Admin API
Tenant management, user administration, and audit logs.
Admin endpoints are available in cloud mode only and require a user with the admin role.
Overview
Admin endpoints provide full control over the Noirdoc multi-tenant environment. They are restricted to users with the admin role. All requests require a valid JWT access token.
Base path: /admin
Authentication: JWT access token with admin role via Authorization: Bearer <token>
Tenants
GET /admin/tenants
List all tenants in the system.
curl https://api.noirdoc.de/admin/tenants \
-H "Authorization: Bearer <admin_token>"Response:
[
{
"id": "tenant_abc123",
"name": "Acme Corp",
"is_active": true,
"created_at": "2025-06-01T09:00:00Z"
},
{
"id": "tenant_def456",
"name": "HealthTech GmbH",
"is_active": true,
"created_at": "2025-08-15T12:00:00Z"
}
]POST /admin/tenants
Create a new tenant.
curl -X POST https://api.noirdoc.de/admin/tenants \
-H "Authorization: Bearer <admin_token>" \
-H "Content-Type: application/json" \
-d '{"name": "New Organization"}'GET /admin/tenants/{id}
Retrieve detailed information about a specific tenant.
curl https://api.noirdoc.de/admin/tenants/tenant_abc123 \
-H "Authorization: Bearer <admin_token>"PATCH /admin/tenants/{id}
Update tenant properties such as name or settings.
curl -X PATCH https://api.noirdoc.de/admin/tenants/tenant_abc123 \
-H "Authorization: Bearer <admin_token>" \
-H "Content-Type: application/json" \
-d '{"name": "Acme Corporation"}'DELETE /admin/tenants/{id}
Deactivate a tenant. This soft-deletes the tenant — all associated API keys stop working, but data is retained.
curl -X DELETE https://api.noirdoc.de/admin/tenants/tenant_abc123 \
-H "Authorization: Bearer <admin_token>"Tenant API keys
Admins can manage proxy API keys on behalf of any tenant.
GET /admin/tenants/{id}/keys
List all API keys for a specific tenant.
curl https://api.noirdoc.de/admin/tenants/tenant_abc123/keys \
-H "Authorization: Bearer <admin_token>"POST /admin/tenants/{id}/keys
Create a new proxy API key for a tenant. The full key value is returned only once.
curl -X POST https://api.noirdoc.de/admin/tenants/tenant_abc123/keys \
-H "Authorization: Bearer <admin_token>" \
-H "Content-Type: application/json" \
-d '{"label": "tenant-production-key"}'DELETE /admin/tenants/{id}/keys/{key_id}
Delete an API key belonging to a tenant.
curl -X DELETE https://api.noirdoc.de/admin/tenants/tenant_abc123/keys/key_abc123 \
-H "Authorization: Bearer <admin_token>"Tenant providers
Admins can configure LLM providers on behalf of any tenant.
GET /admin/tenants/{id}/providers
List providers configured for a tenant.
curl https://api.noirdoc.de/admin/tenants/tenant_abc123/providers \
-H "Authorization: Bearer <admin_token>"PUT /admin/tenants/{id}/providers/{provider}
Set or update a provider for a tenant.
curl -X PUT https://api.noirdoc.de/admin/tenants/tenant_abc123/providers/openai \
-H "Authorization: Bearer <admin_token>" \
-H "Content-Type: application/json" \
-d '{
"api_key": "sk-tenant-openai-key",
"provider_type": "openai"
}'Request body:
| Field | Type | Required | Description |
|---|---|---|---|
api_key | string | Yes | The provider’s API key |
base_url | string | No | Custom base URL |
api_version | string | No | API version (Azure OpenAI) |
provider_type | string | Yes | openai, anthropic, azure, openrouter |
DELETE /admin/tenants/{id}/providers/{provider}
Remove a provider configuration from a tenant.
curl -X DELETE https://api.noirdoc.de/admin/tenants/tenant_abc123/providers/openai \
-H "Authorization: Bearer <admin_token>"Users
GET /admin/users
List all users across all tenants.
curl https://api.noirdoc.de/admin/users \
-H "Authorization: Bearer <admin_token>"Response:
[
{
"id": "user_001",
"email": "admin@example.com",
"role": "admin",
"tenant_id": "tenant_abc123"
},
{
"id": "user_002",
"email": "user@healthtech.de",
"role": "user",
"tenant_id": "tenant_def456"
}
]New users are created via POST /auth/register (admin-only). See the authentication section in Portal API.
Audit logs and statistics
GET /admin/audit-logs
Retrieve audit logs across all tenants. Supports filtering by tenant, date range, and event type via query parameters.
curl "https://api.noirdoc.de/admin/audit-logs?tenant_id=tenant_abc123&from=2025-11-01" \
-H "Authorization: Bearer <admin_token>"GET /admin/stats
Retrieve global system statistics including total requests, active tenants, and token usage.
curl https://api.noirdoc.de/admin/stats \
-H "Authorization: Bearer <admin_token>"Response:
{
"total_requests": 1250000,
"active_tenants": 42,
"total_tokens": 89500000,
"requests_today": 15230
}Error responses
Admin endpoints return standard HTTP error codes:
| Status | Meaning |
|---|---|
401 | Missing or invalid JWT token |
403 | User does not have admin role |
404 | Tenant or resource not found |
422 | Validation error |