Organization Account API Documentation
Organization Account APIs
Welcome to the RiverGen Organization Account API documentation. This documentation covers all APIs available for team and business accounts.
Organization accounts support multiple users, workspaces, roles, and enterprise features like SSO and SCIM. These APIs are designed for team collaboration and enterprise-level management.
Quick Navigation
Available APIs
Organization-Specific APIs
These APIs are exclusive to Organization accounts:
- Organizations - Organization management, workspaces, roles, and member invitations (32 endpoints)
- Invitations - Organization invitation management (4 endpoints)
- SSO - Single Sign-On provider configuration, SCIM, and ABAC policies (19 endpoints)
- SSO Enforcement - SSO migration planning and enforcement (5 endpoints)
- Roles & Permissions - Role-based access control and permission management (15 endpoints)
- User Management - User lifecycle, bulk operations, and user administration (13 endpoints)
- Workspaces - Workspace management, settings, and provisioning (9 endpoints)
- SCIM - SCIM 2.0 protocol endpoints for user provisioning from identity providers (10 endpoints)
- Organization Tokens - Organization-scoped personal access token management (3 endpoints)
Shared APIs
These APIs are available to both Individual and Organization accounts. For Organization accounts, these APIs work within the context of your organization and can be managed by organization administrators.
How Shared APIs Work for Organization Accounts:
- Authentication - Users authenticate to access their organization accounts. Organization admins can enforce SSO, password policies, and MFA requirements through organization settings.
- Sessions - Manage user sessions across the organization. Organization admins can view and manage sessions for all members.
- MFA - Individual users set up MFA for their accounts, but organization admins can require MFA for all members through organization settings.
- WebAuthn - Users can use hardware keys and biometrics. Organization admins can require WebAuthn for enhanced security.
- Devices - Users trust devices for their personal accounts. Organization admins can view trusted devices across the organization.
- Personal Access Tokens - Users create tokens for their personal use, but organization admins can view and manage all member tokens. Organization-scoped tokens are also available.
- OAuth Applications - Register OAuth apps for your organization. Organization admins can manage all OAuth applications and control which members can create them.
- OAuth2 - Use OAuth 2.0 flows for third-party applications. Organization admins can configure OAuth settings and manage client applications.
Available Shared APIs:
- Authentication - User registration, login, OAuth, password management, and profile operations (24 endpoints)
- Sessions - Session lifecycle and monitoring (2 endpoints)
- MFA - Multi-factor authentication setup and management (10 endpoints)
- WebAuthn - Passwordless authentication using hardware keys and biometrics (6 endpoints)
- Devices - Trusted device management for "remember device" functionality (4 endpoints)
- Personal Access Tokens - Personal access token management for programmatic API access (4 endpoints)
- OAuth Applications - OAuth 2.0 application management (7 endpoints)
- OAuth2 - OAuth 2.0 authorization flows for third-party applications (6 endpoints)
Platform APIs (Sprint 3)
These APIs enable data operations and are available to both Individual and Organization accounts:
- Data Sources [NEW] - Connect, manage, and query data across 30+ data sources (12 endpoints)
- Storage [NEW] - Upload, manage, and access files securely (9 endpoints)
- Policies [NEW] - Data governance policies including row-level security and data masking (8 endpoints)
- Prompt Studio [NEW] - Query data using natural language and manage prompts (15 endpoints)
Microservices
These are specialized services that are typically called internally by the main API but can be accessed directly for advanced use cases:
- Microservices - Overview of all microservices (47 endpoints total)
- Data Orchestration Service - Query execution, catalog management, and data lineage (17 endpoints)
- Storage Service - File storage, quota management, and model registry (22 endpoints)
- Staging Service - Data staging for Model Studio (8 endpoints, not implemented)
Quick Start
- Create Organization: Use the Organizations API to create and manage your organization
- Invite Members: Send Invitations to team members
- Configure SSO: Set up Single Sign-On for enterprise authentication
- Manage Roles: Configure Roles & Permissions for access control
- Provision Users: Use SCIM for automated user provisioning
Base URL
All API endpoints are prefixed with /api/v1
Authentication
Most endpoints require authentication via JWT Bearer token:
Authorization: Bearer <your_access_token>
Response Format
All API responses follow a consistent structure:
{
"success": true,
"data": { ... },
"message": "Operation successful"
}
Error responses:
{
"success": false,
"error": {
"code": "ERROR_CODE",
"message": "Human-readable error message"
}
}
Status Codes
200- Success201- Created204- No Content400- Bad Request401- Unauthorized403- Forbidden404- Not Found409- Conflict422- Validation Error429- Too Many Requests500- Internal Server Error
Rate Limiting
Some endpoints have rate limiting:
- Login: 5 attempts per 15 minutes
- Signup: 3 attempts per 5 minutes
- Password reset: 3 requests per hour