Org API
Read the credential's organisation metadata. Read-only on the public API — org settings (retention, SMS opt-in, KYB) are managed from the in-app admin surface where the audit chain captures who changed what + when.
Get the org
GET /api/v1/public/org — scope org:read
curl https://app.nexbasira.com/api/v1/public/org \
-H "Authorization: Bearer nb_sec_..."{
"id": "00000000-0000-0000-0000-000000000000",
"name": "Acme Insurance",
"country": "FR",
"settings_jsonb": {
"default_locale": "fr",
"auto_record_sessions": false
},
"retention_days": 2555,
"sms_enabled": true,
"created_at": "2024-09-01T08:00:00Z"
}| Field | Type | Notes |
|---|---|---|
id | UUID | Stable across the credential's lifetime. |
name | string | Display name. Shown in invite emails + the PDF report header. |
country | ISO 3166-1 alpha-2 | Drives default locale + KYB jurisdiction. |
settings_jsonb | object | Free-form org-level preferences (default locale, auto-record toggle, etc.). Schema is forward-compatible — treat unknown keys as informational. |
retention_days | int | null | How long Evidence bytes are kept in object storage before lifecycle rules purge them. null = platform default (7 years for eIDAS-compliant deployments). |
sms_enabled | bool | Whether SMS invite delivery is enabled. Defaults to false; opt-in via the admin SMS card. |
created_at | ISO 8601 | Org-creation timestamp. |
Common errors
| Status | Code | When |
|---|---|---|
| 403 | permission_denied | Credential lacks org:read. |
Notes
- One org per credential. Every public-API credential is scoped to exactly one organisation; you don't pass an
org_id— the credential resolves it server-side. - No write surface. Mutations to org settings go through the admin UI so the operator's identity + reason can be audited. The public API stays read-only here on purpose.
- White-label. For logo + colour customisation, see the Branding API — that's the writeable corner.