Admin RLS Guard
API Contract
REST
/api/v1/admin/scope
6 endpoints
GET
/api/v1/admin/scope/api/v1/admin/scope
Get all org IDs in this admin's scope
Public
Response Example
{
"data": {
"admin_id": "usr_hA3mXp",
"scope_org_ids": [
"org_kNr8aQ",
"org_tY2zLm",
"org_xW7pNq"
],
"is_super_admin": false
}
}
GET
/api/v1/admin/scope/api/v1/admin/scope/is-super-admin
Check if the authenticated admin has super-admin privileges
Public
Response Example
{
"data": {
"admin_id": "usr_hA3mXp",
"is_super_admin": false
}
}
POST
/api/v1/admin/scope/api/v1/admin/scope/assert
Assert that a given org is within the admin's scope (throws 403 if not)
Public
Request Example
{
"requested_org_id": "org_tY2zLm"
}Response Example
{
"data": {
"requested_org_id": "org_tY2zLm",
"in_scope": true
}
}
GET
/api/v1/admin/scope/api/v1/admin/scope/list
List all scope entries (paginated, super-admin only)
Public
Response Example
{
"data": [
{
"admin_id": "usr_hA3mXp",
"org_id": "org_kNr8aQ",
"granted_at": "2025-01-10T00:00:00Z"
},
{
"admin_id": "usr_hA3mXp",
"org_id": "org_tY2zLm",
"granted_at": "2025-01-10T00:00:00Z"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total": 3
}
}
POST
/api/v1/admin/scope/api/v1/admin/scope/list
Grant org scope to an admin (super-admin only)
Public
Request Example
{
"admin_id": "usr_bQ9vTk",
"org_id": "org_xW7pNq"
}Response Example
{
"data": {
"admin_id": "usr_bQ9vTk",
"org_id": "org_xW7pNq",
"granted_at": "2026-03-26T12:00:00Z"
}
}
DELETE
/api/v1/admin/scope/api/v1/admin/scope/list/:adminId/:orgId
Revoke org scope from an admin (super-admin only)
Public
Response Example
{
"data": {
"admin_id": "usr_bQ9vTk",
"org_id": "org_xW7pNq",
"revoked": true
}
}