Looking for the complete API reference?
Every public endpoint, schema, and auth requirement is generated from the live OpenAPI specification.
Build a request
Choose an implemented route family, set a base URL, and generate a cURL command plus example response shape.
Register tenant
Create a tenant and bootstrap an administrator user.
POST /api/tenancy/tenant-registrations
Content-Type: application/json{
"tenantName": "Acme Corp",
"tenantSlug": "acme",
"userName": "acme-admin",
"email": "[email protected]",
"password": "ChangeThisPassword123!",
"planCode": "developer"
}{
"tenantId": "...",
"organizationId": "...",
"administratorUserId": "..."
}Public API map
Use these guide cards to move from request examples to implementation-specific boundaries.
Discovery, tokens, userinfo, device flow, and mTLS
Use discovery metadata for protocol endpoints. OAuth device authorization is available when enabled and provisioned. mTLS token requests require safe certificate forwarding or direct termination.
/.well-known/openid-configuration/connect/token/connect/userinfo/connect/deviceauthorization/connect/mtls/token
Activation, credentials, posture, fleet inventory
Installed-device routes cover activation, approval, heartbeat, offline lease renewal, transfer, revoke, credential lifecycle, posture snapshots, and fleet queries.
Open device API guideRuntime access checks
Use runtime authorization routes for feature and action checks. Use scoped checks when access decisions also need resource or entitlement context.
/api/runtime/authorization/me/api/runtime/authorization/check/api/runtime/authorization/check-scoped
OIDC, SCIM, diagnostics
Enterprise routes manage OIDC/SAML setup metadata, SCIM tokens, diagnostics, and connection-scoped SCIM user and group lifecycle.
Open enterprise API guide