API ReferenceIam
NNO IAM Service API
Identity and Access Management — authentication, roles, permissions, API keys, and service tokens.
List role→permission mappings for an organization
Query Parameters
orgId*string
Length
1 <= lengthResponse Body
application/json
application/json
curl -X GET "https://iam.svc.nno.app/api/nno/roles?orgId=string"nullnullUpsert a role→permission mapping for an organization
Request Body
application/json
orgId*string
Length
1 <= lengthrole*string
Length
1 <= lengthpermissions*array<string>
Items
0 <= itemsResponse Body
application/json
application/json
application/json
curl -X POST "https://iam.svc.nno.app/api/nno/roles" \ -H "Content-Type: application/json" \ -d '{ "orgId": "string", "role": "string", "permissions": [ "string" ] }'nullnullnullcurl -X DELETE "https://iam.svc.nno.app/api/nno/roles/string/string"Empty
nullList permission grants for an organization
Query Parameters
orgId*string
Length
1 <= lengthuserId?string
Response Body
application/json
application/json
curl -X GET "https://iam.svc.nno.app/api/nno/grants?orgId=string"nullnullCreate a per-user permission grant or denial
Request Body
application/json
userId*string
Length
1 <= lengthorgId*string
Length
1 <= lengthpermission*string
Length
1 <= lengthgranted*boolean
grantedBy*string
Length
1 <= lengthexpiresAt?integer
Range
0 < valueResponse Body
application/json
application/json
curl -X POST "https://iam.svc.nno.app/api/nno/grants" \ -H "Content-Type: application/json" \ -d '{ "userId": "string", "orgId": "string", "permission": "string", "granted": true, "grantedBy": "string" }'nullnullcurl -X DELETE "https://iam.svc.nno.app/api/nno/grants/string"Empty
nullCreate a Better Auth organization for a tenant
Request Body
application/json
name*string
Length
1 <= length <= 100slug*string
Match
^[a-z0-9-]+$Length
1 <= length <= 63ownerId*string
Length
1 <= lengthorgType?string
Default
"tenant"Value in
"nno-operator" | "tenant"Response Body
application/json
application/json
application/json
application/json
curl -X POST "https://iam.svc.nno.app/api/nno/organizations" \ -H "Content-Type: application/json" \ -d '{ "name": "string", "slug": "string", "ownerId": "string" }'nullnullnullnullLook up an organization by slug
Path Parameters
slug*string
Response Body
application/json
application/json
curl -X GET "https://iam.svc.nno.app/api/nno/organizations/string"nullnullBootstrap the NNO operator org
Response Body
application/json
application/json
application/json
application/json
curl -X POST "https://iam.svc.nno.app/api/nno/bootstrap"nullnullnullnullValidate a raw API key
Request Body
application/json
key*string
Length
1 <= lengthResponse Body
application/json
application/json
application/json
curl -X POST "https://iam.svc.nno.app/api/nno/apikey/validate" \ -H "Content-Type: application/json" \ -d '{ "key": "string" }'nullnullnullIssue a short-lived service-to-service JWT
Request Body
application/json
serviceId*string
Length
1 <= lengthtargetService*string
Length
1 <= lengthResponse Body
application/json
application/json
application/json
application/json
curl -X POST "https://iam.svc.nno.app/api/nno/service-token" \ -H "Content-Type: application/json" \ -d '{ "serviceId": "string", "targetService": "string" }'nullnullnullnullUpdate platform suspension status
Request Body
application/json
platformId*string
Length
1 <= lengthstatus*string
Value in
"suspended" | "active"Response Body
application/json
application/json
application/json
curl -X POST "https://iam.svc.nno.app/internal/platform-status" \ -H "Content-Type: application/json" \ -d '{ "platformId": "string", "status": "suspended" }'nullnullnullcurl -X GET "https://iam.svc.nno.app/api/auth/profile"nullnullnullUpdate the current user's profile
Request Body
application/json
name?string
Length
1 <= lengthimage?string|null
Format
uriResponse Body
application/json
application/json
application/json
curl -X PATCH "https://iam.svc.nno.app/api/auth/profile" \ -H "Content-Type: application/json" \ -d '{}'nullnullnull