Skip to main content
Every endpoint on this page requires the admin module permission (edit) — see Tenant Administration Console for the product-level view of the same capabilities.

Settings

EndpointBody
GET /tenant-admin/settings
GET /tenant-admin/bootstrap-status
PATCH /tenant-admin/settings{ defaultLanguage?, supportedLanguages?, localeRegion?, timezone?, defaultCurrency?, displayCurrency?, currencyDisplayMode?, calendarSystem?, measurementSystem?, temperatureUnit?, dateFormat?, numberFormat?, firstDayOfWeek?, reminderLeadDays?, reminderHour?, reminderEscalationDays?, ownerScopeEnabled? } — all optional

Subject companies

EndpointBody
GET /tenant-admin/subjects
POST /tenant-admin/subjects{ name, legalName?, taxNo?, defaultPayeeAccount?, defaultPayeeBank? }
PATCH /tenant-admin/subjects/:idSame fields, all optional
DELETE /tenant-admin/subjects/:id

Members

EndpointBody
GET /tenant-admin/members
PATCH /tenant-admin/members/:id{ name?, email?, roleCode?, subjectScope?, status? }status is active | disabled
GET /tenant-admin/members/:id/handover-preview
POST /tenant-admin/members/:id/offboard{ successorUserId, transferContracts?, transferContractSupervisors?, transferTasks?, transferReminders?, transferSavedViews?, disableMember? }
POST /tenant-admin/owner-transfer{ newOwnerId }
Always call handover-preview before offboard in an integration — it’s how you find out what would be reassigned before you commit to it. See Tenant Administration Console.

Invitations

EndpointBody
POST /tenant-admin/invitations{ email, roleCode, subjectScope? }
GET /tenant-admin/invitations
POST /tenant-admin/invitations/:id/resend
DELETE /tenant-admin/invitations/:id
Invited members complete their account with POST /auth/invitations/accept — see Authentication.

Roles and permissions

EndpointBody
GET /tenant-admin/roles
GET /tenant-admin/permissionsFull permissions overview across all roles.
PATCH /tenant-admin/roles/:code/permissions{ permissions: { [module]: "none" | "view" | "edit" } }
PATCH /tenant-admin/roles/:code/workflow-controls{ controls: { [workflowStage]: "none" | "view" | "edit" | "approve" | "sign" | "admin" } }
See Roles & Permissions for what each module and workflow stage key means.

Notification channels

EndpointBody
GET /tenant-admin/notification-channels
POST /tenant-admin/notification-channels{ kind, name?, target?, enabled?, isDefault?, secret?, clearSecret? }kind is dingtalk | wecom | lark | slack | teams | email | webhook
PATCH /tenant-admin/notification-channels/:idSame fields except kind, all optional
POST /tenant-admin/notification-channels/:id/test— sends a test message immediately

Data plane connections

Relevant to the enterprise_hybrid edition — see Plans & Editions.
EndpointBody
GET /tenant-admin/data-plane
POST /tenant-admin/data-plane{ kind, provider?, location?, accessMode?, endpoint? }
DELETE /tenant-admin/data-plane/:kind