PrimeForge Auth API (1.0)

Download OpenAPI specification:Download

The PrimeForge Auth Service provides comprehensive authentication and authorization capabilities for the PrimeForge platform.

Features

JWT-based authentication
Role-based access control
Organization management
Social authentication (Google, LinkedIn)
User management
Password reset functionality
Email verification

Authentication

Most endpoints require JWT authentication. Include the access token in the Authorization header: Authorization: Bearer <your_access_token>

Rate Limiting

Authentication endpoints: 5 requests per minute per IP
General endpoints: 100 requests per minute per user
Admin endpoints: 50 requests per minute per admin user

Authentication

Core authentication endpoints

Register a new user

Request Body schema: application/json
required

email required	string The email address to register with
password required	string The password to register with
first_name	string First name of the user
last_name	string Last name of the user

Responses

Request samples

Payload

Content type

application/json

{"email": "user@example.com",
"password": "Password123!",
"first_name": "John",
"last_name": "Doe"
}

Response samples

201

Content type

application/json

{"user": {"id": "string",
"email": "string",
"role": "string",
"verified": true,
"first_name": "string",
"last_name": "string",
"solo_org_id": "string",
"solo_org_name": "string"
},
"message": "Registration successful"
}

User login with email, username, or phone

Request Body schema: application/json
required

identifier required	string The identifier to login with
password required	string The password to login with
rememberMe	boolean Whether to remember the user
deviceId	string The device ID to login with

Responses

Request samples

Payload

Content type

application/json

{"identifier": "user@example.com",
"password": "password123",
"rememberMe": true,
"deviceId": "device-123"
}

Response samples

200

Content type

application/json

{"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expires_in": 3600,
"user": {"id": "123e4567-e89b-12d3-a456-426614174000",
"email": "user@example.com",
"username": "johndoe",
"phone": "+1234567890",
"first_name": "John",
"preferred_name": "Johnny",
"last_name": "Doe",
"verified": true,
"phone_verified": false,
"status": "ACTIVE",
"avatar": "https://example.com/avatar.jpg",
"language": "en",
"timezone": "UTC",
"title": "MR",
"solo_org_id": "123e4567-e89b-12d3-a456-426614174000",
"default_org_id": "123e4567-e89b-12d3-a456-426614174000",
"solo_org": {"tenant_id": "123e4567-e89b-12d3-a456-426614174000",
"name": "Acme Corporation",
"slug": "acme-corp",
"org_type": "SOLO",
"plan": "SOLO_TRIAL",
"status": "PLAN_ACTIVE"
},
"memberships": [[{"id": "123e4567-e89b-12d3-a456-426614174000",
"tenant_id": "123e4567-e89b-12d3-a456-426614174000",
"role": "MEMBER",
"status": "ACTIVE",
"app_roles": ["admin",
"editor",
"viewer"
],
"organization": {"tenant_id": "123e4567-e89b-12d3-a456-426614174000",
"name": "Acme Corporation",
"slug": "acme-corp",
"org_type": "SOLO",
"plan": "SOLO_TRIAL",
"status": "PLAN_ACTIVE"
},
"created_at": "2023-12-01T00:00:00.000Z",
"updated_at": "2023-12-01T00:00:00.000Z"
}
]
],
"created_at": "2023-12-01T00:00:00.000Z",
"updated_at": "2023-12-01T00:00:00.000Z"
}
}

Refresh access token

Request Body schema: application/json
required

refresh_token

required

string

The refresh token to refresh

Responses

Request samples

Payload

Content type

application/json

{"refresh_token": "1234567890"
}

Response samples

200

Content type

application/json

{"access_token": "1234567890",
"refresh_token": "1234567890",
"expires_in": 3600
}

User logout

Authorizations:

JWT-auth

Responses

Request password reset

Request Body schema: application/json
required

email

required

string

The email address to send the reset password email to

Responses

Request samples

Payload

Content type

application/json

{"email": "user@example.com"
}

Reset password with token

Request Body schema: application/json
required

token required	string The reset token received via email
newPassword required	string The new password to set
confirmPassword required	string Confirmation of the new password

Responses

Request samples

Payload

Content type

application/json

{"token": "1234567890",
"newPassword": "NewPassword123!",
"confirmPassword": "NewPassword123!"
}

Verify email address

Request Body schema: application/json
required

token

required

string

The token to verify the email

Responses

Request samples

Payload

Content type

application/json

{"token": "1234567890"
}

AuthController_verifyEmailByQuery

query Parameters

token

required

string

Responses

Resend email verification

Request Body schema: application/json
required

email

required

string

The email address to resend the verification email to

Responses

Request samples

Payload

Content type

application/json

{"email": "user@example.com"
}

Get current user profile

Authorizations:

JWT-auth

Responses

Response samples

200

Content type

application/json

{"id": "123e4567-e89b-12d3-a456-426614174000",
"email": "user@example.com",
"username": "johndoe",
"phone": "+1234567890",
"first_name": "John",
"preferred_name": "Johnny",
"last_name": "Doe",
"verified": true,
"phone_verified": false,
"status": "ACTIVE",
"avatar": "https://example.com/avatar.jpg",
"language": "en",
"timezone": "UTC",
"title": "MR",
"solo_org_id": "123e4567-e89b-12d3-a456-426614174000",
"default_org_id": "123e4567-e89b-12d3-a456-426614174000",
"solo_org": {"tenant_id": "123e4567-e89b-12d3-a456-426614174000",
"name": "Acme Corporation",
"slug": "acme-corp",
"org_type": "SOLO",
"plan": "SOLO_TRIAL",
"status": "PLAN_ACTIVE"
},
"memberships": [[{"id": "123e4567-e89b-12d3-a456-426614174000",
"tenant_id": "123e4567-e89b-12d3-a456-426614174000",
"role": "MEMBER",
"status": "ACTIVE",
"app_roles": ["admin",
"editor",
"viewer"
],
"organization": {"tenant_id": "123e4567-e89b-12d3-a456-426614174000",
"name": "Acme Corporation",
"slug": "acme-corp",
"org_type": "SOLO",
"plan": "SOLO_TRIAL",
"status": "PLAN_ACTIVE"
},
"created_at": "2023-12-01T00:00:00.000Z",
"updated_at": "2023-12-01T00:00:00.000Z"
}
]
],
"created_at": "2023-12-01T00:00:00.000Z",
"updated_at": "2023-12-01T00:00:00.000Z"
}

Update current user profile

Authorizations:

JWT-auth

Request Body schema: application/json
required

username	string [ 3 .. 50 ] characters Username
first_name	string <= 50 characters First name
preferred_name	string <= 50 characters Preferred name
last_name	string <= 50 characters Last name
language	string Enum: "en" "zh" "es" "fr" "de" "ja" "ko" Language preference
timezone	string Timezone
title	string Enum: "MR" "MRS" "MS" "DR" "PROF" "OTHER" User title
phone	string Phone number

Responses

Request samples

Payload

Content type

application/json

{"username": "johndoe",
"first_name": "John",
"preferred_name": "Johnny",
"last_name": "Doe",
"language": "en",
"timezone": "UTC",
"title": "MR",
"phone": "+1234567890"
}

Response samples

200

Content type

application/json

{"id": "123e4567-e89b-12d3-a456-426614174000",
"email": "user@example.com",
"username": "johndoe",
"phone": "+1234567890",
"first_name": "John",
"preferred_name": "Johnny",
"last_name": "Doe",
"verified": true,
"phone_verified": false,
"status": "ACTIVE",
"avatar": "https://example.com/avatar.jpg",
"language": "en",
"timezone": "UTC",
"title": "MR",
"solo_org_id": "123e4567-e89b-12d3-a456-426614174000",
"default_org_id": "123e4567-e89b-12d3-a456-426614174000",
"solo_org": {"tenant_id": "123e4567-e89b-12d3-a456-426614174000",
"name": "Acme Corporation",
"slug": "acme-corp",
"org_type": "SOLO",
"plan": "SOLO_TRIAL",
"status": "PLAN_ACTIVE"
},
"memberships": [[{"id": "123e4567-e89b-12d3-a456-426614174000",
"tenant_id": "123e4567-e89b-12d3-a456-426614174000",
"role": "MEMBER",
"status": "ACTIVE",
"app_roles": ["admin",
"editor",
"viewer"
],
"organization": {"tenant_id": "123e4567-e89b-12d3-a456-426614174000",
"name": "Acme Corporation",
"slug": "acme-corp",
"org_type": "SOLO",
"plan": "SOLO_TRIAL",
"status": "PLAN_ACTIVE"
},
"created_at": "2023-12-01T00:00:00.000Z",
"updated_at": "2023-12-01T00:00:00.000Z"
}
]
],
"created_at": "2023-12-01T00:00:00.000Z",
"updated_at": "2023-12-01T00:00:00.000Z"
}

Change password

Authorizations:

JWT-auth

Request Body schema: application/json
required

oldPassword required	string The old password
newPassword required	string The new password

Responses

Request samples

Payload

Content type

application/json

{"oldPassword": "OldPassword123!",
"newPassword": "NewPassword123!"
}

AuthController_healthCheck

Responses

Switch user organization

Switch to a different organization and get new JWT tokens

Authorizations:

JWT-auth

Request Body schema: application/json
required

tenant_id

required

string

Target organization tenant ID to switch to

Responses

Request samples

Payload

Content type

application/json

{"tenant_id": "27aee4a6-cdeb-4924-a6f5-2d915ce63a4e"
}

Response samples

200

Content type

application/json

{"status": "success",
"message": "Organization switched successfully",
"access_token": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9...",
"refresh_token": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9...",
"expires_in": 900,
"tenant_id": "27aee4a6-cdeb-4924-a6f5-2d915ce63a4e"
}

AuthController_getJwks

Responses

Organizations

Organization management endpoints

Create a new organization

Authorizations:

JWT-auth

Request Body schema: application/json
required

name required	string [ 2 .. 100 ] characters Organization name
slug required	string [ 2 .. 50 ] characters Organization slug for URLs
region required	string
description	string <= 500 characters Organization description
website	string Organization website
logo	string Organization logo URL

Responses

Request samples

Payload

Content type

application/json

{"name": "Acme Corporation",
"slug": "acme-corp",
"region": "UK",
"description": "A leading technology company",
"website": "https://acme.com",
"logo": "https://acme.com/logo.png"
}

Response samples

201

Content type

application/json

{"tenantId": "tenant-uuid",
"name": "Acme Corporation",
"slug": "acme-corp",
"description": "A leading technology company",
"website": "https://acme.com",
"logo": "https://acme.com/logo.png",
"region": "us-east-1",
"orgType": "BUSINESS",
"plan": "TEAM_STARTER",
"status": "PLAN_ACTIVE",
"planExpiresAt": "2024-12-31T23:59:59Z",
"openJoin": true,
"openInvite": true,
"maxMembers": 100,
"maxActiveMembers": 50,
"subscription": {"subscriptionId": "sub_123",
"customerId": "cus_456"
},
"memberCount": 25,
"createdAt": "2024-01-01T00:00:00Z",
"updatedAt": "2024-01-01T00:00:00Z"
}

Get organization by ID

Authorizations:

JWT-auth

path Parameters

id

required

string

Organization ID

Responses

Response samples

200

Content type

application/json

{"tenantId": "tenant-uuid",
"name": "Acme Corporation",
"slug": "acme-corp",
"description": "A leading technology company",
"website": "https://acme.com",
"logo": "https://acme.com/logo.png",
"region": "us-east-1",
"orgType": "BUSINESS",
"plan": "TEAM_STARTER",
"status": "PLAN_ACTIVE",
"planExpiresAt": "2024-12-31T23:59:59Z",
"openJoin": true,
"openInvite": true,
"maxMembers": 100,
"maxActiveMembers": 50,
"subscription": {"subscriptionId": "sub_123",
"customerId": "cus_456"
},
"memberCount": 25,
"createdAt": "2024-01-01T00:00:00Z",
"updatedAt": "2024-01-01T00:00:00Z"
}

Update organization

Authorizations:

JWT-auth

path Parameters

id

required

string

Organization ID

Request Body schema: application/json
required

name	string [ 2 .. 100 ] characters
slug required	string [ 2 .. 50 ] characters Organization slug for URLs
description	string <= 500 characters
website	string
logo	string
openJoin	boolean Whether users can join the organization
openInvite	boolean Whether users can invite others to the organization

Responses

Request samples

Payload

Content type

application/json

{"name": "Acme Corporation",
"slug": "acme-corp",
"description": "A leading technology company",
"website": "https://acme.com",
"logo": "https://acme.com/logo.png",
"openJoin": true,
"openInvite": true
}

Response samples

200

Content type

application/json

{"tenantId": "tenant-uuid",
"name": "Acme Corporation",
"slug": "acme-corp",
"description": "A leading technology company",
"website": "https://acme.com",
"logo": "https://acme.com/logo.png",
"region": "us-east-1",
"orgType": "BUSINESS",
"plan": "TEAM_STARTER",
"status": "PLAN_ACTIVE",
"planExpiresAt": "2024-12-31T23:59:59Z",
"openJoin": true,
"openInvite": true,
"maxMembers": 100,
"maxActiveMembers": 50,
"subscription": {"subscriptionId": "sub_123",
"customerId": "cus_456"
},
"memberCount": 25,
"createdAt": "2024-01-01T00:00:00Z",
"updatedAt": "2024-01-01T00:00:00Z"
}

Delete organization

Authorizations:

JWT-auth

path Parameters

id

required

string

Organization ID

Responses

Get organization by slug

Authorizations:

JWT-auth

path Parameters

slug

required

string

Organization slug

Responses

Response samples

200

Content type

application/json

{"tenantId": "tenant-uuid",
"name": "Acme Corporation",
"slug": "acme-corp",
"description": "A leading technology company",
"website": "https://acme.com",
"logo": "https://acme.com/logo.png",
"region": "us-east-1",
"orgType": "BUSINESS",
"plan": "TEAM_STARTER",
"status": "PLAN_ACTIVE",
"planExpiresAt": "2024-12-31T23:59:59Z",
"openJoin": true,
"openInvite": true,
"maxMembers": 100,
"maxActiveMembers": 50,
"subscription": {"subscriptionId": "sub_123",
"customerId": "cus_456"
},
"memberCount": 25,
"createdAt": "2024-01-01T00:00:00Z",
"updatedAt": "2024-01-01T00:00:00Z"
}

Get organization members

Authorizations:

JWT-auth

path Parameters

id

required

string

Organization ID

query Parameters

limit	any Items per page (default: 20)
page	any Page number (default: 1)

Responses

Response samples

200

Content type

application/json

{"data": [{"id": "member-uuid",
"role": "ADMIN",
"status": "ACTIVE",
"app_roles": ["admin",
"editor",
"viewer"
],
"joinedAt": "2024-01-01T00:00:00Z",
"user": {"id": "user-uuid",
"email": "user@example.com",
"firstName": "John",
"lastName": "Doe",
"avatar": "https://example.com/avatar.jpg"
}
}
],
"pagination": {"page": 1,
"limit": 20,
"total": 100,
"totalPages": 5
}
}

Invite member to organization

Authorizations:

JWT-auth

path Parameters

id

required

string

Organization ID

Request Body schema: application/json
required

email required	string Email address of the user to invite
role required	string Default: "MEMBER" Enum: "OWNER" "ADMIN" "MEMBER" Role to assign to the invited user
message	string <= 500 characters Optional message to include in the invitation

Responses

Request samples

Payload

Content type

application/json

{"email": "user@example.com",
"role": "OWNER",
"message": "Welcome to our organization!"
}

Response samples

201

Content type

application/json

{"id": "invitation-uuid",
"email": "user@example.com",
"role": "MEMBER",
"status": "PENDING",
"expiresAt": "2024-01-08T00:00:00Z",
"createdAt": "2024-01-01T00:00:00Z",
"inviter": {"id": "inviter-uuid",
"email": "admin@example.com",
"firstName": "Admin",
"lastName": "User"
}
}

Bulk invite members to organization

Authorizations:

JWT-auth

path Parameters

id

required

string

Organization ID

Request Body schema: application/json
required

required	Array of objects (InviteMemberDto) Array of invitations (max 50)
message	string

Responses

Request samples

Payload

Content type

application/json

{"members": [{"email": "user@example.com",
"role": "OWNER",
"message": "Welcome to our organization!"
}
],
"message": "string"
}

Update member role

Authorizations:

JWT-auth

path Parameters

id required	string Organization ID
memberId required	string Member ID

Request Body schema: application/json
required

role

required

string

Enum: "OWNER" "ADMIN" "MEMBER"

New role for the member

Responses

Request samples

Payload

Content type

application/json

{"role": "OWNER"
}

Response samples

200

Content type

application/json

{"id": "member-uuid",
"role": "ADMIN",
"status": "ACTIVE",
"app_roles": ["admin",
"editor",
"viewer"
],
"joinedAt": "2024-01-01T00:00:00Z",
"user": {"id": "user-uuid",
"email": "user@example.com",
"firstName": "John",
"lastName": "Doe",
"avatar": "https://example.com/avatar.jpg"
}
}

Update member application roles in organization

Authorizations:

JWT-auth

path Parameters

id required	string Organization ID
memberId required	string Member ID

Request Body schema: application/json
required

app_roles

required

Array of arrays

Application roles to assign to the member

Responses

Request samples

Payload

Content type

application/json

{"app_roles": ["admin",
"editor",
"viewer"
]
}

Response samples

200

Content type

application/json

{"id": "member-uuid",
"role": "ADMIN",
"status": "ACTIVE",
"app_roles": ["admin",
"editor",
"viewer"
],
"joinedAt": "2024-01-01T00:00:00Z",
"user": {"id": "user-uuid",
"email": "user@example.com",
"firstName": "John",
"lastName": "Doe",
"avatar": "https://example.com/avatar.jpg"
}
}

Remove member from organization

Authorizations:

JWT-auth

path Parameters

id required	string Organization ID
memberId required	string Member ID

Responses

Get organization invitations

Authorizations:

JWT-auth

path Parameters

id

required

string

Organization ID

query Parameters

limit	any Items per page (default: 20)
page	any Page number (default: 1)

Responses

Response samples

200

Content type

application/json

{"data": [{"id": "invitation-uuid",
"email": "user@example.com",
"role": "MEMBER",
"status": "PENDING",
"expiresAt": "2024-01-08T00:00:00Z",
"createdAt": "2024-01-01T00:00:00Z",
"inviter": {"id": "inviter-uuid",
"email": "admin@example.com",
"firstName": "Admin",
"lastName": "User"
}
}
],
"pagination": {"page": 1,
"limit": 20,
"total": 100,
"totalPages": 5
}
}

Cancel invitation

Authorizations:

JWT-auth

path Parameters

id required	string Organization ID
invitationId required	string Invitation ID

Responses

Transfer organization ownership

Authorizations:

JWT-auth

path Parameters

id

required

string

Organization ID

Request Body schema: application/json
required

newOwnerId

required

string

ID of the user to transfer ownership to

Responses

Request samples

Payload

Content type

application/json

{"newOwnerId": "user-uuid"
}

Response samples

200

Content type

application/json

{"id": "member-uuid",
"role": "ADMIN",
"status": "ACTIVE",
"app_roles": ["admin",
"editor",
"viewer"
],
"joinedAt": "2024-01-01T00:00:00Z",
"user": {"id": "user-uuid",
"email": "user@example.com",
"firstName": "John",
"lastName": "Doe",
"avatar": "https://example.com/avatar.jpg"
}
}

Social Authentication

Social authentication endpoints

Initiate Google OAuth login

Responses

Google OAuth callback

query Parameters

code required	string
state required	string

Responses

Get linked social accounts

Authorizations:

JWT-auth

Responses

Admin

Administrative endpoints

(Admin) Admin login

Admin login

Request Body schema: application/json
required

email required	string Admin email address
password required	string Admin password

Responses

Request samples

Payload

Content type

application/json

{"email": "admin@prime-forge.com",
"password": "AdminP@ssw0rd!123#"
}

Response samples

200

Content type

application/json

{"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"admin": {"id": "admin-uuid",
"email": "admin@prime-forge.com",
"role": "SUPER_ADMIN"
},
"expiresIn": 3600
}

(Admin) Refresh admin access token

Refresh admin access token

Request Body schema: application/json
required

refreshToken

required

string

Admin refresh token

Responses

Request samples

Payload

Content type

application/json

{"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Response samples

200

Content type

application/json

{"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expiresIn": 3600
}

(Admin) Change admin password

Change admin password

Authorizations:

Admin-JWT

Request Body schema: application/json
required

currentPassword required	string Current admin password
newPassword required	string New admin password (minimum 8 characters)
confirmPassword required	string Confirm new password

Responses

Request samples

Payload

Content type

application/json

{"currentPassword": "CurrentAdminP@ssw0rd!",
"newPassword": "NewAdminP@ssw0rd!123#",
"confirmPassword": "NewAdminP@ssw0rd!123#"
}

Response samples

200

Content type

application/json

{"message": "string"
}

(Admin) Request admin password reset

Request admin password reset

Request Body schema: application/json
required

email

required

string

Admin email address for password reset

Responses

Request samples

Payload

Content type

application/json

{"email": "admin@prime-forge.com"
}

Response samples

200

Content type

application/json

{"message": "string"
}

(Admin) Confirm admin password reset with token

Confirm admin password reset with token

Request Body schema: application/json
required

token required	string Password reset token
newPassword required	string New admin password (minimum 8 characters)
confirmPassword required	string Confirm new password

Responses

Request samples

Payload

Content type

application/json

{"token": "reset-token-uuid",
"newPassword": "NewAdminP@ssw0rd!123#",
"confirmPassword": "NewAdminP@ssw0rd!123#"
}

Response samples

200

Content type

application/json

{"message": "string"
}

(Admin) Get all users with pagination and filtering

Get all users with pagination and filtering

Authorizations:

Admin-JWT

query Parameters

search	string Search term for email, first name, or last name
role	string Filter by user role
status	string Enum: "ACTIVE" "INACTIVE" "SUSPENDED" "PENDING" Filter by user status
limit	number Example: limit=20 Items per page
page	number Example: page=1 Page number

Responses

Response samples

200

Content type

application/json

{"users": [{"id": "user-uuid",
"email": "user@example.com",
"firstName": "John",
"preferredName": "Johnny",
"lastName": "Doe",
"primaryRole": "ADMIN",
"status": "ACTIVE",
"organizationId": "org-uuid",
"organizationName": "Acme Corp",
"emailVerified": true,
"phone": "1234567890",
"phoneVerified": true,
"createdAt": "2024-01-01T00:00:00Z",
"updatedAt": "2024-01-01T00:00:00Z",
"organizations": [{"tenantId": "tenant-uuid",
"name": "Acme Corp",
"region": "us-east-1",
"orgType": "BUSINESS",
"plan": "TEAM_STARTER",
"status": "PLAN_ACTIVE"
}
],
"memberships": [{"tenantId": "tenant-uuid",
"role": "ADMIN",
"status": "ACTIVE",
"joinedAt": "2024-01-01T00:00:00Z",
"organizationName": "Acme Corp"
}
]
}
],
"total": 10,
"page": 1,
"totalPages": 10
}

(Admin) Create new user

Create new user

Authorizations:

Admin-JWT

Request Body schema: application/json
required

email required	string
firstName	string
lastName	string
region	string
sendWelcomeEmail required	boolean Default: true

Responses

Request samples

Payload

Content type

application/json

{"email": "user@example.com",
"firstName": "John",
"lastName": "Doe",
"region": "UK",
"sendWelcomeEmail": true
}

(Admin) Get user by ID

Get user by ID

Authorizations:

Admin-JWT

path Parameters

id

required

string

Responses

Response samples

200

Content type

application/json

{"id": "user-uuid",
"email": "user@example.com",
"firstName": "John",
"preferredName": "Johnny",
"lastName": "Doe",
"primaryRole": "ADMIN",
"status": "ACTIVE",
"organizationId": "org-uuid",
"organizationName": "Acme Corp",
"emailVerified": true,
"phone": "1234567890",
"phoneVerified": true,
"createdAt": "2024-01-01T00:00:00Z",
"updatedAt": "2024-01-01T00:00:00Z",
"organizations": [{"tenantId": "tenant-uuid",
"name": "Acme Corp",
"region": "us-east-1",
"orgType": "BUSINESS",
"plan": "TEAM_STARTER",
"status": "PLAN_ACTIVE"
}
],
"memberships": [{"tenantId": "tenant-uuid",
"role": "ADMIN",
"status": "ACTIVE",
"joinedAt": "2024-01-01T00:00:00Z",
"organizationName": "Acme Corp"
}
]
}

(Admin) Update user

Update user

Authorizations:

Admin-JWT

path Parameters

id

required

string

Request Body schema: application/json
required

firstName	string
lastName	string
preferredName	string Preferred name of the user
status	string Enum: "ACTIVE" "INACTIVE" "SUSPENDED" "PENDING"
organizationId	object
verified	boolean
phone_verified	boolean

Responses

Request samples

Payload

Content type

application/json

{"firstName": "string",
"lastName": "string",
"preferredName": "string",
"status": "ACTIVE",
"organizationId": { },
"verified": true,
"phone_verified": true
}

Response samples

200

Content type

application/json

{"id": "user-uuid",
"email": "user@example.com",
"firstName": "John",
"preferredName": "Johnny",
"lastName": "Doe",
"primaryRole": "ADMIN",
"status": "ACTIVE",
"organizationId": "org-uuid",
"organizationName": "Acme Corp",
"emailVerified": true,
"phone": "1234567890",
"phoneVerified": true,
"createdAt": "2024-01-01T00:00:00Z",
"updatedAt": "2024-01-01T00:00:00Z",
"organizations": [{"tenantId": "tenant-uuid",
"name": "Acme Corp",
"region": "us-east-1",
"orgType": "BUSINESS",
"plan": "TEAM_STARTER",
"status": "PLAN_ACTIVE"
}
],
"memberships": [{"tenantId": "tenant-uuid",
"role": "ADMIN",
"status": "ACTIVE",
"joinedAt": "2024-01-01T00:00:00Z",
"organizationName": "Acme Corp"
}
]
}

(Admin) Delete user

Delete user

Authorizations:

Admin-JWT

path Parameters

id

required

string

Responses

(Admin) Reset user password

Reset user password. If no new password is provided, a secure password will be generated automatically.

Authorizations:

Admin-JWT

path Parameters

id

required

string

Example: user-uuid-123

User ID

Request Body schema: application/json
required

newPassword

string

New password for the user. If not provided, a secure password will be generated automatically.

Responses

Request samples

Payload

Content type

application/json

{"newPassword": "NewP@ssw0rd123!"
}

Response samples

200

Content type

application/json

{"message": "Password reset successfully",
"newPassword": "GeneratedP@ssw0rd123!"
}

(Admin) Get all organizations with pagination

Paginated organization list

Authorizations:

Admin-JWT

query Parameters

search	string Search term for organization name
limit	number Example: limit=20 Items per page
page	number Example: page=1 Page number

Responses

Response samples

200

Content type

application/json

{"organizations": [{"tenantId": "tenant-uuid",
"name": "Acme Corporation",
"slug": "acme-corp",
"region": "UK",
"orgType": "BUSINESS",
"plan": "TEAM_STARTER",
"status": "PLAN_ACTIVE",
"planExpiresAt": "2024-12-31T23:59:59Z",
"openJoin": true,
"openInvite": true,
"maxMembers": 100,
"maxActiveMembers": 50,
"subscription": {"subscriptionId": "sub_123",
"customerId": "cus_456"
},
"memberCount": 25,
"members": [{"id": "user-uuid",
"email": "user@example.com",
"firstName": "John",
"lastName": "Doe",
"avatar": "https://example.com/avatar.png"
}
],
"createdAt": "2024-01-01T00:00:00Z",
"updatedAt": "2024-01-01T00:00:00Z",
"createdBy": "admin-uuid",
"updatedBy": "admin-uuid"
}
],
"total": 10,
"page": 1,
"totalPages": 10
}

(Admin) Get organization details with all member data

Organization details with all member data

Authorizations:

Admin-JWT

path Parameters

id

required

string

Organization tenant ID

Responses

Response samples

200

Content type

application/json

{"tenantId": "tenant-uuid",
"name": "Acme Corporation",
"slug": "acme-corp",
"region": "UK",
"orgType": "BUSINESS",
"plan": "TEAM_STARTER",
"status": "PLAN_ACTIVE",
"planExpiresAt": "2024-12-31T23:59:59Z",
"openJoin": true,
"openInvite": true,
"maxMembers": 100,
"maxActiveMembers": 50,
"subscription": {"subscriptionId": "sub_123",
"customerId": "cus_456"
},
"memberCount": 25,
"members": [{"id": "user-uuid",
"email": "user@example.com",
"firstName": "John",
"lastName": "Doe",
"avatar": "https://example.com/avatar.png"
}
],
"createdAt": "2024-01-01T00:00:00Z",
"updatedAt": "2024-01-01T00:00:00Z",
"createdBy": "admin-uuid",
"updatedBy": "admin-uuid"
}

(Admin) Update organization (especially status field)

Update organization (especially status field)

Authorizations:

Admin-JWT

path Parameters

id

required

string

Organization tenant ID

Request Body schema: application/json
required

name	string [ 2 .. 100 ] characters Organization name
region	string Organization region
orgType	string Enum: "SOLO" "BUSINESS" Organization type
plan	string Enum: "SOLO_FREE" "SOLO_TRIAL" "SOLO_MONTHLY" "SOLO_ANNUAL" "TEAM_STARTER" "TEAM_GROWTH" "ENTERPRISE" Organization plan
status	string Enum: "PLAN_ACTIVE" "PLAN_EXPIRED" "SUSPENDED" "FREEZE" Organization status
planExpiresAt	string <date-time> Plan expiration date
openJoin	boolean Whether users can join the organization
openInvite	boolean Whether users can invite others to the organization
maxMembers	number >= 1 Maximum number of members
maxActiveMembers	number >= 1 Maximum number of active members
subscription	object Subscription data (JSON object)

Responses

Request samples

Payload

Content type

application/json

{"name": "Acme Corporation",
"region": "us-east-1",
"orgType": "SOLO",
"plan": "SOLO_FREE",
"status": "PLAN_ACTIVE",
"planExpiresAt": "2024-12-31T23:59:59Z",
"openJoin": true,
"openInvite": true,
"maxMembers": 100,
"maxActiveMembers": 100,
"subscription": {"subscriptionId": "sub_123",
"customerId": "cus_456"
}
}

Response samples

200

Content type

application/json

{"tenantId": "tenant-uuid",
"name": "Acme Corporation",
"slug": "acme-corp",
"region": "UK",
"orgType": "BUSINESS",
"plan": "TEAM_STARTER",
"status": "PLAN_ACTIVE",
"planExpiresAt": "2024-12-31T23:59:59Z",
"openJoin": true,
"openInvite": true,
"maxMembers": 100,
"maxActiveMembers": 50,
"subscription": {"subscriptionId": "sub_123",
"customerId": "cus_456"
},
"memberCount": 25,
"members": [{"id": "user-uuid",
"email": "user@example.com",
"firstName": "John",
"lastName": "Doe",
"avatar": "https://example.com/avatar.png"
}
],
"createdAt": "2024-01-01T00:00:00Z",
"updatedAt": "2024-01-01T00:00:00Z",
"createdBy": "admin-uuid",
"updatedBy": "admin-uuid"
}

(Admin) Get all system configurations

Get all system configurations

Authorizations:

Admin-JWT

Responses

Response samples

200

Content type

application/json

[{"id": "config-uuid",
"key": "email_verification_base_url",
"type": "STRING",
"value": "http://localhost:3000",
"description": "Base URL for email verification links",
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-01T00:00:00Z"
}
]

(Admin) Update system configuration

Update system configuration

Authorizations:

Admin-JWT

path Parameters

key

required

string

Configuration key

Request Body schema: application/json
required

type	string Enum: "STRING" "INTEGER" "NUMBER" "BOOLEAN" "JSON"
value required	object
description	string

Responses

Request samples

Payload

Content type

application/json

{"type": "STRING",
"value": "http://localhost:3000",
"description": "string"
}

Response samples

200

Content type

application/json

{"id": "config-uuid",
"key": "email_verification_base_url",
"type": "STRING",
"value": "http://localhost:3000",
"description": "Base URL for email verification links",
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-01T00:00:00Z"
}

(Admin) Get system statistics

Get system statistics

Authorizations:

Admin-JWT

Responses

Response samples

200

Content type

application/json

{"totalUsers": 1500,
"activeUsers": 1200,
"totalOrganizations": 250,
"totalLogins": 5000,
"newUsersThisMonth": 150,
"newOrganizationsThisMonth": 25
}

(Admin) Get analytics data

Get analytics data

Authorizations:

Admin-JWT

query Parameters

startDate	string
endDate	string
metric	string Enum: "users" "organizations" "logins" "signups"
granularity required	string Default: "day" Enum: "hour" "day" "week" "month"

Responses

Response samples

200

Content type

application/json

{"metric": "users",
"granularity": "day",
"data": [{"date": "2024-01-01",
"value": 150
}
],
"total": 1500
}

(Admin) Get all social providers

Get all social providers

Authorizations:

Admin-JWT

Responses

Response samples

200

Content type

application/json

{"providers": [{"id": "1234567890",
"provider": "google",
"client_id": "1234567890",
"client_secret": "1234567890",
"redirect_uri": "http://localhost:3000/auth/callback",
"scopes": ["openid",
"profile",
"email"
],
"enabled": true,
"created_at": "2021-01-01T00:00:00.000Z",
"updated_at": "2021-01-01T00:00:00.000Z"
}
],
"total": 1
}

(Admin) Create social provider

Create social provider

Authorizations:

Admin-JWT

Request Body schema: application/json
required

provider required	string The provider to create
client_id required	string The client ID to create
client_secret required	string The client secret to create
redirect_uri	string The redirect URI to create
scopes	Array of strings The scopes to create
enabled	boolean Whether the provider is enabled

Responses

Request samples

Payload

Content type

application/json

{"provider": "google",
"client_id": "1234567890",
"client_secret": "1234567890",
"redirect_uri": "http://localhost:3000/auth/callback",
"scopes": ["openid",
"profile",
"email"
],
"enabled": true
}

Response samples

201

Content type

application/json

{"id": "1234567890",
"provider": "google",
"client_id": "1234567890",
"client_secret": "1234567890",
"redirect_uri": "http://localhost:3000/auth/callback",
"scopes": ["openid",
"profile",
"email"
],
"enabled": true,
"created_at": "2021-01-01T00:00:00.000Z",
"updated_at": "2021-01-01T00:00:00.000Z"
}

(Admin) Get social provider by ID

Get social provider by ID

Authorizations:

Admin-JWT

path Parameters

id

required

string

Social provider ID

Responses

Response samples

200

Content type

application/json

{"id": "1234567890",
"provider": "google",
"client_id": "1234567890",
"client_secret": "1234567890",
"redirect_uri": "http://localhost:3000/auth/callback",
"scopes": ["openid",
"profile",
"email"
],
"enabled": true,
"created_at": "2021-01-01T00:00:00.000Z",
"updated_at": "2021-01-01T00:00:00.000Z"
}

(Admin) Update social provider

Update social provider

Authorizations:

Admin-JWT

path Parameters

id

required

string

Social provider ID

Request Body schema: application/json
required

provider	string The provider to create
client_id	string The client ID to create
client_secret	string The client secret to create
redirect_uri	string The redirect URI to create
scopes	Array of strings The scopes to create
enabled	boolean Whether the provider is enabled

Responses

Request samples

Payload

Content type

application/json

{"provider": "google",
"client_id": "1234567890",
"client_secret": "1234567890",
"redirect_uri": "http://localhost:3000/auth/callback",
"scopes": ["openid",
"profile",
"email"
],
"enabled": true
}

Response samples

200

Content type

application/json

{"id": "1234567890",
"provider": "google",
"client_id": "1234567890",
"client_secret": "1234567890",
"redirect_uri": "http://localhost:3000/auth/callback",
"scopes": ["openid",
"profile",
"email"
],
"enabled": true,
"created_at": "2021-01-01T00:00:00.000Z",
"updated_at": "2021-01-01T00:00:00.000Z"
}

(Admin) Delete social provider

Delete social provider

Authorizations:

Admin-JWT

path Parameters

id

required

string

Social provider ID

Responses

Response samples

200

Content type

application/json

{"message": "string"
}

(Admin) Toggle social provider enabled status

Toggle social provider enabled status

Authorizations:

Admin-JWT

path Parameters

id

required

string

Social provider ID

Responses

Response samples

200

Content type

application/json

{"id": "1234567890",
"provider": "google",
"client_id": "1234567890",
"client_secret": "1234567890",
"redirect_uri": "http://localhost:3000/auth/callback",
"scopes": ["openid",
"profile",
"email"
],
"enabled": true,
"created_at": "2021-01-01T00:00:00.000Z",
"updated_at": "2021-01-01T00:00:00.000Z"
}

(Admin) Get all email templates

Get all email templates with pagination and filtering

Authorizations:

Admin-JWT

query Parameters

search	string Search term for name, subject, or description
type	string Filter by template type
language	string Filter by language
limit	number Example: limit=20 Items per page
page	number Example: page=1 Page number

Responses

Response samples

200

Content type

application/json

{"templates": [{"id": "template-uuid",
"name": "verification",
"type": "system",
"subject": "Verify Your Email Address",
"html_body": "<h1>Hello {{firstName}}</h1>",
"text_body": "Hello {{firstName}}",
"shipper_name": "PrimeForge Team",
"shipper_email": "noreply@prime-forge.com",
"response_email": "support@prime-forge.com",
"language": "en",
"variables": ["firstName",
"lastName"
],
"description": "Email template for user verification",
"is_active": true,
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-01T00:00:00Z"
}
],
"total": 10
}

(Admin) Create email template

Create new email template

Authorizations:

Admin-JWT

Request Body schema: application/json
required

name required	string
type required	string
subject required	string
html_body required	string
text_body	string
shipper_name	string
shipper_email	string
response_email	string
language required	string Default: "en"
variables	Array of strings
description	string
is_active required	boolean Default: true

Responses

Request samples

Payload

Content type

application/json

{"name": "verification",
"type": "system",
"subject": "Verify Your Email Address",
"html_body": "<h1>Hello {{firstName}}</h1>",
"text_body": "string",
"shipper_name": "string",
"shipper_email": "string",
"response_email": "string",
"language": "en",
"variables": ["string"
],
"description": "string",
"is_active": true
}

Response samples

201

Content type

application/json

{"id": "template-uuid",
"name": "verification",
"type": "system",
"subject": "Verify Your Email Address",
"html_body": "<h1>Hello {{firstName}}</h1>",
"text_body": "Hello {{firstName}}",
"shipper_name": "PrimeForge Team",
"shipper_email": "noreply@prime-forge.com",
"response_email": "support@prime-forge.com",
"language": "en",
"variables": ["firstName",
"lastName"
],
"description": "Email template for user verification",
"is_active": true,
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-01T00:00:00Z"
}

(Admin) Get email template by ID

Get email template by ID

Authorizations:

Admin-JWT

path Parameters

id

required

string

Responses

Response samples

200

Content type

application/json

{"id": "template-uuid",
"name": "verification",
"type": "system",
"subject": "Verify Your Email Address",
"html_body": "<h1>Hello {{firstName}}</h1>",
"text_body": "Hello {{firstName}}",
"shipper_name": "PrimeForge Team",
"shipper_email": "noreply@prime-forge.com",
"response_email": "support@prime-forge.com",
"language": "en",
"variables": ["firstName",
"lastName"
],
"description": "Email template for user verification",
"is_active": true,
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-01T00:00:00Z"
}

(Admin) Update email template

Update email template

Authorizations:

Admin-JWT

path Parameters

id

required

string

Request Body schema: application/json
required

name	string
type	string
subject	string
html_body	string
text_body	string
shipper_name	string
shipper_email	string
response_email	string
language	string
variables	Array of strings
description	string
is_active	boolean

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"type": "string",
"subject": "string",
"html_body": "string",
"text_body": "string",
"shipper_name": "string",
"shipper_email": "string",
"response_email": "string",
"language": "string",
"variables": ["string"
],
"description": "string",
"is_active": true
}

Response samples

200

Content type

application/json

{"id": "template-uuid",
"name": "verification",
"type": "system",
"subject": "Verify Your Email Address",
"html_body": "<h1>Hello {{firstName}}</h1>",
"text_body": "Hello {{firstName}}",
"shipper_name": "PrimeForge Team",
"shipper_email": "noreply@prime-forge.com",
"response_email": "support@prime-forge.com",
"language": "en",
"variables": ["firstName",
"lastName"
],
"description": "Email template for user verification",
"is_active": true,
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-01T00:00:00Z"
}

(Admin) Delete email template

Delete email template

Authorizations:

Admin-JWT

path Parameters

id

required

string

Responses

Response samples

200

Content type

application/json

{"message": "string"
}

(Admin) Toggle email template active status

Toggle email template active status

Authorizations:

Admin-JWT

path Parameters

id

required

string

Responses

Response samples

200

Content type

application/json

{"id": "template-uuid",
"name": "verification",
"type": "system",
"subject": "Verify Your Email Address",
"html_body": "<h1>Hello {{firstName}}</h1>",
"text_body": "Hello {{firstName}}",
"shipper_name": "PrimeForge Team",
"shipper_email": "noreply@prime-forge.com",
"response_email": "support@prime-forge.com",
"language": "en",
"variables": ["firstName",
"lastName"
],
"description": "Email template for user verification",
"is_active": true,
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-01T00:00:00Z"
}

kid

required

string

Responses

(Admin) Get key info

Get key info

Authorizations:

Admin-JWT

path Parameters

kid

required

string

Responses

(Admin) Cleanup expired keys

Cleanup expired keys

Authorizations:

Admin-JWT

Responses

Admin JWKS endpoint

Get JSON Web Key Set for admin token verification

Responses

Response samples

200

Content type

application/json

{"keys": [{"kty": "string",
"use": "string",
"kid": "string",
"alg": "string",
"x": "string",
"y": "string",
"crv": "string"
}
]
}

(Admin) Get all organization type plans

Get all organization type plans with pagination and filtering

Authorizations:

Admin-JWT

query Parameters

orgType	string Enum: "SOLO" "BUSINESS" Filter by organization type
plan	string Enum: "SOLO_FREE" "SOLO_TRIAL" "SOLO_MONTHLY" "SOLO_ANNUAL" "TEAM_FREE" "TEAM_STARTER" "TEAM_GROWTH" "ENTERPRISE" Filter by plan
limit	number Example: limit=20 Items per page
page	number Example: page=1 Page number

Responses

Response samples

200

Content type

application/json

{"data": [{"id": "uuid-string",
"org_type": "SOLO",
"plan": "SOLO_TRIAL",
"can_create_business_org": false,
"features": {"ai_features": true,
"hr_basic": true
},
"max_business_orgs_per_user": 1,
"max_active_business_orgs_per_user": 1,
"max_members": 100,
"max_active_members": 5,
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-01T00:00:00Z",
"created_by": "admin-uuid",
"updated_by": "admin-uuid"
}
],
"pagination": {"page": 1,
"limit": 20,
"total": 100,
"totalPages": 5
}
}

(Admin) Create organization type plan

Create new organization type plan

Authorizations:

Admin-JWT

Request Body schema: application/json
required

org_type required	string Enum: "SOLO" "BUSINESS" Organization type
plan required	string Enum: "SOLO_FREE" "SOLO_TRIAL" "SOLO_MONTHLY" "SOLO_ANNUAL" "TEAM_FREE" "TEAM_STARTER" "TEAM_GROWTH" "ENTERPRISE" Organization plan
can_create_business_org required	boolean Default: false Whether can create business organization
features	object Features configuration JSON object
max_business_orgs_per_user required	number >= 0 Default: 1 Maximum business organizations per user
max_active_business_orgs_per_user required	number >= 0 Default: 1 Maximum active business organizations per user
max_members required	number >= 1 Default: 100 Maximum members
max_active_members required	number >= 1 Default: 5 Maximum active members

Responses

Request samples

Payload

Content type

application/json

{"org_type": "SOLO",
"plan": "SOLO_TRIAL",
"can_create_business_org": false,
"features": {"ai_features": true,
"hr_basic": true
},
"max_business_orgs_per_user": 1,
"max_active_business_orgs_per_user": 1,
"max_members": 100,
"max_active_members": 5
}

Response samples

201

Content type

application/json

{"id": "uuid-string",
"org_type": "SOLO",
"plan": "SOLO_TRIAL",
"can_create_business_org": false,
"features": {"ai_features": true,
"hr_basic": true
},
"max_business_orgs_per_user": 1,
"max_active_business_orgs_per_user": 1,
"max_members": 100,
"max_active_members": 5,
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-01T00:00:00Z",
"created_by": "admin-uuid",
"updated_by": "admin-uuid"
}

(Admin) Get organization type plan by ID

Get organization type plan by ID

Authorizations:

Admin-JWT

path Parameters

id

required

string

Responses

Response samples

200

Content type

application/json

{"id": "uuid-string",
"org_type": "SOLO",
"plan": "SOLO_TRIAL",
"can_create_business_org": false,
"features": {"ai_features": true,
"hr_basic": true
},
"max_business_orgs_per_user": 1,
"max_active_business_orgs_per_user": 1,
"max_members": 100,
"max_active_members": 5,
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-01T00:00:00Z",
"created_by": "admin-uuid",
"updated_by": "admin-uuid"
}

(Admin) Update organization type plan

Update organization type plan

Authorizations:

Admin-JWT

path Parameters

id

required

string

Request Body schema: application/json
required

org_type	string Enum: "SOLO" "BUSINESS" Organization type
plan	string Enum: "SOLO_FREE" "SOLO_TRIAL" "SOLO_MONTHLY" "SOLO_ANNUAL" "TEAM_FREE" "TEAM_STARTER" "TEAM_GROWTH" "ENTERPRISE" Organization plan
can_create_business_org	boolean Default: false Whether can create business organization
features	object Features configuration JSON object
max_business_orgs_per_user	number >= 0 Default: 1 Maximum business organizations per user
max_active_business_orgs_per_user	number >= 0 Default: 1 Maximum active business organizations per user
max_members	number >= 1 Default: 100 Maximum members
max_active_members	number >= 1 Default: 5 Maximum active members

Responses

Request samples

Payload

Content type

application/json

{"org_type": "SOLO",
"plan": "SOLO_TRIAL",
"can_create_business_org": false,
"features": {"ai_features": true,
"hr_basic": true
},
"max_business_orgs_per_user": 1,
"max_active_business_orgs_per_user": 1,
"max_members": 100,
"max_active_members": 5
}

Response samples

200

Content type

application/json

{"id": "uuid-string",
"org_type": "SOLO",
"plan": "SOLO_TRIAL",
"can_create_business_org": false,
"features": {"ai_features": true,
"hr_basic": true
},
"max_business_orgs_per_user": 1,
"max_active_business_orgs_per_user": 1,
"max_members": 100,
"max_active_members": 5,
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-01T00:00:00Z",
"created_by": "admin-uuid",
"updated_by": "admin-uuid"
}

(Admin) Delete organization type plan

Delete organization type plan

Authorizations:

Admin-JWT

path Parameters

id

required

string

Responses

Response samples

200

Content type

application/json

{"message": "string"
}

(Admin) Create app role matrix

Create a new app role matrix for application-specific roles

Authorizations:

Admin-JWT

Request Body schema: application/json
required

name required	string Application name
description	string Application description
roles required	Array of arrays Available roles for this application
active	boolean Default: true Whether the app role matrix is active

Responses

Request samples

Payload

Content type

application/json

{"name": "HR",
"description": "Human Resources Management",
"roles": ["HR_MANAGER",
"HR_SPECIALIST",
"HR_ESS",
"HR_PAYROLL"
],
"active": true
}

Response samples

201

Content type

application/json

{"id": "123e4567-e89b-12d3-a456-426614174000",
"name": "HR",
"description": "Human Resources Management",
"roles": ["HR_MANAGER",
"HR_SPECIALIST",
"HR_ESS",
"HR_PAYROLL"
],
"active": true,
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-01T00:00:00Z"
}

(Admin) Get all app role matrices

Get all app role matrices with pagination

Authorizations:

Admin-JWT

query Parameters

activeOnly	boolean Example: activeOnly=false Only return active app role matrices
limit	number Example: limit=20 Items per page
page	number Example: page=1 Page number

Responses

Response samples

200

Content type

application/json

{"data": [{"id": "123e4567-e89b-12d3-a456-426614174000",
"name": "HR",
"description": "Human Resources Management",
"roles": ["HR_MANAGER",
"HR_SPECIALIST",
"HR_ESS",
"HR_PAYROLL"
],
"active": true,
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-01T00:00:00Z"
}
],
"pagination": {"page": 1,
"limit": 20,
"total": 100,
"totalPages": 5
}
}

(Admin) Get app role matrix by ID

Get a single app role matrix by its ID

Authorizations:

Admin-JWT

path Parameters

id

required

string

App role matrix ID

Responses

Response samples

200

Content type

application/json

{"id": "123e4567-e89b-12d3-a456-426614174000",
"name": "HR",
"description": "Human Resources Management",
"roles": ["HR_MANAGER",
"HR_SPECIALIST",
"HR_ESS",
"HR_PAYROLL"
],
"active": true,
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-01T00:00:00Z"
}

(Admin) Update app role matrix

Update an existing app role matrix

Authorizations:

Admin-JWT

path Parameters

id

required

string

App role matrix ID

Request Body schema: application/json
required

name	string Application name
description	string Application description
roles	Array of arrays Available roles for this application
active	boolean Whether the app role matrix is active

Responses

Request samples

Payload

Content type

application/json

{"name": "HR",
"description": "Human Resources Management",
"roles": ["HR_MANAGER",
"HR_SPECIALIST",
"HR_ESS",
"HR_PAYROLL"
],
"active": true
}

Response samples

200

Content type

application/json

{"id": "123e4567-e89b-12d3-a456-426614174000",
"name": "HR",
"description": "Human Resources Management",
"roles": ["HR_MANAGER",
"HR_SPECIALIST",
"HR_ESS",
"HR_PAYROLL"
],
"active": true,
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-01T00:00:00Z"
}

(Admin) Delete app role matrix

Delete an app role matrix

Authorizations:

Admin-JWT

path Parameters

id

required

string

App role matrix ID

Responses

Response samples

200

Content type

application/json

{"message": "string"
}

(Admin) Get app role matrix by name

Get a single app role matrix by its name

Authorizations:

Admin-JWT

path Parameters

name

required

string

App role matrix name

Responses

Response samples

200

Content type

application/json

{"id": "123e4567-e89b-12d3-a456-426614174000",
"name": "HR",
"description": "Human Resources Management",
"roles": ["HR_MANAGER",
"HR_SPECIALIST",
"HR_ESS",
"HR_PAYROLL"
],
"active": true,
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-01T00:00:00Z"
}

(Admin) Toggle app role matrix active status

Toggle the active status of an app role matrix

Authorizations:

Admin-JWT

path Parameters

id

required

string

App role matrix ID

Responses

Response samples

200

Content type

application/json

{"id": "123e4567-e89b-12d3-a456-426614174000",
"name": "HR",
"description": "Human Resources Management",
"roles": ["HR_MANAGER",
"HR_SPECIALIST",
"HR_ESS",
"HR_PAYROLL"
],
"active": true,
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-01T00:00:00Z"
}

App Roles

Application role matrix management

Get available app roles for member assignment

Returns all active app role matrices that can be assigned to organization members.

Authorizations:

JWT-auth

query Parameters

page	number Example: page=1 Page number
limit	number Example: limit=20 Items per page

Responses

Response samples

200

Content type

application/json

{"data": [{"app": "HR",
"description": "Human Resources Management",
"availableRoles": ["HR_MANAGER",
"HR_SPECIALIST",
"HR_ESS",
"HR_PAYROLL"
]
}
],
"meta": {"currentPage": 1,
"itemsPerPage": 10,
"totalItems": 100,
"total_pages": 10,
"hasNextPage": true,
"hasPreviousPage": false
}
}

Get available roles for a specific app

Returns available roles that can be assigned for a specific application.

Authorizations:

JWT-auth

path Parameters

appName

required

string

Application name (e.g., HR, CRM)

Responses

Response samples

200

Content type

application/json

{"app": "HR",
"description": "Human Resources Management",
"availableRoles": ["HR_MANAGER",
"HR_SPECIALIST",
"HR_ESS",
"HR_PAYROLL"
]
}

Get list of available apps

Returns a simple list of app names that have role matrices defined. Useful for UI dropdowns.

Authorizations:

JWT-auth

Responses

Response samples

200

Content type

application/json

["string"
]

App

AppController_getHome

Responses

Health

HealthController_getHealth

Responses

HealthController_getDetailedHealth

Responses

HealthController_getReadiness

Responses

HealthController_getLiveness

Responses

Metrics

MetricsController_getMetrics

Responses

Policies

Get all policy rules

Authorizations:

None

query Parameters

page required	number
limit required	number

Responses

Response samples

200

Content type

application/json

[{"id": "string",
"tenant_id": "string",
"resource": "string",
"action": "string",
"conditions": { },
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
}
]

Create a new policy rule

Authorizations:

None

Request Body schema: application/json
required

resource required	string Resource type the policy applies to
action required	string Action the policy governs
conditions required	object Policy conditions as JSON object

Responses

Request samples

Payload

Content type

application/json

{"resource": "organization",
"action": "read",
"conditions": {"role": "ADMIN",
"userAttributes": {"department": "IT"
},
"resourceAttributes": {"status": "active"
}
}
}

Response samples

201

Content type

application/json

{"id": "string",
"tenant_id": "string",
"resource": "string",
"action": "string",
"conditions": { },
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
}

Update a policy rule

Authorizations:

None

path Parameters

id

required

string

Policy rule ID

Request Body schema: application/json
required

resource	string Resource type the policy applies to
action	string Action the policy governs
conditions	object Policy conditions as JSON object

Responses

Request samples

Payload

Content type

application/json

{"resource": "organization",
"action": "read",
"conditions": {"role": "ADMIN",
"userAttributes": {"department": "IT"
},
"resourceAttributes": {"status": "active"
}
}
}

Response samples

200

Content type

application/json

{"id": "string",
"tenant_id": "string",
"resource": "string",
"action": "string",
"conditions": { },
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
}

Delete a policy rule

Authorizations:

None

path Parameters

id

required

string

Policy rule ID

Responses

Evaluate a single policy permission

Authorizations:

None

Request Body schema: application/json
required

resource required	string Resource to check access for
action required	string Action to check
context	object Additional context for policy evaluation

Responses

Request samples

Payload

Content type

application/json

{"resource": "organization",
"action": "read",
"context": {"resourceAttributes": {"status": "active"
},
"environment": "production"
}
}

Response samples

200

Content type

application/json

{"allowed": true,
"reason": "string",
"details": { }
}

Evaluate multiple policy permissions

Authorizations:

None

Request Body schema: application/json
required

required

Array of objects (EvaluatePolicyDto)

Array of permission checks to evaluate

Array

resource required	string Resource to check access for
action required	string Action to check
context	object Additional context for policy evaluation

Responses

Request samples

Payload

Content type

application/json

{"checks": [{"resource": "organization",
"action": "read",
"context": {"resourceAttributes": {"status": "active"
},
"environment": "production"
}
}
]
}

Response samples

200

Content type

application/json

{"results": {"organization:read": true,
"members:invite": false
}
}

PrimeForge Auth API (1.0)

Features

Authentication

Rate Limiting

Authentication

Register a new user

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

User login with email, username, or phone

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Refresh access token

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

User logout

Authorizations:

Responses

Request password reset

Request Body schema: application/jsonrequired

Responses

Request samples

Reset password with token

Request Body schema: application/jsonrequired

Responses

Request samples

Verify email address

Request Body schema: application/jsonrequired

Responses

Request samples

AuthController_verifyEmailByQuery

query Parameters

Responses

Resend email verification

Request Body schema: application/jsonrequired

Responses

Request samples

Get current user profile

Authorizations:

Responses

Response samples

Update current user profile

Authorizations:

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Change password

Authorizations:

Request Body schema: application/jsonrequired

Responses

Request samples

AuthController_healthCheck

Responses

Switch user organization

Authorizations:

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

AuthController_getJwks

Responses

Organizations

Create a new organization

Authorizations:

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Get organization by ID

Authorizations:

path Parameters

Responses

Response samples

Update organization

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required