Tenant APIs

1. Overview

A FusionAuth Tenant is a named object that represents a discrete namespace for Users, Applications and Groups. A user is unique by email address or username within a tenant.

Tenants may be useful to support a multi-tenant application where you wish to use a single instance of FusionAuth but require the ability to have duplicate users across the tenants in your own application. In this scenario a user may exist multiple times with the same email address and different passwords across tenants.

Tenants may also be useful in a test or staging environment to allow multiple users to call APIs and create and modify users without possibility of collision.

The following APIs are provided to manage Tenants.

2. Create a Tenant

This API is used to create a new Tenant.

2.1. Request

Create a Tenant with a randomly generated Id

URI

POST /api/tenant

Create a Tenant with the provided unique Id

URI

POST /api/tenant/{tenantId}

Table 1. Request Parameters

tenantId [UUID] Optional defaults to secure random UUID

The Id to use for the new Tenant. If not specified a secure random UUID will be generated.

Table 2. Request Body

tenant.data [Object] Optional

An object that can hold any information about the Tenant that should be persisted.

tenant.emailConfiguration.enabled [Boolean] Optional

When this value is set to true the email configuration provided by this tenant will take precedence over the configuration by the System Configuration.

tenant.emailConfiguration.forgotPasswordEmailTemplateId [UUID] Optional

The Id of the Email Template that is used when a user is sent a forgot password email.

tenant.emailConfiguration.setPasswordEmailTemplateId [UUID] Optional

The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password.

tenant.emailConfiguration.verificationEmailTemplateId [UUID] Optional

The Id of the Email Template that is used to send the verification emails to users. These emails are used to verify that a user’s email address is valid. If the verifyEmail field is true this field is required.

tenant.emailConfiguration.verifyEmail [Boolean] Optional defaults to false

Whether or not user’s email addresses are verified when the register with your application.

tenant.emailConfiguration.verifyEmailWhenChanged [Boolean] Optional defaults to false

Whether or not user’s email addresses are verified when the user changes them.

tenant.name [String] Required

The name of the Tenant.

Example Response JSON
{
  "tenant": {
    "data": {
      "description": "No more secrets, Marty."
    },
    "emailConfiguration": {
      "enabled": false,
      "forgotPasswordEmailTemplateId": "70474e35-d8df-4d63-9ee4-1b7271e2fdb3",
      "setPasswordEmailTemplateId": "24780efe-2583-4555-be9a-1761043eb23f",
      "verificationEmailTemplateI": "9c263ec1-bc9f-4fc4-9e60-82297e726ba3",
      "verifyEmail": false,
      "verifyEmailWhenChanged": false
    },
    "name": "Playtronics Co."
  }
}

2.2. Response

The response for this API contains the Tenant that was created.

Table 3. Response Codes
Code Description

200

The request was successful. The response will contain a JSON body.

400

The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors.

401

You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

500

There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

503

The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

Table 4. Response Body for a single Tenant

tenant.data [Object]

An object that can hold any information about the Tenant that should be persisted.

tenant.emailConfiguration.enabled [Boolean]

When this value is set to true the email configuration provided by this tenant will take precedence over the configuration by the System Configuration.

tenant.emailConfiguration.forgotPasswordEmailTemplateId [UUID]

The Id of the Email Template that is used when a user is sent a forgot password email.

tenant.emailConfiguration.setPasswordEmailTemplateId [UUID]

The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password.

tenant.emailConfiguration.verificationEmailTemplateId [UUID]

The Id of the Email Template that is used to send the verification emails to users. These emails are used to verify that a user’s email address is valid. If the verifyEmail field is true this field is required.

tenant.emailConfiguration.verifyEmail [Boolean]

Whether or not user’s email addresses are verified when the register with your application.

tenant.emailConfiguration.verifyEmailWhenChanged [Boolean]

Whether or not user’s email addresses are verified when the user changes them.

tenant.id [UUID]

The unique Id of the Tenant.

tenant.name [String]

The name of the Tenant.

Example Response JSON
{
  "tenant": {
    "data": {
      "description": "No more secrets, Marty."
    },
    "emailConfiguration": {
      "enabled": false,
      "forgotPasswordEmailTemplateId": "70474e35-d8df-4d63-9ee4-1b7271e2fdb3",
      "setPasswordEmailTemplateId": "24780efe-2583-4555-be9a-1761043eb23f",
      "verifyEmail": false,
      "verifyEmailWhenChanged": false,
      "verificationEmailTemplateI": "9c263ec1-bc9f-4fc4-9e60-82297e726ba3"
    },
    "id": "2321c2ab-0848-45fc-995b-869ba82c2a8c",
    "name": "Playtronics Co."
  }
}

3. Retrieve a Tenant

This API is used to retrieve a single Tenant by unique Id or all of the configured Tenants.

3.1. Request

Retrieve all of the Tenants

URI

GET /api/tenant

Retrieve a Tenant by Id

URI

GET /api/tenant/{tenantId}

Table 5. Request Parameters

tenantId [UUID] Required

The unique Id of the Tenant to retrieve.

3.2. Response

The response for this API contains either a single Tenant or all of the Tenants. When you call this API with an Id the response will contain a single Tenant. When you call this API without an Id the response will contain all of the Tenants. Both response types are defined below along with an example JSON response.

Table 6. Response Codes
Code Description

200

The request was successful. The response will contain a JSON body.

400

The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors.

401

You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

404

The object you requested doesn’t exist. The response will be empty.

500

There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

503

The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

Table 7. Response Body for a single Tenant

tenant.data [Object]

An object that can hold any information about the Tenant that should be persisted.

tenant.emailConfiguration.enabled [Boolean]

When this value is set to true the email configuration provided by this tenant will take precedence over the configuration by the System Configuration.

tenant.emailConfiguration.forgotPasswordEmailTemplateId [UUID]

The Id of the Email Template that is used when a user is sent a forgot password email.

tenant.emailConfiguration.setPasswordEmailTemplateId [UUID]

The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password.

tenant.emailConfiguration.verificationEmailTemplateId [UUID]

The Id of the Email Template that is used to send the verification emails to users. These emails are used to verify that a user’s email address is valid. If the verifyEmail field is true this field is required.

tenant.emailConfiguration.verifyEmail [Boolean]

Whether or not user’s email addresses are verified when the register with your application.

tenant.emailConfiguration.verifyEmailWhenChanged [Boolean]

Whether or not user’s email addresses are verified when the user changes them.

tenant.id [UUID]

The unique Id of the Tenant.

tenant.name [String]

The name of the Tenant.

Example Response JSON
{
  "tenant": {
    "data": {
      "description": "No more secrets, Marty."
    },
    "emailConfiguration": {
      "enabled": false,
      "forgotPasswordEmailTemplateId": "70474e35-d8df-4d63-9ee4-1b7271e2fdb3",
      "setPasswordEmailTemplateId": "24780efe-2583-4555-be9a-1761043eb23f",
      "verifyEmail": false,
      "verifyEmailWhenChanged": false,
      "verificationEmailTemplateI": "9c263ec1-bc9f-4fc4-9e60-82297e726ba3"
    },
    "id": "2321c2ab-0848-45fc-995b-869ba82c2a8c",
    "name": "Playtronics Co."
  }
}
Table 8. Response Body for all Tenants

tenants [Array]

The list of Tenant objects.

tenants[x].data [Object]

An object that can hold any information about the Tenant that should be persisted.

tenants[x].emailConfiguration.enabled [Boolean]

When this value is set to true the email configuration provided by this tenant will take precedence over the configuration by the System Configuration.

tenants[x].emailConfiguration.forgotPasswordEmailTemplateId [UUID]

The Id of the Email Template that is used when a user is sent a forgot password email.

tenants[x].emailConfiguration.setPasswordEmailTemplateId [UUID]

The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password.

tenants[x].emailConfigurationverificationEmailTemplateId [UUID]

The Id of the Email Template that is used to send the verification emails to users. These emails are used to verify that a user’s email address is valid. If the verifyEmail field is true this field is required.

tenants[x].emailConfiguration.verifyEmail [Boolean]

Whether or not user’s email addresses are verified when the register with your application.

tenants[x].emailConfiguration.verifyEmailWhenChanged [Boolean]

Whether or not user’s email addresses are verified when the user changes them.

tenants[x].id [UUID]

The unique Id of the Tenant.

tenants[x].name [String]

The name of the Tenant.

Example Response JSON
{
  "tenants": [
    {
      "data": {
        "description": "No more secrets, Marty."
      },
      "emailConfiguration": {
        "enabled": false,
        "forgotPasswordEmailTemplateId": "70474e35-d8df-4d63-9ee4-1b7271e2fdb3",
        "setPasswordEmailTemplateId": "24780efe-2583-4555-be9a-1761043eb23f",
        "verifyEmail": false,
        "verifyEmailWhenChanged": false,
        "verificationEmailTemplateI": "9c263ec1-bc9f-4fc4-9e60-82297e726ba3"
      },
      "id": "2321c2ab-0848-45fc-995b-869ba82c2a8c",
      "name": "Playtronics Co."
    }
  ]
}

4. Update a Tenant

This API is used to update an existing Tenant. You must specify the Id of the Tenant you are updating on the URI. You must specify all of the properties of the Tenant when calling this API. This API does not merge the existing Tenant and your new data. It replaces the existing Tenant with your new data.

4.1. Request

Update the Tenant with the given Id

URI

PUT /api/tenant/{tenantId}

Table 9. Request Parameters

tenantId [UUID] Required

The Id of the Tenant to update.

Table 10. Request Body

tenant.data [Object] Optional

An object that can hold any information about the Tenant that should be persisted.

tenant.emailConfiguration.enabled [Boolean] Optional

When this value is set to true the email configuration provided by this tenant will take precedence over the configuration by the System Configuration.

tenant.emailConfiguration.forgotPasswordEmailTemplateId [UUID] Optional

The Id of the Email Template that is used when a user is sent a forgot password email.

tenant.emailConfiguration.setPasswordEmailTemplateId [UUID] Optional

The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password.

tenant.emailConfiguration.verificationEmailTemplateId [UUID] Optional

The Id of the Email Template that is used to send the verification emails to users. These emails are used to verify that a user’s email address is valid. If the verifyEmail field is true this field is required.

tenant.emailConfiguration.verifyEmail [Boolean] Optional defaults to false

Whether or not user’s email addresses are verified when the register with your application.

tenant.emailConfiguration.verifyEmailWhenChanged [Boolean] Optional defaults to false

Whether or not user’s email addresses are verified when the user changes them.

tenant.name [String] Required

The name of the Tenant.

Example Response JSON
{
  "tenant": {
    "data": {
      "description": "No more secrets, Marty."
    },
    "emailConfiguration": {
      "enabled": false,
      "forgotPasswordEmailTemplateId": "70474e35-d8df-4d63-9ee4-1b7271e2fdb3",
      "setPasswordEmailTemplateId": "24780efe-2583-4555-be9a-1761043eb23f",
      "verificationEmailTemplateI": "9c263ec1-bc9f-4fc4-9e60-82297e726ba3",
      "verifyEmail": false,
      "verifyEmailWhenChanged": false
    },
    "name": "Playtronics Co."
  }
}

4.2. Response

The response for this API contains the Tenant that was updated.

Table 11. Response Codes
Code Description

200

The request was successful. The response will contain a JSON body.

400

The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors.

401

You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

404

The object you are trying to updated doesn’t exist. The response will be empty.

500

There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

503

The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

Table 12. Response Body

tenant.data [Object]

An object that can hold any information about the Tenant that should be persisted.

tenant.emailConfiguration.enabled [Boolean]

When this value is set to true the email configuration provided by this tenant will take precedence over the configuration by the System Configuration.

tenant.emailConfiguration.forgotPasswordEmailTemplateId [UUID]

The Id of the Email Template that is used when a user is sent a forgot password email.

tenant.emailConfiguration.setPasswordEmailTemplateId [UUID]

The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password.

tenant.emailConfiguration.verificationEmailTemplateId [UUID]

The Id of the Email Template that is used to send the verification emails to users. These emails are used to verify that a user’s email address is valid. If the verifyEmail field is true this field is required.

tenant.emailConfiguration.verifyEmail [Boolean]

Whether or not user’s email addresses are verified when the register with your application.

tenant.emailConfiguration.verifyEmailWhenChanged [Boolean]

Whether or not user’s email addresses are verified when the user changes them.

tenant.id [UUID]

The unique Id of the Tenant.

tenant.name [String]

The name of the Tenant.

Example Response JSON
{
  "tenant": {
    "data": {
      "description": "No more secrets, Marty."
    },
    "emailConfiguration": {
      "enabled": false,
      "forgotPasswordEmailTemplateId": "70474e35-d8df-4d63-9ee4-1b7271e2fdb3",
      "setPasswordEmailTemplateId": "24780efe-2583-4555-be9a-1761043eb23f",
      "verifyEmail": false,
      "verifyEmailWhenChanged": false,
      "verificationEmailTemplateI": "9c263ec1-bc9f-4fc4-9e60-82297e726ba3"
    },
    "id": "2321c2ab-0848-45fc-995b-869ba82c2a8c",
    "name": "Playtronics Co."
  }
}

5. Delete a Tenant

This API is used to permanently delete a Tenant. Deleting a Tenant will delete all Users, Applications and Groups that belong to this tenant. Proceed with caution.

5.1. Request

Delete a Tenant by Id

URI

DELETE /api/tenant/{tenantId}

Table 13. Request Parameters

tenantId [UUID] Required

The unique Id of the Tenant to delete.

5.2. Response

This API does not return a JSON response body.

Table 14. Response Codes
Code Description

200

The request was successful. The response will be empty.

400

The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors.

401

You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

404

The object you are trying to delete doesn’t exist. The response will be empty.

500

There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

503

The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.