Tenant Service Guide
Self-service tenant API and workspace features for cloud.aiknol.com.
Purpose
The tenant service powers signup/login, workspace management, API keys, billing, team invites, and profile/settings for each company tenant.
Base URLs
- API base:
https://api.aiknol.com/app - OpenAPI / Swagger UI:
https://api.aiknol.com/docs - Tenant app website:
https://cloud.aiknol.com
Authentication Model
- Session cookie flow (browser app):
POST /app/auth/signupPOST /app/auth/loginPOST /app/auth/logoutGET /app/auth/me
- Bearer token flow (API clients):
Authorization: Bearer <token>
- Tenant scoping:
- all protected endpoints are tenant-scoped through authenticated claims.
Endpoint Groups
Auth
POST /app/auth/signupPOST /app/auth/loginPOST /app/auth/logoutGET /app/auth/mePOST /app/auth/accept-invite
Workspace and Users
GET /app/tenantGET /app/usersPOST /app/usersPUT /app/users/{id}
API Keys
GET /app/api-keysPOST /app/api-keysDELETE /app/api-keys/{id}
Team Invites
POST /app/invitesGET /app/invitesDELETE /app/invites/{id}POST /app/auth/accept-invite
Billing and Usage
POST /app/billing/checkoutPOST /app/billing/portalGET /app/billing/subscriptionPOST /app/billing/cancelPOST /app/billing/reactivateGET /app/billing/invoicesGET /app/billing/invoices/upcomingGET /app/billing/usageGET /app/billing/usage/historyPOST /app/billing/stripe/webhook
Settings
PUT /app/settings/tenantPUT /app/settings/profilePOST /app/settings/change-password
Role Model
Workspace user roles:
owneradmindeveloperviewer
API key roles:
admindeveloperread_only
Reference Sources
- Tenant service code:
knol-enterprise/crates/service-tenant/ - OpenAPI definition:
knol-enterprise/crates/service-tenant/src/openapi.rs - Integration tests covering endpoint behavior:
knol-enterprise/crates/service-tenant/tests/tenant_api_test.rs