Skip to main content
Organizations are the central resource in CREDEBL. Every credential schema, DID, issuance workflow, and verification policy belongs to an organization. The Organizations API lets you create organizations, manage membership through invitations, configure decentralized identifiers (DIDs), and generate machine-to-machine client credentials.

Base path

All endpoints are rooted at /orgs.

Authentication

Every endpoint requires a JWT bearer token unless noted otherwise. 
Authorization: Bearer <your-jwt-token>
Tokens are obtained through the authentication flow and passed in the Authorization header on every request.

Role-based access

Most endpoints are gated by the requesting user’s role within the target organization. Roles are assigned per-organization and are enforced server-side.
RoleValueDescription
ownerownerFull control. Can delete the org, manage all members, and generate client credentials.
adminadminCan invite members, update org details, and manage roles.
issuerissuerCan issue credentials on behalf of the organization.
verifierverifierCan run verification requests.
membermemberRead-only access to org resources.
holderholderCan hold credentials issued to them.
super_adminsuper_adminPlatform-level super administrator.
platform_adminplatform_adminPlatform administrator with cross-org access.
Roles are scoped to a single organization. A user can hold different roles in different organizations simultaneously.

Endpoints

Create organization

POST /orgs — Create a new organization.

Get organization

GET /orgs/:orgId — Retrieve details for a specific organization.

List organizations

GET /orgs — List all organizations the authenticated user belongs to.

Update organization

PUT /orgs/:orgId — Update organization details.

Delete organization

DELETE /orgs/:orgId — Permanently delete an organization.

List organization DIDs

GET /orgs/:orgId/dids — List all DIDs registered to an organization.

Set primary DID

PUT /orgs/:orgId/primary-did — Designate a DID as the primary identifier.

Send invitations

POST /orgs/:orgId/invitations — Invite one or more users to the organization.

List invitations

GET /orgs/:orgId/invitations — List all pending invitations.

Delete invitation

DELETE /orgs/:orgId/invitations/:invitationId — Cancel a pending invitation.

Update user roles

PUT /orgs/:orgId/user-roles/:userId — Change a member’s roles.

Generate client credentials

POST /orgs/:orgId/client_credentials — Generate a client ID and secret for machine-to-machine access.

Get client token

POST /orgs/:clientId/token — Exchange client credentials for an access token.

Get org roles

GET /orgs/:orgId/roles — Retrieve all role definitions for an organization.

Additional endpoints

MethodPathDescriptionRequired roles
GET/orgs/public-profileList all organizations with public profiles. Supports pagination.None
GET/orgs/public-profiles/:orgSlugGet a public organization profile by slug.None
GET/orgs/:orgId/usersList members of an organization.owner, admin, issuer, verifier, member, holder
GET/orgs/:orgId/client_credentialsFetch the existing client ID and secret for an organization.owner, admin, issuer, verifier, member
GET/orgs/dashboard/:orgIdGet organization dashboard summary.owner, admin, issuer, verifier, member
GET/orgs/activity-count/:orgIdGet counts of org-level references.owner

Build docs developers (and LLMs) love

Get started for freeTalk to us