API Reference

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Organizations

Create

organizations.create(OrganizationCreateParams**kwargs) -> Organization

POST/organizations

List

organizations.list(OrganizationListParams**kwargs) -> OrganizationListResponse

GET/organizations

Retrieve

organizations.retrieve(strorganization_id, OrganizationRetrieveParams**kwargs) -> Organization

GET/organizations/{organization_id}

Update

organizations.update(strorganization_id, OrganizationUpdateParams**kwargs) -> Organization

PATCH/organizations/{organization_id}

Exchange Token

organizations.exchange_token(strorganization_id, OrganizationExchangeTokenParams**kwargs) -> TokenResponse

POST/organizations/{organization_id}/token

List available roles

organizations.list_roles(strorganization_id, OrganizationListRolesParams**kwargs) -> OrganizationListRolesResponse

GET/organizations/{organization_id}/roles

List Identities

organizations.list_identities(strorganization_id, OrganizationListIdentitiesParams**kwargs) -> OrganizationListIdentitiesResponse

GET/organizations/{organization_id}/identities

ModelsExpand Collapse

class Organization: …

id: str

Identifier for API resources. A 26-char nanoid (URL/DNS safe).

minLength1

maxLength255

created_at: datetime

The time the entity was created in utc

formatdate-time

label: str

A domain name segment for the entity, often derived from the name.

maxLength63

name: str

A name for the entity to be displayed in UI

sso_enabled: bool

Whether SSO is enabled for this organization

updated_at: datetime

The time the entity was mostly recently updated in utc

formatdate-time

permissions: Optional[Dict[str, Dict[str, bool]]]

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

class PageInfoCursor: …

Pagination information using cursor-based pagination

has_next_page: bool

Whether there are more items after the current page

has_prev_page: bool

Whether there are more items before the current page

end_cursor: Optional[str]

Cursor pointing to the last item in the current page

minLength1

maxLength255

start_cursor: Optional[str]

Cursor pointing to the first item in the current page

minLength1

maxLength255

Literal["organization", "zone"]

The scope at which a role can be assigned.

• organization: Roles that apply at the organization level (e.g., org_admin)
• zone: Roles that apply at the zone level (e.g., zone_manager)

Accepts one of the following:

"organization"

"zone"

class TokenResponse: …

OAuth2-style token response for M2M tokens

access_token: str

The M2M access token

token_type: str

Token type (always "Bearer")

expires_in: Optional[int]

Token expiration time in seconds

OrganizationsUsers

List

organizations.users.list(strorganization_id, UserListParams**kwargs) -> UserListResponse

GET/organizations/{organization_id}/users

Retrieve

organizations.users.retrieve(struser_id, UserRetrieveParams**kwargs) -> OrganizationUser

GET/organizations/{organization_id}/users/{user_id}

Update

organizations.users.update(struser_id, UserUpdateParams**kwargs) -> OrganizationUser

PATCH/organizations/{organization_id}/users/{user_id}

Delete

organizations.users.delete(struser_id, UserDeleteParams**kwargs)

DELETE/organizations/{organization_id}/users/{user_id}

ModelsExpand Collapse

Literal["org_admin", "org_member", "org_viewer"]

User's role in the organization

Accepts one of the following:

"org_admin"

"org_member"

"org_viewer"

Literal["active", "disabled"]

Status of organization membership

Accepts one of the following:

"active"

"disabled"

class OrganizationUser: …

id: str

The keycard account ID

minLength1

maxLength255

created_at: datetime

The time the entity was created in utc

formatdate-time

role: OrganizationRole

User's role in the organization

Accepts one of the following:

"org_admin"

"org_member"

"org_viewer"

source: str

Identity provider issuer

formaturi

status: OrganizationStatus

Status of organization membership

Accepts one of the following:

"active"

"disabled"

updated_at: datetime

The time the entity was mostly recently updated in utc

formatdate-time

email: Optional[str]

User email address

formatemail

permissions: Optional[Dict[str, Dict[str, bool]]]

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

OrganizationsInvitations

Create

organizations.invitations.create(strorganization_id, InvitationCreateParams**kwargs) -> Invitation

POST/organizations/{organization_id}/invitations

List

organizations.invitations.list(strorganization_id, InvitationListParams**kwargs) -> InvitationListResponse

GET/organizations/{organization_id}/invitations

Delete

organizations.invitations.delete(strinvitation_id, InvitationDeleteParams**kwargs)

DELETE/organizations/{organization_id}/invitations/{invitation_id}

ModelsExpand Collapse

class Invitation: …

id: str

Identifier for API resources. A 26-char nanoid (URL/DNS safe).

minLength1

maxLength255

created_at: datetime

The time the entity was created in utc

formatdate-time

created_by: str

ID of the user who created the invitation

minLength1

maxLength255

email: str

Email address for the invitation

formatemail

expires_at: datetime

When the invitation expires

formatdate-time

organization_id: str

Identifier for API resources. A 26-char nanoid (URL/DNS safe).

minLength1

maxLength255

role: OrganizationRole

Role that will be assigned when invitation is accepted

Accepts one of the following:

"org_admin"

"org_member"

"org_viewer"

status: InvitationStatus

Status of an invitation

Accepts one of the following:

"pending"

"accepted"

"expired"

"revoked"

updated_at: datetime

The time the entity was mostly recently updated in utc

formatdate-time

permissions: Optional[Dict[str, Dict[str, bool]]]

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

Literal["pending", "accepted", "expired", "revoked"]

Status of an invitation

Accepts one of the following:

"pending"

"accepted"

"expired"

"revoked"

OrganizationsService Accounts

Create

organizations.service_accounts.create(strorganization_id, ServiceAccountCreateParams**kwargs) -> ServiceAccount

POST/organizations/{organization_id}/service-accounts

List

organizations.service_accounts.list(strorganization_id, ServiceAccountListParams**kwargs) -> ServiceAccountListResponse

GET/organizations/{organization_id}/service-accounts

Retrieve

organizations.service_accounts.retrieve(strservice_account_id, ServiceAccountRetrieveParams**kwargs) -> ServiceAccount

GET/organizations/{organization_id}/service-accounts/{service_account_id}

Update

organizations.service_accounts.update(strservice_account_id, ServiceAccountUpdateParams**kwargs) -> ServiceAccount

PATCH/organizations/{organization_id}/service-accounts/{service_account_id}

Delete

organizations.service_accounts.delete(strservice_account_id, ServiceAccountDeleteParams**kwargs)

DELETE/organizations/{organization_id}/service-accounts/{service_account_id}

ModelsExpand Collapse

class ServiceAccount: …

id: str

Identifier for API resources. A 26-char nanoid (URL/DNS safe).

minLength1

maxLength255

created_at: datetime

The time the entity was created in utc

formatdate-time

name: str

A name for the entity to be displayed in UI

updated_at: datetime

The time the entity was mostly recently updated in utc

formatdate-time

description: Optional[str]

Optional description of the service account

permissions: Optional[Dict[str, Dict[str, bool]]]

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

OrganizationsService AccountsCredentials

Create

organizations.service_accounts.credentials.create(strservice_account_id, CredentialCreateParams**kwargs) -> CredentialCreateResponse

POST/organizations/{organization_id}/service-accounts/{service_account_id}/credentials

List

organizations.service_accounts.credentials.list(strservice_account_id, CredentialListParams**kwargs) -> CredentialListResponse

GET/organizations/{organization_id}/service-accounts/{service_account_id}/credentials

Retrieve

organizations.service_accounts.credentials.retrieve(strcredential_id, CredentialRetrieveParams**kwargs) -> ServiceAccountCredential

GET/organizations/{organization_id}/service-accounts/{service_account_id}/credentials/{credential_id}

Update

organizations.service_accounts.credentials.update(strcredential_id, CredentialUpdateParams**kwargs) -> ServiceAccountCredential

PATCH/organizations/{organization_id}/service-accounts/{service_account_id}/credentials/{credential_id}

Delete

organizations.service_accounts.credentials.delete(strcredential_id, CredentialDeleteParams**kwargs)

DELETE/organizations/{organization_id}/service-accounts/{service_account_id}/credentials/{credential_id}

ModelsExpand Collapse

class ServiceAccountCredential: …

Service account credential (without secret)

id: str

Identifier for API resources. A 26-char nanoid (URL/DNS safe).

minLength1

maxLength255

client_id: str

The client ID for authentication

created_at: datetime

The time the entity was created in utc

formatdate-time

name: str

A name for the entity to be displayed in UI

description: Optional[str]

Optional description of the credential

last_used_at: Optional[datetime]

When the credential was last used

formatdate-time

permissions: Optional[Dict[str, Dict[str, bool]]]

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

OrganizationsSSO Connection

Enable

organizations.sso_connection.enable(strorganization_id, SSOConnectionEnableParams**kwargs) -> SSOConnection

POST/organizations/{organization_id}/sso-connection

Retrieve

organizations.sso_connection.retrieve(strorganization_id, SSOConnectionRetrieveParams**kwargs) -> SSOConnection

GET/organizations/{organization_id}/sso-connection

Update

organizations.sso_connection.update(strorganization_id, SSOConnectionUpdateParams**kwargs) -> SSOConnection

PATCH/organizations/{organization_id}/sso-connection

Disable

organizations.sso_connection.disable(strorganization_id, SSOConnectionDisableParams**kwargs)

DELETE/organizations/{organization_id}/sso-connection

ModelsExpand Collapse

class SSOConnection: …

SSO connection configuration for an organization

id: str

Unique identifier for the SSO connection

client_id: Optional[str]

OAuth 2.0 client ID

client_secret_set: bool

Whether a client secret is configured

created_at: datetime

The time the entity was created in utc

formatdate-time

identifier: str

SSO provider identifier (e.g., issuer URL)

minLength1

maxLength2048

updated_at: datetime

The time the entity was mostly recently updated in utc

formatdate-time

permissions: Optional[Dict[str, Dict[str, bool]]]

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

protocols: Optional[SSOConnectionProtocol]

Protocol configuration for SSO connection

oauth2: Optional[Oauth2]

OAuth 2.0 protocol configuration for SSO connection

authorization_endpoint: Optional[str]

OAuth 2.0 authorization endpoint

formaturi

code_challenge_methods_supported: Optional[List[str]]

Supported PKCE code challenge methods

jwks_uri: Optional[str]

JSON Web Key Set endpoint

formaturi

registration_endpoint: Optional[str]

OAuth 2.0 registration endpoint

formaturi

scopes_supported: Optional[List[str]]

Supported OAuth 2.0 scopes

token_endpoint: Optional[str]

OAuth 2.0 token endpoint

formaturi

openid: Optional[Openid]

OpenID Connect protocol configuration for SSO connection

userinfo_endpoint: Optional[str]

OpenID Connect UserInfo endpoint

formaturi

class SSOConnectionProtocol: …

Protocol configuration for SSO connection

oauth2: Optional[Oauth2]

OAuth 2.0 protocol configuration for SSO connection

authorization_endpoint: Optional[str]

OAuth 2.0 authorization endpoint

formaturi

code_challenge_methods_supported: Optional[List[str]]

Supported PKCE code challenge methods

jwks_uri: Optional[str]

JSON Web Key Set endpoint

formaturi

registration_endpoint: Optional[str]

OAuth 2.0 registration endpoint

formaturi

scopes_supported: Optional[List[str]]

Supported OAuth 2.0 scopes

token_endpoint: Optional[str]

OAuth 2.0 token endpoint

formaturi

openid: Optional[Openid]

OpenID Connect protocol configuration for SSO connection

userinfo_endpoint: Optional[str]

OpenID Connect UserInfo endpoint

formaturi