API admin · §8
API admin tonia — Developer
Points d'accès du backend tonia consommés par le portail. Signé par portefeuille ↔ §8.3 : la requête porte une signature secp256k1 à dérivation HD du compte.
| Méthode | Point d'accès | Rôle | Signé par portefeuille | Objectif |
|---|---|---|---|---|
| POST | /v1/admin/tenants | StaffAdmin | oui | Create a tenant (onboarding); seeds the default profiles |
| GET | /v1/admin/tenants/<id> | TenantAdmin / StaffAdmin | non | JSON tenant overview |
| PATCH | /v1/admin/tenants/<id>/settings | TenantAdmin | oui | Update settings |
| POST | /v1/admin/tenants/<id>/members | TenantAdmin | oui | Invite a new member |
| GET | /v1/admin/tenants/<id>/byok-keys | TenantAdmin | non | List upstream keys |
| POST | /v1/admin/tenants/<id>/byok-keys | TenantAdmin | oui | Upload an upstream key (KMS-encrypted) |
| DELETE | /v1/admin/tenants/<id>/byok-keys/<bid> | TenantAdmin | oui | Revoke an upstream key |
| GET | /v1/admin/tenants/<id>/profiles | TenantAdmin / DeveloperUser (subset) | non | List profiles |
| POST | /v1/admin/tenants/<id>/profiles | TenantAdmin | oui | Create a profile |
| PATCH | /v1/admin/tenants/<id>/profiles/<pid> | TenantAdmin | oui | Edit a profile (versioned) |
| DELETE | /v1/admin/tenants/<id>/profiles/<pid> | TenantAdmin | oui | Disable a profile |
| GET | /v1/admin/tenants/<id>/api-keys | TenantAdmin / DeveloperUser (subset) | non | List tonia_* keys |
| POST | /v1/admin/tenants/<id>/api-keys | TenantAdmin / DeveloperUser (constrained) | oui | Issue a tonia_* Bearer |
| POST | /v1/admin/tenants/<id>/api-keys/<kid>/rotate | TenantAdmin | oui | Soft-revoke + issue replacement |
| POST | /v1/admin/tenants/<id>/api-keys/<kid>/revoke | TenantAdmin | oui | Revoke a key |
| GET | /v1/admin/tenants/<id>/policy | TenantAdmin | non | Policy tree |
| PUT | /v1/admin/tenants/<id>/policy | TenantAdmin | oui | Replace the tree (with diff) |
| GET | /v1/admin/tenants/<id>/dlp | TenantAdmin | non | DLP baseline |
| PUT | /v1/admin/tenants/<id>/dlp | TenantAdmin | oui | Replace the DLP baseline |
| POST | /v1/admin/tenants/<id>/dlp/test | TenantAdmin | non | Test console (does not persist the prompt) |
| GET | /v1/admin/tenants/<id>/audit | TenantAdmin / DeveloperUser (filtered) | non | Query the chain |
| GET | /v1/admin/tenants/<id>/audit/export | TenantAdmin | non | Signed JSON + PDF export |
| POST | /v1/admin/tenants/<id>/accept | DeveloperUser (personal keys) | oui | Append ACCEPTANCE for a received RESPONSE |
| POST | /v1/admin/staff/tenants/<id>/managed | StaffAdmin | oui | Flip tenant.managed_enabled |
| POST | /v1/admin/staff/managed-pool | StaffAdmin | oui | Upload / rotate Managed pool credential |
| POST | /v1/admin/staff/posture-watch/<diff_id>/ack | StaffAdmin | oui | Acknowledge a posture diff (+ 24h clock) |
| POST | /v1/admin/staff/trust-hub/publish | StaffAdmin | oui | Publish a trust-hub snapshot |