Skip to main content
Version: 2.1.0

Organization creation

Prerequisites

The API expose an endpoint which allows you to create organizations in a given realm. However, you need to have a the SuperAdmin service account to be able to create organizations. Without this service account the API will block your requests.

The first step is to create a Keycloak client with a service account which will inherit the SuperAdmin role. This client must be private because we want to keep the organization creation process under the responsability of Astran.

At this time, the Astran-API-V2 does not support the fact that one user can belong to multiple organizations. Thus, be careful when creating organizations, one user must belong to one and only one organization at the same time.

Organization creation

As we said previously, the API expose an endpoint which allows you to create organizations in given realm. The documentation of this endpoint is available at https://{your-realm}.api.s5.astran.io/docs/#/Organization/CreateOrganization

If you don't know how to access your Astran-API-V2 instance, please see how-to-access-astran-application page.

Find your client credentials

Go to Clients>superadmin>credentials and copy the client secret:

image create-organization

Get your access token

export REALM=my-realm # Set your realm
export SECRET=my-secret # Set your secret
export CLIENT_ID=superadmin

curl --location "https://$REALM.auth.astran.io/auth/realms/$REALM/protocol/openid-connect/token" \
--header "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "client_id=$CLIENT_ID" \
--data-urlencode "grant_type=client_credentials" \
--data-urlencode "client_secret=$SECRET"
{
  "access_token":"eyJh...660DQ",
  "expires_in":300,
  "refresh_expires_in":0,
  "token_type":"Bearer",
  "not-before-policy":0,
  "scope":"profile email"
}

Create your organization

export TOKEN=eyJh...660DQ # Save your access_token

# Create your organization
curl --location "https://$REALM.api.s5.astran.io/api/v2.1/organizations" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--header "Authorization: Bearer $TOKEN" \
--data '{
  "name": "organization-name",
  "domain": "organization-domain-name.com",
  "storageLimit": 100,
  "firstAdmin": {
    "firstName": "firstName",
    "lastName": "lastName",
    "email": "lastName@organization.com"
  }
}'
{
  "id": "82a53d0d-57b6-4d81-b9e8-333b8d814bce",
  "name": "organization-name",
  "domain": "organization-domain-name.com",
  "storageLimit": 100,
  "storageUsed": 0
}