Org Management
Manage orgs, members, and API keys. All endpoints require JWT authentication (OAuth access token).
Orgs
List orgs
GET /v1/orgsReturns the orgs the authenticated user belongs to.
Response (200):
{
"orgs": [
{ "id": "org_xxx", "name": "Acme Corp", "role": "admin", "createdAt": 1704067200000 }
]
}Create org
POST /v1/orgsCreates a new org. The authenticated user becomes its admin.
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Org display name |
Response (201):
{ "id": "org_xxx", "name": "Acme Corp", "createdAt": 1704067200000 }Update org
PATCH /v1/orgs/:orgIdUpdate org settings. Requires admin role.
| Field | Type | Required | Description |
|---|---|---|---|
name | string | No | New org name |
Members
List members
GET /v1/orgs/:orgId/membersList all members of an org. Requires admin or member role.
Response (200):
{
"members": [
{ "userId": "usr_xxx", "email": "[email protected]", "name": "Alice", "role": "admin", "joinedAt": 1704067200000 }
]
}Invite member
POST /v1/orgs/:orgId/membersAdd a user to the org by email. Requires admin role. The user must already have a Passage account.
| Field | Type | Required | Description |
|---|---|---|---|
email | string | Yes | User’s email address |
role | string | No | admin, member, or viewer (default: member) |
Response (201): { "ok": true }
Update member role
PATCH /v1/orgs/:orgId/members/:userIdChange a member’s role. Requires admin role.
| Field | Type | Required | Description |
|---|---|---|---|
role | string | Yes | admin, member, or viewer |
Remove member
DELETE /v1/orgs/:orgId/members/:userIdRemove a member from the org. Requires admin role.
API Keys
List keys
GET /v1/orgs/:orgId/keysList API keys for an org. Requires admin or member role.
Response (200):
{
"keys": [
{ "id": "key_xxx", "keyPrefix": "psg_abc1234", "name": "Production", "createdAt": 1704067200000, "revokedAt": null, "expiresAt": null }
]
}Create key
POST /v1/orgs/:orgId/keysCreate a new API key. Requires admin role. The full key is only returned once.
| Field | Type | Required | Description |
|---|---|---|---|
name | string | No | Display name for the key |
expiresIn | integer | No | Expiry in seconds from now |
Response (201):
{ "id": "key_xxx", "key": "psg_abc1234def5678...", "prefix": "psg_abc1234", "expiresAt": null }Revoke key
DELETE /v1/orgs/:orgId/keys/:keyIdRevoke an API key. Requires admin role. Revoked keys immediately stop working.
Next steps
- Authentication — Auth model overview
- Create Session — Use an API key to create sessions