IAM & Authentication API

The IAM Service manages organization boundaries, membership, users, client keys, and active sessions. Base URL: https://api.thygon.com/auth

Token generation

Issue access token

POST /oauth/token Request a JWT access token for authenticating subsequent API calls. Request body (Client Credentials Grant):

{
  "grant_type": "client_credentials",
  "client_id": "your-client-id",
  "client_secret": "your-client-secret"
}

Response (200 OK):

{
  "access_token": "eyJhbG...",
  "token_type": "Bearer",
  "expires_in": 3600
}

Organizations

List organizations

GET /organizations Retrieve a list of organizations you belong to. Query parameters:

limit (number, optional): Default 50.
cursor (string, optional): Pagination cursor.
name (string, optional): Filter by name.
handle (string, optional): Filter by handle.

Create organization

POST /organizations Create a new organization. Request body:

{
  "name": "Acme Corp",
  "handle": "acme",
  "owner": "usr_998877"
}

Get organization

GET /organizations/{organization_id}

Update organization

PATCH /organizations/{organization_id}

Delete organization

DELETE /organizations/{organization_id}

Membership & invites

List organization members

GET /organizations/{organization_id}/members

Create membership invite

POST /organizations/{organization_id}/invites Request body:

{
  "email": "employee@acme.com",
  "role": "MEMBER",
  "expires_in_seconds": 86400
}

Users & sessions

Get user details

GET /users/{user_id}

List active sessions

GET /sessions

Revoke session

POST /sessions/{id}/revoke

​Token generation

​Issue access token

​Organizations

​List organizations

​Create organization

​Get organization

​Update organization

​Delete organization

​Membership & invites

​List organization members

​Create membership invite

​Users & sessions

​Get user details

​List active sessions

​Revoke session