Org Management

Organization management functions.

Retrieve OIDC Sector Identifier for organization.

get

This endpoint provides the OIDC Sector Identifier used for calculating Pseudonymous Identifiers. It ensures that clients within the same sector can access the same unique identifier for users, enhancing privacy and data protection. Use this to manage user identifiers securely within your organization.

Authorizations

Path parameters

organizationIdstringRequired

The organization ID to fetch.

Responses

200

*/*

Responsestring[]

401

Unauthorized

*/*

get

/directory/admin/{organizationId}/sectors

GET /directory/admin/{organizationId}/sectors HTTP/1.1
Host: gateway.dev.klustr.io
Accept: */*

[
  "text"
]

Create a new organization with default owner.

post

This endpoint allows users to create a new organization. The organization will be assigned a default owner upon creation. Ensure that you provide all necessary details in the request body. This operation is essential for users managing organizational accounts.

👤 User Credential: You must login and authenticate a user and use their access token to invoke this service. This will operate the action under the specified user.

🔒 Permission: org.directory.create is required in order for the call to succeed. You must configure permissions for the person or service calling this endpoint and add this permission to their identity.

Authorizations

OAuth2clientCredentialsRequired

An OIDC service account that was authenticated.

Authorization URL: Token URL:

Body

idstringOptional

namestringOptional

subdomainstringOptional

domainstringOptional

logo_urlstringOptional

creation_datestring · date-timeOptional

modified_datestring · date-timeOptional

statusstring · enumOptionalPossible values:

external_sales_force_idstringOptional

Responses

200

*/*

401

Unauthorized

*/*

post

/directory/orgs

POST /directory/orgs HTTP/1.1
Host: gateway.dev.klustr.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 834

{
  "id": "text",
  "name": "text",
  "subdomain": "text",
  "domain": "text",
  "logo_url": "text",
  "owner": {
    "id": "text"
  },
  "creation_date": "2026-02-13T00:16:13.112Z",
  "modified_date": "2026-02-13T00:16:13.112Z",
  "contact": {
    "email": "text",
    "phone": "text",
    "url": "text"
  },
  "address": {
    "address_line_1": "text",
    "address_line_2": "text",
    "postal_code": "text",
    "city_ward": "text",
    "floor": "text",
    "usage": "residence",
    "building_name": "text",
    "state_prefecture": "text",
    "metadata": {
      "ANY_ADDITIONAL_PROPERTY": "text"
    },
    "country_code": "US"
  },
  "children": [
    {
      "id": "text",
      "children": [
        {
          "id": "text",
          "children": [
            "[Circular Reference]"
          ],
          "name": "text",
          "creation_date": "2026-02-13T00:16:13.112Z",
          "modified_date": "2026-02-13T00:16:13.112Z"
        }
      ],
      "name": "text",
      "creation_date": "2026-02-13T00:16:13.112Z",
      "modified_date": "2026-02-13T00:16:13.112Z"
    }
  ],
  "status": "active",
  "external_sales_force_id": "text"
}

{
  "id": "text",
  "name": "text",
  "subdomain": "text",
  "domain": "text",
  "logo_url": "text",
  "owner": {
    "id": "text"
  },
  "creation_date": "2026-02-13T00:16:13.112Z",
  "modified_date": "2026-02-13T00:16:13.112Z",
  "contact": {
    "email": "text",
    "phone": "text",
    "url": "text"
  },
  "address": {
    "address_line_1": "text",
    "address_line_2": "text",
    "postal_code": "text",
    "city_ward": "text",
    "floor": "text",
    "usage": "residence",
    "building_name": "text",
    "state_prefecture": "text",
    "metadata": {
      "ANY_ADDITIONAL_PROPERTY": "text"
    },
    "country_code": "US"
  },
  "children": [
    {
      "id": "text",
      "children": [
        {
          "id": "text",
          "children": [
            "[Circular Reference]"
          ],
          "name": "text",
          "creation_date": "2026-02-13T00:16:13.112Z",
          "modified_date": "2026-02-13T00:16:13.112Z"
        }
      ],
      "name": "text",
      "creation_date": "2026-02-13T00:16:13.112Z",
      "modified_date": "2026-02-13T00:16:13.112Z"
    }
  ],
  "status": "active",
  "external_sales_force_id": "text"
}

Verify if a domain is available for new organization.

get

This endpoint checks if the specified domain is claimed or available for assignment to a new organization. Ensuring unique domain names is crucial for organizational identity. Use this to prevent conflicts and maintain a clear domain structure.

👤 User Credential: You must login and authenticate a user and use their access token to invoke this service. This will operate the action under the specified user.

🔒 Permission: org.directory.list is required in order for the call to succeed. You must configure permissions for the person or service calling this endpoint and add this permission to their identity.

Authorizations

OAuth2clientCredentialsRequired

An OIDC service account that was authenticated.

Authorization URL: Token URL:

Query parameters

domainstringOptional

subdomainstringOptional

Responses

200

*/*

401

Unauthorized

*/*

get

/directory/orgs/domains

GET /directory/orgs/domains HTTP/1.1
Host: gateway.dev.klustr.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

{
  "available": true
}

Suggest organizations for user to join based on context.

get

This endpoint provides suggestions for organizations that a user can join. It takes into account the user's email domain and other trusted factors to enhance the relevance of the suggestions. This is particularly useful for users looking to expand their professional network within the platform.

👤 User Credential: You must login and authenticate a user and use their access token to invoke this service. This will operate the action under the specified user.

Authorizations

OAuth2clientCredentialsRequired

An OIDC service account that was authenticated.

Authorization URL: Token URL:

Responses

200

*/*

401

Unauthorized

*/*

get

/directory/orgs/suggest

GET /directory/orgs/suggest HTTP/1.1
Host: gateway.dev.klustr.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

[
  {
    "id": "text",
    "name": "text",
    "subdomain": "text",
    "domain": "text",
    "logo_url": "text",
    "owner": {
      "id": "text"
    },
    "creation_date": "2026-02-13T00:16:13.112Z",
    "modified_date": "2026-02-13T00:16:13.112Z",
    "contact": {
      "email": "text",
      "phone": "text",
      "url": "text"
    },
    "address": {
      "address_line_1": "text",
      "address_line_2": "text",
      "postal_code": "text",
      "city_ward": "text",
      "floor": "text",
      "usage": "residence",
      "building_name": "text",
      "state_prefecture": "text",
      "metadata": {
        "ANY_ADDITIONAL_PROPERTY": "text"
      },
      "country_code": "US"
    },
    "children": [
      {
        "id": "text",
        "children": [
          {
            "id": "text",
            "children": "[Circular Reference]",
            "name": "text",
            "creation_date": "2026-02-13T00:16:13.112Z",
            "modified_date": "2026-02-13T00:16:13.112Z"
          }
        ],
        "name": "text",
        "creation_date": "2026-02-13T00:16:13.112Z",
        "modified_date": "2026-02-13T00:16:13.112Z"
      }
    ],
    "status": "active",
    "external_sales_force_id": "text"
  }
]

Retrieve details of a specific organization.

get

Fetches the organization information associated with the provided organization ID. This endpoint is intended for users with access to their organizations, ensuring that only authorized users can view sensitive organization data.

👤 User Credential: You must login and authenticate a user and use their access token to invoke this service. This will operate the action under the specified user.

🔒 Permission: org.directory.get is required in order for the call to succeed. You must configure permissions for the person or service calling this endpoint and add this permission to their identity.

Authorizations

OAuth2clientCredentialsRequired

An OIDC service account that was authenticated.

Authorization URL: Token URL:

Path parameters

organizationIdstringRequired

The organization ID to retrieve.

Responses

200

*/*

401

Unauthorized

*/*

get

/directory/orgs/{organizationId}

GET /directory/orgs/{organizationId} HTTP/1.1
Host: gateway.dev.klustr.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

{
  "id": "text",
  "name": "text",
  "subdomain": "text",
  "domain": "text",
  "logo_url": "text",
  "owner": {
    "id": "text"
  },
  "creation_date": "2026-02-13T00:16:13.112Z",
  "modified_date": "2026-02-13T00:16:13.112Z",
  "contact": {
    "email": "text",
    "phone": "text",
    "url": "text"
  },
  "address": {
    "address_line_1": "text",
    "address_line_2": "text",
    "postal_code": "text",
    "city_ward": "text",
    "floor": "text",
    "usage": "residence",
    "building_name": "text",
    "state_prefecture": "text",
    "metadata": {
      "ANY_ADDITIONAL_PROPERTY": "text"
    },
    "country_code": "US"
  },
  "children": [
    {
      "id": "text",
      "children": [
        {
          "id": "text",
          "children": [
            "[Circular Reference]"
          ],
          "name": "text",
          "creation_date": "2026-02-13T00:16:13.112Z",
          "modified_date": "2026-02-13T00:16:13.112Z"
        }
      ],
      "name": "text",
      "creation_date": "2026-02-13T00:16:13.112Z",
      "modified_date": "2026-02-13T00:16:13.112Z"
    }
  ],
  "status": "active",
  "external_sales_force_id": "text"
}

Update an existing organization with default owner.

put

This endpoint allows users to update an existing organization. It ensures that the organization retains its default ownership structure. This operation is crucial for maintaining accurate organizational data and is accessible to authorized users.

👤 User Credential: You must login and authenticate a user and use their access token to invoke this service. This will operate the action under the specified user.

🔒 Permission: org.directory.update is required in order for the call to succeed. You must configure permissions for the person or service calling this endpoint and add this permission to their identity.

Authorizations

OAuth2clientCredentialsRequired

An OIDC service account that was authenticated.

Authorization URL: Token URL:

Path parameters

organizationIdstringRequired

Body

idstringOptional

namestringOptional

subdomainstringOptional

domainstringOptional

logo_urlstringOptional

creation_datestring · date-timeOptional

modified_datestring · date-timeOptional

statusstring · enumOptionalPossible values:

external_sales_force_idstringOptional

Responses

200

*/*

401

Unauthorized

*/*

put

/directory/orgs/{organizationId}

PUT /directory/orgs/{organizationId} HTTP/1.1
Host: gateway.dev.klustr.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 834

{
  "id": "text",
  "name": "text",
  "subdomain": "text",
  "domain": "text",
  "logo_url": "text",
  "owner": {
    "id": "text"
  },
  "creation_date": "2026-02-13T00:16:13.112Z",
  "modified_date": "2026-02-13T00:16:13.112Z",
  "contact": {
    "email": "text",
    "phone": "text",
    "url": "text"
  },
  "address": {
    "address_line_1": "text",
    "address_line_2": "text",
    "postal_code": "text",
    "city_ward": "text",
    "floor": "text",
    "usage": "residence",
    "building_name": "text",
    "state_prefecture": "text",
    "metadata": {
      "ANY_ADDITIONAL_PROPERTY": "text"
    },
    "country_code": "US"
  },
  "children": [
    {
      "id": "text",
      "children": [
        {
          "id": "text",
          "children": [
            "[Circular Reference]"
          ],
          "name": "text",
          "creation_date": "2026-02-13T00:16:13.112Z",
          "modified_date": "2026-02-13T00:16:13.112Z"
        }
      ],
      "name": "text",
      "creation_date": "2026-02-13T00:16:13.112Z",
      "modified_date": "2026-02-13T00:16:13.112Z"
    }
  ],
  "status": "active",
  "external_sales_force_id": "text"
}

{
  "id": "text",
  "name": "text",
  "subdomain": "text",
  "domain": "text",
  "logo_url": "text",
  "owner": {
    "id": "text"
  },
  "creation_date": "2026-02-13T00:16:13.112Z",
  "modified_date": "2026-02-13T00:16:13.112Z",
  "contact": {
    "email": "text",
    "phone": "text",
    "url": "text"
  },
  "address": {
    "address_line_1": "text",
    "address_line_2": "text",
    "postal_code": "text",
    "city_ward": "text",
    "floor": "text",
    "usage": "residence",
    "building_name": "text",
    "state_prefecture": "text",
    "metadata": {
      "ANY_ADDITIONAL_PROPERTY": "text"
    },
    "country_code": "US"
  },
  "children": [
    {
      "id": "text",
      "children": [
        {
          "id": "text",
          "children": [
            "[Circular Reference]"
          ],
          "name": "text",
          "creation_date": "2026-02-13T00:16:13.112Z",
          "modified_date": "2026-02-13T00:16:13.112Z"
        }
      ],
      "name": "text",
      "creation_date": "2026-02-13T00:16:13.112Z",
      "modified_date": "2026-02-13T00:16:13.112Z"
    }
  ],
  "status": "active",
  "external_sales_force_id": "text"
}

Delete an organization from the directory.

delete

This endpoint allows for the deletion of an organization identified by its ID. It ensures that only authorized users can perform this action, maintaining the integrity of the organization management system. Use this operation to remove organizations that are no longer needed.

👤 User Credential: You must login and authenticate a user and use their access token to invoke this service. This will operate the action under the specified user.

🔒 Permission: org.directory.delete is required in order for the call to succeed. You must configure permissions for the person or service calling this endpoint and add this permission to their identity.

Authorizations

OAuth2clientCredentialsRequired

An OIDC service account that was authenticated.

Authorization URL: Token URL:

Path parameters

organizationIdstringRequired

Responses

200

No content

401

Unauthorized

*/*

delete

/directory/orgs/{organizationId}

DELETE /directory/orgs/{organizationId} HTTP/1.1
Host: gateway.dev.klustr.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

No content

List all members of the specified organization.

get

This endpoint retrieves all members associated with the given organization ID. It ensures that the current user has the necessary permissions to view this information. This is essential for understanding the organizational structure and collaboration opportunities.

👤 User Credential: You must login and authenticate a user and use their access token to invoke this service. This will operate the action under the specified user.

Authorizations

OAuth2clientCredentialsRequired

An OIDC service account that was authenticated.

Authorization URL: Token URL:

Path parameters

organizationIdstringRequired

Responses

200

*/*

Responsestring[]

401

Unauthorized

*/*

get

/directory/orgs/{organizationId}/members

GET /directory/orgs/{organizationId}/members HTTP/1.1
Host: gateway.dev.klustr.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

[
  "text"
]

Join an organization with a verified email address

put

This endpoint allows users to join an organization by providing a confirmed email address that matches the organization's domain. Users may also join if they have received an invitation from an existing member. Basic membership permissions will be granted upon successful verification.

👤 User Credential: You must login and authenticate a user and use their access token to invoke this service. This will operate the action under the specified user.

Authorizations

OAuth2clientCredentialsRequired

An OIDC service account that was authenticated.

Authorization URL: Token URL:

Path parameters

organizationIdstringRequired

Responses

200

No content

401

Unauthorized

*/*

put

/directory/orgs/{organizationId}/members

PUT /directory/orgs/{organizationId}/members HTTP/1.1
Host: gateway.dev.klustr.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

No content

User leaves the specified organization.

delete

This operation allows the authenticated user to remove their access and permissions to the specified organization. It ensures that the user's association with the organization is terminated, reflecting the change in their organizational role. This is crucial for maintaining accurate access control and organizational membership.

👤 User Credential: You must login and authenticate a user and use their access token to invoke this service. This will operate the action under the specified user.

Authorizations

OAuth2clientCredentialsRequired

An OIDC service account that was authenticated.

Authorization URL: Token URL:

Path parameters

organizationIdstringRequired

Responses

200

No content

401

Unauthorized

*/*

delete

/directory/orgs/{organizationId}/members

DELETE /directory/orgs/{organizationId}/members HTTP/1.1
Host: gateway.dev.klustr.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

No content

Register a new member in the organization

put

This endpoint allows the addition of a member to a specified organization. It requires the organization ID and the subject ID of the member to be added. Ensure that the authenticated user has the necessary permissions to perform this action.

👤 User Credential: You must login and authenticate a user and use their access token to invoke this service. This will operate the action under the specified user.

🔒 Permission: org.directory.members.create is required in order for the call to succeed. You must configure permissions for the person or service calling this endpoint and add this permission to their identity.

Authorizations

OAuth2clientCredentialsRequired

An OIDC service account that was authenticated.

Authorization URL: Token URL:

Path parameters

organizationIdstringRequired

subjectIdstringRequired

Responses

200

No content

401

Unauthorized

*/*

put

/directory/orgs/{organizationId}/members/{subjectId}

PUT /directory/orgs/{organizationId}/members/{subjectId} HTTP/1.1
Host: gateway.dev.klustr.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

No content

Remove a member from the organization.

delete

This endpoint allows the removal of a specified member from the organization. It ensures that only authorized users can perform this action, maintaining the integrity of the organization's membership. This operation is crucial for managing organizational roles and responsibilities effectively.

👤 User Credential: You must login and authenticate a user and use their access token to invoke this service. This will operate the action under the specified user.

Authorizations

OAuth2clientCredentialsRequired

An OIDC service account that was authenticated.

Authorization URL: Token URL:

Path parameters

organizationIdstringRequired

subjectIdstringRequired

Responses

200

No content

401

Unauthorized

*/*

delete

/directory/orgs/{organizationId}/members/{subjectId}

DELETE /directory/orgs/{organizationId}/members/{subjectId} HTTP/1.1
Host: gateway.dev.klustr.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

No content

Retrieve all permissions for the organization

get

This endpoint returns a comprehensive list of permissions associated with the specified organization. It aggregates permissions across all roles and groups, providing a clear overview of access rights. This information is essential for understanding the permission landscape within the organization.

👤 User Credential: You must login and authenticate a user and use their access token to invoke this service. This will operate the action under the specified user.

Authorizations

OAuth2clientCredentialsRequired

An OIDC service account that was authenticated.

Authorization URL: Token URL:

Path parameters

organizationIdstringRequired

Responses

200

*/*

401

Unauthorized

*/*

get

/directory/orgs/{organizationId}/permissions

GET /directory/orgs/{organizationId}/permissions HTTP/1.1
Host: gateway.dev.klustr.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

[
  {
    "scope": "text"
  }
]

Retrieve all roles defined in the organization

get

This endpoint returns a list of all roles currently defined within the specified organization. It is essential for understanding role assignments and permissions associated with the organization. Use this information to manage access and responsibilities effectively.

👤 User Credential: You must login and authenticate a user and use their access token to invoke this service. This will operate the action under the specified user.

🔒 Permission: org.roles.list is required in order for the call to succeed. You must configure permissions for the person or service calling this endpoint and add this permission to their identity.

Authorizations

OAuth2clientCredentialsRequired

An OIDC service account that was authenticated.

Authorization URL: Token URL:

Path parameters

organizationIdstringRequired

Responses

200

*/*

401

Unauthorized

*/*

get

/directory/orgs/{organizationId}/roles

GET /directory/orgs/{organizationId}/roles HTTP/1.1
Host: gateway.dev.klustr.io
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*

[
  {
    "id": "text",
    "name": "text",
    "namespace": "text",
    "description": "text",
    "stage": "alpha",
    "permissions": [
      {
        "scope": "text"
      }
    ]
  }
]

PreviousOrg Account Management NextOrg Management (Admin)

Last updated 3 months ago

hashtagRetrieve OIDC Sector Identifier for organization.

hashtagCreate a new organization with default owner.

hashtagVerify if a domain is available for new organization.

hashtagSuggest organizations for user to join based on context.

hashtagRetrieve details of a specific organization.

hashtagUpdate an existing organization with default owner.

hashtagDelete an organization from the directory.

hashtagList all members of the specified organization.

hashtagJoin an organization with a verified email address

hashtagUser leaves the specified organization.

hashtagRegister a new member in the organization

hashtagRemove a member from the organization.

hashtagRetrieve all permissions for the organization

hashtagRetrieve all roles defined in the organization

Retrieve OIDC Sector Identifier for organization.

Create a new organization with default owner.

Verify if a domain is available for new organization.

Suggest organizations for user to join based on context.

Retrieve details of a specific organization.

Update an existing organization with default owner.

Delete an organization from the directory.

List all members of the specified organization.

Join an organization with a verified email address

User leaves the specified organization.

Register a new member in the organization

Remove a member from the organization.

Retrieve all permissions for the organization

Retrieve all roles defined in the organization