Frontend
BackendĀ 

Organization API Reference

These APIs can be called from your backend using your PropelAuth API Key.


GET/api/backend/v1/org/<orgId>

Fetch Org

Fetches an organization by ID

Properties

  • Name
    orgId *
    Type
    string
    Description
    The organization's ID

Request

auth.fetchOrg("1189c444-8a2d-4c41-8b4b-ae43ce79a492")

Successful Response

{ 
    orgId: "1189c444-8a2d-4c41-8b4b-ae43ce79a492",
    name: "Acme Inc",
    urlSafeOrgSlug: "fa5514e1-c81...",
    isSamlConfigured: false,
    isSamlInTestMode: false,
    canSetupSaml: true,
    domain: "acme.com",
    domainAutojoin: false,
    domainRestrict: false,
    maxUsers: undefined,
    customRoleMappingName: "Paid Plan",
    legacyOrgId: "1234",
    metadata: {
        customKey: "customValue"
    },
}

POST/api/backend/v1/org/query

Fetch Orgs

Fetches organizations with optional filtering

Properties

  • Name
    pageSize
    Type
    number
    Description
    The number of organizations to return per page
  • Name
    pageNumber
    Type
    number
    Description
    The page number to return
  • Name
    orderBy
    Type
    string
    Description
    An enum value to order the organizations by. Possible values include CREATED_AT_ASC, CREATED_AT_DESC, NAME
  • Name
    name
    Type
    string
    Description
    A name to search for. We'll return any organizations whose name contains this value
  • Name
    domain
    Type
    string
    Description
    A domain to search for. We'll return any organizations whose domain matches this value

Request

auth.fetchOrgByQuery({
    pageSize: 10,
    pageNumber: 0,
    orderBy: "CREATED_AT_ASC",
    name: "acme",
    domain: "example.com"
})

Successful Response

{
    orgs: [{ 
        orgId: "1189c444-8a2d-4c41-8b4b-ae43ce79a492",
        name: "Acme Inc",
        isSamlConfigured: false,
        maxUsers: undefined,
        customRoleMappingName: "Paid Plan",
        legacyOrgId: "1234",
        metadata: {
            customKey: "customValue"
        },
    }],
    totalOrgs: 1,
    pageSize: 10,
    currentPage: 0,
    hasMoreResults: false
}

GET/api/backend/v1/user/org/<orgId>

Fetch Users in Org

Fetches users within an organization

Properties

  • Name
    orgId *
    Type
    string
    Description
    The ID of the organization to fetch users for
  • Name
    includeOrgs
    Type
    boolean
    Description
    Whether to include all organizations the user is in in the response
  • Name
    role
    Type
    string
    Description
    Only return users with this role within the organization. This is case sensitive.
  • Name
    pageSize
    Type
    number
    Description
    The number of users to return per page
  • Name
    pageNumber
    Type
    number
    Description
    The page number to return

Request

auth.fetchUsersInOrg({
    orgId: "1189c444-8a2d-4c41-8b4b-ae43ce79a492",
    role: "Admin"

    includeOrgs: false,

    pageSize: 10,
    pageNumber: 0,
})

Successful Response

{
    users: [{
        userId: "31c41c16-c281-44ae-9602-8a047e3bf33d",

        email: "test@example.com",
        emailConfirmed: true,
 
        firstName: "Buddy",
        lastName: "Framm",
        username: "airbud3",
        pictureUrl: "https://example.com/picture.png",

        properties: {
            favoriteSport: "basketball"
        },

        locked: false,
        enabled: true,

        hasPassword: true,
        updatePasswordRequired: false,
        mfaEnabled: false,
        canCreateOrgs: false,

        createdAt: 1625476380,
        lastActiveAt: 1625476380,

        // Only returned if includeOrgs is true
        orgIdToOrgInfo: {
            "1189c444-8a2d-4c41-8b4b-ae43ce79a492": {
                orgId: "1189c444-8a2d-4c41-8b4b-ae43ce79a492",
                orgName: "Acme Inc",
                orgMetadata: {
                    customKey: "customValue"
                },
                userRole: "Admin",
                userPermissions: ["CanViewBilling"],
                urlSafeOrgName: "acme-inc",
                inheritedUserRolesPlusCurrentRole: ["Admin", "Member"],
                orgRoleStructure: "multi_role",
                additionalRoles: [
                    "Member"
                ],
            }
        },

        legacyUserId: "thisIsSetWhenYouMigrateFromAnExternalSource",
    }],
    totalUsers: 1,
    currentPage: 0,
    pageSize: 10,
    hasMoreResults: false,
}

POST/api/backend/v1/org/

Create Org

Creates a new organization. Your users can use our hosted pages to create new organizations, but you can also use this API to create organizations programmatically.

Properties

  • Name
    name *
    Type
    string
    Description
    The name of the organization. This can only include alphanumeric characters, spaces, and underscores.
  • Name
    domain
    Type
    string
    Description
    The domain of the organization.
  • Name
    enableAutoJoiningByDomain
    Type
    boolean
    Description
    Whether users can automatically join the organization if their email address matches the organization domain. If this is true, you must also set the domain property.
  • Name
    membersMustHaveMatchingDomain
    Type
    boolean
    Description
    Whether users will not be able to join the organization unless their email address matches the organization domain. If this is true, you must also set the domain property.
  • Name
    maxUsers
    Type
    number
    Description
    The maximum number of users allowed in the organization. If not set, there is no limit.
  • Name
    customRoleMappingName
    Type
    string
    Description
    The name of the custom role and permissions configuration.
  • Name
    legacyOrgId
    Type
    string
    Description
    The org's ID in a previous system. This ID will be stored on the org as a legacyOrgId and it is present everywhere orgId's are (e.g. fetching org metadata).

Request

auth.createOrg({
    name: "Acme Inc",
    domain: "acme.com",
    enableAutoJoiningByDomain: true,
    membersMustHaveMatchingDomain: true,
    maxUsers: 100,
    legacyOrgId: "1234",
    customRoleMappingName: "Business Plan"
})

Successful Response

{
    orgId: "1189c444-8a2d-4c41-8b4b-ae43ce79a492",
    name: "Acme Inc",
}

POST/api/backend/v1/org/add_user

Add User to Org

Adds a user to an organization with the specified role. Unlike the org invitation API, this API does not send an invitation email to the user. The user will in the organization immediately.

Properties

  • Name
    userId *
    Type
    string
    Description
    The user's ID
  • Name
    orgId *
    Type
    string
    Description
    The organization ID
  • Name
    role *
    Type
    string
    Description
    The role the user should have in the organization
  • Name
    additionalRoles
    Type
    string[]
    Description
    Additional roles that the user should have in the organization. This is only available when multi-role support is enabled.

Request

auth.addUserToOrg({
    userId: "31c41c16-c281-44ae-9602-8a047e3bf33d",
    orgId: "1189c444-8a2d-4c41-8b4b-ae43ce79a492",
    role: "Admin",
    additionalRoles: ["Member"]
})

Successful Response

{}

POST/api/backend/v1/invite_user

Invite User to Org

Sends an invitation to a user to join an organization with the specified role. The user will receive an email with a link to accept the invitation. The user will not be added to the organization until they accept the invitation.

Properties

  • Name
    email *
    Type
    string
    Description
    The user's email address
  • Name
    orgId *
    Type
    string
    Description
    The organization ID
  • Name
    role *
    Type
    string
    Description
    The role the user should have in the organization
  • Name
    additionalRoles
    Type
    string[]
    Description
    Additional roles that the user should have in the organization. This is only available when multi-role support is enabled.

Request

auth.inviteUserToOrg({
    email: "test@propelauth.com",
    orgId: "1189c444-8a2d-4c41-8b4b-ae43ce79a492",
    role: "Admin",
    additionalRoles: ["Member"]
})

Successful Response


POST/api/backend/v1/org/change_role

Change Role

Change a user's role in an organization. The user must already be a member of the organization.

Properties

  • Name
    userId *
    Type
    string
    Description
    The user's ID
  • Name
    orgId *
    Type
    string
    Description
    The organization ID
  • Name
    role *
    Type
    string
    Description
    The role the user should have in the organization
  • Name
    additionalRoles
    Type
    string[]
    Description
    Additional roles that the user should have in the organization. This is only available when multi-role support is enabled.

Request

auth.changeUserRoleInOrg({
    userId: "31c41c16-c281-44ae-9602-8a047e3bf33d",
    orgId: "1189c444-8a2d-4c41-8b4b-ae43ce79a492",
    role: "Admin",
    additionalRoles: ["Member"]
})

Successful Response

{}

POST/api/backend/v1/org/remove_user

Remove User from Org

Remove a user from an organization.

Properties

  • Name
    userId *
    Type
    string
    Description
    The user's ID
  • Name
    orgId *
    Type
    string
    Description
    The organization ID

Request

auth.removeUserFromOrg({
    userId: "31c41c16-c281-44ae-9602-8a047e3bf33d",
    orgId: "1189c444-8a2d-4c41-8b4b-ae43ce79a492",
})

Successful Response

{}

PUT/api/backend/v1/org/<orgId>

Update Org

Updates an organization.

Properties

  • Name
    orgId *
    Type
    string
    Description
    The organization ID
  • Name
    name
    Type
    string
    Description
    The name of the organization. This can only include alphanumeric characters, spaces, and underscores.
  • Name
    domain
    Type
    string
    Description
    The domain of the organization.
  • Name
    enableAutoJoiningByDomain
    Type
    boolean
    Description
    Whether users can automatically join the organization if their email address matches the organization domain. If this is true, you must also set the domain property.
  • Name
    membersMustHaveMatchingDomain
    Type
    boolean
    Description
    Whether users will not be able to join the organization unless their email address matches the organization domain. If this is true, you must also set the domain property.
  • Name
    maxUsers
    Type
    number
    Description
    The maximum number of users allowed in the organization. If not set, there is no limit.
  • Name
    canSetupSaml
    Type
    boolean
    Description
    Whether users can set up SAML for the organization.
  • Name
    metadata
    Type
    { [key: string]: any }
    Description
    A JSON object containing any metadata you want to store about the organization.

Request

auth.updateOrg({
    orgId: "1189c444-8a2d-4c41-8b4b-ae43ce79a492",
    name: "Acme Inc",
    domain: "acme.com",
    enableAutoJoiningByDomain: true,
    membersMustHaveMatchingDomain: true,
    maxUsers: 100,
    canSetupSaml: true,
    metadata: {
        customKey: "customValue",
    },
})

Successful Response


DELETE/api/backend/v1/org/<orgId>

Delete Org

Deletes an organization.

Properties

  • Name
    orgId *
    Type
    string
    Description
    The organization ID

Request

auth.deleteOrg("1189c444-8a2d-4c41-8b4b-ae43ce79a492")

Successful Response


POST/api/backend/v1/org/<orgId>/allow_saml

Enable SAML for Org

Allows an organization to setup SAML SSO. Users in the organization will then be able to go through the SAML setup flow.

Properties

  • Name
    orgId *
    Type
    string
    Description
    The organization ID

Request

auth.allowOrgToSetupSamlConnection(
    "1189c444-8a2d-4c41-8b4b-ae43ce79a492"
)

Successful Response


POST/api/backend/v1/org/<orgId>/disallow_saml

Disable SAML for Org

Disallows an organization to setup SAML SSO. If the organization already has SAML setup, they will no longer be able to use it.

Properties

  • Name
    orgId *
    Type
    string
    Description
    The organization ID

Request

auth.disallowOrgToSetupSamlConnection(
    "1189c444-8a2d-4c41-8b4b-ae43ce79a492"
)

Successful Response


GET/api/backend/v1/custom_role_mappings

Fetch Role Mappings

Fetches roles and permissions mappings.

Properties

    Request

    auth.fetchCustomRoleMappings()

    Successful Response

    {
        customRoleMappings: [
            {
                customRoleMappingName: "Free Plan",
                numOrgsSubscribed: 2
            },
            {
                customRoleMappingName: "Paid Plan",
                numOrgsSubscribed: 10
            }
        ]
    }

    PUT/api/backend/v1/org/<orgId>

    Subscribe Org to Role Mapping

    Subscribes an organization to a Role Mapping.

    Properties

    • Name
      orgId *
      Type
      string
      Description
      The organization ID
    • Name
      customRoleMappingName *
      Type
      string
      Description
      The name of the Role Configuration.

    Request

    auth.subscribeOrgToRoleMapping({
        orgId: "1189c444-8a2d-4c41-8b4b-ae43ce79a492",
        customRoleMappingName: "Paid Plan"
    })

    Successful Response


    GET/api/backend/v1/pending_org_invites

    Fetch Pending Invites

    Fetches pending invites for orgs with optional filtering.

    Properties

    • Name
      pageSize
      Type
      number
      Description
      The number of organizations to return per page
    • Name
      pageNumber
      Type
      number
      Description
      The page number to return
    • Name
      orgId
      Type
      string
      Description
      The organization's ID

    Request

    auth.fetchPendingInvites({
        pageSize: 10,
        pageNumber: 0,
        orgId: "1189c444-8a2d-4c41-8b4b-ae43ce79a492"
    })

    Successful Response

    {
        invites: [{ 
            inviteeEmail: "test@propelauth.com",
            orgId: "1189c444-8a2d-4c41-8b4b-ae43ce79a492",
            orgName: "Acme Inc",
            roleInOrg: "Member",
            additionalRolesInOrg: [],
            createdAt: 1718648493,
            expiresAt: 1719080493,
            inviterEmail: "owner@propelauth.com",
            inviterUserId: "31c41c16-c281-44ae-9602-8a047e3bf33d"
        }],
        totalInvites: 1,
        pageSize: 10,
        currentPage: 0,
        hasMoreResults: false
    }

    DELETE/api/backend/v1/pending_org_invites

    Revoke Pending Org Invite

    Deletes a user invite to an organization.

    Properties

    • Name
      orgId *
      Type
      string
      Description
      The organization ID
    • Name
      inviteeEmail *
      Type
      string
      Description
      The email address of the invitee

    Request

    auth.revokePendingOrgInvite({
        orgId: "1189c444-8a2d-4c41-8b4b-ae43ce79a492",
        inviteeEmail: "example@propelauth.com"
    })

    Successful Response


    POST/api/backend/v1/org/<orgId>/create_saml_connection_link
    Creates a link that allows a user to setup SAML for an organization without logging in or creating an account. Visit our SAML/Enterprise SSO docs for more information.

    Properties

    • Name
      orgId *
      Type
      string
      Description
      The organization ID
    • Name
      expiresInSeconds
      Type
      number
      Description
      The amount of seconds before the link expires

    Request

    auth.createOrgSamlConnectionLink(
        "1189c444-8a2d-4c41-8b4b-ae43ce79a492", // orgId
        86400, // expired in seconds
    )

    Successful Response

    {
        url: "https://example.com"
    }

    GET/api/backend/v1/saml_sp_metadata/<orgId>

    Fetch SAML SP Metadata

    Fetches SAML Service Provider Metadata. This is the information your organizations will input into their IdP when configuring SAML.

    Properties

    • Name
      orgId *
      Type
      string
      Description
      The ID of the organization

    Request

    auth.fetchSamlSpMetadata("1189c444-8a2d-4c41-8b4b-ae43ce79a492")

    Successful Response

    {
        entityId: "https://auth.your.domain/saml/ORGS-URL-SLUG/metadata",
        acsUrl: "https://auth.your.domain/saml/ORGS-URL-SLUG/acs",
        logoutUrl: "https://auth.your.domain/saml/ORGS-URL-SLUG/logout"
    }

    POST/api/backend/v1/saml_idp_metadata

    Set SAML IdP Metadata

    Sets the SAML metadata from an organization's IdP. Must be completed before using the SAML Go Live endpoint.

    Properties

    • Name
      idpEntityId *
      Type
      string
      Description
      The Entity ID (also known as Identity Provider Issuer) from the organization's IdP
    • Name
      idpSsoUrl *
      Type
      string
      Description
      The Single Sign-On URL from the organization's IdP
    • Name
      idpCertificate *
      Type
      string
      Description
      The Base-64 encoded X.509 certificate from the organization's IdP
    • Name
      provider *
      Type
      string
      Description
      The name of the SAML provider. Must equal 'Google', 'Rippling', 'OneLogin', 'JumpCloud', 'Okta', 'Azure', 'Duo', or 'Generic'

    Request

    auth.setSamlIdpMetadata(orgId, {
        idpEntityId: "https://sts.windows.net/SOME-UUID/",
        idpSsoUrl: "https://login.microsoftonline.com/SOME-UUID/saml2",
        idpCertificate: "-----BEGIN CERTIFICATE-----MyCertificateHere-----END CERTIFICATE-----",
        provider: "Azure"
    });

    Successful Response


    POST/api/backend/v1/saml_idp_metadata/go_live/<orgId>

    Enable SAML Connection

    Sets an organization's SAML status to Live after using the Set SAML IdP Metadata endpoint

    Properties

    • Name
      orgId *
      Type
      string
      Description
      The organization ID

    Request

    auth.samlGoLive(
        "1189c444-8a2d-4c41-8b4b-ae43ce79a492"
    )

    Successful Response


    DELETE/api/backend/v1/saml_idp_metadata/<orgId>

    Delete SAML Connection

    Deletes an organization's SAML connection.

    Properties

    • Name
      orgId *
      Type
      string
      Description
      The organization ID

    Request

    auth.deleteSamlConnection("1189c444-8a2d-4c41-8b4b-ae43ce79a492")

    Successful Response