API Reference

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Organizations

Create

POST/organizations

List

GET/organizations

Retrieve

GET/organizations/{organization_id}

Update

PATCH/organizations/{organization_id}

Exchange Token

POST/organizations/{organization_id}/token

List available roles

GET/organizations/{organization_id}/roles

List Identities

GET/organizations/{organization_id}/identities

ModelsExpand Collapse

Organization = object { id, created_at, label, 4 more }

id: string

Identifier for API resources. A 26-char nanoid (URL/DNS safe).

minLength1

maxLength255

created_at: string

The time the entity was created in utc

formatdate-time

label: string

A domain name segment for the entity, often derived from the name.

maxLength63

name: string

A name for the entity to be displayed in UI

sso_enabled: boolean

Whether SSO is enabled for this organization

updated_at: string

The time the entity was mostly recently updated in utc

formatdate-time

permissions: optional map[map[boolean]]

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

PageInfoCursor = object { has_next_page, has_prev_page, end_cursor, start_cursor }

Pagination information using cursor-based pagination

has_next_page: boolean

Whether there are more items after the current page

has_prev_page: boolean

Whether there are more items before the current page

end_cursor: optional string

Cursor pointing to the last item in the current page

minLength1

maxLength255

start_cursor: optional string

Cursor pointing to the first item in the current page

minLength1

maxLength255

RoleScope = "organization" or "zone"

The scope at which a role can be assigned.

• organization: Roles that apply at the organization level (e.g., org_admin)
• zone: Roles that apply at the zone level (e.g., zone_manager)

Accepts one of the following:

"organization"

"zone"

TokenResponse = object { access_token, token_type, expires_in }

OAuth2-style token response for M2M tokens

access_token: string

The M2M access token

token_type: string

Token type (always "Bearer")

expires_in: optional number

Token expiration time in seconds

OrganizationsUsers

List

GET/organizations/{organization_id}/users

Retrieve

GET/organizations/{organization_id}/users/{user_id}

Update

PATCH/organizations/{organization_id}/users/{user_id}

Delete

DELETE/organizations/{organization_id}/users/{user_id}

ModelsExpand Collapse

OrganizationRole = "org_admin" or "org_member" or "org_viewer"

User's role in the organization

Accepts one of the following:

"org_admin"

"org_member"

"org_viewer"

OrganizationStatus = "active" or "disabled"

Status of organization membership

Accepts one of the following:

"active"

"disabled"

OrganizationUser = object { id, created_at, role, 5 more }

id: string

The keycard account ID

minLength1

maxLength255

created_at: string

The time the entity was created in utc

formatdate-time

role: OrganizationRole

User's role in the organization

Accepts one of the following:

"org_admin"

"org_member"

"org_viewer"

source: string

Identity provider issuer

formaturi

status: OrganizationStatus

Status of organization membership

Accepts one of the following:

"active"

"disabled"

updated_at: string

The time the entity was mostly recently updated in utc

formatdate-time

email: optional string

User email address

formatemail

permissions: optional map[map[boolean]]

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

OrganizationsInvitations

Create

POST/organizations/{organization_id}/invitations

List

GET/organizations/{organization_id}/invitations

Delete

DELETE/organizations/{organization_id}/invitations/{invitation_id}

ModelsExpand Collapse

Invitation = object { id, created_at, created_by, 7 more }

id: string

Identifier for API resources. A 26-char nanoid (URL/DNS safe).

minLength1

maxLength255

created_at: string

The time the entity was created in utc

formatdate-time

created_by: string

ID of the user who created the invitation

minLength1

maxLength255

email: string

Email address for the invitation

formatemail

expires_at: string

When the invitation expires

formatdate-time

organization_id: string

Identifier for API resources. A 26-char nanoid (URL/DNS safe).

minLength1

maxLength255

role: OrganizationRole

Role that will be assigned when invitation is accepted

Accepts one of the following:

"org_admin"

"org_member"

"org_viewer"

status: InvitationStatus

Status of an invitation

Accepts one of the following:

"pending"

"accepted"

"expired"

"revoked"

updated_at: string

The time the entity was mostly recently updated in utc

formatdate-time

permissions: optional map[map[boolean]]

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

InvitationStatus = "pending" or "accepted" or "expired" or "revoked"

Status of an invitation

Accepts one of the following:

"pending"

"accepted"

"expired"

"revoked"

OrganizationsService Accounts

Create

POST/organizations/{organization_id}/service-accounts

List

GET/organizations/{organization_id}/service-accounts

Retrieve

GET/organizations/{organization_id}/service-accounts/{service_account_id}

Update

PATCH/organizations/{organization_id}/service-accounts/{service_account_id}

Delete

DELETE/organizations/{organization_id}/service-accounts/{service_account_id}

ModelsExpand Collapse

ServiceAccount = object { id, created_at, name, 3 more }

id: string

Identifier for API resources. A 26-char nanoid (URL/DNS safe).

minLength1

maxLength255

created_at: string

The time the entity was created in utc

formatdate-time

name: string

A name for the entity to be displayed in UI

updated_at: string

The time the entity was mostly recently updated in utc

formatdate-time

description: optional string

Optional description of the service account

permissions: optional map[map[boolean]]

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

OrganizationsService AccountsCredentials

Create

POST/organizations/{organization_id}/service-accounts/{service_account_id}/credentials

List

GET/organizations/{organization_id}/service-accounts/{service_account_id}/credentials

Retrieve

GET/organizations/{organization_id}/service-accounts/{service_account_id}/credentials/{credential_id}

Update

PATCH/organizations/{organization_id}/service-accounts/{service_account_id}/credentials/{credential_id}

Delete

DELETE/organizations/{organization_id}/service-accounts/{service_account_id}/credentials/{credential_id}

ModelsExpand Collapse

ServiceAccountCredential = object { id, client_id, created_at, 4 more }

Service account credential (without secret)

id: string

Identifier for API resources. A 26-char nanoid (URL/DNS safe).

minLength1

maxLength255

client_id: string

The client ID for authentication

created_at: string

The time the entity was created in utc

formatdate-time

name: string

A name for the entity to be displayed in UI

description: optional string

Optional description of the credential

last_used_at: optional string

When the credential was last used

formatdate-time

permissions: optional map[map[boolean]]

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

OrganizationsSSO Connection

Enable

POST/organizations/{organization_id}/sso-connection

Retrieve

GET/organizations/{organization_id}/sso-connection

Update

PATCH/organizations/{organization_id}/sso-connection

Disable

DELETE/organizations/{organization_id}/sso-connection

ModelsExpand Collapse

SSOConnection = object { id, client_id, client_secret_set, 5 more }

SSO connection configuration for an organization

id: string

Unique identifier for the SSO connection

client_id: string

OAuth 2.0 client ID

client_secret_set: boolean

Whether a client secret is configured

created_at: string

The time the entity was created in utc

formatdate-time

identifier: string

SSO provider identifier (e.g., issuer URL)

minLength1

maxLength2048

updated_at: string

The time the entity was mostly recently updated in utc

formatdate-time

permissions: optional map[map[boolean]]

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

protocols: optional SSOConnectionProtocol { oauth2, openid }

Protocol configuration for SSO connection

oauth2: optional object { authorization_endpoint, code_challenge_methods_supported, jwks_uri, 3 more }

OAuth 2.0 protocol configuration for SSO connection

authorization_endpoint: optional string

OAuth 2.0 authorization endpoint

formaturi

code_challenge_methods_supported: optional array of string

Supported PKCE code challenge methods

jwks_uri: optional string

JSON Web Key Set endpoint

formaturi

registration_endpoint: optional string

OAuth 2.0 registration endpoint

formaturi

scopes_supported: optional array of string

Supported OAuth 2.0 scopes

token_endpoint: optional string

OAuth 2.0 token endpoint

formaturi

openid: optional object { userinfo_endpoint }

OpenID Connect protocol configuration for SSO connection

userinfo_endpoint: optional string

OpenID Connect UserInfo endpoint

formaturi

SSOConnectionProtocol = object { oauth2, openid }

Protocol configuration for SSO connection

oauth2: optional object { authorization_endpoint, code_challenge_methods_supported, jwks_uri, 3 more }

OAuth 2.0 protocol configuration for SSO connection

authorization_endpoint: optional string

OAuth 2.0 authorization endpoint

formaturi

code_challenge_methods_supported: optional array of string

Supported PKCE code challenge methods

jwks_uri: optional string

JSON Web Key Set endpoint

formaturi

registration_endpoint: optional string

OAuth 2.0 registration endpoint

formaturi

scopes_supported: optional array of string

Supported OAuth 2.0 scopes

token_endpoint: optional string

OAuth 2.0 token endpoint

formaturi

openid: optional object { userinfo_endpoint }

OpenID Connect protocol configuration for SSO connection

userinfo_endpoint: optional string

OpenID Connect UserInfo endpoint

formaturi