Organizations

Organizations are the top-level entity providing complete isolation between business entities. Each organization has isolated vaults, accounts, and permissions.

Overview

In most deployments, an organization maps to a single legal or operational business entity. If you operate multiple independent entities (e.g., subsidiaries), create multiple organizations — each with fully isolated resources.

List Organizations

curl -H "Authorization: Bearer $TOKEN" \
     https://api.carabaas.com/api/v1/organizations

Get Organization Details

curl -H "Authorization: Bearer $TOKEN" \
     https://api.carabaas.com/api/v1/organizations/{organizationId}

Roles & Permissions

Every authenticated client has a base readOwn ability. Roles are assigned at the Organization or Vault level.

Organization-Level Roles

Role	Abilities
OrgAdmin	read, edit, inviteUser, removeUser, assignRole, suspendUser, manageClients, viewAudit, manageVaults, manageAddressBook, viewClients
SecurityOfficer	read, suspendUser, manageClients, viewAudit, suspendVaults, viewClients
User	read
HostedSigner	sign
ManagedSigner	sign
SharedSigner	sign

Vault-Level Roles

Role	Abilities
VaultAdmin	read, generateDetails, initiate, edit, assignRole, suspend, viewAudit, approve, decline, manageAddressBook, viewClients, manageNotifications
Treasurer	read, generateDetails, initiate, approve, decline, manageAddressBook, viewClients, manageNotifications
Operator	read, generateDetails, initiate, viewClients
Approver	read, generateDetails, approve, decline, viewClients
Viewer	read

Managing Clients

List Clients in Organization

curl -H "Authorization: Bearer $TOKEN" \
     https://api.carabaas.com/api/v1/organizations/{orgId}/clients

Add a Client

curl -X POST \
     -H "Authorization: Bearer $TOKEN" \
     -H "Content-Type: application/json" \
     -d '{
       "email": "[email protected]",
       "role": "User"
     }' \
     https://api.carabaas.com/api/v1/organizations/{orgId}/clients

Change Client Role

curl -X PATCH \
     -H "Authorization: Bearer $TOKEN" \
     -H "Content-Type: application/json" \
     -d '{ "role": "OrgAdmin" }' \
     https://api.carabaas.com/api/v1/organizations/clients/{clientId}/role

Suspend / Unsuspend a Client

# Suspend
curl -X PATCH \
     -H "Authorization: Bearer $TOKEN" \
     https://api.carabaas.com/api/v1/organizations/clients/{clientId}/suspend

# Unsuspend
curl -X PATCH \
     -H "Authorization: Bearer $TOKEN" \
     https://api.carabaas.com/api/v1/organizations/clients/{clientId}/unsuspend

API Key Management

Create an Authentication Key

curl -X POST \
     -H "Authorization: Bearer $TOKEN" \
     -H "Content-Type: application/json" \
     -d '{
       "publicKey": "-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----",
       "name": "Production API Key"
     }' \
     https://api.carabaas.com/api/v1/organizations/keys

Block / Unblock a Key

# Block
curl -X PATCH -H "Authorization: Bearer $TOKEN" \
     https://api.carabaas.com/api/v1/organizations/keys/{keyId}/block

# Unblock
curl -X PATCH -H "Authorization: Bearer $TOKEN" \
     https://api.carabaas.com/api/v1/organizations/keys/{keyId}/unblock

Overview​

List Organizations​

Get Organization Details​

Roles & Permissions​

Organization-Level Roles​

Vault-Level Roles​

Managing Clients​

List Clients in Organization​

Add a Client​

Change Client Role​

Suspend / Unsuspend a Client​

API Key Management​

Create an Authentication Key​

Block / Unblock a Key​

See Also​