Admin API · §8
tonia — Developer admin API
tonia backend endpoints consumed by the portal. Wallet-signed ↔ §8.3: the request carries a secp256k1 signature derived through the tenant's HD path.
| Method | Endpoint | Role | Wallet-signed | Purpose |
|---|---|---|---|---|
| POST | /v1/admin/tenants | StaffAdmin | yes | Create a tenant (onboarding); seeds the default profiles |
| GET | /v1/admin/tenants/<id> | TenantAdmin / StaffAdmin | no | JSON tenant overview |
| PATCH | /v1/admin/tenants/<id>/settings | TenantAdmin | yes | Update settings |
| POST | /v1/admin/tenants/<id>/members | TenantAdmin | yes | Invite a new member |
| GET | /v1/admin/tenants/<id>/byok-keys | TenantAdmin | no | List upstream keys |
| POST | /v1/admin/tenants/<id>/byok-keys | TenantAdmin | yes | Upload an upstream key (KMS-encrypted) |
| DELETE | /v1/admin/tenants/<id>/byok-keys/<bid> | TenantAdmin | yes | Revoke an upstream key |
| GET | /v1/admin/tenants/<id>/profiles | TenantAdmin / DeveloperUser (subset) | no | List profiles |
| POST | /v1/admin/tenants/<id>/profiles | TenantAdmin | yes | Create a profile |
| PATCH | /v1/admin/tenants/<id>/profiles/<pid> | TenantAdmin | yes | Edit a profile (versioned) |
| DELETE | /v1/admin/tenants/<id>/profiles/<pid> | TenantAdmin | yes | Disable a profile |
| GET | /v1/admin/tenants/<id>/api-keys | TenantAdmin / DeveloperUser (subset) | no | List tonia_* keys |
| POST | /v1/admin/tenants/<id>/api-keys | TenantAdmin / DeveloperUser (constrained) | yes | Issue a tonia_* Bearer |
| POST | /v1/admin/tenants/<id>/api-keys/<kid>/rotate | TenantAdmin | yes | Soft-revoke + issue replacement |
| POST | /v1/admin/tenants/<id>/api-keys/<kid>/revoke | TenantAdmin | yes | Revoke a key |
| GET | /v1/admin/tenants/<id>/policy | TenantAdmin | no | Policy tree |
| PUT | /v1/admin/tenants/<id>/policy | TenantAdmin | yes | Replace the tree (with diff) |
| GET | /v1/admin/tenants/<id>/dlp | TenantAdmin | no | DLP baseline |
| PUT | /v1/admin/tenants/<id>/dlp | TenantAdmin | yes | Replace the DLP baseline |
| POST | /v1/admin/tenants/<id>/dlp/test | TenantAdmin | no | Test console (does not persist the prompt) |
| GET | /v1/admin/tenants/<id>/audit | TenantAdmin / DeveloperUser (filtered) | no | Query the chain |
| GET | /v1/admin/tenants/<id>/audit/export | TenantAdmin | no | Signed JSON + PDF export |
| POST | /v1/admin/tenants/<id>/accept | DeveloperUser (personal keys) | yes | Append ACCEPTANCE for a received RESPONSE |
| POST | /v1/admin/staff/tenants/<id>/managed | StaffAdmin | yes | Flip tenant.managed_enabled |
| POST | /v1/admin/staff/managed-pool | StaffAdmin | yes | Upload / rotate Managed pool credential |
| POST | /v1/admin/staff/posture-watch/<diff_id>/ack | StaffAdmin | yes | Acknowledge a posture diff (+ 24h clock) |
| POST | /v1/admin/staff/trust-hub/publish | StaffAdmin | yes | Publish a trust-hub snapshot |