Organization creation
Prerequisites
The API expose an endpoint which allows you to create organizations in a given realm.
However, you need to have a the SuperAdmin
service account to be able to create organizations.
Without this service account the API will block your requests.
The first step is to create a Keycloak client with a service account which will inherit the SuperAdmin
role.
This client must be private
because we want to keep the organization creation process under the responsability of Astran.
At this time, the Astran-API-V2 does not support the fact that one user can belong to multiple organizations.
Thus, be careful when creating organizations, one user must belong to one and only one organization at the same time.
Organization creation
As we said previously, the API expose an endpoint which allows you to create organizations in given realm. The documentation of this endpoint is available at https://{your-realm}.api.s5.astran.io/docs/#/Organization/CreateOrganization
If you don't know how to access your Astran-API-V2 instance, please see how-to-access-astran-application page.
Find your client credentials
Go to Clients>superadmin>credentials and copy the client secret:
Get your access token
export REALM=my-realm # Set your realm
export SECRET=my-secret # Set your secret
export CLIENT_ID=superadmin
curl --location "https://$REALM.auth.astran.io/auth/realms/$REALM/protocol/openid-connect/token" \
--header "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "client_id=$CLIENT_ID" \
--data-urlencode "grant_type=client_credentials" \
--data-urlencode "client_secret=$SECRET"
{
"access_token": "eyJh...660DQ",
"expires_in": 300,
"refresh_expires_in": 0,
"token_type": "Bearer",
"not-before-policy": 0,
"scope": "profile email"
}
Create your organization
export TOKEN=eyJh...660DQ # Save your access_token
# Create your organization
curl --location "https://$REALM.api.s5.astran.io/api/v2.1/organizations" \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--header "Authorization: Bearer $TOKEN" \
--data '{
"name": "organization-name",
"domain": "organization-domain-name.com",
"storageLimit": 100,
"firstAdmin": {
"firstName": "firstName",
"lastName": "lastName",
"email": "lastName@organization.com"
}
}'
{
"id": "82a53d0d-57b6-4d81-b9e8-333b8d814bce",
"name": "organization-name",
"domain": "organization-domain-name.com",
"storageLimit": 100,
"storageUsed": 0
}