Multi-tenant administration backend. Manages organizations, RBAC (roles, permissions, actions, modules, features), resource units, and per-organization configuration for models, agents, connectors, templates, workflows, parsing techniques, and languages.
- Tech: NestJS 11, TypeORM, PostgreSQL
- Port: 4001
- Auth: JWT (RS256), API Key, Public
- Database: admin-base DB (18 tables)
Health Endpoints
| Method | Path | Auth | Description |
|---|
| GET | /api/v1/health | Public | Health check (memory heap + RSS) |
| GET | /api/v1/health/ready | Public | Readiness probe |
| GET | /api/v1/health/live | Public | Liveness probe |
Admin Endpoints
| Method | Path | Auth | Description |
|---|
| GET | /api/v1/admin/organization-settings/agents | JWT | Get enabled agent IDs |
| GET | /api/v1/admin/organization-settings/models | JWT | Get enabled model IDs |
| GET | /api/v1/admin/organization/:id | JWT | Get organization |
Organization Endpoints
| Method | Path | Auth | Description |
|---|
| POST | /api/v1/organizations | JWT | Create organization |
| GET | /api/v1/organizations | JWT | List all |
| GET | /api/v1/organizations/default | Public | Get default organization |
| GET | /api/v1/organizations/:id | Public | Get by ID |
| PATCH | /api/v1/organizations/:id | JWT | Update |
| DELETE | /api/v1/organizations/:id | JWT | Delete |
| GET | /api/v1/organizations/admin/organization-settings/agents | Public | Enabled agent IDs |
| GET | /api/v1/organizations/admin/organization-settings/models | Public | Enabled model IDs |
| GET | /api/v1/organizations/admin/organization-core-details-by-id | Public | Org core details |
| GET | /api/v1/organizations/:orgId/languages | Public | Org languages |
| GET | /api/v1/organizations/:orgId/settings | Public | Org settings |
| PUT | /api/v1/organizations/:orgId/settings | JWT | Update org settings |
Role Endpoints
| Method | Path | Auth | Description |
|---|
| POST | /api/v1/roles | Public | Create role |
| GET | /api/v1/roles/organization/:orgId | Public | Get roles by organization |
Roles support hierarchy via parentId and level. Flags: isSuperAdmin, isSystemRole.
Permission Endpoints
| Method | Path | Auth | Description |
|---|
| POST | /api/v1/permissions | JWT | Create |
| GET | /api/v1/permissions | JWT | List all |
| GET | /api/v1/permissions/module/:moduleId | JWT | By module (optional featureId filter) |
| POST | /api/v1/permissions/roles | JWT | Get permissions for role IDs |
| GET | /api/v1/permissions/:id | JWT | Get by ID |
| PATCH | /api/v1/permissions/:id | JWT | Update |
| DELETE | /api/v1/permissions/:id | JWT | Delete |
Role-Permission Endpoints
| Method | Path | Auth | Description |
|---|
| POST | /api/v1/role-permissions | JWT | Assign permission to role |
| GET | /api/v1/role-permissions/role/:roleId | Public | Get permissions by role |
| POST | /api/v1/role-permissions/roles | Public | Permissions for multiple roles |
| DELETE | /api/v1/role-permissions/role/:roleId/permission/:permId | JWT | Remove specific permission |
| DELETE | /api/v1/role-permissions/role/:roleId | JWT | Remove all permissions |
Module, Feature, Action Endpoints
Modules
| Method | Path | Auth | Description |
|---|
| POST | /api/v1/modules | JWT | Create |
| GET | /api/v1/modules | JWT | List |
| GET | /api/v1/modules/:id | JWT | Get |
| PATCH | /api/v1/modules/:id | JWT | Update |
| DELETE | /api/v1/modules/:id | JWT | Delete |
Features
| Method | Path | Auth | Description |
|---|
| POST | /api/v1/features | JWT | Create |
| GET | /api/v1/features | JWT | List (filter by moduleId) |
| GET | /api/v1/features/:id | JWT | Get |
| PATCH | /api/v1/features/:id | JWT | Update |
| DELETE | /api/v1/features/:id | JWT | Delete |
Actions
| Method | Path | Auth | Description |
|---|
| POST | /api/v1/actions | JWT | Create |
| GET | /api/v1/actions/:id | JWT | Get |
| PATCH | /api/v1/actions/:id | JWT | Update |
| DELETE | /api/v1/actions/:id | JWT | Delete |
Resource Unit Endpoints
Resource units group users within an organization.
| Method | Path | Auth | Description |
|---|
| POST | /api/v1/resource-units/unit-types | JWT | Create unit type |
| GET | /api/v1/resource-units/unit-types | JWT | List unit types |
| GET | /api/v1/resource-units/unit-types/:id | JWT | Get unit type |
| PATCH | /api/v1/resource-units/unit-types/:id | JWT | Update unit type |
| DELETE | /api/v1/resource-units/unit-types/:id | JWT | Delete unit type |
| POST | /api/v1/resource-units | JWT | Create unit |
| GET | /api/v1/resource-units | JWT | List (filter by organizationId) |
| GET | /api/v1/resource-units/:id | JWT | Get |
| PATCH | /api/v1/resource-units/:id | JWT | Update |
| DELETE | /api/v1/resource-units/:id | JWT | Delete |
| POST | /api/v1/resource-units/:id/members | JWT | Add member |
| DELETE | /api/v1/resource-units/:id/members | JWT | Remove member |
Organization Settings Endpoints
General organization settings.
| Method | Path | Auth | Description |
|---|
| POST | /api/v1/organization-settings | JWT | Create |
| GET | /api/v1/organization-settings | JWT | List |
| GET | /api/v1/organization-settings/:orgId | Public | Get by org |
| PUT | /api/v1/organization-settings/:orgId | JWT | Update |
| DELETE | /api/v1/organization-settings/:orgId | JWT | Delete |
| GET | /api/v1/organization-settings/:orgId/languages | JWT | Org languages |
| GET | /api/v1/organization-settings/:orgId/languages/selected-codes | JWT | Selected codes |
| GET | /api/v1/organization-settings/:orgId/models | JWT | Org models |
| GET | /api/v1/organization-settings/:orgId/models/enabled-ids | JWT | Enabled model IDs |
| GET | /api/v1/organization-settings/:orgId/default-role | Public | Default role ID |
Per-Organization Resource Configuration
Each resource type has its own controller with a consistent pattern:
All endpoints in this section require JWT authentication.
Organization Languages (/api/v1/organization-languages)
| Method | Path | Description |
|---|
| POST | /organization-languages | Create |
| GET | /organization-languages/organizations/:orgId | Get by org |
| GET | /organization-languages/organizations/:orgId/selected-codes | Selected codes |
| PUT | /organization-languages/organizations/:orgId | Bulk update |
| GET | /organization-languages | List all (optional ?organizationId filter) |
| GET | /organization-languages/:id | Get by ID |
| PATCH | /organization-languages/:id | Update |
| DELETE | /organization-languages/:id | Delete |
Organization Models (/api/v1/organization-models)
| Method | Path | Description |
|---|
| POST | /organization-models | Create |
| GET | /organization-models/organizations/:orgId | Get by org |
| GET | /organization-models/organizations/:orgId/enabled | Enabled models |
| GET | /organization-models/organizations/:orgId/enabled-ids | Enabled IDs |
| PUT | /organization-models/organizations/:orgId | Bulk update |
| GET | /organization-models/organizations/:orgId/default-completion | Default completion model |
| GET | /organization-models/organizations/:orgId/default-embedding | Default embedding model |
| PUT | /organization-models/organizations/:orgId/default-completion/:modelId | Set default completion |
| PUT | /organization-models/organizations/:orgId/default-embedding/:modelId | Set default embedding |
| PUT | /organization-models/organizations/:orgId/bulk | Bulk update with DTO |
| GET | /organization-models | List all |
| GET | /organization-models/:id | Get by ID |
| PATCH | /organization-models/:id | Update |
| DELETE | /organization-models/:id | Delete |
Organization Agents (/api/v1/organization-agents)
| Method | Path | Description |
|---|
| GET | /organization-agents/organizations/:orgId | Get by org |
| GET | /organization-agents/organizations/:orgId/enabled-ids | Enabled IDs |
| GET | /organization-agents/organizations/:orgId/default | Default agent |
| PUT | /organization-agents/organizations/:orgId | Update |
Organization Connectors (/api/v1/organization-connectors)
| Method | Path | Description |
|---|
| GET | /organization-connectors/organizations/:orgId | Get by org |
| GET | /organization-connectors/organizations/:orgId/enabled-ids | Enabled IDs |
| PUT | /organization-connectors/organizations/:orgId | Update |
Organization Templates (/api/v1/organization-templates)
| Method | Path | Description |
|---|
| GET | /organization-templates/organizations/:orgId | Get by org |
| GET | /organization-templates/organizations/:orgId/enabled-ids | Enabled IDs |
| PUT | /organization-templates/organizations/:orgId | Update |
Organization Workflows (/api/v1/organization-workflows)
| Method | Path | Description |
|---|
| GET | /organization-workflows/organizations/:orgId | Get by org |
| GET | /organization-workflows/organizations/:orgId/enabled-ids | Enabled IDs |
| PUT | /organization-workflows/organizations/:orgId | Update |
Organization Parsing (/api/v1/organization-parsing)
| Method | Path | Description |
|---|
| GET | /organization-parsing/organizations/:orgId | Get by org |
| GET | /organization-parsing/organizations/:orgId/enabled-ids | Enabled IDs |
| PUT | /organization-parsing/organizations/:orgId | Update |
Inter-Service Communication
This service does not call other Jeen services. It is a data layer consumed by user-service and document-service.