec.describe '/api/v1/contacts/:id/conversations', type: :request do
     context 'when user is logged in' do
       context 'with user as administrator' do
         it 'returns conversations from all inboxes' do
-          get "/api/v1/contacts/#{contact.id}/conversations", headers: admin.create_new_auth_token
+          get "/api/v1/accounts/#{account.id}/contacts/#{contact.id}/conversations", headers: admin.create_new_auth_token
 
           expect(response).to have_http_status(:success)
           json_response = JSON.parse(response.body)
@@ -39,7 +39,7 @@ RSpec.describe '/api/v1/contacts/:id/conversations', type: :request do
 
       context 'with user as agent' do
         it 'returns conversations from the inboxes which agent has access to' do
-          get "/api/v1/contacts/#{contact.id}/conversations", headers: agent.create_new_auth_token
+          get "/api/v1/accounts/#{account.id}/contacts/#{contact.id}/conversations", headers: agent.create_new_auth_token
 
           expect(response).to have_http_status(:success)
           json_response = JSON.parse(response.body)
@@ -50,7 +50,7 @@ RSpec.describe '/api/v1/contacts/:id/conversations', type: :request do
 
       context 'with user as unknown role' do
         it 'returns conversations from no inboxes' do
-          get "/api/v1/contacts/#{contact.id}/conversations", headers: unknown.create_new_auth_token
+          get "/api/v1/accounts/#{account.id}/contacts/#{contact.id}/conversations", headers: unknown.create_new_auth_token
 
           expect(response).to have_http_status(:success)
           json_response = JSON.parse(response.body)

spec/controllers/api/v1/accounts/contacts_controller_spec.rb

@@ -3,10 +3,10 @@ require 'rails_helper'
 RSpec.describe 'Contacts API', type: :request do
   let(:account) { create(:account) }
 
-  describe 'GET /api/v1/contacts' do
+  describe 'GET /api/v1/accounts/{account.id}/contacts' do
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        get '/api/v1/contacts'
+        get "/api/v1/accounts/#{account.id}/contacts"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -17,7 +17,7 @@ RSpec.describe 'Contacts API', type: :request do
       let!(:contact) { create(:contact, account: account) }
 
       it 'returns all contacts' do
-        get '/api/v1/contacts',
+        get "/api/v1/accounts/#{account.id}/contacts",
             headers: admin.create_new_auth_token,
             as: :json
 
@@ -27,12 +27,12 @@ RSpec.describe 'Contacts API', type: :request do
     end
   end
 
-  describe 'GET /api/v1/contacts/:id' do
+  describe 'GET /api/v1/accounts/{account.id}/contacts/:id' do
     let!(:contact) { create(:contact, account: account) }
 
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        get "/api/v1/contacts/#{contact.id}"
+        get "/api/v1/accounts/#{account.id}/contacts/#{contact.id}"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -42,7 +42,7 @@ RSpec.describe 'Contacts API', type: :request do
       let(:admin) { create(:user, account: account, role: :administrator) }
 
       it 'shows the contact' do
-        get "/api/v1/contacts/#{contact.id}",
+        get "/api/v1/accounts/#{account.id}/contacts/#{contact.id}",
             headers: admin.create_new_auth_token,
             as: :json
 
@@ -52,12 +52,12 @@ RSpec.describe 'Contacts API', type: :request do
     end
   end
 
-  describe 'POST /api/v1/contacts' do
+  describe 'POST /api/v1/accounts/{account.id}/contacts' do
     let(:valid_params) { { contact: { account_id: account.id } } }
 
     context 'when it is an unauthenticated user' do
       it 'creates the contact' do
-        expect { post '/api/v1/contacts', params: valid_params }.to change(Contact, :count).by(1)
+        expect { post "/api/v1/accounts/#{account.id}/contacts", params: valid_params }.to change(Contact, :count).by(1)
 
         expect(response).to have_http_status(:success)
       end
@@ -67,20 +67,23 @@ RSpec.describe 'Contacts API', type: :request do
       let(:admin) { create(:user, account: account, role: :administrator) }
 
       it 'creates the contact' do
-        expect { post '/api/v1/contacts', headers: admin.create_new_auth_token, params: valid_params }.to change(Contact, :count).by(1)
+        expect do
+          post "/api/v1/accounts/#{account.id}/contacts", headers: admin.create_new_auth_token,
+                                                          params: valid_params
+        end .to change(Contact, :count).by(1)
 
         expect(response).to have_http_status(:success)
       end
     end
   end
 
-  describe 'PATCH /api/v1/contacts/:id' do
+  describe 'PATCH /api/v1/accounts/{account.id}/contacts/:id' do
     let!(:contact) { create(:contact, account: account) }
     let(:valid_params) { { contact: { name: 'Test Blub' } } }
 
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        put "/api/v1/contacts/#{contact.id}",
+        put "/api/v1/accounts/#{account.id}/contacts/#{contact.id}",
             params: valid_params
 
         expect(response).to have_http_status(:unauthorized)
@@ -91,7 +94,7 @@ RSpec.describe 'Contacts API', type: :request do
       let(:admin) { create(:user, account: account, role: :administrator) }
 
       it 'updates the contact' do
-        patch "/api/v1/contacts/#{contact.id}",
+        patch "/api/v1/accounts/#{account.id}/contacts/#{contact.id}",
               headers: admin.create_new_auth_token,
               params: valid_params,
               as: :json
@@ -104,7 +107,7 @@ RSpec.describe 'Contacts API', type: :request do
         other_account = create(:account)
         other_contact = create(:contact, account: other_account)
 
-        patch "/api/v1/contacts/#{other_contact.id}",
+        patch "/api/v1/accounts/#{account.id}/contacts/#{other_contact.id}",
               headers: admin.create_new_auth_token,
               params: valid_params,
               as: :json

spec/controllers/api/v1/accounts/conversations/assignments_controller_spec.rb

@@ -3,12 +3,12 @@ require 'rails_helper'
 RSpec.describe 'Conversation Assignment API', type: :request do
   let(:account) { create(:account) }
 
-  describe 'POST /api/v1/conversations/<id>/assignments' do
+  describe 'POST /api/v1/accounts/{account.id}/conversations/<id>/assignments' do
     let(:conversation) { create(:conversation, account: account) }
 
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        post api_v1_conversation_assignments_url(conversation.display_id)
+        post api_v1_account_conversation_assignments_url(account_id: account.id, conversation_id: conversation.display_id)
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -20,7 +20,7 @@ RSpec.describe 'Conversation Assignment API', type: :request do
       it 'assigns a user to the conversation' do
         params = { assignee_id: agent.id }
 
-        post api_v1_conversation_assignments_url(conversation.display_id),
+        post api_v1_account_conversation_assignments_url(account_id: account.id, conversation_id: conversation.display_id),
              params: params,
              headers: agent.create_new_auth_token,
              as: :json

spec/controllers/api/v1/accounts/conversations/labels_controller_spec.rb

@@ -3,7 +3,7 @@ require 'rails_helper'
 RSpec.describe 'Conversation Label API', type: :request do
   let(:account) { create(:account) }
 
-  describe 'GET /api/v1/conversations/<id>/labels' do
+  describe 'GET /api/v1/accounts/{account.id}/conversations/<id>/labels' do
     let(:conversation) { create(:conversation, account: account) }
 
     before do
@@ -12,7 +12,7 @@ RSpec.describe 'Conversation Label API', type: :request do
 
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        get api_v1_conversation_labels_url(conversation)
+        get api_v1_account_conversation_labels_url(account_id: account.id, conversation_id: conversation.display_id)
         expect(response).to have_http_status(:unauthorized)
       end
     end
@@ -21,7 +21,7 @@ RSpec.describe 'Conversation Label API', type: :request do
       let(:agent) { create(:user, account: account, role: :agent) }
 
       it 'returns all the labels for the conversation' do
-        get api_v1_conversation_labels_url(conversation.display_id),
+        get api_v1_account_conversation_labels_url(account_id: account.id, conversation_id: conversation.display_id),
             headers: agent.create_new_auth_token,
             as: :json
 
@@ -32,7 +32,7 @@ RSpec.describe 'Conversation Label API', type: :request do
     end
   end
 
-  describe 'POST /api/v1/conversations/<id>/labels' do
+  describe 'POST /api/v1/accounts/{account.id}/conversations/<id>/labels' do
     let(:conversation) { create(:conversation, account: account) }
 
     before do
@@ -41,7 +41,7 @@ RSpec.describe 'Conversation Label API', type: :request do
 
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        post api_v1_conversation_labels_url(conversation.display_id),
+        post api_v1_account_conversation_labels_url(account_id: account.id, conversation_id: conversation.display_id),
              params: { labels: 'label3,label4' },
              as: :json
 
@@ -53,7 +53,7 @@ RSpec.describe 'Conversation Label API', type: :request do
       let(:agent) { create(:user, account: account, role: :agent) }
 
       it 'creates labels for the conversation' do
-        post api_v1_conversation_labels_url(conversation.display_id),
+        post api_v1_account_conversation_labels_url(account_id: account.id, conversation_id: conversation.display_id),
              params: { labels: 'label3,label4' },
              headers: agent.create_new_auth_token,
              as: :json

spec/controllers/api/v1/accounts/conversations/messages_controller_spec.rb

@@ -3,12 +3,12 @@ require 'rails_helper'
 RSpec.describe 'Conversation Messages API', type: :request do
   let(:account) { create(:account) }
 
-  describe 'POST /api/v1/conversations/<id>/messages' do
+  describe 'POST /api/v1/accounts/{account.id}/conversations/<id>/messages' do
     let(:conversation) { create(:conversation, account: account) }
 
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        post api_v1_conversation_messages_url(conversation.display_id)
+        post api_v1_account_conversation_messages_url(account_id: account.id, conversation_id: conversation.display_id)
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -20,7 +20,7 @@ RSpec.describe 'Conversation Messages API', type: :request do
       it 'creates a new outgoing message' do
         params = { message: 'test-message', private: true }
 
-        post api_v1_conversation_messages_url(conversation.display_id),
+        post api_v1_account_conversation_messages_url(account_id: account.id, conversation_id: conversation.display_id),
              params: params,
              headers: agent.create_new_auth_token,
              as: :json
@@ -32,12 +32,12 @@ RSpec.describe 'Conversation Messages API', type: :request do
     end
   end
 
-  describe 'GET /api/v1/conversations/:id/messages' do
+  describe 'GET /api/v1/accounts/{account.id}/conversations/:id/messages' do
     let(:conversation) { create(:conversation, account: account) }
 
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        get "/api/v1/conversations/#{conversation.display_id}/messages"
+        get "/api/v1/accounts/#{account.id}/conversations/#{conversation.display_id}/messages"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -47,7 +47,7 @@ RSpec.describe 'Conversation Messages API', type: :request do
       let(:agent) { create(:user, account: account, role: :agent) }
 
       it 'shows the conversation' do
-        get "/api/v1/conversations/#{conversation.display_id}/messages",
+        get "/api/v1/accounts/#{account.id}/conversations/#{conversation.display_id}/messages",
             headers: agent.create_new_auth_token,
             as: :json
 

spec/controllers/api/v1/accounts/conversations_controller_spec.rb

@@ -3,10 +3,10 @@ require 'rails_helper'
 RSpec.describe 'Conversations API', type: :request do
   let(:account) { create(:account) }
 
-  describe 'GET /api/v1/conversations' do
+  describe 'GET /api/v1/accounts/{account.id}/conversations' do
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        get '/api/v1/conversations'
+        get "/api/v1/accounts/#{account.id}/conversations"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -21,7 +21,7 @@ RSpec.describe 'Conversations API', type: :request do
       end
 
       it 'returns all conversations' do
-        get '/api/v1/conversations',
+        get "/api/v1/accounts/#{account.id}/conversations",
             headers: agent.create_new_auth_token,
             as: :json
 
@@ -31,12 +31,12 @@ RSpec.describe 'Conversations API', type: :request do
     end
   end
 
-  describe 'GET /api/v1/conversations/:id' do
+  describe 'GET /api/v1/accounts/{account.id}/conversations/:id' do
     let(:conversation) { create(:conversation, account: account) }
 
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        get "/api/v1/conversations/#{conversation.display_id}"
+        get "/api/v1/accounts/#{account.id}/conversations/#{conversation.display_id}"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -46,7 +46,7 @@ RSpec.describe 'Conversations API', type: :request do
       let(:agent) { create(:user, account: account, role: :agent) }
 
       it 'shows the conversation' do
-        get "/api/v1/conversations/#{conversation.display_id}",
+        get "/api/v1/accounts/#{account.id}/conversations/#{conversation.display_id}",
             headers: agent.create_new_auth_token,
             as: :json
 
@@ -56,12 +56,12 @@ RSpec.describe 'Conversations API', type: :request do
     end
   end
 
-  describe 'POST /api/v1/conversations/:id/toggle_status' do
+  describe 'POST /api/v1/accounts/{account.id}/conversations/:id/toggle_status' do
     let(:conversation) { create(:conversation, account: account) }
 
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        post "/api/v1/conversations/#{conversation.display_id}/toggle_status"
+        post "/api/v1/accounts/#{account.id}/conversations/#{conversation.display_id}/toggle_status"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -73,7 +73,7 @@ RSpec.describe 'Conversations API', type: :request do
       it 'toggles the conversation status' do
         expect(conversation.status).to eq('open')
 
-        post "/api/v1/conversations/#{conversation.display_id}/toggle_status",
+        post "/api/v1/accounts/#{account.id}/conversations/#{conversation.display_id}/toggle_status",
              headers: agent.create_new_auth_token,
              as: :json
 
@@ -83,12 +83,12 @@ RSpec.describe 'Conversations API', type: :request do
     end
   end
 
-  describe 'POST /api/v1/conversations/:id/update_last_seen' do
+  describe 'POST /api/v1/accounts/{account.id}/conversations/:id/update_last_seen' do
     let(:conversation) { create(:conversation, account: account) }
 
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        post "/api/v1/conversations/#{conversation.display_id}/update_last_seen"
+        post "/api/v1/accounts/#{account.id}/conversations/#{conversation.display_id}/update_last_seen"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -100,7 +100,7 @@ RSpec.describe 'Conversations API', type: :request do
       it 'updates last seen' do
         params = { agent_last_seen_at: '-1' }
 
-        post "/api/v1/conversations/#{conversation.display_id}/update_last_seen",
+        post "/api/v1/accounts/#{account.id}/conversations/#{conversation.display_id}/update_last_seen",
              headers: agent.create_new_auth_token,
              params: params,
              as: :json

spec/controllers/api/v1/accounts/facebook_indicators_controller_spec.rb

@@ -12,10 +12,10 @@ RSpec.describe 'Facebook Indicators API', type: :request do
     allow(Facebook::Messenger::Subscriptions).to receive(:subscribe).and_return(true)
   end
 
-  describe 'POST /api/v1/facebook_indicators/mark_seen' do
+  describe 'POST /api/v1/accounts/{account.id}/facebook_indicators/mark_seen' do
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        post '/api/v1/facebook_indicators/mark_seen'
+        post "/api/v1/accounts/#{account.id}/facebook_indicators/mark_seen"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -32,7 +32,7 @@ RSpec.describe 'Facebook Indicators API', type: :request do
           access_token: inbox.channel.page_access_token
         )
 
-        post '/api/v1/facebook_indicators/mark_seen',
+        post "/api/v1/accounts/#{account.id}/facebook_indicators/mark_seen",
              headers: agent.create_new_auth_token,
              params: valid_params,
              as: :json
@@ -45,7 +45,7 @@ RSpec.describe 'Facebook Indicators API', type: :request do
 
         allow(Facebook::Messenger::Bot).to receive(:deliver).and_raise(Facebook::Messenger::Error)
 
-        post '/api/v1/facebook_indicators/mark_seen',
+        post "/api/v1/accounts/#{account.id}/facebook_indicators/mark_seen",
              headers: agent.create_new_auth_token,
              params: valid_params,
              as: :json
@@ -55,10 +55,10 @@ RSpec.describe 'Facebook Indicators API', type: :request do
     end
   end
 
-  describe 'POST /api/v1/facebook_indicators/typing_on' do
+  describe 'POST /api/v1/accounts/{account.id}/facebook_indicators/typing_on' do
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        post '/api/v1/facebook_indicators/typing_on'
+        post "/api/v1/accounts/#{account.id}/facebook_indicators/typing_on"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -75,7 +75,7 @@ RSpec.describe 'Facebook Indicators API', type: :request do
           access_token: inbox.channel.page_access_token
         )
 
-        post '/api/v1/facebook_indicators/typing_on',
+        post "/api/v1/accounts/#{account.id}/facebook_indicators/typing_on",
              headers: agent.create_new_auth_token,
              params: valid_params,
              as: :json
@@ -88,7 +88,7 @@ RSpec.describe 'Facebook Indicators API', type: :request do
 
         allow(Facebook::Messenger::Bot).to receive(:deliver).and_raise(Facebook::Messenger::Error)
 
-        post '/api/v1/facebook_indicators/typing_on',
+        post "/api/v1/accounts/#{account.id}/facebook_indicators/typing_on",
              headers: agent.create_new_auth_token,
              params: valid_params,
              as: :json
@@ -98,10 +98,10 @@ RSpec.describe 'Facebook Indicators API', type: :request do
     end
   end
 
-  describe 'POST /api/v1/facebook_indicators/typing_off' do
+  describe 'POST /api/v1/accounts/{account.id}/facebook_indicators/typing_off' do
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        post '/api/v1/facebook_indicators/typing_off'
+        post "/api/v1/accounts/#{account.id}/facebook_indicators/typing_off"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -118,7 +118,7 @@ RSpec.describe 'Facebook Indicators API', type: :request do
           access_token: inbox.channel.page_access_token
         )
 
-        post '/api/v1/facebook_indicators/typing_off',
+        post "/api/v1/accounts/#{account.id}/facebook_indicators/typing_off",
              headers: agent.create_new_auth_token,
              params: valid_params,
              as: :json
@@ -131,7 +131,7 @@ RSpec.describe 'Facebook Indicators API', type: :request do
 
         allow(Facebook::Messenger::Bot).to receive(:deliver).and_raise(Facebook::Messenger::Error)
 
-        post '/api/v1/facebook_indicators/typing_off',
+        post "/api/v1/accounts/#{account.id}/facebook_indicators/typing_off",
              headers: agent.create_new_auth_token,
              params: valid_params,
              as: :json

spec/controllers/api/v1/accounts/inbox_members_controller_spec.rb

@@ -4,10 +4,10 @@ RSpec.describe 'Inbox Member API', type: :request do
   let(:account) { create(:account) }
   let(:inbox) { create(:inbox, account: account) }
 
-  describe 'POST /api/v1/inbox_members' do
+  describe 'POST /api/v1/accounts/{account.id}/inbox_members' do
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        post '/api/v1/inbox_members'
+        post "/api/v1/accounts/#{account.id}/inbox_members"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -19,7 +19,7 @@ RSpec.describe 'Inbox Member API', type: :request do
       it 'modifies inbox members' do
         params = { inbox_id: inbox.id, user_ids: [agent.id] }
 
-        post '/api/v1/inbox_members',
+        post "/api/v1/accounts/#{account.id}/inbox_members",
              headers: agent.create_new_auth_token,
              params: params,
              as: :json
@@ -32,7 +32,7 @@ RSpec.describe 'Inbox Member API', type: :request do
       it 'renders not found when inbox not found' do
         params = { inbox_id: nil, user_ids: [agent.id] }
 
-        post '/api/v1/inbox_members',
+        post "/api/v1/accounts/#{account.id}/inbox_members",
              headers: agent.create_new_auth_token,
              params: params,
              as: :json
@@ -43,7 +43,7 @@ RSpec.describe 'Inbox Member API', type: :request do
       it 'renders error on invalid params' do
         params = { inbox_id: inbox.id, user_ids: ['invalid'] }
 
-        post '/api/v1/inbox_members',
+        post "/api/v1/accounts/#{account.id}/inbox_members",
              headers: agent.create_new_auth_token,
              params: params,
              as: :json
@@ -54,12 +54,12 @@ RSpec.describe 'Inbox Member API', type: :request do
     end
   end
 
-  describe 'GET /api/v1/inbox_members/:id' do
+  describe 'GET /api/v1/accounts/{account.id}/inbox_members/:id' do
     let(:inbox_member) { create(:inbox_member, inbox: inbox) }
 
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        get "/api/v1/inbox_members/#{inbox_member.id}"
+        get "/api/v1/accounts/#{account.id}/inbox_members/#{inbox_member.id}"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -69,7 +69,7 @@ RSpec.describe 'Inbox Member API', type: :request do
       let(:agent) { create(:user, account: account, role: :agent) }
 
       it 'returns inbox member' do
-        get "/api/v1/inbox_members/#{inbox.id}",
+        get "/api/v1/accounts/#{account.id}/inbox_members/#{inbox.id}",
             headers: agent.create_new_auth_token,
             as: :json
 

spec/controllers/api/v1/accounts/inboxes_controller_spec.rb

@@ -3,10 +3,10 @@ require 'rails_helper'
 RSpec.describe 'Inboxes API', type: :request do
   let(:account) { create(:account) }
 
-  describe 'GET /api/v1/inboxes' do
+  describe 'GET /api/v1/accounts/{account.id}/inboxes' do
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        get '/api/v1/inboxes'
+        get "/api/v1/accounts/#{account.id}/inboxes"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -23,7 +23,7 @@ RSpec.describe 'Inboxes API', type: :request do
       end
 
       it 'returns all inboxes of current_account as administrator' do
-        get '/api/v1/inboxes',
+        get "/api/v1/accounts/#{account.id}/inboxes",
             headers: admin.create_new_auth_token,
             as: :json
 
@@ -32,7 +32,7 @@ RSpec.describe 'Inboxes API', type: :request do
       end
 
       it 'returns only assigned inboxes of current_account as agent' do
-        get '/api/v1/inboxes',
+        get "/api/v1/accounts/#{account.id}/inboxes",
             headers: agent.create_new_auth_token,
             as: :json
 
@@ -42,12 +42,12 @@ RSpec.describe 'Inboxes API', type: :request do
     end
   end
 
-  describe 'DELETE /api/v1/inboxes/:id' do
+  describe 'DELETE /api/v1/accounts/{account.id}/inboxes/:id' do
     let(:inbox) { create(:inbox, account: account) }
 
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        delete "/api/v1/inboxes/#{inbox.id}"
+        delete "/api/v1/accounts/#{account.id}/inboxes/#{inbox.id}"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -57,7 +57,7 @@ RSpec.describe 'Inboxes API', type: :request do
       let(:admin) { create(:user, account: account, role: :administrator) }
 
       it 'deletes inbox' do
-        delete "/api/v1/inboxes/#{inbox.id}",
+        delete "/api/v1/accounts/#{account.id}/inboxes/#{inbox.id}",
                headers: admin.create_new_auth_token,
                as: :json
 
@@ -69,7 +69,7 @@ RSpec.describe 'Inboxes API', type: :request do
         other_account = create(:account)
         other_inbox = create(:inbox, account: other_account)
 
-        delete "/api/v1/inboxes/#{other_inbox.id}",
+        delete "/api/v1/accounts/#{account.id}/inboxes/#{other_inbox.id}",
                headers: admin.create_new_auth_token,
                as: :json
 
@@ -79,7 +79,7 @@ RSpec.describe 'Inboxes API', type: :request do
       it 'is unable to delete inbox as agent' do
         agent = create(:user, account: account, role: :agent)
 
-        delete "/api/v1/inboxes/#{inbox.id}",
+        delete "/api/v1/accounts/#{account.id}/inboxes/#{inbox.id}",
                headers: agent.create_new_auth_token,
                as: :json
 
@@ -88,12 +88,12 @@ RSpec.describe 'Inboxes API', type: :request do
     end
   end
 
-  describe 'PATCH /api/v1/inboxes/:id' do
+  describe 'PATCH /api/v1/accounts/{account.id}/inboxes/:id' do
     let(:inbox) { create(:inbox, account: account) }
 
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
-        patch "/api/v1/inboxes/#{inbox.id}"
+        patch "/api/v1/accounts/#{account.id}/inboxes/#{inbox.id}"
 
         expect(response).to have_http_status(:unauthorized)
       end
@@ -104,7 +104,7 @@ RSpec.describe 'Inboxes API', type: :request do
       let(:valid_params) { { inbox: { enable_auto_assignment: false } } }
 
       it 'updates inbox' do
-        patch "/api/v1/inboxes/#{inbox.id}",
+        patch "/api/v1/accounts/#{account.id}/inboxes/#{inbox.id}",
               headers: admin.create_new_auth_token,
               params: valid_params,
               as: :json
@@ -116,7 +116,7 @@ RSpec.describe 'Inboxes API', type: :request do
       it 'will not update inbox for agent' do
         agent = create(:user, account: account, role: :agent)
 
-        patch "/api/v1/inboxes/#{inbox.id}",
+        patch "/api/v1/accounts/#{account.id}/inboxes/#{inbox.id}",
               headers: agent.create_new_auth_token,
               params: valid_params,
               as: :json