Admin API Overview
Introduction
The Authrim Admin API is a RESTful API that allows tenant administrators and system administrators to programmatically manage the Authrim platform. With this API, you can automate management operations such as:
- Admin user management (console access users)
- End user management (application users)
- Client application management
- Session management
- Organization & role management (RBAC)
- Attribute-based access control (ABAC)
- Relationship-based access control (ReBAC)
- Policy management
- Authentication flow management
- Audit logs & compliance
- Security alerts
- Statistics & analytics
Base URL
https://{tenant-domain}/api/adminDatabase Architecture
Authrim uses a separated database architecture for enhanced security:
| Database | Description | Target Users |
|---|---|---|
| DB_ADMIN | Admin database | Admin users who access the management console |
| DB_CORE | Core database | End users who use your application |
This separation ensures:
- Admin credentials are isolated from end user data
- Compromised end user data does not affect admin access
- Compliance with security best practices
Main Feature Categories
Admin Console Management
APIs for managing admin users who access the management console. Data is stored in DB_ADMIN.
| Category | Description |
|---|---|
| Admin User Management | CRUD operations for admin users |
| Admin Role Management | Define and assign admin roles |
| IP Allowlist | IP address access control |
| Admin Audit Log | Audit logs for admin operations |
EndUser Management
APIs for managing end users who use your application. Data is stored in DB_CORE.
| Category | Description |
|---|---|
| EndUser Management | CRUD operations for end users, suspend, lock, anonymize |
| Session Management | List active sessions, revoke, force logout |
| External Providers | Manage external identity providers (OAuth/OIDC) |
EndUser Access Control
| Category | Description |
|---|---|
| Organization Management | CRUD operations for organizations, member management, hierarchy |
| Role Management | Define roles, assign to end users |
| ABAC | Attribute-based access control, user attribute management |
| ReBAC | Relationship-based access control (Zanzibar DSL) |
| Policy Management | Define policy rules, simulation |
Application Management
| Category | Description |
|---|---|
| Client Management | CRUD operations for OAuth clients, secret regeneration |
| Flow Management | Define authentication flows, validate, compile |
| Webhook Management | Configure webhook endpoints, test |
| Plugin Management | Enable and configure plugins |
Security & Audit
| Category | Description |
|---|---|
| EndUser Audit Logs | Search and export end user audit logs |
| Access Trace | Permission check audit logs, statistics |
| Compliance | Compliance status, access reviews |
Configuration & Operations
| Category | Description |
|---|---|
| Settings Management | Tenant settings, feature flags |
| Tokens & Credentials | Signing keys, SCIM tokens, IAT |
| Job Management | Async jobs (import, export, reports) |
API Characteristics
RESTful Design
The Admin API follows RESTful design principles:
- Resources are identified by URLs
- HTTP methods express operations (GET, POST, PUT, DELETE)
- Data is exchanged in JSON format
Tenant Isolation
All API operations are executed within the tenant scope. Requests are routed to the appropriate tenant based on the authentication token, and data is strictly isolated.
PII Separation Architecture
Personally Identifiable Information (PII) is stored in a separate PII database from the core database. This makes compliance with data protection regulations easier.
Cursor-based Pagination
List APIs use cursor-based pagination. This allows efficient retrieval of large amounts of data.
Next Steps
- Authentication and Authorization - Learn how to access the API
- Request and Response - Understand how to use the API
- Error Handling - Review error handling