Organization Management
Overview
Organization is the foundational building block of WEDA. Before you can onboard devices, assign users, or deploy containers, you must first establish your organization structure.
An Organization represents a logical grouping unit — such as a region, department, or project — that serves as the scope for:
- Devices: All devices must belong to an organization
- Users: Users are assigned roles within organizations
- Resources: Container deployments, batch tasks, and reports operate within organization boundaries
Dependencies with Other Modules
| Dependent Module | Relationship | Impact |
|---|---|---|
| Device Provisioning | Devices must be registered under an organization | Cannot onboard devices without a target organization |
| User Management | Users are added to organizations | User permissions are scoped to their assigned organizations |
| Container Stack | Deployments target devices within organizations | Organization determines which devices receive deployments |
| Batch Tasks | Tasks execute across devices in an organization | Task scope is limited to organization boundaries |
| Reports | Reports aggregate data by organization | Data visibility follows organization hierarchy |
Basic Operations
| Operation | API | Description |
|---|---|---|
| Create Organization | POST https://{domain}/{tenantPath}/{srp}/api/v1/orgs | Create root or sub-organization with name, description, and optional parentOrgId |
| Read Organizations | GET https://{domain}/{tenantPath}/{srp}/api/v1/orgs | List all organizations with different filters and pagination options |
| Update Organization | PATCH https://{domain}/{tenantPath}/{srp}/api/v1/orgs/{orgId} | Modify name or description of an existing organization |
| Delete Organization | DELETE https://{domain}/{tenantPath}/{srp}/api/v1/orgs/{orgId}?orgName=xxx | Remove organization (requires name confirmation) |
Constraints & Limitations
General
- API access requires authentication with a valid token
Create
nameis required, max 100 charactersdescriptionis optional, max 200 charactersparentOrgIdis immutable after creation — you cannot move an organization to a different parent
Update
- Only
nameanddescriptioncan be modified - Cannot change parent organization
Delete
- Must provide
orgNamequery parameter for confirmation - Organization must have no child organizations
- Organization must have no other users
- Root organization cannot be deleted
Advanced Features
This section covers APIs related to Identity, Access Control, and advanced organization hierarchy management, providing system administrators with more granular permission control and user management mechanisms.
Advanced Organization Retrieval
Beyond basic CRUD operations, WEDA provides advanced APIs for navigating complex organizational hierarchies. These APIs support depth-based traversal, enabling efficient queries across multi-level structures. Organizations form a tree structure. The depth parameter controls how many levels to traverse:
Org1 (Root)
└── Org2 ← current org
├── Org3 ← depth=1
│ ├── device1 ← depth=2
│ └── device2
└── Org4 ← depth=1
| Operation | API | Description |
|---|---|---|
| Get Organization by ID | GET https://{domain}/{tenantPath}/{srp}/api/v1/orgs/{orgId} | Retrieve detailed information of a specific organization |
| Get Child Organizations | GET https://{domain}/{tenantPath}/{srp}/api/v1/orgs/{orgId}/children?depth=n | Get child organizations down to specified depth |
| Get Parent Organizations | GET https://{domain}/{tenantPath}/{srp}/api/v1/orgs/{orgId}/parents?depth=n | Get parent organizations up to specified depth |
Authentication Management
Authentication APIs handle the creation and management of tokens for API access. This includes user token and client credential. User tokens are used for interactive user sessions, while Client Credentials handles authentication between applications and services.
| Operation | API | Description |
|---|---|---|
| Create User Access Token | POST https://{domain}/{tenantPath}/{srp}/api/v1/auth/tokens | Create User access token for API authentication |
| Create Client Credential | POST https://{domain}/{tenantPath}/{srp}/api/v1/oauth2/client-credentials | Create a new client credential with specified scopes |
| List Client Credentials | GET https://{domain}/{tenantPath}/{srp}/api/v1/oauth2/client-credentials | Retrieve all client credentials for the current user |
| Delete Client Credential | DELETE https://{domain}/{tenantPath}/{srp}/api/v1/oauth2/client-credentials/{id} | Revoke and delete a client credential |