API Reference

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Organizations

Create

client.organizations.create(OrganizationCreateParams { name, xClientRequestID } params?, RequestOptionsoptions?): Organization { id, created_at, label, 4 more }

POST/organizations

List

client.organizations.list(OrganizationListParams { after, before, expand, 2 more } params?, RequestOptionsoptions?): OrganizationListResponse { items, page_info, permissions }

GET/organizations

Retrieve

client.organizations.retrieve(stringorganizationID, OrganizationRetrieveParams { expand, xClientRequestID } params?, RequestOptionsoptions?): Organization { id, created_at, label, 4 more }

GET/organizations/{organization_id}

Update

client.organizations.update(stringorganizationID, OrganizationUpdateParams { name, xClientRequestID } params, RequestOptionsoptions?): Organization { id, created_at, label, 4 more }

PATCH/organizations/{organization_id}

Exchange Token

client.organizations.exchangeToken(stringorganizationID, OrganizationExchangeTokenParams { xClientRequestID } params?, RequestOptionsoptions?): TokenResponse { access_token, token_type, expires_in }

POST/organizations/{organization_id}/token

List available roles

client.organizations.listRoles(stringorganizationID, OrganizationListRolesParams { expand, scope, xClientRequestID } params?, RequestOptionsoptions?): OrganizationListRolesResponse { items, permissions }

GET/organizations/{organization_id}/roles

List Identities

client.organizations.listIdentities(stringorganizationID, OrganizationListIdentitiesParams { after, before, expand, 3 more } params?, RequestOptionsoptions?): OrganizationListIdentitiesResponse { items, page_info, permissions }

GET/organizations/{organization_id}/identities

ModelsExpand Collapse

Organization { id, created_at, label, 4 more }

id: string

Identifier for API resources. A 26-char nanoid (URL/DNS safe).

minLength1

maxLength255

created_at: string

The time the entity was created in utc

formatdate-time

label: string

A domain name segment for the entity, often derived from the name.

maxLength63

name: string

A name for the entity to be displayed in UI

sso_enabled: boolean

Whether SSO is enabled for this organization

updated_at: string

The time the entity was mostly recently updated in utc

formatdate-time

permissions?: Record<string, Record<string, boolean>>

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

PageInfoCursor { has_next_page, has_prev_page, end_cursor, start_cursor }

Pagination information using cursor-based pagination

has_next_page: boolean

Whether there are more items after the current page

has_prev_page: boolean

Whether there are more items before the current page

end_cursor?: string

Cursor pointing to the last item in the current page

minLength1

maxLength255

start_cursor?: string

Cursor pointing to the first item in the current page

minLength1

maxLength255

RoleScope = "organization" | "zone"

The scope at which a role can be assigned.

• organization: Roles that apply at the organization level (e.g., org_admin)
• zone: Roles that apply at the zone level (e.g., zone_manager)

Accepts one of the following:

"organization"

"zone"

TokenResponse { access_token, token_type, expires_in }

OAuth2-style token response for M2M tokens

access_token: string

The M2M access token

token_type: string

Token type (always "Bearer")

expires_in?: number

Token expiration time in seconds

OrganizationsUsers

List

client.organizations.users.list(stringorganizationID, UserListParams { after, before, expand, 3 more } params?, RequestOptionsoptions?): UserListResponse { items, page_info, permissions }

GET/organizations/{organization_id}/users

Retrieve

client.organizations.users.retrieve(stringuserID, UserRetrieveParams { organization_id, expand, xClientRequestID } params, RequestOptionsoptions?): OrganizationUser { id, created_at, role, 5 more }

GET/organizations/{organization_id}/users/{user_id}

Update

client.organizations.users.update(stringuserID, UserUpdateParams { organization_id, role, status, xClientRequestID } params, RequestOptionsoptions?): OrganizationUser { id, created_at, role, 5 more }

PATCH/organizations/{organization_id}/users/{user_id}

Delete

client.organizations.users.delete(stringuserID, UserDeleteParams { organization_id, xClientRequestID } params, RequestOptionsoptions?): void

DELETE/organizations/{organization_id}/users/{user_id}

ModelsExpand Collapse

OrganizationRole = "org_admin" | "org_member" | "org_viewer"

User's role in the organization

Accepts one of the following:

"org_admin"

"org_member"

"org_viewer"

OrganizationStatus = "active" | "disabled"

Status of organization membership

Accepts one of the following:

"active"

"disabled"

OrganizationUser { id, created_at, role, 5 more }

id: string

The keycard account ID

minLength1

maxLength255

created_at: string

The time the entity was created in utc

formatdate-time

role: OrganizationRole

User's role in the organization

Accepts one of the following:

"org_admin"

"org_member"

"org_viewer"

source: string

Identity provider issuer

formaturi

status: OrganizationStatus

Status of organization membership

Accepts one of the following:

"active"

"disabled"

updated_at: string

The time the entity was mostly recently updated in utc

formatdate-time

email?: string

User email address

formatemail

permissions?: Record<string, Record<string, boolean>>

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

OrganizationsInvitations

Create

client.organizations.invitations.create(stringorganizationID, InvitationCreateParams { email, role, xClientRequestID } params, RequestOptionsoptions?): Invitation { id, created_at, created_by, 7 more }

POST/organizations/{organization_id}/invitations

List

client.organizations.invitations.list(stringorganizationID, InvitationListParams { after, before, expand, 2 more } params?, RequestOptionsoptions?): InvitationListResponse { items, page_info, permissions }

GET/organizations/{organization_id}/invitations

Delete

client.organizations.invitations.delete(stringinvitationID, InvitationDeleteParams { organization_id, xClientRequestID } params, RequestOptionsoptions?): void

DELETE/organizations/{organization_id}/invitations/{invitation_id}

ModelsExpand Collapse

Invitation { id, created_at, created_by, 7 more }

id: string

Identifier for API resources. A 26-char nanoid (URL/DNS safe).

minLength1

maxLength255

created_at: string

The time the entity was created in utc

formatdate-time

created_by: string

ID of the user who created the invitation

minLength1

maxLength255

email: string

Email address for the invitation

formatemail

expires_at: string

When the invitation expires

formatdate-time

organization_id: string

Identifier for API resources. A 26-char nanoid (URL/DNS safe).

minLength1

maxLength255

role: OrganizationRole

Role that will be assigned when invitation is accepted

Accepts one of the following:

"org_admin"

"org_member"

"org_viewer"

status: InvitationStatus

Status of an invitation

Accepts one of the following:

"pending"

"accepted"

"expired"

"revoked"

updated_at: string

The time the entity was mostly recently updated in utc

formatdate-time

permissions?: Record<string, Record<string, boolean>>

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

InvitationStatus = "pending" | "accepted" | "expired" | "revoked"

Status of an invitation

Accepts one of the following:

"pending"

"accepted"

"expired"

"revoked"

OrganizationsService Accounts

Create

client.organizations.serviceAccounts.create(stringorganizationID, ServiceAccountCreateParams { name, description, xClientRequestID } params, RequestOptionsoptions?): ServiceAccount { id, created_at, name, 3 more }

POST/organizations/{organization_id}/service-accounts

List

client.organizations.serviceAccounts.list(stringorganizationID, ServiceAccountListParams { after, before, expand, 2 more } params?, RequestOptionsoptions?): ServiceAccountListResponse { items, page_info, permissions }

GET/organizations/{organization_id}/service-accounts

Retrieve

client.organizations.serviceAccounts.retrieve(stringserviceAccountID, ServiceAccountRetrieveParams { organization_id, expand, xClientRequestID } params, RequestOptionsoptions?): ServiceAccount { id, created_at, name, 3 more }

GET/organizations/{organization_id}/service-accounts/{service_account_id}

Update

client.organizations.serviceAccounts.update(stringserviceAccountID, ServiceAccountUpdateParams { organization_id, description, name, xClientRequestID } params, RequestOptionsoptions?): ServiceAccount { id, created_at, name, 3 more }

PATCH/organizations/{organization_id}/service-accounts/{service_account_id}

Delete

client.organizations.serviceAccounts.delete(stringserviceAccountID, ServiceAccountDeleteParams { organization_id, xClientRequestID } params, RequestOptionsoptions?): void

DELETE/organizations/{organization_id}/service-accounts/{service_account_id}

ModelsExpand Collapse

ServiceAccount { id, created_at, name, 3 more }

id: string

Identifier for API resources. A 26-char nanoid (URL/DNS safe).

minLength1

maxLength255

created_at: string

The time the entity was created in utc

formatdate-time

name: string

A name for the entity to be displayed in UI

updated_at: string

The time the entity was mostly recently updated in utc

formatdate-time

description?: string

Optional description of the service account

permissions?: Record<string, Record<string, boolean>>

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

OrganizationsService AccountsCredentials

Create

client.organizations.serviceAccounts.credentials.create(stringserviceAccountID, CredentialCreateParams { organization_id, name, description, xClientRequestID } params, RequestOptionsoptions?): CredentialCreateResponse { id, client_id, client_secret, 3 more }

POST/organizations/{organization_id}/service-accounts/{service_account_id}/credentials

List

client.organizations.serviceAccounts.credentials.list(stringserviceAccountID, CredentialListParams { organization_id, after, before, 3 more } params, RequestOptionsoptions?): CredentialListResponse { items, page_info, permissions }

GET/organizations/{organization_id}/service-accounts/{service_account_id}/credentials

Retrieve

client.organizations.serviceAccounts.credentials.retrieve(stringcredentialID, CredentialRetrieveParams { organization_id, service_account_id, expand, xClientRequestID } params, RequestOptionsoptions?): ServiceAccountCredential { id, client_id, created_at, 4 more }

GET/organizations/{organization_id}/service-accounts/{service_account_id}/credentials/{credential_id}

Update

client.organizations.serviceAccounts.credentials.update(stringcredentialID, CredentialUpdateParams { organization_id, service_account_id, description, 2 more } params, RequestOptionsoptions?): ServiceAccountCredential { id, client_id, created_at, 4 more }

PATCH/organizations/{organization_id}/service-accounts/{service_account_id}/credentials/{credential_id}

Delete

client.organizations.serviceAccounts.credentials.delete(stringcredentialID, CredentialDeleteParams { organization_id, service_account_id, xClientRequestID } params, RequestOptionsoptions?): void

DELETE/organizations/{organization_id}/service-accounts/{service_account_id}/credentials/{credential_id}

ModelsExpand Collapse

ServiceAccountCredential { id, client_id, created_at, 4 more }

Service account credential (without secret)

id: string

Identifier for API resources. A 26-char nanoid (URL/DNS safe).

minLength1

maxLength255

client_id: string

The client ID for authentication

created_at: string

The time the entity was created in utc

formatdate-time

name: string

A name for the entity to be displayed in UI

description?: string

Optional description of the credential

last_used_at?: string

When the credential was last used

formatdate-time

permissions?: Record<string, Record<string, boolean>>

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

OrganizationsSSO Connection

Enable

client.organizations.ssoConnection.enable(stringorganizationID, SSOConnectionEnableParams { client_id, identifier, client_secret, 2 more } params, RequestOptionsoptions?): SSOConnection { id, client_id, client_secret_set, 5 more }

POST/organizations/{organization_id}/sso-connection

Retrieve

client.organizations.ssoConnection.retrieve(stringorganizationID, SSOConnectionRetrieveParams { expand, xClientRequestID } params?, RequestOptionsoptions?): SSOConnection { id, client_id, client_secret_set, 5 more }

GET/organizations/{organization_id}/sso-connection

Update

client.organizations.ssoConnection.update(stringorganizationID, SSOConnectionUpdateParams { client_id, client_secret, identifier, 2 more } params, RequestOptionsoptions?): SSOConnection { id, client_id, client_secret_set, 5 more }

PATCH/organizations/{organization_id}/sso-connection

Disable

client.organizations.ssoConnection.disable(stringorganizationID, SSOConnectionDisableParams { xClientRequestID } params?, RequestOptionsoptions?): void

DELETE/organizations/{organization_id}/sso-connection

ModelsExpand Collapse

SSOConnection { id, client_id, client_secret_set, 5 more }

SSO connection configuration for an organization

id: string

Unique identifier for the SSO connection

client_id: string | null

OAuth 2.0 client ID

client_secret_set: boolean

Whether a client secret is configured

created_at: string

The time the entity was created in utc

formatdate-time

identifier: string

SSO provider identifier (e.g., issuer URL)

minLength1

maxLength2048

updated_at: string

The time the entity was mostly recently updated in utc

formatdate-time

permissions?: Record<string, Record<string, boolean>>

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

protocols?: SSOConnectionProtocol { oauth2, openid } | null

Protocol configuration for SSO connection

oauth2?: Oauth2 | null

OAuth 2.0 protocol configuration for SSO connection

authorization_endpoint?: string | null

OAuth 2.0 authorization endpoint

formaturi

code_challenge_methods_supported?: Array<string> | null

Supported PKCE code challenge methods

jwks_uri?: string | null

JSON Web Key Set endpoint

formaturi

registration_endpoint?: string | null

OAuth 2.0 registration endpoint

formaturi

scopes_supported?: Array<string> | null

Supported OAuth 2.0 scopes

token_endpoint?: string | null

OAuth 2.0 token endpoint

formaturi

openid?: Openid | null

OpenID Connect protocol configuration for SSO connection

userinfo_endpoint?: string | null

OpenID Connect UserInfo endpoint

formaturi

SSOConnectionProtocol { oauth2, openid }

Protocol configuration for SSO connection

oauth2?: Oauth2 | null

OAuth 2.0 protocol configuration for SSO connection

authorization_endpoint?: string | null

OAuth 2.0 authorization endpoint

formaturi

code_challenge_methods_supported?: Array<string> | null

Supported PKCE code challenge methods

jwks_uri?: string | null

JSON Web Key Set endpoint

formaturi

registration_endpoint?: string | null

OAuth 2.0 registration endpoint

formaturi

scopes_supported?: Array<string> | null

Supported OAuth 2.0 scopes

token_endpoint?: string | null

OAuth 2.0 token endpoint

formaturi

openid?: Openid | null

OpenID Connect protocol configuration for SSO connection

userinfo_endpoint?: string | null

OpenID Connect UserInfo endpoint

formaturi