-
Notifications
You must be signed in to change notification settings - Fork 0
Use Cases Tenant Admin Lifecycle
Osvaldo Andrade edited this page Feb 12, 2026
·
3 revisions
Manage tenant resources and memberships through admin operations.
- Global admin or tenant admin
- Tikti API
- Caller is authenticated and authorized for admin scopes.
- Target tenant exists for tenant-scoped operations.
- Admin creates tenant (
POST /v1/tenants) when needed. - Admin creates tenant roles (
POST /v1/tenants/{tenantId}/roles). - Admin creates tenant clients (
POST /v1/tenants/{tenantId}/clients). - Admin adds users to tenant (
POST /v1/tenants/{tenantId}/users). - Admin may remove users (
POST /v1/tenants/{tenantId}/users/remove). - Admin may suspend/re-activate users using account status operations.
sequenceDiagram
participant A as Admin
participant T as Tikti API
A->>T: POST /v1/tenants
T-->>A: Tenant created
A->>T: POST /v1/tenants/{tenantId}/roles
T-->>A: Role created
A->>T: POST /v1/tenants/{tenantId}/clients
T-->>A: Client created
A->>T: POST /v1/tenants/{tenantId}/users
T-->>A: Membership created
opt Remove user from tenant
A->>T: POST /v1/tenants/{tenantId}/users/remove
T-->>A: Membership removed
end
opt Suspend or activate user
A->>T: POST /v1/accounts/status?key=API_KEY
T-->>A: Status updated
end
- Tenant boundaries are enforced in every mutation.
- Role and client registries are deterministic and auditable.
- Membership changes are reflected in subsequent authorization decisions.
- Non-admin caller -> operation denied.
- Invalid tenant identifier -> operation denied with contract error.
- Invalid role/scope payload -> validation error.