Skip to main content
Admin endpoints are protected by role checks. The authenticated user must hold an active admin, auditor, or billing_admin role. Unauthorized calls are recorded as audit events.

Audit

List audit events with optional filters. auditor and admin can view audit events.
Response:

Principals

List, grant, and revoke administrative principals. Only admin can manage principals.
Grant a principal:
Revoke a principal:
Valid roles are admin, auditor, billing_admin, and support.

Usage

List and adjust administrative usage and budgets. Only admin and billing_admin can manage usage.
Adjust a user’s budget:
Budget adjustments create administration.budget.adjust audit events.

Errors

  • 401 — Missing or invalid authentication.
  • 403 — The caller does not have the required administrative role.
  • 400 — Missing required fields or invalid role.
  • 404 — Principal not found when revoking.