Create with belongs_to includes foreign key in data.attributes

[pbrisbin]

We might be missing something here, but I think this behavior is incorrect:

Model

module CC
  class API
    class RefPoint < Base
      belongs_to :repo

      property :commit_sha, type: :string
      property :created_at, type: :time
      property :source, type: :string
    end
  end
end

Action

# Note: as_service just adds some authentication headers
CC::API::RefPoint.as_service(SERVICE_NAME).create(
  repo_id: repo.id,
  commit_sha: commit.id,
  created_at: commit.committed_date,
  source: REF_POINT_SOURCE,
)

Resulting POST

Started POST "/v1/repos/58f7a549ff0bb002860006aa/ref_points" ...
  Processing by V1::Repos::RefPointsController#create as JSON
  Parameters: {"data"=>{"type"=>"ref_points", "attributes"=>{"repo_id"=>"58f7a549ff0bb002860006aa", "commit_sha"=>"dfdf1c8406bcb975f965c6bb2373f7086a0792f8", "created_at"=>"2015-05-29 23:11:49 +0000", "source"=>"backfill"}}, "repo_id"=>"58f7a549ff0bb002860006aa"}

Expected POST

Started POST "/v1/repos/58f7a549ff0bb002860006aa/ref_points" ...
  Processing by V1::Repos::RefPointsController#create as JSON
  Parameters: {"data"=>{"type"=>"ref_points", "attributes"=>{"commit_sha"=>"dfdf1c8406bcb975f965c6bb2373f7086a0792f8", "created_at"=>"2015-05-29 23:11:49 +0000", "source"=>"backfill"}}, "repo_id"=>"58f7a549ff0bb002860006aa"}

So it was hitting repos/:repo_id/ref_points as expected, but it was also including the repo_id in data.attributes of the POST body, which is not expected. This caused a BadRequest because that parameter is not permitted by our server.

Are we doing something wrong? Are we misunderstanding jsonapi? Or is this a bug?

To work around it, we just needed to permit (and ignore) the extra repo_id in our Rails params, but we wanted to report it in case it's a bug in the gem.

Version: 1.5.1