π’ Organization Management APIs
Multi-tenant SaaS organization lifecycle management
Executive Summary
Organization Management APIs control the full lifecycle of tenant organizations in the multi-tenant SaaS platform. SuperAdmins can create, configure, monitor, and suspend organizations across the platform.
β
Full CRUD
Create, read, update, delete organizations
Create, read, update, delete organizations
β
Bulk Operations
Mass update status, export data
Mass update status, export data
β
API Keys
Organization-scoped API key management
Organization-scoped API key management
β οΈ Soft Delete Only
No hard delete for compliance
No hard delete for compliance
π API Inventory
| Controller | Route | Endpoints | Authorization | Key Features |
|---|---|---|---|---|
| AdminOrganizationController | /api/adminorganization | 12 | SuperAdmin+Admin | Full lifecycle management |
| SuperAdminDashboardController | /api/superadmindashboard | 1 | SuperAdmin only | Platform overview |
π Organization Lifecycle
Organization Lifecycle State Machine
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββ
β PENDING β
β (Created) β
ββββββββ¬βββββββ
β
β Activate
βΌ
βββββββββββββββ βββββββββββββββ βββββββββββββββ
β SUSPENDED βββββββββββββββ ACTIVE ββββββββββββββΊβ EXPIRED β
β (Violation) β Suspend β (Normal) β Trial End β (Payment) β
ββββββββ¬βββββββ ββββββββ¬βββββββ ββββββββ¬βββββββ
β β β
β Reactivate β Deactivate β Renew
ββββββββββββββββββββββββββββββ β
β βΌ
β βββββββββββββββ
β β ARCHIVED β
ββββββββββββββββββββΊβ (Read-only)β
βββββββββββββββ
Status Transitions API:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
POST /api/adminorganization/{id}/status
Body: { "status": "Active|Inactive|Suspended|Expired", "reason": "..." }
Authorization:
β’ SuperAdmin: Can transition any org to any state
β’ Admin: Can only deactivate own org (with approval workflow)
π Key Endpoints
Organization CRUD
POST
/api/adminorganization
Create new organization. Auto-generates API key and default settings.
SuperAdmin only Existing
{
"name": "Acme Corp",
"planId": "pro-plan-guid",
"adminEmail": "admin@acme.com",
"settings": { "maxUsers": 100, "features": ["analytics", "exports"] }
}
GET
/api/adminorganization/{id}
Get organization details including settings, subscription, usage stats.
SuperAdmin+Admin Existing
PUT
/api/adminorganization/{id}
Update organization name, settings, configuration.
SuperAdmin+Admin Existing
DELETE
/api/adminorganization/{id}
Soft delete organization (sets IsDeleted=true, retains data for compliance).
SuperAdmin only Existing
Search & Bulk Operations
GET
/api/adminorganization/search
Search organizations by name, status, plan, creation date. Supports pagination.
SuperAdmin only Existing
Query: ?query=acme&status=Active&planId=...&page=1&pageSize=20
POST
/api/adminorganization/bulk
Bulk operations: update status, regenerate API keys, export data.
SuperAdmin only Existing
API Key Management
POST
/api/adminorganization/{id}/apikey
Regenerate organization API key. Old key invalidated immediately.
SuperAdmin+Admin Existing
βοΈ Multi-Tenant Governance
Multi-Tenant Data Isolation Architecture
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β SHARED INFRASTRUCTURE β
β (Single Database, Multiple Tenants) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Organizations Table β β
β β βββββββββββ¬βββββββββββββββ¬βββββββββββ¬ββββββββββββββ¬ββββββββββββββββ β β
β β β Id β Name β Status β ApiKey β PlanId β β β
β β βββββββββββΌβββββββββββββββΌβββββββββββΌββββββββββββββΌββββββββββββββββ€ β β
β β β org-001 β Acme Corp β Active β ak_live_xxx β pro-plan β β β
β β β org-002 β TechStart Incβ Active β ak_live_yyy β basic-plan β β β
β β β org-003 β GlobalCo βSuspendedβ ak_live_zzz β enterprise β β β
β β βββββββββββ΄βββββββββββββββ΄βββββββββββ΄ββββββββββββββ΄ββββββββββββββββ β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Users Table (Tenant-Scoped) β β
β β βββββββββββ¬βββββββββββββββ¬ββββββββββββββ¬ββββββββββββββββββββββββββ β β
β β β Id β Email β OrgId (FK) β Role β β β
β β βββββββββββΌβββββββββββββββΌββββββββββββββΌββββββββββββββββββββββββββ€ β β
β β β usr-101 β john@acme.comβ org-001 β Admin β β β
β β β usr-102 β jane@acme.comβ org-001 β User β β β
β β β usr-201 β bob@tech.com β org-002 β Admin β β β
β β βββββββββββ΄βββββββββββββββ΄ββββββββββββββ΄ββββββββββββββββββββββββββ β β
β β β β
β β β CRITICAL: Every query MUST include: WHERE OrganizationId = @orgId β β
β β β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Sessions Table (Tenant-Scoped) β β
β β βββββββββββ¬βββββββββββββββ¬ββββββββββββββ¬ββββββββββββ¬ββββββββββββββββ β β
β β β Id β UserId β OrgId β StartTime β AIUsageTime β β β
β β βββββββββββΌβββββββββββββββΌββββββββββββββΌββββββββββββΌββββββββββββββββ€ β β
β β β ses-001 β usr-101 β org-001 β 2026-01-15β 02:34:00 β β β
β β β ses-002 β usr-102 β org-001 β 2026-01-15β 01:12:00 β β β
β β β ses-003 β usr-201 β org-002 β 2026-01-15β 00:45:00 β β β
β β βββββββββββ΄βββββββββββββββ΄ββββββββββββββ΄ββββββββββββ΄ββββββββββββββββ β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β Tenant Isolation Enforcement: β
β βββ MultiTenantIsolationMiddleware extracts OrgId from JWT β
β βββ Validates Organization exists and is Active β
β βββ Attaches X-Tenant-Id header to all responses β
β βββ Repository layer auto-filters by OrganizationId β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ποΈ Database Schema
| Table | Key Columns | Indexes | Relationships |
|---|---|---|---|
| Organizations | Id, Name, Status, ApiKey, PlanId, Settings, CreatedAt | PK Id, IX ApiKey (unique), IX Status | 1:N Users, Sessions, Devices |
| OrganizationSettings | OrgId, Key, Value | PK (OrgId, Key) | N:1 Organizations |
| Subscriptions | Id, OrgId, PlanId, Status, StartDate, EndDate | PK Id, IX OrgId | N:1 Organizations, Plans |
| Plans | Id, Name, Features, Limits, Price | PK Id | 1:N Subscriptions |
β οΈ Security & Compliance Notes
Soft Delete Only
Organizations marked as deleted retain data for GDPR/SOC2 compliance. Hard delete requires manual DB intervention.
Audit Trail
All organization changes logged to AuditLogs table with before/after state.
API Key Rotation
No automatic key rotation policy. Manual regeneration only. Recommend 90-day rotation.
Data Export
Full org data export available but may be slow for large orgs. Background job recommended.
β Recommended Future Enhancements
Organization Templates
Pre-configured templates for common org types (Enterprise, SMB, Startup).
Recommended
Sandbox Orgs
Isolated sandbox organizations for testing without affecting production data.
Recommended
Org-to-Org Migration
Transfer users/data between organizations (mergers, acquisitions).
Recommended