π’ Organization Settings APIs
Self-service organization configuration and management
Executive Summary
Admin Organization Settings APIs provide self-service configuration for organization administrators. Unlike SuperAdmin APIs that manage multiple organizations, these endpoints are scoped to the Admin's own organization only.
β
Self-Service
Admins manage own org settings
Admins manage own org settings
β
Plan-Aware
Settings validated against subscription limits
Settings validated against subscription limits
β οΈ Read-Only Plans
Cannot upgrade/downgrade without SuperAdmin
Cannot upgrade/downgrade without SuperAdmin
π― Scoped Access
JWT orgId claim enforced
JWT orgId claim enforced
π API Inventory
| Controller | Route | Endpoints | Admin Access | Notes |
|---|---|---|---|---|
| AdminOrganizationController | /api/adminorganization | 12 | Own Org Only | Read own org, limited update |
| OrganizationSettingsController | /api/organizationsettings | 6 | Full CRUD | Key-value settings store |
βοΈ Organization Settings
Settings Management
GET
/api/adminorganization/{id}
Get organization details. Admin can only access their own organization.
Own Org Only Existing
PUT
/api/adminorganization/{id}
Update organization name, description, branding. Cannot change plan or status.
Own Org Only Existing
GET
/api/organizationsettings
Get all organization-specific settings (key-value pairs).
Own Org Full Existing
POST
/api/organizationsettings
Create or update a setting. Validated against plan feature flags.
Own Org Full Existing
Available Settings
| Setting Key | Type | Description | Plan Limit |
|---|---|---|---|
max_users | Integer | Maximum users allowed | Defined by plan |
max_devices | Integer | Maximum devices per user | Defined by plan |
session_retention_days | Integer | How long to keep session history | 30-365 days by plan |
enable_exports | Boolean | Allow data exports | Pro+ plans only |
enable_analytics | Boolean | Advanced analytics features | Pro+ plans only |
enable_api_access | Boolean | Organization API key access | Enterprise only |
branding_logo_url | String | Custom logo URL | Enterprise only |
sso_provider | String | SAML/OIDC provider config | Enterprise only |
π Plan Limits & Enforcement
Plan Limits Enforcement Flow
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Admin Request: POST /api/organizationsettings
Body: { "key": "max_users", "value": "150" }
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β OrganizationSettingsController β
β β
β 1. Extract OrganizationId from JWT claims β
β 2. Validate setting key is allowed β
β 3. Check plan limits β
β β β
β βΌ β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β IPlanFeatureService.ValidateLimit() β β
β β β β
β β Current Plan: "Professional" ($99/mo) β β
β β Plan Features: { maxUsers: 100, enableExports: true } β β
β β β β
β β Requested: max_users = 150 β β
β β Allowed: max_users <= 100 β β
β β β β
β β Result: β VALIDATION FAILED β β
β β Return 400 Bad Request β β
β β "Value exceeds plan limit (100)" β β
β β β β
β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β β Requested: max_users = 50 β β
β β Allowed: max_users <= 100 β β β
β β β β
β β Result: β
VALIDATION PASSED β β
β β Continue to save... β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
Save to DB
β
βΌ
Return 200 OK
π Settings Change Workflow
Organization Settings Change Flow
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββββββββββββ ββββββββββββββββ βββββββββββββββββββ βββββββββββββββ
β Admin ββββββΊβ Angular ββββββΊβ Settings API ββββββΊβ Plan β
β User β β Settings β β (Validation) β β Service β
ββββββββββββ β Component β ββββββββββ¬βββββββββ βββββββββββββββ
ββββββββββββββββ β
β
βββββββββββββββββββΌββββββββββββββββββ
β β β
βΌ βΌ βΌ
βββββββββββ βββββββββββ ββββββββββββ
β β Rej β β β οΈ Warn β β β
Save β
β ected β β Limit β β Setting β
β (400) β β Close β β (200) β
βββββββββββ ββββββ¬βββββ ββββββ¬ββββββ
β β
βΌ βΌ
ββββββββββββββββ ββββββββββββββββ
β Show upgrade β β Refresh cacheβ
β prompt β β Notify users β
ββββββββββββββββ ββββββββββββββββ
Frontend Integration:
β’ Settings form dynamically shows/hides fields based on plan features
β’ "Upgrade required" badges on premium settings
β’ Real-time validation before submission
ποΈ Database Dependencies
| Table | Purpose | Key Columns | Indexes |
|---|---|---|---|
| Organizations | Org metadata | Id, Name, PlanId, Status | PK Id |
| OrganizationSettings | Key-value store | OrgId, Key, Value, ModifiedAt | PK (OrgId, Key) |
| Plans | Subscription tiers | Id, Name, Features (JSON), Limits (JSON) | PK Id |
| Subscriptions | Active subscriptions | Id, OrgId, PlanId, Status | IX OrgId (unique) |
β οΈ Security Considerations
JWT OrgId Enforcement
Admin can only modify settings for organization in their JWT claims.
Plan Validation
Cannot bypass plan limits by directly calling API. Server-side validation enforced.
No Approval Workflow
Settings changes apply immediately. No review/approval process for sensitive changes.