NNO Docs
API ReferenceIam

NNO IAM Service API

Identity and Access Management — authentication, roles, permissions, API keys, and service tokens.

List role→permission mappings for an organization

GET
/api/nno/roles

Query Parameters

orgId*string
Length1 <= length

Response Body

application/json

application/json

curl -X GET "https://iam.svc.nno.app/api/nno/roles?orgId=string"
null
null

Upsert a role→permission mapping for an organization

POST
/api/nno/roles

Request Body

application/json

orgId*string
Length1 <= length
role*string
Length1 <= length
permissions*array<string>
Items0 <= items

Response Body

application/json

application/json

application/json

curl -X POST "https://iam.svc.nno.app/api/nno/roles" \  -H "Content-Type: application/json" \  -d '{    "orgId": "string",    "role": "string",    "permissions": [      "string"    ]  }'
null
null
null

Remove a role→permission mapping

DELETE
/api/nno/roles/{orgId}/{role}

Path Parameters

orgId*string
role*string

Response Body

application/json

curl -X DELETE "https://iam.svc.nno.app/api/nno/roles/string/string"
Empty
null

List permission grants for an organization

GET
/api/nno/grants

Query Parameters

orgId*string
Length1 <= length
userId?string

Response Body

application/json

application/json

curl -X GET "https://iam.svc.nno.app/api/nno/grants?orgId=string"
null
null

Create a per-user permission grant or denial

POST
/api/nno/grants

Request Body

application/json

userId*string
Length1 <= length
orgId*string
Length1 <= length
permission*string
Length1 <= length
granted*boolean
grantedBy*string
Length1 <= length
expiresAt?integer
Range0 < value

Response Body

application/json

application/json

curl -X POST "https://iam.svc.nno.app/api/nno/grants" \  -H "Content-Type: application/json" \  -d '{    "userId": "string",    "orgId": "string",    "permission": "string",    "granted": true,    "grantedBy": "string"  }'
null
null

Remove a permission grant

DELETE
/api/nno/grants/{id}

Path Parameters

id*string

Response Body

application/json

curl -X DELETE "https://iam.svc.nno.app/api/nno/grants/string"
Empty
null

Create a Better Auth organization for a tenant

POST
/api/nno/organizations

Request Body

application/json

name*string
Length1 <= length <= 100
slug*string
Match^[a-z0-9-]+$
Length1 <= length <= 63
ownerId*string
Length1 <= length
orgType?string
Default"tenant"
Value in"nno-operator" | "tenant"

Response Body

application/json

application/json

application/json

application/json

curl -X POST "https://iam.svc.nno.app/api/nno/organizations" \  -H "Content-Type: application/json" \  -d '{    "name": "string",    "slug": "string",    "ownerId": "string"  }'
null
null
null
null

Look up an organization by slug

GET
/api/nno/organizations/{slug}

Path Parameters

slug*string

Response Body

application/json

application/json

curl -X GET "https://iam.svc.nno.app/api/nno/organizations/string"
null
null

Bootstrap the NNO operator org

POST
/api/nno/bootstrap

Response Body

application/json

application/json

application/json

application/json

curl -X POST "https://iam.svc.nno.app/api/nno/bootstrap"
null
null
null
null

Validate a raw API key

POST
/api/nno/apikey/validate

Request Body

application/json

key*string
Length1 <= length

Response Body

application/json

application/json

application/json

curl -X POST "https://iam.svc.nno.app/api/nno/apikey/validate" \  -H "Content-Type: application/json" \  -d '{    "key": "string"  }'
null
null
null

Issue a short-lived service-to-service JWT

POST
/api/nno/service-token

Request Body

application/json

serviceId*string
Length1 <= length
targetService*string
Length1 <= length

Response Body

application/json

application/json

application/json

application/json

curl -X POST "https://iam.svc.nno.app/api/nno/service-token" \  -H "Content-Type: application/json" \  -d '{    "serviceId": "string",    "targetService": "string"  }'
null
null
null
null

Update platform suspension status

POST
/internal/platform-status

Request Body

application/json

platformId*string
Length1 <= length
status*string
Value in"suspended" | "active"

Response Body

application/json

application/json

application/json

curl -X POST "https://iam.svc.nno.app/internal/platform-status" \  -H "Content-Type: application/json" \  -d '{    "platformId": "string",    "status": "suspended"  }'
null
null
null

Get the current user's profile

GET
/api/auth/profile

Response Body

application/json

application/json

application/json

curl -X GET "https://iam.svc.nno.app/api/auth/profile"
null
null
null

Update the current user's profile

PATCH
/api/auth/profile

Request Body

application/json

name?string
Length1 <= length
image?string|null
Formaturi

Response Body

application/json

application/json

application/json

curl -X PATCH "https://iam.svc.nno.app/api/auth/profile" \  -H "Content-Type: application/json" \  -d '{}'
null
null
null

NNO Registry Service API

Platform catalog, stacks, resources, DNS records, and feature management.

@neutrino-io/core

Neutrino platform core primitives — naming, types, constants, tracing, errors, and middleware.