Skip to content

security

Intended Documentation

Tenant Administration

Tenant-scoped admin APIs for trust overview, members, workspace posture, and role assignment.

intermediate1 min readimplemented

Tenant Administration#

Tenant administration endpoints are exposed under /admin/* and require tenant-scoped authorization.

Read Tenant and Trust Context#

  • GET /admin/tenant?tenantId=<tenant>
  • GET /admin/trust?tenantId=<tenant>
  • GET /admin/workspace?tenantId=<tenant>
bash
curl "https://api.intended.so/admin/workspace?tenantId=tenant_acme_prod" \
  -H "Authorization: Bearer mrt_live_abc123" \
  -H "x-tenant-id: tenant_acme_prod"

List Members#

  • GET /admin/members?tenantId=<tenant>
bash
curl "https://api.intended.so/admin/members?tenantId=tenant_acme_prod" \
  -H "Authorization: Bearer mrt_live_abc123" \
  -H "x-tenant-id: tenant_acme_prod"

Update Member Role#

  • POST /admin/members/:id/role

Request body schema:

  • tenantId (required)
  • role (required): owner | admin | operator | auditor | reviewer | read_only
  • environmentKey (optional)
  • reason (optional)
bash
curl -X POST https://api.intended.so/admin/members/user_123/role \
  -H "Authorization: Bearer mrt_live_abc123" \
  -H "x-tenant-id: tenant_acme_prod" \
  -H "Content-Type: application/json" \
  -d '{
    "tenantId": "tenant_acme_prod",
    "role": "operator",
    "reason": "On-call rotation update"
  }'

Warning

Tenant boundary checks are strict. x-tenant-id, query/body tenantId, and authenticated context must resolve to the same tenant.

Next Steps#