Tenants API

Manage organization-wide settings and configuration. Requires admin role.

Get Tenant Settings

Retrieve current organization settings.

Endpoint: GET /api/v1/tenants/me

Example:

curl https://api.noxys.cloud/api/v1/tenants/me \
  -H "Authorization: Bearer $TOKEN"

Response (200 OK):

{
  "id": "00000000-0000-0000-0000-000000000001",
  "name": "ACME Corporation",
  "domain": "acme.fr",
  "plan": "professional",
  "status": "active",
  "created_at": "2026-01-15T09:00:00Z",
  "settings": {
    "data_residency": "eu",
    "encryption_enabled": true,
    "audit_log_retention_days": 365,
    "sso_enabled": false,
    "webhook_signing_secret": "whsec_1234567890abcdef",
    "ip_whitelist": ["203.0.113.0/24"]
  },
  "limits": {
    "users": 50,
    "policies": 100,
    "interactions_per_month": 1000000,
    "api_requests_per_minute": 1000
  },
  "usage": {
    "active_users": 12,
    "policies": 8,
    "interactions_this_month": 234567
  }
}

Update Tenant Settings

Modify organization-wide configuration.

Endpoint: PUT /api/v1/tenants/me/settings

Request:

curl -X PUT https://api.noxys.cloud/api/v1/tenants/me/settings \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "ACME Corporation",
    "data_residency": "eu",
    "audit_log_retention_days": 2555,
    "ip_whitelist": ["203.0.113.0/24", "198.51.100.0/24"]
  }'

Updatable Fields:

Field	Type	Description
`name`	String	Organization display name
`data_residency`	String	Data storage location: `eu`, `us`
`audit_log_retention_days`	Integer	How long to keep audit logs (90-2555)
`ip_whitelist`	Array	IP addresses/CIDR blocks allowed to access API

Response (200 OK): Updated tenant object.

Enable SSO

Configure Single Sign-On (OIDC, SAML, or Entra ID).

Endpoint: POST /api/v1/tenants/me/sso/enable

Request (OIDC):

curl -X POST https://api.noxys.cloud/api/v1/tenants/me/sso/enable \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "oidc",
    "client_id": "your-client-id",
    "client_secret": "your-client-secret",
    "discovery_url": "https://your-provider/.well-known/openid-configuration",
    "redirect_uri": "https://api.noxys.cloud/auth/callback"
  }'

Request (SAML 2.0):

curl -X POST https://api.noxys.cloud/api/v1/tenants/me/sso/enable \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "saml",
    "entity_id": "https://api.noxys.cloud/metadata.xml",
    "idp_metadata_url": "https://your-idp/metadata.xml",
    "sp_x509_cert": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----",
    "idp_x509_cert": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----"
  }'

Request (Entra ID):

curl -X POST https://api.noxys.cloud/api/v1/tenants/me/sso/enable \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "entra_id",
    "tenant_id": "00000000-0000-0000-0000-000000000001",
    "client_id": "your-app-id",
    "client_secret": "your-client-secret"
  }'

Response (200 OK):

{
  "sso_enabled": true,
  "sso_type": "oidc",
  "login_url": "https://api.noxys.cloud/auth/sso",
  "status": "configured"
}

Get SSO Status

Check current SSO configuration.

Endpoint: GET /api/v1/tenants/me/sso

Example:

curl https://api.noxys.cloud/api/v1/tenants/me/sso \
  -H "Authorization: Bearer $TOKEN"

Response (200 OK):

{
  "enabled": true,
  "type": "oidc",
  "client_id": "your-client-id",
  "discovery_url": "https://your-provider/.well-known/openid-configuration",
  "status": "active",
  "last_test": "2026-03-20T10:30:00Z",
  "last_test_result": "success"
}

Disable SSO

Turn off Single Sign-On.

Endpoint: POST /api/v1/tenants/me/sso/disable

Request:

curl -X POST https://api.noxys.cloud/api/v1/tenants/me/sso/disable \
  -H "Authorization: Bearer $TOKEN"

Response (200 OK):

{
  "sso_enabled": false,
  "message": "SSO disabled. Users can log in with email/password."
}

Get API Keys

List all API keys (deprecated; use authentication endpoint).

Endpoint: GET /api/v1/tenants/me/api-keys

Example:

curl https://api.noxys.cloud/api/v1/tenants/me/api-keys \
  -H "Authorization: Bearer $TOKEN"

Response (200 OK):

{
  "keys": [
    {
      "id": "key_abc123",
      "name": "CI/CD Pipeline",
      "created_at": "2026-02-01T09:00:00Z",
      "last_used": "2026-03-20T14:30:00Z",
      "expires_at": "2026-04-01T09:00:00Z"
    }
  ]
}

Get Billing Information

Retrieve current subscription and billing details.

Endpoint: GET /api/v1/tenants/me/billing

Example:

curl https://api.noxys.cloud/api/v1/tenants/me/billing \
  -H "Authorization: Bearer $TOKEN"

Response (200 OK):

{
  "plan": "professional",
  "status": "active",
  "billing_period": "monthly",
  "next_billing_date": "2026-04-15T00:00:00Z",
  "amount": 299,
  "currency": "EUR",
  "payment_method": {
    "type": "credit_card",
    "last4": "4242",
    "brand": "visa"
  },
  "usage": {
    "active_users": 12,
    "interactions": 234567,
    "limit_users": 50,
    "limit_interactions": 1000000
  }
}

Upgrade/Downgrade Plan

Change your subscription plan.

Endpoint: POST /api/v1/tenants/me/billing/change-plan

Request:

curl -X POST https://api.noxys.cloud/api/v1/tenants/me/billing/change-plan \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "plan": "enterprise",
    "effective_date": "2026-04-15"
  }'

Available Plans:

starter — 5 users, 10,000 interactions/month
professional — 50 users, 1M interactions/month
enterprise — Unlimited users and interactions

Response (200 OK):

{
  "plan": "enterprise",
  "status": "active",
  "effective_date": "2026-04-15",
  "amount": 2999,
  "currency": "EUR"
}

Get Invoices

Retrieve billing invoices.

Endpoint: GET /api/v1/tenants/me/invoices

Query Parameters:

Parameter	Type	Description
`limit`	Integer	Number of invoices (default: 10)
`offset`	Integer	Pagination offset (default: 0)

Example:

curl "https://api.noxys.cloud/api/v1/tenants/me/invoices?limit=12" \
  -H "Authorization: Bearer $TOKEN"

Response (200 OK):

{
  "invoices": [
    {
      "id": "inv_abc123",
      "number": "INV-2026-003",
      "status": "paid",
      "date": "2026-03-15",
      "due_date": "2026-04-15",
      "amount": 299,
      "currency": "EUR",
      "pdf_url": "https://api.noxys.cloud/invoices/inv_abc123.pdf",
      "description": "Monthly subscription"
    }
  ],
  "total": 3
}

Get Organization Statistics

Retrieve usage statistics.

Endpoint: GET /api/v1/tenants/me/stats

Query Parameters:

Parameter	Type	Description
`start_date`	ISO 8601	Start date for stats
`end_date`	ISO 8601	End date for stats
`granularity`	String	`daily`, `weekly`, `monthly` (default: `daily`)

Example:

curl "https://api.noxys.cloud/api/v1/tenants/me/stats?start_date=2026-03-01&end_date=2026-03-31&granularity=daily" \
  -H "Authorization: Bearer $TOKEN"

Response (200 OK):

{
  "period": {
    "start": "2026-03-01T00:00:00Z",
    "end": "2026-03-31T23:59:59Z"
  },
  "summary": {
    "total_interactions": 234567,
    "blocked_interactions": 89,
    "coached_interactions": 234,
    "logged_interactions": 234244,
    "unique_users": 42,
    "unique_platforms": 15,
    "high_risk_interactions": 567
  },
  "trends": [
    {
      "date": "2026-03-01",
      "interactions": 7500,
      "blocked": 3,
      "coached": 8,
      "high_risk": 18
    },
    {
      "date": "2026-03-02",
      "interactions": 8200,
      "blocked": 4,
      "coached": 10,
      "high_risk": 22
    }
  ]
}

Code Examples

Python: Manage Organization Settings

import requests

BASE_URL = "https://api.noxys.cloud/api/v1"
TOKEN = "eyJhbGc..."
headers = {"Authorization": f"Bearer {TOKEN}"}

# 1. Get tenant info
response = requests.get(f"{BASE_URL}/tenants/me", headers=headers)
tenant = response.json()
print(f"Organization: {tenant['name']}")
print(f"Plan: {tenant['plan']}")
print(f"Active users: {tenant['usage']['active_users']}")

# 2. Update settings
settings_data = {
    "name": "ACME Corporation",
    "data_residency": "eu",
    "audit_log_retention_days": 2555,
    "ip_whitelist": ["203.0.113.0/24"]
}
response = requests.put(
    f"{BASE_URL}/tenants/me/settings",
    headers=headers,
    json=settings_data
)
print(f"Updated settings: {response.json()['settings']}")

# 3. Get billing info
response = requests.get(f"{BASE_URL}/tenants/me/billing", headers=headers)
billing = response.json()
print(f"\nBilling:")
print(f"  Plan: {billing['plan']}")
print(f"  Amount: {billing['amount']} {billing['currency']}")
print(f"  Next billing: {billing['next_billing_date']}")

# 4. Get organization stats
response = requests.get(
    f"{BASE_URL}/tenants/me/stats?granularity=monthly",
    headers=headers
)
stats = response.json()
print(f"\nStats:")
print(f"  Total interactions: {stats['summary']['total_interactions']}")
print(f"  Blocked: {stats['summary']['blocked_interactions']}")
print(f"  Unique users: {stats['summary']['unique_users']}")

# 5. List invoices
response = requests.get(f"{BASE_URL}/tenants/me/invoices?limit=6", headers=headers)
invoices = response.json()["invoices"]
for invoice in invoices:
    print(f"\nInvoice {invoice['number']}: {invoice['amount']} {invoice['currency']} ({invoice['status']})")

Go: Enable SSO Configuration

package main

import (
    "bytes"
    "encoding/json"
    "fmt"
    "io"
    "net/http"
)

const BaseURL = "https://api.noxys.cloud/api/v1"

type SSORequest struct {
    Type        string `json:"type"`
    ClientID    string `json:"client_id"`
    ClientSecret string `json:"client_secret"`
    DiscoveryURL string `json:"discovery_url,omitempty"`
    RedirectURI string `json:"redirect_uri,omitempty"`
}

func enableSSO(token string) error {
    sso := SSORequest{
        Type:        "oidc",
        ClientID:    "your-client-id",
        ClientSecret: "your-client-secret",
        DiscoveryURL: "https://your-provider/.well-known/openid-configuration",
        RedirectURI: "https://api.noxys.cloud/auth/callback",
    }

    payload, _ := json.Marshal(sso)

    req, _ := http.NewRequest(
        "POST",
        BaseURL+"/tenants/me/sso/enable",
        bytes.NewReader(payload),
    )
    req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
    req.Header.Set("Content-Type", "application/json")

    client := &http.Client{}
    resp, err := client.Do(req)
    if err != nil {
        return err
    }
    defer resp.Body.Close()

    if resp.StatusCode != 200 {
        body, _ := io.ReadAll(resp.Body)
        return fmt.Errorf("API error: %s", string(body))
    }

    var result map[string]interface{}
    json.NewDecoder(resp.Body).Decode(&result)
    fmt.Printf("SSO Enabled: %v\n", result["sso_enabled"])
    return nil
}

func main() {
    token := "eyJhbGc..."
    enableSSO(token)
}

Organization Limits

The Tenants API shows your current plan's limits:

Plan	Users	Policies	Interactions/Month	API Requests/Minute
Starter	5	20	10,000	100
Professional	50	100	1,000,000	1,000
Enterprise	Unlimited	Unlimited	Unlimited	5,000

Data Residency

Choose where your data is stored:

EU (eu) — All data stored in EU data centers (GDPR compliant)
US (us) — Data stored in US-based cloud (SOC 2 certified)

Cannot be changed after initial setup. Contact support to migrate.

What's Next?

Webhooks — Configure event notifications
Users API — Manage team members
Admin Console — Subscription management

Get Tenant Settings​

Update Tenant Settings​

Enable SSO​

Get SSO Status​

Disable SSO​

Get API Keys​

Get Billing Information​

Upgrade/Downgrade Plan​

Get Invoices​

Get Organization Statistics​

Code Examples​

Python: Manage Organization Settings​

Go: Enable SSO Configuration​

Organization Limits​

Data Residency​

What's Next?​

Get Tenant Settings

Update Tenant Settings

Enable SSO

Get SSO Status

Disable SSO

Get API Keys

Get Billing Information

Upgrade/Downgrade Plan

Get Invoices

Get Organization Statistics

Code Examples

Python: Manage Organization Settings

Go: Enable SSO Configuration

Organization Limits

Data Residency

What's Next?