diff --git a/en/cli/resources/admin/index.md b/en/cli/resources/admin/index.md index 484270a..aca6420 100644 --- a/en/cli/resources/admin/index.md +++ b/en/cli/resources/admin/index.md @@ -1703,7 +1703,7 @@ Get audio speeches usage details for the organization. - `object: "bucket"` - - `results: array of object { input_tokens, num_model_requests, object, 10 more } or object { input_tokens, num_model_requests, object, 4 more } or object { input_tokens, num_model_requests, object, 4 more } or 6 more` + - `results: array of object { input_tokens, num_model_requests, object, 10 more } or object { input_tokens, num_model_requests, object, 4 more } or object { input_tokens, num_model_requests, object, 4 more } or 8 more` - `organization.usage.completions.result: object { input_tokens, num_model_requests, object, 10 more }` @@ -1945,6 +1945,66 @@ Get audio speeches usage details for the organization. When `group_by=project_id`, this field provides the project ID of the grouped usage result. + - `organization.usage.file_searches.result: object { num_requests, object, api_key_id, 3 more }` + + The aggregated file search calls usage details of the specific time bucket. + + - `num_requests: number` + + The count of file search calls. + + - `object: "organization.usage.file_searches.result"` + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + + - `vector_store_id: optional string` + + When `group_by=vector_store_id`, this field provides the vector store ID of the grouped usage result. + + - `organization.usage.web_searches.result: object { num_model_requests, num_requests, object, 5 more }` + + The aggregated web search calls usage details of the specific time bucket. + + - `num_model_requests: number` + + The count of model requests. + + - `num_requests: number` + + The count of web search calls. + + - `object: "organization.usage.web_searches.result"` + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `context_level: optional string` + + When `group_by=context_level`, this field provides the search context size of the grouped usage result. + + - `model: optional string` + + When `group_by=model`, this field provides the model name of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + - `organization.costs.result: object { object, amount, api_key_id, 3 more }` The aggregated costs details of the specific time bucket. @@ -2093,7 +2153,7 @@ Get audio transcriptions usage details for the organization. - `object: "bucket"` - - `results: array of object { input_tokens, num_model_requests, object, 10 more } or object { input_tokens, num_model_requests, object, 4 more } or object { input_tokens, num_model_requests, object, 4 more } or 6 more` + - `results: array of object { input_tokens, num_model_requests, object, 10 more } or object { input_tokens, num_model_requests, object, 4 more } or object { input_tokens, num_model_requests, object, 4 more } or 8 more` - `organization.usage.completions.result: object { input_tokens, num_model_requests, object, 10 more }` @@ -2335,6 +2395,66 @@ Get audio transcriptions usage details for the organization. When `group_by=project_id`, this field provides the project ID of the grouped usage result. + - `organization.usage.file_searches.result: object { num_requests, object, api_key_id, 3 more }` + + The aggregated file search calls usage details of the specific time bucket. + + - `num_requests: number` + + The count of file search calls. + + - `object: "organization.usage.file_searches.result"` + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + + - `vector_store_id: optional string` + + When `group_by=vector_store_id`, this field provides the vector store ID of the grouped usage result. + + - `organization.usage.web_searches.result: object { num_model_requests, num_requests, object, 5 more }` + + The aggregated web search calls usage details of the specific time bucket. + + - `num_model_requests: number` + + The count of model requests. + + - `num_requests: number` + + The count of web search calls. + + - `object: "organization.usage.web_searches.result"` + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `context_level: optional string` + + When `group_by=context_level`, this field provides the search context size of the grouped usage result. + + - `model: optional string` + + When `group_by=model`, this field provides the model name of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + - `organization.costs.result: object { object, amount, api_key_id, 3 more }` The aggregated costs details of the specific time bucket. @@ -2471,7 +2591,7 @@ Get code interpreter sessions usage details for the organization. - `object: "bucket"` - - `results: array of object { input_tokens, num_model_requests, object, 10 more } or object { input_tokens, num_model_requests, object, 4 more } or object { input_tokens, num_model_requests, object, 4 more } or 6 more` + - `results: array of object { input_tokens, num_model_requests, object, 10 more } or object { input_tokens, num_model_requests, object, 4 more } or object { input_tokens, num_model_requests, object, 4 more } or 8 more` - `organization.usage.completions.result: object { input_tokens, num_model_requests, object, 10 more }` @@ -2713,6 +2833,66 @@ Get code interpreter sessions usage details for the organization. When `group_by=project_id`, this field provides the project ID of the grouped usage result. + - `organization.usage.file_searches.result: object { num_requests, object, api_key_id, 3 more }` + + The aggregated file search calls usage details of the specific time bucket. + + - `num_requests: number` + + The count of file search calls. + + - `object: "organization.usage.file_searches.result"` + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + + - `vector_store_id: optional string` + + When `group_by=vector_store_id`, this field provides the vector store ID of the grouped usage result. + + - `organization.usage.web_searches.result: object { num_model_requests, num_requests, object, 5 more }` + + The aggregated web search calls usage details of the specific time bucket. + + - `num_model_requests: number` + + The count of model requests. + + - `num_requests: number` + + The count of web search calls. + + - `object: "organization.usage.web_searches.result"` + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `context_level: optional string` + + When `group_by=context_level`, this field provides the search context size of the grouped usage result. + + - `model: optional string` + + When `group_by=model`, this field provides the model name of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + - `organization.costs.result: object { object, amount, api_key_id, 3 more }` The aggregated costs details of the specific time bucket. @@ -2865,7 +3045,7 @@ Get completions usage details for the organization. - `object: "bucket"` - - `results: array of object { input_tokens, num_model_requests, object, 10 more } or object { input_tokens, num_model_requests, object, 4 more } or object { input_tokens, num_model_requests, object, 4 more } or 6 more` + - `results: array of object { input_tokens, num_model_requests, object, 10 more } or object { input_tokens, num_model_requests, object, 4 more } or object { input_tokens, num_model_requests, object, 4 more } or 8 more` - `organization.usage.completions.result: object { input_tokens, num_model_requests, object, 10 more }` @@ -3107,6 +3287,66 @@ Get completions usage details for the organization. When `group_by=project_id`, this field provides the project ID of the grouped usage result. + - `organization.usage.file_searches.result: object { num_requests, object, api_key_id, 3 more }` + + The aggregated file search calls usage details of the specific time bucket. + + - `num_requests: number` + + The count of file search calls. + + - `object: "organization.usage.file_searches.result"` + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + + - `vector_store_id: optional string` + + When `group_by=vector_store_id`, this field provides the vector store ID of the grouped usage result. + + - `organization.usage.web_searches.result: object { num_model_requests, num_requests, object, 5 more }` + + The aggregated web search calls usage details of the specific time bucket. + + - `num_model_requests: number` + + The count of model requests. + + - `num_requests: number` + + The count of web search calls. + + - `object: "organization.usage.web_searches.result"` + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `context_level: optional string` + + When `group_by=context_level`, this field provides the search context size of the grouped usage result. + + - `model: optional string` + + When `group_by=model`, this field provides the model name of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + - `organization.costs.result: object { object, amount, api_key_id, 3 more }` The aggregated costs details of the specific time bucket. @@ -3255,7 +3495,7 @@ Get embeddings usage details for the organization. - `object: "bucket"` - - `results: array of object { input_tokens, num_model_requests, object, 10 more } or object { input_tokens, num_model_requests, object, 4 more } or object { input_tokens, num_model_requests, object, 4 more } or 6 more` + - `results: array of object { input_tokens, num_model_requests, object, 10 more } or object { input_tokens, num_model_requests, object, 4 more } or object { input_tokens, num_model_requests, object, 4 more } or 8 more` - `organization.usage.completions.result: object { input_tokens, num_model_requests, object, 10 more }` @@ -3497,6 +3737,66 @@ Get embeddings usage details for the organization. When `group_by=project_id`, this field provides the project ID of the grouped usage result. + - `organization.usage.file_searches.result: object { num_requests, object, api_key_id, 3 more }` + + The aggregated file search calls usage details of the specific time bucket. + + - `num_requests: number` + + The count of file search calls. + + - `object: "organization.usage.file_searches.result"` + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + + - `vector_store_id: optional string` + + When `group_by=vector_store_id`, this field provides the vector store ID of the grouped usage result. + + - `organization.usage.web_searches.result: object { num_model_requests, num_requests, object, 5 more }` + + The aggregated web search calls usage details of the specific time bucket. + + - `num_model_requests: number` + + The count of model requests. + + - `num_requests: number` + + The count of web search calls. + + - `object: "organization.usage.web_searches.result"` + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `context_level: optional string` + + When `group_by=context_level`, this field provides the search context size of the grouped usage result. + + - `model: optional string` + + When `group_by=model`, this field provides the model name of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + - `organization.costs.result: object { object, amount, api_key_id, 3 more }` The aggregated costs details of the specific time bucket. @@ -3653,7 +3953,7 @@ Get images usage details for the organization. - `object: "bucket"` - - `results: array of object { input_tokens, num_model_requests, object, 10 more } or object { input_tokens, num_model_requests, object, 4 more } or object { input_tokens, num_model_requests, object, 4 more } or 6 more` + - `results: array of object { input_tokens, num_model_requests, object, 10 more } or object { input_tokens, num_model_requests, object, 4 more } or object { input_tokens, num_model_requests, object, 4 more } or 8 more` - `organization.usage.completions.result: object { input_tokens, num_model_requests, object, 10 more }` @@ -3895,49 +4195,109 @@ Get images usage details for the organization. When `group_by=project_id`, this field provides the project ID of the grouped usage result. - - `organization.costs.result: object { object, amount, api_key_id, 3 more }` + - `organization.usage.file_searches.result: object { num_requests, object, api_key_id, 3 more }` - The aggregated costs details of the specific time bucket. + The aggregated file search calls usage details of the specific time bucket. - - `object: "organization.costs.result"` + - `num_requests: number` - - `amount: optional object { currency, value }` + The count of file search calls. - The monetary value in its associated currency. + - `object: "organization.usage.file_searches.result"` - - `currency: optional string` + - `api_key_id: optional string` - Lowercase ISO-4217 currency e.g. "usd" + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. - - `value: optional number` + - `project_id: optional string` - The numeric value of the cost. + When `group_by=project_id`, this field provides the project ID of the grouped usage result. - - `api_key_id: optional string` + - `user_id: optional string` - When `group_by=api_key_id`, this field provides the API Key ID of the grouped costs result. + When `group_by=user_id`, this field provides the user ID of the grouped usage result. - - `line_item: optional string` + - `vector_store_id: optional string` - When `group_by=line_item`, this field provides the line item of the grouped costs result. + When `group_by=vector_store_id`, this field provides the vector store ID of the grouped usage result. - - `project_id: optional string` + - `organization.usage.web_searches.result: object { num_model_requests, num_requests, object, 5 more }` - When `group_by=project_id`, this field provides the project ID of the grouped costs result. + The aggregated web search calls usage details of the specific time bucket. - - `quantity: optional number` + - `num_model_requests: number` - When `group_by=line_item`, this field provides the quantity of the grouped costs result. + The count of model requests. - - `start_time: number` + - `num_requests: number` - - `has_more: boolean` + The count of web search calls. - - `next_page: string` + - `object: "organization.usage.web_searches.result"` - - `object: "page"` + - `api_key_id: optional string` -### Example + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `context_level: optional string` + + When `group_by=context_level`, this field provides the search context size of the grouped usage result. + + - `model: optional string` + + When `group_by=model`, this field provides the model name of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + + - `organization.costs.result: object { object, amount, api_key_id, 3 more }` + + The aggregated costs details of the specific time bucket. + + - `object: "organization.costs.result"` + + - `amount: optional object { currency, value }` + + The monetary value in its associated currency. + + - `currency: optional string` + + Lowercase ISO-4217 currency e.g. "usd" + + - `value: optional number` + + The numeric value of the cost. + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API Key ID of the grouped costs result. + + - `line_item: optional string` + + When `group_by=line_item`, this field provides the line item of the grouped costs result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped costs result. + + - `quantity: optional number` + + When `group_by=line_item`, this field provides the quantity of the grouped costs result. + + - `start_time: number` + + - `has_more: boolean` + + - `next_page: string` + + - `object: "page"` + +### Example ```cli openai admin:organization:usage images \ @@ -4043,7 +4403,7 @@ Get moderations usage details for the organization. - `object: "bucket"` - - `results: array of object { input_tokens, num_model_requests, object, 10 more } or object { input_tokens, num_model_requests, object, 4 more } or object { input_tokens, num_model_requests, object, 4 more } or 6 more` + - `results: array of object { input_tokens, num_model_requests, object, 10 more } or object { input_tokens, num_model_requests, object, 4 more } or object { input_tokens, num_model_requests, object, 4 more } or 8 more` - `organization.usage.completions.result: object { input_tokens, num_model_requests, object, 10 more }` @@ -4285,6 +4645,66 @@ Get moderations usage details for the organization. When `group_by=project_id`, this field provides the project ID of the grouped usage result. + - `organization.usage.file_searches.result: object { num_requests, object, api_key_id, 3 more }` + + The aggregated file search calls usage details of the specific time bucket. + + - `num_requests: number` + + The count of file search calls. + + - `object: "organization.usage.file_searches.result"` + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + + - `vector_store_id: optional string` + + When `group_by=vector_store_id`, this field provides the vector store ID of the grouped usage result. + + - `organization.usage.web_searches.result: object { num_model_requests, num_requests, object, 5 more }` + + The aggregated web search calls usage details of the specific time bucket. + + - `num_model_requests: number` + + The count of model requests. + + - `num_requests: number` + + The count of web search calls. + + - `object: "organization.usage.web_searches.result"` + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `context_level: optional string` + + When `group_by=context_level`, this field provides the search context size of the grouped usage result. + + - `model: optional string` + + When `group_by=model`, this field provides the model name of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + - `organization.costs.result: object { object, amount, api_key_id, 3 more }` The aggregated costs details of the specific time bucket. @@ -4421,7 +4841,7 @@ Get vector stores usage details for the organization. - `object: "bucket"` - - `results: array of object { input_tokens, num_model_requests, object, 10 more } or object { input_tokens, num_model_requests, object, 4 more } or object { input_tokens, num_model_requests, object, 4 more } or 6 more` + - `results: array of object { input_tokens, num_model_requests, object, 10 more } or object { input_tokens, num_model_requests, object, 4 more } or object { input_tokens, num_model_requests, object, 4 more } or 8 more` - `organization.usage.completions.result: object { input_tokens, num_model_requests, object, 10 more }` @@ -4663,6 +5083,66 @@ Get vector stores usage details for the organization. When `group_by=project_id`, this field provides the project ID of the grouped usage result. + - `organization.usage.file_searches.result: object { num_requests, object, api_key_id, 3 more }` + + The aggregated file search calls usage details of the specific time bucket. + + - `num_requests: number` + + The count of file search calls. + + - `object: "organization.usage.file_searches.result"` + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + + - `vector_store_id: optional string` + + When `group_by=vector_store_id`, this field provides the vector store ID of the grouped usage result. + + - `organization.usage.web_searches.result: object { num_model_requests, num_requests, object, 5 more }` + + The aggregated web search calls usage details of the specific time bucket. + + - `num_model_requests: number` + + The count of model requests. + + - `num_requests: number` + + The count of web search calls. + + - `object: "organization.usage.web_searches.result"` + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `context_level: optional string` + + When `group_by=context_level`, this field provides the search context size of the grouped usage result. + + - `model: optional string` + + When `group_by=model`, this field provides the model name of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + - `organization.costs.result: object { object, amount, api_key_id, 3 more }` The aggregated costs details of the specific time bucket. @@ -4747,13 +5227,13 @@ openai admin:organization:usage vector-stores \ } ``` -## Costs +## File search calls -`$ openai admin:organization:usage costs` +`$ openai admin:organization:usage file-search-calls` -**get** `/organization/costs` +**get** `/organization/usage/file_search_calls` -Get costs details for the organization. +Get file search calls usage details for the organization. ### Parameters @@ -4763,23 +5243,27 @@ Get costs details for the organization. - `--api-key-id: optional array of string` - Return only costs for these API keys. + Return only usage for these API keys. -- `--bucket-width: optional "1d"` +- `--bucket-width: optional "1m" or "1h" or "1d"` - Width of each time bucket in response. Currently only `1d` is supported, default to `1d`. + Width of each time bucket in response. Currently `1m`, `1h` and `1d` are supported, default to `1d`. - `--end-time: optional number` End time (Unix seconds) of the query time range, exclusive. -- `--group-by: optional array of "project_id" or "line_item" or "api_key_id"` +- `--group-by: optional array of "project_id" or "user_id" or "api_key_id" or "vector_store_id"` - Group the costs by the specified fields. Support fields include `project_id`, `line_item`, `api_key_id` and any combination of them. + Group the usage data by the specified fields. Support fields include `project_id`, `user_id`, `api_key_id`, `vector_store_id` or any combination of them. - `--limit: optional number` - A limit on the number of buckets to be returned. Limit can range between 1 and 180, and the default is 7. + Specifies the number of buckets to return. + + - `bucket_width=1d`: default: 7, max: 31 + - `bucket_width=1h`: default: 24, max: 168 + - `bucket_width=1m`: default: 60, max: 1440 - `--page: optional string` @@ -4787,11 +5271,19 @@ Get costs details for the organization. - `--project-id: optional array of string` - Return only costs for these projects. + Return only usage for these projects. + +- `--user-id: optional array of string` + + Return only usage for these users. + +- `--vector-store-id: optional array of string` + + Return only usage for these vector stores. ### Returns -- `AdminOrganizationUsageCostsResponse: object { data, has_more, next_page, object }` +- `AdminOrganizationUsageFileSearchCallsResponse: object { data, has_more, next_page, object }` - `data: array of object { end_time, object, results, start_time }` @@ -4799,7 +5291,7 @@ Get costs details for the organization. - `object: "bucket"` - - `results: array of object { input_tokens, num_model_requests, object, 10 more } or object { input_tokens, num_model_requests, object, 4 more } or object { input_tokens, num_model_requests, object, 4 more } or 6 more` + - `results: array of object { input_tokens, num_model_requests, object, 10 more } or object { input_tokens, num_model_requests, object, 4 more } or object { input_tokens, num_model_requests, object, 4 more } or 8 more` - `organization.usage.completions.result: object { input_tokens, num_model_requests, object, 10 more }` @@ -5041,6 +5533,66 @@ Get costs details for the organization. When `group_by=project_id`, this field provides the project ID of the grouped usage result. + - `organization.usage.file_searches.result: object { num_requests, object, api_key_id, 3 more }` + + The aggregated file search calls usage details of the specific time bucket. + + - `num_requests: number` + + The count of file search calls. + + - `object: "organization.usage.file_searches.result"` + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + + - `vector_store_id: optional string` + + When `group_by=vector_store_id`, this field provides the vector store ID of the grouped usage result. + + - `organization.usage.web_searches.result: object { num_model_requests, num_requests, object, 5 more }` + + The aggregated web search calls usage details of the specific time bucket. + + - `num_model_requests: number` + + The count of model requests. + + - `num_requests: number` + + The count of web search calls. + + - `object: "organization.usage.web_searches.result"` + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `context_level: optional string` + + When `group_by=context_level`, this field provides the search context size of the grouped usage result. + + - `model: optional string` + + When `group_by=model`, this field provides the model name of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + - `organization.costs.result: object { object, amount, api_key_id, 3 more }` The aggregated costs details of the specific time bucket. @@ -5086,7 +5638,7 @@ Get costs details for the organization. ### Example ```cli -openai admin:organization:usage costs \ +openai admin:organization:usage file-search-calls \ --admin-api-key 'My Admin API Key' \ --start-time 0 ``` @@ -5125,546 +5677,1787 @@ openai admin:organization:usage costs \ } ``` -# Invites - -## List invites +## Web search calls -`$ openai admin:organization:invites list` +`$ openai admin:organization:usage web-search-calls` -**get** `/organization/invites` +**get** `/organization/usage/web_search_calls` -Returns a list of invites in the organization. +Get web search calls usage details for the organization. ### Parameters -- `--after: optional string` +- `--start-time: number` - A cursor for use in pagination. `after` is an object ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, ending with obj_foo, your subsequent call can include after=obj_foo in order to fetch the next page of the list. + Start time (Unix seconds) of the query time range, inclusive. -- `--limit: optional number` +- `--api-key-id: optional array of string` - A limit on the number of objects to be returned. Limit can range between 1 and 100, and the default is 20. + Return only usage for these API keys. -### Returns +- `--bucket-width: optional "1m" or "1h" or "1d"` -- `InviteListResponse: object { data, has_more, object, 2 more }` + Width of each time bucket in response. Currently `1m`, `1h` and `1d` are supported, default to `1d`. - - `data: array of Invite` +- `--context-level: optional array of "low" or "medium" or "high"` - - `id: string` + Return only web search usage for these context levels. - The identifier, which can be referenced in API endpoints +- `--end-time: optional number` - - `created_at: number` + End time (Unix seconds) of the query time range, exclusive. - The Unix timestamp (in seconds) of when the invite was sent. +- `--group-by: optional array of "project_id" or "user_id" or "api_key_id" or 2 more` - - `email: string` + Group the usage data by the specified fields. Support fields include `project_id`, `user_id`, `api_key_id`, `model`, `context_level` or any combination of them. - The email address of the individual to whom the invite was sent +- `--limit: optional number` - - `object: "organization.invite"` + Specifies the number of buckets to return. - The object type, which is always `organization.invite` + - `bucket_width=1d`: default: 7, max: 31 + - `bucket_width=1h`: default: 24, max: 168 + - `bucket_width=1m`: default: 60, max: 1440 - - `projects: array of object { id, role }` +- `--model: optional array of string` - The projects that were granted membership upon acceptance of the invite. + Return only usage for these models. - - `id: string` +- `--page: optional string` - Project's public ID + A cursor for use in pagination. Corresponding to the `next_page` field from the previous response. - - `role: "member" or "owner"` +- `--project-id: optional array of string` - Project membership role + Return only usage for these projects. - - `"member"` +- `--user-id: optional array of string` - - `"owner"` + Return only usage for these users. - - `role: "owner" or "reader"` +### Returns - `owner` or `reader` +- `AdminOrganizationUsageWebSearchCallsResponse: object { data, has_more, next_page, object }` - - `"owner"` + - `data: array of object { end_time, object, results, start_time }` - - `"reader"` + - `end_time: number` - - `status: "accepted" or "expired" or "pending"` + - `object: "bucket"` - `accepted`,`expired`, or `pending` + - `results: array of object { input_tokens, num_model_requests, object, 10 more } or object { input_tokens, num_model_requests, object, 4 more } or object { input_tokens, num_model_requests, object, 4 more } or 8 more` - - `"accepted"` + - `organization.usage.completions.result: object { input_tokens, num_model_requests, object, 10 more }` - - `"expired"` + The aggregated completions usage details of the specific time bucket. - - `"pending"` + - `input_tokens: number` - - `accepted_at: optional number` + The aggregated number of text input tokens used, including cached tokens. For customers subscribe to scale tier, this includes scale tier tokens. - The Unix timestamp (in seconds) of when the invite was accepted. + - `num_model_requests: number` - - `expires_at: optional number` + The count of requests made to the model. - The Unix timestamp (in seconds) of when the invite expires. + - `object: "organization.usage.completions.result"` - - `has_more: boolean` + - `output_tokens: number` - The `has_more` property is used for pagination to indicate there are additional results. + The aggregated number of text output tokens used. For customers subscribe to scale tier, this includes scale tier tokens. - - `object: "list"` + - `api_key_id: optional string` - The object type, which is always `list` + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. - - `first_id: optional string` + - `batch: optional boolean` - The first `invite_id` in the retrieved `list` + When `group_by=batch`, this field tells whether the grouped usage result is batch or not. - - `last_id: optional string` + - `input_audio_tokens: optional number` - The last `invite_id` in the retrieved `list` + The aggregated number of audio input tokens used, including cached tokens. -### Example + - `input_cached_tokens: optional number` -```cli -openai admin:organization:invites list \ - --admin-api-key 'My Admin API Key' -``` + The aggregated number of text input tokens that has been cached from previous requests. For customers subscribe to scale tier, this includes scale tier tokens. -#### Response + - `model: optional string` -```json -{ - "data": [ - { - "id": "id", - "created_at": 0, - "email": "email", - "object": "organization.invite", - "projects": [ - { - "id": "id", - "role": "member" - } - ], - "role": "owner", - "status": "accepted", - "accepted_at": 0, - "expires_at": 0 - } - ], - "has_more": true, - "object": "list", - "first_id": "first_id", - "last_id": "last_id" -} -``` + When `group_by=model`, this field provides the model name of the grouped usage result. -## Create invite + - `output_audio_tokens: optional number` -`$ openai admin:organization:invites create` + The aggregated number of audio output tokens used. -**post** `/organization/invites` + - `project_id: optional string` -Create an invite for a user to the organization. The invite must be accepted by the user before they have access to the organization. + When `group_by=project_id`, this field provides the project ID of the grouped usage result. -### Parameters + - `service_tier: optional string` -- `--email: string` + When `group_by=service_tier`, this field provides the service tier of the grouped usage result. - Send an email to this address + - `user_id: optional string` -- `--role: "reader" or "owner"` + When `group_by=user_id`, this field provides the user ID of the grouped usage result. - `owner` or `reader` + - `organization.usage.embeddings.result: object { input_tokens, num_model_requests, object, 4 more }` -- `--project: optional array of object { id, role }` + The aggregated embeddings usage details of the specific time bucket. - An array of projects to which membership is granted at the same time the org invite is accepted. If omitted, the user will be invited to the default project for compatibility with legacy behavior. + - `input_tokens: number` -### Returns + The aggregated number of input tokens used. -- `invite: object { id, created_at, email, 6 more }` + - `num_model_requests: number` - Represents an individual `invite` to the organization. + The count of requests made to the model. - - `id: string` + - `object: "organization.usage.embeddings.result"` - The identifier, which can be referenced in API endpoints + - `api_key_id: optional string` - - `created_at: number` + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. - The Unix timestamp (in seconds) of when the invite was sent. + - `model: optional string` - - `email: string` + When `group_by=model`, this field provides the model name of the grouped usage result. - The email address of the individual to whom the invite was sent + - `project_id: optional string` - - `object: "organization.invite"` + When `group_by=project_id`, this field provides the project ID of the grouped usage result. - The object type, which is always `organization.invite` + - `user_id: optional string` - - `projects: array of object { id, role }` + When `group_by=user_id`, this field provides the user ID of the grouped usage result. - The projects that were granted membership upon acceptance of the invite. + - `organization.usage.moderations.result: object { input_tokens, num_model_requests, object, 4 more }` - - `id: string` + The aggregated moderations usage details of the specific time bucket. - Project's public ID + - `input_tokens: number` - - `role: "member" or "owner"` + The aggregated number of input tokens used. - Project membership role + - `num_model_requests: number` - - `"member"` + The count of requests made to the model. - - `"owner"` + - `object: "organization.usage.moderations.result"` - - `role: "owner" or "reader"` + - `api_key_id: optional string` - `owner` or `reader` + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. - - `"owner"` + - `model: optional string` - - `"reader"` + When `group_by=model`, this field provides the model name of the grouped usage result. - - `status: "accepted" or "expired" or "pending"` + - `project_id: optional string` - `accepted`,`expired`, or `pending` + When `group_by=project_id`, this field provides the project ID of the grouped usage result. - - `"accepted"` + - `user_id: optional string` - - `"expired"` + When `group_by=user_id`, this field provides the user ID of the grouped usage result. - - `"pending"` + - `organization.usage.images.result: object { images, num_model_requests, object, 6 more }` - - `accepted_at: optional number` + The aggregated images usage details of the specific time bucket. - The Unix timestamp (in seconds) of when the invite was accepted. + - `images: number` - - `expires_at: optional number` + The number of images processed. - The Unix timestamp (in seconds) of when the invite expires. + - `num_model_requests: number` -### Example + The count of requests made to the model. -```cli -openai admin:organization:invites create \ - --admin-api-key 'My Admin API Key' \ - --email email \ - --role reader -``` + - `object: "organization.usage.images.result"` -#### Response + - `api_key_id: optional string` -```json -{ - "id": "id", - "created_at": 0, - "email": "email", - "object": "organization.invite", - "projects": [ - { - "id": "id", - "role": "member" - } - ], - "role": "owner", - "status": "accepted", - "accepted_at": 0, - "expires_at": 0 -} -``` + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. -## Retrieve invite + - `model: optional string` -`$ openai admin:organization:invites retrieve` + When `group_by=model`, this field provides the model name of the grouped usage result. -**get** `/organization/invites/{invite_id}` + - `project_id: optional string` -Retrieves an invite. + When `group_by=project_id`, this field provides the project ID of the grouped usage result. -### Parameters + - `size: optional string` -- `--invite-id: string` + When `group_by=size`, this field provides the image size of the grouped usage result. - The ID of the invite to retrieve. + - `source: optional string` -### Returns + When `group_by=source`, this field provides the source of the grouped usage result, possible values are `image.generation`, `image.edit`, `image.variation`. -- `invite: object { id, created_at, email, 6 more }` + - `user_id: optional string` - Represents an individual `invite` to the organization. + When `group_by=user_id`, this field provides the user ID of the grouped usage result. - - `id: string` + - `organization.usage.audio_speeches.result: object { characters, num_model_requests, object, 4 more }` - The identifier, which can be referenced in API endpoints + The aggregated audio speeches usage details of the specific time bucket. - - `created_at: number` + - `characters: number` - The Unix timestamp (in seconds) of when the invite was sent. + The number of characters processed. - - `email: string` + - `num_model_requests: number` - The email address of the individual to whom the invite was sent + The count of requests made to the model. - - `object: "organization.invite"` + - `object: "organization.usage.audio_speeches.result"` - The object type, which is always `organization.invite` + - `api_key_id: optional string` - - `projects: array of object { id, role }` + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. - The projects that were granted membership upon acceptance of the invite. + - `model: optional string` - - `id: string` + When `group_by=model`, this field provides the model name of the grouped usage result. - Project's public ID + - `project_id: optional string` - - `role: "member" or "owner"` + When `group_by=project_id`, this field provides the project ID of the grouped usage result. - Project membership role + - `user_id: optional string` - - `"member"` + When `group_by=user_id`, this field provides the user ID of the grouped usage result. - - `"owner"` + - `organization.usage.audio_transcriptions.result: object { num_model_requests, object, seconds, 4 more }` - - `role: "owner" or "reader"` + The aggregated audio transcriptions usage details of the specific time bucket. - `owner` or `reader` + - `num_model_requests: number` - - `"owner"` + The count of requests made to the model. - - `"reader"` + - `object: "organization.usage.audio_transcriptions.result"` - - `status: "accepted" or "expired" or "pending"` + - `seconds: number` - `accepted`,`expired`, or `pending` + The number of seconds processed. - - `"accepted"` + - `api_key_id: optional string` - - `"expired"` + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. - - `"pending"` + - `model: optional string` - - `accepted_at: optional number` + When `group_by=model`, this field provides the model name of the grouped usage result. - The Unix timestamp (in seconds) of when the invite was accepted. + - `project_id: optional string` - - `expires_at: optional number` + When `group_by=project_id`, this field provides the project ID of the grouped usage result. - The Unix timestamp (in seconds) of when the invite expires. + - `user_id: optional string` -### Example + When `group_by=user_id`, this field provides the user ID of the grouped usage result. -```cli -openai admin:organization:invites retrieve \ - --admin-api-key 'My Admin API Key' \ - --invite-id invite_id -``` + - `organization.usage.vector_stores.result: object { object, usage_bytes, project_id }` -#### Response + The aggregated vector stores usage details of the specific time bucket. -```json -{ - "id": "id", - "created_at": 0, - "email": "email", - "object": "organization.invite", - "projects": [ - { - "id": "id", - "role": "member" - } - ], - "role": "owner", - "status": "accepted", - "accepted_at": 0, - "expires_at": 0 -} -``` + - `object: "organization.usage.vector_stores.result"` -## Delete invite + - `usage_bytes: number` -`$ openai admin:organization:invites delete` + The vector stores usage in bytes. -**delete** `/organization/invites/{invite_id}` + - `project_id: optional string` -Delete an invite. If the invite has already been accepted, it cannot be deleted. + When `group_by=project_id`, this field provides the project ID of the grouped usage result. -### Parameters + - `organization.usage.code_interpreter_sessions.result: object { num_sessions, object, project_id }` -- `--invite-id: string` + The aggregated code interpreter sessions usage details of the specific time bucket. - The ID of the invite to delete. + - `num_sessions: number` -### Returns + The number of code interpreter sessions. -- `AdminOrganizationInviteDeleteResponse: object { id, deleted, object }` + - `object: "organization.usage.code_interpreter_sessions.result"` - - `id: string` + - `project_id: optional string` - - `deleted: boolean` + When `group_by=project_id`, this field provides the project ID of the grouped usage result. - - `object: "organization.invite.deleted"` + - `organization.usage.file_searches.result: object { num_requests, object, api_key_id, 3 more }` - The object type, which is always `organization.invite.deleted` + The aggregated file search calls usage details of the specific time bucket. -### Example + - `num_requests: number` -```cli -openai admin:organization:invites delete \ - --admin-api-key 'My Admin API Key' \ - --invite-id invite_id -``` + The count of file search calls. -#### Response + - `object: "organization.usage.file_searches.result"` -```json -{ - "id": "id", - "deleted": true, - "object": "organization.invite.deleted" -} -``` + - `api_key_id: optional string` -## Domain Types + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. -### Invite + - `project_id: optional string` -- `invite: object { id, created_at, email, 6 more }` + When `group_by=project_id`, this field provides the project ID of the grouped usage result. - Represents an individual `invite` to the organization. + - `user_id: optional string` - - `id: string` + When `group_by=user_id`, this field provides the user ID of the grouped usage result. - The identifier, which can be referenced in API endpoints + - `vector_store_id: optional string` - - `created_at: number` + When `group_by=vector_store_id`, this field provides the vector store ID of the grouped usage result. - The Unix timestamp (in seconds) of when the invite was sent. + - `organization.usage.web_searches.result: object { num_model_requests, num_requests, object, 5 more }` - - `email: string` + The aggregated web search calls usage details of the specific time bucket. - The email address of the individual to whom the invite was sent + - `num_model_requests: number` - - `object: "organization.invite"` + The count of model requests. - The object type, which is always `organization.invite` + - `num_requests: number` - - `projects: array of object { id, role }` + The count of web search calls. - The projects that were granted membership upon acceptance of the invite. + - `object: "organization.usage.web_searches.result"` - - `id: string` + - `api_key_id: optional string` - Project's public ID + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. - - `role: "member" or "owner"` + - `context_level: optional string` - Project membership role + When `group_by=context_level`, this field provides the search context size of the grouped usage result. - - `"member"` + - `model: optional string` - - `"owner"` + When `group_by=model`, this field provides the model name of the grouped usage result. - - `role: "owner" or "reader"` + - `project_id: optional string` - `owner` or `reader` + When `group_by=project_id`, this field provides the project ID of the grouped usage result. - - `"owner"` + - `user_id: optional string` - - `"reader"` + When `group_by=user_id`, this field provides the user ID of the grouped usage result. - - `status: "accepted" or "expired" or "pending"` + - `organization.costs.result: object { object, amount, api_key_id, 3 more }` - `accepted`,`expired`, or `pending` + The aggregated costs details of the specific time bucket. - - `"accepted"` + - `object: "organization.costs.result"` - - `"expired"` + - `amount: optional object { currency, value }` - - `"pending"` + The monetary value in its associated currency. - - `accepted_at: optional number` + - `currency: optional string` - The Unix timestamp (in seconds) of when the invite was accepted. + Lowercase ISO-4217 currency e.g. "usd" - - `expires_at: optional number` + - `value: optional number` - The Unix timestamp (in seconds) of when the invite expires. + The numeric value of the cost. -# Users + - `api_key_id: optional string` -## List users + When `group_by=api_key_id`, this field provides the API Key ID of the grouped costs result. -`$ openai admin:organization:users list` + - `line_item: optional string` -**get** `/organization/users` + When `group_by=line_item`, this field provides the line item of the grouped costs result. -Lists all of the users in the organization. + - `project_id: optional string` -### Parameters + When `group_by=project_id`, this field provides the project ID of the grouped costs result. -- `--after: optional string` + - `quantity: optional number` - A cursor for use in pagination. `after` is an object ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, ending with obj_foo, your subsequent call can include after=obj_foo in order to fetch the next page of the list. + When `group_by=line_item`, this field provides the quantity of the grouped costs result. -- `--email: optional array of string` + - `start_time: number` - Filter by the email address of users. + - `has_more: boolean` -- `--limit: optional number` + - `next_page: string` - A limit on the number of objects to be returned. Limit can range between 1 and 100, and the default is 20. + - `object: "page"` -### Returns +### Example -- `UserListResponse: object { data, has_more, object, 2 more }` +```cli +openai admin:organization:usage web-search-calls \ + --admin-api-key 'My Admin API Key' \ + --start-time 0 +``` - - `data: array of OrganizationUser` +#### Response - - `id: string` +```json +{ + "data": [ + { + "end_time": 0, + "object": "bucket", + "results": [ + { + "input_tokens": 0, + "num_model_requests": 0, + "object": "organization.usage.completions.result", + "output_tokens": 0, + "api_key_id": "api_key_id", + "batch": true, + "input_audio_tokens": 0, + "input_cached_tokens": 0, + "model": "model", + "output_audio_tokens": 0, + "project_id": "project_id", + "service_tier": "service_tier", + "user_id": "user_id" + } + ], + "start_time": 0 + } + ], + "has_more": true, + "next_page": "next_page", + "object": "page" +} +``` - The identifier, which can be referenced in API endpoints +## Costs - - `added_at: number` +`$ openai admin:organization:usage costs` - The Unix timestamp (in seconds) of when the user was added. +**get** `/organization/costs` - - `object: "organization.user"` +Get costs details for the organization. - The object type, which is always `organization.user` +### Parameters - - `api_key_last_used_at: optional number` +- `--start-time: number` - The Unix timestamp (in seconds) of the user's last API key usage. + Start time (Unix seconds) of the query time range, inclusive. - - `created: optional number` +- `--api-key-id: optional array of string` - The Unix timestamp (in seconds) of when the user was created. + Return only costs for these API keys. - - `developer_persona: optional string` +- `--bucket-width: optional "1d"` - The developer persona metadata for the user. + Width of each time bucket in response. Currently only `1d` is supported, default to `1d`. - - `email: optional string` +- `--end-time: optional number` - The email address of the user + End time (Unix seconds) of the query time range, exclusive. - - `is_default: optional boolean` +- `--group-by: optional array of "project_id" or "line_item" or "api_key_id"` - Whether this is the organization's default user. + Group the costs by the specified fields. Support fields include `project_id`, `line_item`, `api_key_id` and any combination of them. - - `is_scale_tier_authorized_purchaser: optional boolean` +- `--limit: optional number` - Whether the user is an authorized purchaser for Scale Tier. + A limit on the number of buckets to be returned. Limit can range between 1 and 180, and the default is 7. - - `is_scim_managed: optional boolean` +- `--page: optional string` - Whether the user is managed through SCIM. + A cursor for use in pagination. Corresponding to the `next_page` field from the previous response. - - `is_service_account: optional boolean` +- `--project-id: optional array of string` + + Return only costs for these projects. + +### Returns + +- `AdminOrganizationUsageCostsResponse: object { data, has_more, next_page, object }` + + - `data: array of object { end_time, object, results, start_time }` + + - `end_time: number` + + - `object: "bucket"` + + - `results: array of object { input_tokens, num_model_requests, object, 10 more } or object { input_tokens, num_model_requests, object, 4 more } or object { input_tokens, num_model_requests, object, 4 more } or 8 more` + + - `organization.usage.completions.result: object { input_tokens, num_model_requests, object, 10 more }` + + The aggregated completions usage details of the specific time bucket. + + - `input_tokens: number` + + The aggregated number of text input tokens used, including cached tokens. For customers subscribe to scale tier, this includes scale tier tokens. + + - `num_model_requests: number` + + The count of requests made to the model. + + - `object: "organization.usage.completions.result"` + + - `output_tokens: number` + + The aggregated number of text output tokens used. For customers subscribe to scale tier, this includes scale tier tokens. + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `batch: optional boolean` + + When `group_by=batch`, this field tells whether the grouped usage result is batch or not. + + - `input_audio_tokens: optional number` + + The aggregated number of audio input tokens used, including cached tokens. + + - `input_cached_tokens: optional number` + + The aggregated number of text input tokens that has been cached from previous requests. For customers subscribe to scale tier, this includes scale tier tokens. + + - `model: optional string` + + When `group_by=model`, this field provides the model name of the grouped usage result. + + - `output_audio_tokens: optional number` + + The aggregated number of audio output tokens used. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `service_tier: optional string` + + When `group_by=service_tier`, this field provides the service tier of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + + - `organization.usage.embeddings.result: object { input_tokens, num_model_requests, object, 4 more }` + + The aggregated embeddings usage details of the specific time bucket. + + - `input_tokens: number` + + The aggregated number of input tokens used. + + - `num_model_requests: number` + + The count of requests made to the model. + + - `object: "organization.usage.embeddings.result"` + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `model: optional string` + + When `group_by=model`, this field provides the model name of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + + - `organization.usage.moderations.result: object { input_tokens, num_model_requests, object, 4 more }` + + The aggregated moderations usage details of the specific time bucket. + + - `input_tokens: number` + + The aggregated number of input tokens used. + + - `num_model_requests: number` + + The count of requests made to the model. + + - `object: "organization.usage.moderations.result"` + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `model: optional string` + + When `group_by=model`, this field provides the model name of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + + - `organization.usage.images.result: object { images, num_model_requests, object, 6 more }` + + The aggregated images usage details of the specific time bucket. + + - `images: number` + + The number of images processed. + + - `num_model_requests: number` + + The count of requests made to the model. + + - `object: "organization.usage.images.result"` + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `model: optional string` + + When `group_by=model`, this field provides the model name of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `size: optional string` + + When `group_by=size`, this field provides the image size of the grouped usage result. + + - `source: optional string` + + When `group_by=source`, this field provides the source of the grouped usage result, possible values are `image.generation`, `image.edit`, `image.variation`. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + + - `organization.usage.audio_speeches.result: object { characters, num_model_requests, object, 4 more }` + + The aggregated audio speeches usage details of the specific time bucket. + + - `characters: number` + + The number of characters processed. + + - `num_model_requests: number` + + The count of requests made to the model. + + - `object: "organization.usage.audio_speeches.result"` + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `model: optional string` + + When `group_by=model`, this field provides the model name of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + + - `organization.usage.audio_transcriptions.result: object { num_model_requests, object, seconds, 4 more }` + + The aggregated audio transcriptions usage details of the specific time bucket. + + - `num_model_requests: number` + + The count of requests made to the model. + + - `object: "organization.usage.audio_transcriptions.result"` + + - `seconds: number` + + The number of seconds processed. + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `model: optional string` + + When `group_by=model`, this field provides the model name of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + + - `organization.usage.vector_stores.result: object { object, usage_bytes, project_id }` + + The aggregated vector stores usage details of the specific time bucket. + + - `object: "organization.usage.vector_stores.result"` + + - `usage_bytes: number` + + The vector stores usage in bytes. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `organization.usage.code_interpreter_sessions.result: object { num_sessions, object, project_id }` + + The aggregated code interpreter sessions usage details of the specific time bucket. + + - `num_sessions: number` + + The number of code interpreter sessions. + + - `object: "organization.usage.code_interpreter_sessions.result"` + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `organization.usage.file_searches.result: object { num_requests, object, api_key_id, 3 more }` + + The aggregated file search calls usage details of the specific time bucket. + + - `num_requests: number` + + The count of file search calls. + + - `object: "organization.usage.file_searches.result"` + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + + - `vector_store_id: optional string` + + When `group_by=vector_store_id`, this field provides the vector store ID of the grouped usage result. + + - `organization.usage.web_searches.result: object { num_model_requests, num_requests, object, 5 more }` + + The aggregated web search calls usage details of the specific time bucket. + + - `num_model_requests: number` + + The count of model requests. + + - `num_requests: number` + + The count of web search calls. + + - `object: "organization.usage.web_searches.result"` + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API key ID of the grouped usage result. + + - `context_level: optional string` + + When `group_by=context_level`, this field provides the search context size of the grouped usage result. + + - `model: optional string` + + When `group_by=model`, this field provides the model name of the grouped usage result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped usage result. + + - `user_id: optional string` + + When `group_by=user_id`, this field provides the user ID of the grouped usage result. + + - `organization.costs.result: object { object, amount, api_key_id, 3 more }` + + The aggregated costs details of the specific time bucket. + + - `object: "organization.costs.result"` + + - `amount: optional object { currency, value }` + + The monetary value in its associated currency. + + - `currency: optional string` + + Lowercase ISO-4217 currency e.g. "usd" + + - `value: optional number` + + The numeric value of the cost. + + - `api_key_id: optional string` + + When `group_by=api_key_id`, this field provides the API Key ID of the grouped costs result. + + - `line_item: optional string` + + When `group_by=line_item`, this field provides the line item of the grouped costs result. + + - `project_id: optional string` + + When `group_by=project_id`, this field provides the project ID of the grouped costs result. + + - `quantity: optional number` + + When `group_by=line_item`, this field provides the quantity of the grouped costs result. + + - `start_time: number` + + - `has_more: boolean` + + - `next_page: string` + + - `object: "page"` + +### Example + +```cli +openai admin:organization:usage costs \ + --admin-api-key 'My Admin API Key' \ + --start-time 0 +``` + +#### Response + +```json +{ + "data": [ + { + "end_time": 0, + "object": "bucket", + "results": [ + { + "input_tokens": 0, + "num_model_requests": 0, + "object": "organization.usage.completions.result", + "output_tokens": 0, + "api_key_id": "api_key_id", + "batch": true, + "input_audio_tokens": 0, + "input_cached_tokens": 0, + "model": "model", + "output_audio_tokens": 0, + "project_id": "project_id", + "service_tier": "service_tier", + "user_id": "user_id" + } + ], + "start_time": 0 + } + ], + "has_more": true, + "next_page": "next_page", + "object": "page" +} +``` + +# Invites + +## List invites + +`$ openai admin:organization:invites list` + +**get** `/organization/invites` + +Returns a list of invites in the organization. + +### Parameters + +- `--after: optional string` + + A cursor for use in pagination. `after` is an object ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, ending with obj_foo, your subsequent call can include after=obj_foo in order to fetch the next page of the list. + +- `--limit: optional number` + + A limit on the number of objects to be returned. Limit can range between 1 and 100, and the default is 20. + +### Returns + +- `InviteListResponse: object { data, has_more, object, 2 more }` + + - `data: array of Invite` + + - `id: string` + + The identifier, which can be referenced in API endpoints + + - `created_at: number` + + The Unix timestamp (in seconds) of when the invite was sent. + + - `email: string` + + The email address of the individual to whom the invite was sent + + - `object: "organization.invite"` + + The object type, which is always `organization.invite` + + - `projects: array of object { id, role }` + + The projects that were granted membership upon acceptance of the invite. + + - `id: string` + + Project's public ID + + - `role: "member" or "owner"` + + Project membership role + + - `"member"` + + - `"owner"` + + - `role: "owner" or "reader"` + + `owner` or `reader` + + - `"owner"` + + - `"reader"` + + - `status: "accepted" or "expired" or "pending"` + + `accepted`,`expired`, or `pending` + + - `"accepted"` + + - `"expired"` + + - `"pending"` + + - `accepted_at: optional number` + + The Unix timestamp (in seconds) of when the invite was accepted. + + - `expires_at: optional number` + + The Unix timestamp (in seconds) of when the invite expires. + + - `has_more: boolean` + + The `has_more` property is used for pagination to indicate there are additional results. + + - `object: "list"` + + The object type, which is always `list` + + - `first_id: optional string` + + The first `invite_id` in the retrieved `list` + + - `last_id: optional string` + + The last `invite_id` in the retrieved `list` + +### Example + +```cli +openai admin:organization:invites list \ + --admin-api-key 'My Admin API Key' +``` + +#### Response + +```json +{ + "data": [ + { + "id": "id", + "created_at": 0, + "email": "email", + "object": "organization.invite", + "projects": [ + { + "id": "id", + "role": "member" + } + ], + "role": "owner", + "status": "accepted", + "accepted_at": 0, + "expires_at": 0 + } + ], + "has_more": true, + "object": "list", + "first_id": "first_id", + "last_id": "last_id" +} +``` + +## Create invite + +`$ openai admin:organization:invites create` + +**post** `/organization/invites` + +Create an invite for a user to the organization. The invite must be accepted by the user before they have access to the organization. + +### Parameters + +- `--email: string` + + Send an email to this address + +- `--role: "reader" or "owner"` + + `owner` or `reader` + +- `--project: optional array of object { id, role }` + + An array of projects to which membership is granted at the same time the org invite is accepted. If omitted, the user will be invited to the default project for compatibility with legacy behavior. If empty list is passed, the user will not be invited to any projects, including the default one. + +### Returns + +- `invite: object { id, created_at, email, 6 more }` + + Represents an individual `invite` to the organization. + + - `id: string` + + The identifier, which can be referenced in API endpoints + + - `created_at: number` + + The Unix timestamp (in seconds) of when the invite was sent. + + - `email: string` + + The email address of the individual to whom the invite was sent + + - `object: "organization.invite"` + + The object type, which is always `organization.invite` + + - `projects: array of object { id, role }` + + The projects that were granted membership upon acceptance of the invite. + + - `id: string` + + Project's public ID + + - `role: "member" or "owner"` + + Project membership role + + - `"member"` + + - `"owner"` + + - `role: "owner" or "reader"` + + `owner` or `reader` + + - `"owner"` + + - `"reader"` + + - `status: "accepted" or "expired" or "pending"` + + `accepted`,`expired`, or `pending` + + - `"accepted"` + + - `"expired"` + + - `"pending"` + + - `accepted_at: optional number` + + The Unix timestamp (in seconds) of when the invite was accepted. + + - `expires_at: optional number` + + The Unix timestamp (in seconds) of when the invite expires. + +### Example + +```cli +openai admin:organization:invites create \ + --admin-api-key 'My Admin API Key' \ + --email email \ + --role reader +``` + +#### Response + +```json +{ + "id": "id", + "created_at": 0, + "email": "email", + "object": "organization.invite", + "projects": [ + { + "id": "id", + "role": "member" + } + ], + "role": "owner", + "status": "accepted", + "accepted_at": 0, + "expires_at": 0 +} +``` + +## Retrieve invite + +`$ openai admin:organization:invites retrieve` + +**get** `/organization/invites/{invite_id}` + +Retrieves an invite. + +### Parameters + +- `--invite-id: string` + + The ID of the invite to retrieve. + +### Returns + +- `invite: object { id, created_at, email, 6 more }` + + Represents an individual `invite` to the organization. + + - `id: string` + + The identifier, which can be referenced in API endpoints + + - `created_at: number` + + The Unix timestamp (in seconds) of when the invite was sent. + + - `email: string` + + The email address of the individual to whom the invite was sent + + - `object: "organization.invite"` + + The object type, which is always `organization.invite` + + - `projects: array of object { id, role }` + + The projects that were granted membership upon acceptance of the invite. + + - `id: string` + + Project's public ID + + - `role: "member" or "owner"` + + Project membership role + + - `"member"` + + - `"owner"` + + - `role: "owner" or "reader"` + + `owner` or `reader` + + - `"owner"` + + - `"reader"` + + - `status: "accepted" or "expired" or "pending"` + + `accepted`,`expired`, or `pending` + + - `"accepted"` + + - `"expired"` + + - `"pending"` + + - `accepted_at: optional number` + + The Unix timestamp (in seconds) of when the invite was accepted. + + - `expires_at: optional number` + + The Unix timestamp (in seconds) of when the invite expires. + +### Example + +```cli +openai admin:organization:invites retrieve \ + --admin-api-key 'My Admin API Key' \ + --invite-id invite_id +``` + +#### Response + +```json +{ + "id": "id", + "created_at": 0, + "email": "email", + "object": "organization.invite", + "projects": [ + { + "id": "id", + "role": "member" + } + ], + "role": "owner", + "status": "accepted", + "accepted_at": 0, + "expires_at": 0 +} +``` + +## Delete invite + +`$ openai admin:organization:invites delete` + +**delete** `/organization/invites/{invite_id}` + +Delete an invite. If the invite has already been accepted, it cannot be deleted. + +### Parameters + +- `--invite-id: string` + + The ID of the invite to delete. + +### Returns + +- `AdminOrganizationInviteDeleteResponse: object { id, deleted, object }` + + - `id: string` + + - `deleted: boolean` + + - `object: "organization.invite.deleted"` + + The object type, which is always `organization.invite.deleted` + +### Example + +```cli +openai admin:organization:invites delete \ + --admin-api-key 'My Admin API Key' \ + --invite-id invite_id +``` + +#### Response + +```json +{ + "id": "id", + "deleted": true, + "object": "organization.invite.deleted" +} +``` + +## Domain Types + +### Invite + +- `invite: object { id, created_at, email, 6 more }` + + Represents an individual `invite` to the organization. + + - `id: string` + + The identifier, which can be referenced in API endpoints + + - `created_at: number` + + The Unix timestamp (in seconds) of when the invite was sent. + + - `email: string` + + The email address of the individual to whom the invite was sent + + - `object: "organization.invite"` + + The object type, which is always `organization.invite` + + - `projects: array of object { id, role }` + + The projects that were granted membership upon acceptance of the invite. + + - `id: string` + + Project's public ID + + - `role: "member" or "owner"` + + Project membership role + + - `"member"` + + - `"owner"` + + - `role: "owner" or "reader"` + + `owner` or `reader` + + - `"owner"` + + - `"reader"` + + - `status: "accepted" or "expired" or "pending"` + + `accepted`,`expired`, or `pending` + + - `"accepted"` + + - `"expired"` + + - `"pending"` + + - `accepted_at: optional number` + + The Unix timestamp (in seconds) of when the invite was accepted. + + - `expires_at: optional number` + + The Unix timestamp (in seconds) of when the invite expires. + +# Users + +## List users + +`$ openai admin:organization:users list` + +**get** `/organization/users` + +Lists all of the users in the organization. + +### Parameters + +- `--after: optional string` + + A cursor for use in pagination. `after` is an object ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, ending with obj_foo, your subsequent call can include after=obj_foo in order to fetch the next page of the list. + +- `--email: optional array of string` + + Filter by the email address of users. + +- `--limit: optional number` + + A limit on the number of objects to be returned. Limit can range between 1 and 100, and the default is 20. + +### Returns + +- `UserListResponse: object { data, has_more, object, 2 more }` + + - `data: array of OrganizationUser` + + - `id: string` + + The identifier, which can be referenced in API endpoints + + - `added_at: number` + + The Unix timestamp (in seconds) of when the user was added. + + - `object: "organization.user"` + + The object type, which is always `organization.user` + + - `api_key_last_used_at: optional number` + + The Unix timestamp (in seconds) of the user's last API key usage. + + - `created: optional number` + + The Unix timestamp (in seconds) of when the user was created. + + - `developer_persona: optional string` + + The developer persona metadata for the user. + + - `email: optional string` + + The email address of the user + + - `is_default: optional boolean` + + Whether this is the organization's default user. + + - `is_scale_tier_authorized_purchaser: optional boolean` + + Whether the user is an authorized purchaser for Scale Tier. + + - `is_scim_managed: optional boolean` + + Whether the user is managed through SCIM. + + - `is_service_account: optional boolean` + + Whether the user is a service account. + + - `name: optional string` + + The name of the user + + - `projects: optional object { data, object }` + + Projects associated with the user, if included. + + - `data: array of object { id, name, role }` + + - `id: optional string` + + - `name: optional string` + + - `role: optional string` + + - `object: "list"` + + - `role: optional string` + + `owner` or `reader` + + - `technical_level: optional string` + + The technical level metadata for the user. + + - `user: optional object { id, object, banned, 5 more }` + + Nested user details. + + - `id: string` + + - `object: "user"` + + - `banned: optional boolean` + + - `banned_at: optional number` + + - `email: optional string` + + - `enabled: optional boolean` + + - `name: optional string` + + - `picture: optional string` + + - `has_more: boolean` + + - `object: "list"` + + - `first_id: optional string` + + - `last_id: optional string` + +### Example + +```cli +openai admin:organization:users list \ + --admin-api-key 'My Admin API Key' +``` + +#### Response + +```json +{ + "data": [ + { + "id": "id", + "added_at": 0, + "object": "organization.user", + "api_key_last_used_at": 0, + "created": 0, + "developer_persona": "developer_persona", + "email": "email", + "is_default": true, + "is_scale_tier_authorized_purchaser": true, + "is_scim_managed": true, + "is_service_account": true, + "name": "name", + "projects": { + "data": [ + { + "id": "id", + "name": "name", + "role": "role" + } + ], + "object": "list" + }, + "role": "role", + "technical_level": "technical_level", + "user": { + "id": "id", + "object": "user", + "banned": true, + "banned_at": 0, + "email": "email", + "enabled": true, + "name": "name", + "picture": "picture" + } + } + ], + "has_more": true, + "object": "list", + "first_id": "first_id", + "last_id": "last_id" +} +``` + +## Retrieve user + +`$ openai admin:organization:users retrieve` + +**get** `/organization/users/{user_id}` + +Retrieves a user by their identifier. + +### Parameters + +- `--user-id: string` + + The ID of the user. + +### Returns + +- `organization_user: object { id, added_at, object, 13 more }` + + Represents an individual `user` within an organization. + + - `id: string` + + The identifier, which can be referenced in API endpoints + + - `added_at: number` + + The Unix timestamp (in seconds) of when the user was added. + + - `object: "organization.user"` + + The object type, which is always `organization.user` + + - `api_key_last_used_at: optional number` + + The Unix timestamp (in seconds) of the user's last API key usage. + + - `created: optional number` + + The Unix timestamp (in seconds) of when the user was created. + + - `developer_persona: optional string` + + The developer persona metadata for the user. + + - `email: optional string` + + The email address of the user + + - `is_default: optional boolean` + + Whether this is the organization's default user. + + - `is_scale_tier_authorized_purchaser: optional boolean` + + Whether the user is an authorized purchaser for Scale Tier. + + - `is_scim_managed: optional boolean` + + Whether the user is managed through SCIM. + + - `is_service_account: optional boolean` + + Whether the user is a service account. + + - `name: optional string` + + The name of the user + + - `projects: optional object { data, object }` + + Projects associated with the user, if included. + + - `data: array of object { id, name, role }` + + - `id: optional string` + + - `name: optional string` + + - `role: optional string` + + - `object: "list"` + + - `role: optional string` + + `owner` or `reader` + + - `technical_level: optional string` + + The technical level metadata for the user. + + - `user: optional object { id, object, banned, 5 more }` + + Nested user details. + + - `id: string` + + - `object: "user"` + + - `banned: optional boolean` + + - `banned_at: optional number` + + - `email: optional string` + + - `enabled: optional boolean` + + - `name: optional string` + + - `picture: optional string` + +### Example + +```cli +openai admin:organization:users retrieve \ + --admin-api-key 'My Admin API Key' \ + --user-id user_id +``` + +#### Response + +```json +{ + "id": "id", + "added_at": 0, + "object": "organization.user", + "api_key_last_used_at": 0, + "created": 0, + "developer_persona": "developer_persona", + "email": "email", + "is_default": true, + "is_scale_tier_authorized_purchaser": true, + "is_scim_managed": true, + "is_service_account": true, + "name": "name", + "projects": { + "data": [ + { + "id": "id", + "name": "name", + "role": "role" + } + ], + "object": "list" + }, + "role": "role", + "technical_level": "technical_level", + "user": { + "id": "id", + "object": "user", + "banned": true, + "banned_at": 0, + "email": "email", + "enabled": true, + "name": "name", + "picture": "picture" + } +} +``` + +## Modify user + +`$ openai admin:organization:users update` + +**post** `/organization/users/{user_id}` + +Modifies a user's role in the organization. + +### Parameters + +- `--user-id: string` + + The ID of the user. + +- `--developer-persona: optional string` + + Developer persona metadata. + +- `--role: optional string` + + `owner` or `reader` + +- `--role-id: optional string` + + Role ID to assign to the user. + +- `--technical-level: optional string` + + Technical level metadata. + +### Returns + +- `organization_user: object { id, added_at, object, 13 more }` + + Represents an individual `user` within an organization. + + - `id: string` + + The identifier, which can be referenced in API endpoints + + - `added_at: number` + + The Unix timestamp (in seconds) of when the user was added. + + - `object: "organization.user"` + + The object type, which is always `organization.user` + + - `api_key_last_used_at: optional number` + + The Unix timestamp (in seconds) of the user's last API key usage. + + - `created: optional number` + + The Unix timestamp (in seconds) of when the user was created. + + - `developer_persona: optional string` + + The developer persona metadata for the user. + + - `email: optional string` + + The email address of the user + + - `is_default: optional boolean` + + Whether this is the organization's default user. + + - `is_scale_tier_authorized_purchaser: optional boolean` + + Whether the user is an authorized purchaser for Scale Tier. + + - `is_scim_managed: optional boolean` + + Whether the user is managed through SCIM. + + - `is_service_account: optional boolean` Whether the user is a service account. @@ -5714,27 +7507,18 @@ Lists all of the users in the organization. - `picture: optional string` - - `has_more: boolean` - - - `object: "list"` - - - `first_id: optional string` - - - `last_id: optional string` - ### Example ```cli -openai admin:organization:users list \ - --admin-api-key 'My Admin API Key' +openai admin:organization:users update \ + --admin-api-key 'My Admin API Key' \ + --user-id user_id ``` #### Response ```json { - "data": [ - { "id": "id", "added_at": 0, "object": "organization.user", @@ -5769,22 +7553,16 @@ openai admin:organization:users list \ "name": "name", "picture": "picture" } - } - ], - "has_more": true, - "object": "list", - "first_id": "first_id", - "last_id": "last_id" } ``` -## Retrieve user +## Delete user -`$ openai admin:organization:users retrieve` +`$ openai admin:organization:users delete` -**get** `/organization/users/{user_id}` +**delete** `/organization/users/{user_id}` -Retrieves a user by their identifier. +Deletes a user from the organization. ### Parameters @@ -5794,6 +7572,36 @@ Retrieves a user by their identifier. ### Returns +- `AdminOrganizationUserDeleteResponse: object { id, deleted, object }` + + - `id: string` + + - `deleted: boolean` + + - `object: "organization.user.deleted"` + +### Example + +```cli +openai admin:organization:users delete \ + --admin-api-key 'My Admin API Key' \ + --user-id user_id +``` + +#### Response + +```json +{ + "id": "id", + "deleted": true, + "object": "organization.user.deleted" +} +``` + +## Domain Types + +### Organization User + - `organization_user: object { id, added_at, object, 13 more }` Represents an individual `user` within an organization. @@ -5888,10 +7696,104 @@ Retrieves a user by their identifier. - `picture: optional string` +# Roles + +## List user organization role assignments + +`$ openai admin:organization:users:roles list` + +**get** `/organization/users/{user_id}/roles` + +Lists the organization roles assigned to a user within the organization. + +### Parameters + +- `--user-id: string` + + The ID of the user to inspect. + +- `--after: optional string` + + Cursor for pagination. Provide the value from the previous response's `next` field to continue listing organization roles. + +- `--limit: optional number` + + A limit on the number of organization role assignments to return. + +- `--order: optional "asc" or "desc"` + + Sort order for the returned organization roles. + +### Returns + +- `RoleListResource: object { data, has_more, next, object }` + + Paginated list of roles assigned to a principal. + + - `data: array of object { id, created_at, created_by, 8 more }` + + Role assignments returned in the current page. + + - `id: string` + + Identifier for the role. + + - `created_at: number` + + When the role was created. + + - `created_by: string` + + Identifier of the actor who created the role. + + - `created_by_user_obj: map[unknown]` + + User details for the actor that created the role, when available. + + - `description: string` + + Description of the role. + + - `metadata: map[unknown]` + + Arbitrary metadata stored on the role. + + - `name: string` + + Name of the role. + + - `permissions: array of string` + + Permissions associated with the role. + + - `predefined_role: boolean` + + Whether the role is predefined by OpenAI. + + - `resource_type: string` + + Resource type the role applies to. + + - `updated_at: number` + + When the role was last updated. + + - `has_more: boolean` + + Whether additional assignments are available when paginating. + + - `next: string` + + Cursor to fetch the next page of results, or `null` when there are no more assignments. + + - `object: "list"` + + Always `list`. + ### Example ```cli -openai admin:organization:users retrieve \ +openai admin:organization:users:roles list \ --admin-api-key 'My Admin API Key' \ --user-id user_id ``` @@ -5900,76 +7802,94 @@ openai admin:organization:users retrieve \ ```json { - "id": "id", - "added_at": 0, - "object": "organization.user", - "api_key_last_used_at": 0, - "created": 0, - "developer_persona": "developer_persona", - "email": "email", - "is_default": true, - "is_scale_tier_authorized_purchaser": true, - "is_scim_managed": true, - "is_service_account": true, - "name": "name", - "projects": { "data": [ { "id": "id", + "created_at": 0, + "created_by": "created_by", + "created_by_user_obj": { + "foo": "bar" + }, + "description": "description", + "metadata": { + "foo": "bar" + }, "name": "name", - "role": "role" + "permissions": [ + "string" + ], + "predefined_role": true, + "resource_type": "resource_type", + "updated_at": 0 } ], + "has_more": true, + "next": "next", "object": "list" - }, - "role": "role", - "technical_level": "technical_level", - "user": { - "id": "id", - "object": "user", - "banned": true, - "banned_at": 0, - "email": "email", - "enabled": true, - "name": "name", - "picture": "picture" - } } ``` -## Modify user +## Assign organization role to user -`$ openai admin:organization:users update` +`$ openai admin:organization:users:roles create` -**post** `/organization/users/{user_id}` +**post** `/organization/users/{user_id}/roles` -Modifies a user's role in the organization. +Assigns an organization role to a user within the organization. ### Parameters - `--user-id: string` - The ID of the user. + The ID of the user that should receive the organization role. -- `--developer-persona: optional string` +- `--role-id: string` - Developer persona metadata. + Identifier of the role to assign. -- `--role: optional string` +### Returns + +- `AdminOrganizationUserRoleNewResponse: object { object, role, user }` + + Role assignment linking a user to a role. + + - `object: "user.role"` + + Always `user.role`. + + - `role: object { id, description, name, 4 more }` + + Details about a role that can be assigned through the public Roles API. + + - `id: string` + + Identifier for the role. + + - `description: string` + + Optional description of the role. + + - `name: string` + + Unique name for the role. + + - `object: "role"` + + Always `role`. - `owner` or `reader` + - `permissions: array of string` -- `--role-id: optional string` + Permissions granted by the role. - Role ID to assign to the user. + - `predefined_role: boolean` -- `--technical-level: optional string` + Whether the role is predefined and managed by OpenAI. - Technical level metadata. + - `resource_type: string` -### Returns + Resource type the role is bound to (for example `api.organization` or `api.project`). -- `organization_user: object { id, added_at, object, 13 more }` + - `user: object { id, added_at, object, 13 more }` Represents an individual `user` within an organization. @@ -6066,15 +7986,29 @@ Modifies a user's role in the organization. ### Example ```cli -openai admin:organization:users update \ +openai admin:organization:users:roles create \ --admin-api-key 'My Admin API Key' \ - --user-id user_id + --user-id user_id \ + --role-id role_id ``` #### Response ```json { + "object": "user.role", + "role": { + "id": "id", + "description": "description", + "name": "name", + "object": "role", + "permissions": [ + "string" + ], + "predefined_role": true, + "resource_type": "resource_type" + }, + "user": { "id": "id", "added_at": 0, "object": "organization.user", @@ -6109,238 +8043,121 @@ openai admin:organization:users update \ "name": "name", "picture": "picture" } + } } ``` -## Delete user +## Unassign organization role from user -`$ openai admin:organization:users delete` +`$ openai admin:organization:users:roles delete` -**delete** `/organization/users/{user_id}` +**delete** `/organization/users/{user_id}/roles/{role_id}` -Deletes a user from the organization. +Unassigns an organization role from a user within the organization. ### Parameters - `--user-id: string` - The ID of the user. + The ID of the user to modify. + +- `--role-id: string` + + The ID of the organization role to remove from the user. ### Returns -- `AdminOrganizationUserDeleteResponse: object { id, deleted, object }` +- `AdminOrganizationUserRoleDeleteResponse: object { deleted, object }` - - `id: string` + Confirmation payload returned after unassigning a role. - `deleted: boolean` - - `object: "organization.user.deleted"` + Whether the assignment was removed. + + - `object: string` + + Identifier for the deleted assignment, such as `group.role.deleted` or `user.role.deleted`. ### Example ```cli -openai admin:organization:users delete \ +openai admin:organization:users:roles delete \ --admin-api-key 'My Admin API Key' \ - --user-id user_id + --user-id user_id \ + --role-id role_id ``` #### Response ```json { - "id": "id", "deleted": true, - "object": "organization.user.deleted" + "object": "object" } ``` -## Domain Types - -### Organization User - -- `organization_user: object { id, added_at, object, 13 more }` - - Represents an individual `user` within an organization. - - - `id: string` - - The identifier, which can be referenced in API endpoints - - - `added_at: number` - - The Unix timestamp (in seconds) of when the user was added. - - - `object: "organization.user"` - - The object type, which is always `organization.user` - - - `api_key_last_used_at: optional number` - - The Unix timestamp (in seconds) of the user's last API key usage. - - - `created: optional number` - - The Unix timestamp (in seconds) of when the user was created. - - - `developer_persona: optional string` - - The developer persona metadata for the user. - - - `email: optional string` - - The email address of the user - - - `is_default: optional boolean` - - Whether this is the organization's default user. - - - `is_scale_tier_authorized_purchaser: optional boolean` - - Whether the user is an authorized purchaser for Scale Tier. - - - `is_scim_managed: optional boolean` - - Whether the user is managed through SCIM. - - - `is_service_account: optional boolean` - - Whether the user is a service account. - - - `name: optional string` - - The name of the user - - - `projects: optional object { data, object }` - - Projects associated with the user, if included. - - - `data: array of object { id, name, role }` - - - `id: optional string` - - - `name: optional string` - - - `role: optional string` - - - `object: "list"` - - - `role: optional string` - - `owner` or `reader` - - - `technical_level: optional string` - - The technical level metadata for the user. - - - `user: optional object { id, object, banned, 5 more }` - - Nested user details. - - - `id: string` - - - `object: "user"` - - - `banned: optional boolean` - - - `banned_at: optional number` - - - `email: optional string` - - - `enabled: optional boolean` - - - `name: optional string` - - - `picture: optional string` - -# Roles +# Groups -## List user organization role assignments +## List groups -`$ openai admin:organization:users:roles list` +`$ openai admin:organization:groups list` -**get** `/organization/users/{user_id}/roles` +**get** `/organization/groups` -Lists the organization roles assigned to a user within the organization. +Lists all groups in the organization. ### Parameters -- `--user-id: string` - - The ID of the user to inspect. - - `--after: optional string` - Cursor for pagination. Provide the value from the previous response's `next` field to continue listing organization roles. + A cursor for use in pagination. `after` is a group ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, ending with group_abc, your subsequent call can include `after=group_abc` in order to fetch the next page of the list. - `--limit: optional number` - A limit on the number of organization role assignments to return. + A limit on the number of groups to be returned. Limit can range between 0 and 1000, and the default is 100. - `--order: optional "asc" or "desc"` - Sort order for the returned organization roles. + Specifies the sort order of the returned groups. ### Returns -- `RoleListResource: object { data, has_more, next, object }` +- `GroupListResource: object { data, has_more, next, object }` - Paginated list of roles assigned to a principal. + Paginated list of organization groups. - - `data: array of object { id, created_at, created_by, 8 more }` + - `data: array of Group` - Role assignments returned in the current page. + Groups returned in the current page. - `id: string` - Identifier for the role. + Identifier for the group. - `created_at: number` - When the role was created. - - - `created_by: string` - - Identifier of the actor who created the role. - - - `created_by_user_obj: map[unknown]` - - User details for the actor that created the role, when available. + Unix timestamp (in seconds) when the group was created. - - `description: string` + - `group_type: string` - Description of the role. + The type of the group. - - `metadata: map[unknown]` + - `is_scim_managed: boolean` - Arbitrary metadata stored on the role. + Whether the group is managed through SCIM and controlled by your identity provider. - `name: string` - Name of the role. - - - `permissions: array of string` - - Permissions associated with the role. - - - `predefined_role: boolean` - - Whether the role is predefined by OpenAI. - - - `resource_type: string` - - Resource type the role applies to. - - - `updated_at: number` - - When the role was last updated. + Display name of the group. - `has_more: boolean` - Whether additional assignments are available when paginating. + Whether additional groups are available when paginating. - `next: string` - Cursor to fetch the next page of results, or `null` when there are no more assignments. + Cursor to fetch the next page of results, or `null` if there are no more results. - `object: "list"` @@ -6349,9 +8166,8 @@ Lists the organization roles assigned to a user within the organization. ### Example ```cli -openai admin:organization:users:roles list \ - --admin-api-key 'My Admin API Key' \ - --user-id user_id +openai admin:organization:groups list \ + --admin-api-key 'My Admin API Key' ``` #### Response @@ -6362,21 +8178,9 @@ openai admin:organization:users:roles list \ { "id": "id", "created_at": 0, - "created_by": "created_by", - "created_by_user_obj": { - "foo": "bar" - }, - "description": "description", - "metadata": { - "foo": "bar" - }, - "name": "name", - "permissions": [ - "string" - ], - "predefined_role": true, - "resource_type": "resource_type", - "updated_at": 0 + "group_type": "group_type", + "is_scim_managed": true, + "name": "name" } ], "has_more": true, @@ -6385,335 +8189,261 @@ openai admin:organization:users:roles list \ } ``` -## Assign organization role to user +## Create group -`$ openai admin:organization:users:roles create` +`$ openai admin:organization:groups create` -**post** `/organization/users/{user_id}/roles` +**post** `/organization/groups` -Assigns an organization role to a user within the organization. +Creates a new group in the organization. ### Parameters -- `--user-id: string` - - The ID of the user that should receive the organization role. - -- `--role-id: string` +- `--name: string` - Identifier of the role to assign. + Human readable name for the group. ### Returns -- `AdminOrganizationUserRoleNewResponse: object { object, role, user }` - - Role assignment linking a user to a role. - - - `object: "user.role"` - - Always `user.role`. - - - `role: object { id, description, name, 4 more }` +- `group: object { id, created_at, group_type, 2 more }` - Details about a role that can be assigned through the public Roles API. + Details about an organization group. - `id: string` - Identifier for the role. - - - `description: string` - - Optional description of the role. - - - `name: string` - - Unique name for the role. - - - `object: "role"` + Identifier for the group. - Always `role`. + - `created_at: number` - - `permissions: array of string` + Unix timestamp (in seconds) when the group was created. - Permissions granted by the role. + - `group_type: string` - - `predefined_role: boolean` + The type of the group. - Whether the role is predefined and managed by OpenAI. + - `is_scim_managed: boolean` - - `resource_type: string` + Whether the group is managed through SCIM and controlled by your identity provider. - Resource type the role is bound to (for example `api.organization` or `api.project`). + - `name: string` - - `user: object { id, added_at, object, 13 more }` + Display name of the group. - Represents an individual `user` within an organization. +### Example - - `id: string` +```cli +openai admin:organization:groups create \ + --admin-api-key 'My Admin API Key' \ + --name x +``` - The identifier, which can be referenced in API endpoints +#### Response - - `added_at: number` +```json +{ + "id": "id", + "created_at": 0, + "group_type": "group_type", + "is_scim_managed": true, + "name": "name" +} +``` - The Unix timestamp (in seconds) of when the user was added. +## Update group - - `object: "organization.user"` +`$ openai admin:organization:groups update` - The object type, which is always `organization.user` +**post** `/organization/groups/{group_id}` - - `api_key_last_used_at: optional number` +Updates a group's information. - The Unix timestamp (in seconds) of the user's last API key usage. +### Parameters - - `created: optional number` +- `--group-id: string` - The Unix timestamp (in seconds) of when the user was created. + The ID of the group to update. - - `developer_persona: optional string` +- `--name: string` - The developer persona metadata for the user. + New display name for the group. - - `email: optional string` +### Returns - The email address of the user +- `AdminOrganizationGroupUpdateResponse: object { id, created_at, is_scim_managed, name }` - - `is_default: optional boolean` + Response returned after updating a group. - Whether this is the organization's default user. + - `id: string` - - `is_scale_tier_authorized_purchaser: optional boolean` + Identifier for the group. - Whether the user is an authorized purchaser for Scale Tier. + - `created_at: number` - - `is_scim_managed: optional boolean` + Unix timestamp (in seconds) when the group was created. - Whether the user is managed through SCIM. + - `is_scim_managed: boolean` - - `is_service_account: optional boolean` + Whether the group is managed through SCIM and controlled by your identity provider. - Whether the user is a service account. + - `name: string` - - `name: optional string` + Updated display name for the group. - The name of the user +### Example - - `projects: optional object { data, object }` +```cli +openai admin:organization:groups update \ + --admin-api-key 'My Admin API Key' \ + --group-id group_id \ + --name x +``` - Projects associated with the user, if included. +#### Response - - `data: array of object { id, name, role }` +```json +{ + "id": "id", + "created_at": 0, + "is_scim_managed": true, + "name": "name" +} +``` - - `id: optional string` +## Delete group - - `name: optional string` +`$ openai admin:organization:groups delete` - - `role: optional string` +**delete** `/organization/groups/{group_id}` - - `object: "list"` +Deletes a group from the organization. - - `role: optional string` +### Parameters - `owner` or `reader` +- `--group-id: string` - - `technical_level: optional string` + The ID of the group to delete. - The technical level metadata for the user. +### Returns - - `user: optional object { id, object, banned, 5 more }` +- `AdminOrganizationGroupDeleteResponse: object { id, deleted, object }` - Nested user details. + Confirmation payload returned after deleting a group. - `id: string` - - `object: "user"` - - - `banned: optional boolean` - - - `banned_at: optional number` + Identifier of the deleted group. - - `email: optional string` + - `deleted: boolean` - - `enabled: optional boolean` + Whether the group was deleted. - - `name: optional string` + - `object: "group.deleted"` - - `picture: optional string` + Always `group.deleted`. ### Example ```cli -openai admin:organization:users:roles create \ +openai admin:organization:groups delete \ --admin-api-key 'My Admin API Key' \ - --user-id user_id \ - --role-id role_id + --group-id group_id ``` #### Response ```json { - "object": "user.role", - "role": { - "id": "id", - "description": "description", - "name": "name", - "object": "role", - "permissions": [ - "string" - ], - "predefined_role": true, - "resource_type": "resource_type" - }, - "user": { - "id": "id", - "added_at": 0, - "object": "organization.user", - "api_key_last_used_at": 0, - "created": 0, - "developer_persona": "developer_persona", - "email": "email", - "is_default": true, - "is_scale_tier_authorized_purchaser": true, - "is_scim_managed": true, - "is_service_account": true, - "name": "name", - "projects": { - "data": [ - { - "id": "id", - "name": "name", - "role": "role" - } - ], - "object": "list" - }, - "role": "role", - "technical_level": "technical_level", - "user": { "id": "id", - "object": "user", - "banned": true, - "banned_at": 0, - "email": "email", - "enabled": true, - "name": "name", - "picture": "picture" - } - } + "deleted": true, + "object": "group.deleted" } ``` -## Unassign organization role from user - -`$ openai admin:organization:users:roles delete` - -**delete** `/organization/users/{user_id}/roles/{role_id}` - -Unassigns an organization role from a user within the organization. - -### Parameters - -- `--user-id: string` - - The ID of the user to modify. +## Domain Types -- `--role-id: string` +### Group - The ID of the organization role to remove from the user. +- `group: object { id, created_at, group_type, 2 more }` -### Returns + Details about an organization group. -- `AdminOrganizationUserRoleDeleteResponse: object { deleted, object }` + - `id: string` - Confirmation payload returned after unassigning a role. + Identifier for the group. - - `deleted: boolean` + - `created_at: number` - Whether the assignment was removed. + Unix timestamp (in seconds) when the group was created. - - `object: string` + - `group_type: string` - Identifier for the deleted assignment, such as `group.role.deleted` or `user.role.deleted`. + The type of the group. -### Example + - `is_scim_managed: boolean` -```cli -openai admin:organization:users:roles delete \ - --admin-api-key 'My Admin API Key' \ - --user-id user_id \ - --role-id role_id -``` + Whether the group is managed through SCIM and controlled by your identity provider. -#### Response + - `name: string` -```json -{ - "deleted": true, - "object": "object" -} -``` + Display name of the group. -# Groups +# Users -## List groups +## List group users -`$ openai admin:organization:groups list` +`$ openai admin:organization:groups:users list` -**get** `/organization/groups` +**get** `/organization/groups/{group_id}/users` -Lists all groups in the organization. +Lists the users assigned to a group. ### Parameters +- `--group-id: string` + + The ID of the group to inspect. + - `--after: optional string` - A cursor for use in pagination. `after` is a group ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, ending with group_abc, your subsequent call can include `after=group_abc` in order to fetch the next page of the list. + A cursor for use in pagination. Provide the ID of the last user from the previous list response to retrieve the next page. - `--limit: optional number` - A limit on the number of groups to be returned. Limit can range between 0 and 1000, and the default is 100. + A limit on the number of users to be returned. Limit can range between 0 and 1000, and the default is 100. - `--order: optional "asc" or "desc"` - Specifies the sort order of the returned groups. + Specifies the sort order of users in the list. ### Returns -- `GroupListResource: object { data, has_more, next, object }` +- `UserListResource: object { data, has_more, next, object }` - Paginated list of organization groups. + Paginated list of user objects returned when inspecting group membership. - - `data: array of Group` + - `data: array of OrganizationGroupUser` - Groups returned in the current page. + Users in the current page. - `id: string` - Identifier for the group. - - - `created_at: number` - - Unix timestamp (in seconds) when the group was created. - - - `group_type: string` - - The type of the group. + The identifier, which can be referenced in API endpoints - - `is_scim_managed: boolean` + - `email: string` - Whether the group is managed through SCIM and controlled by your identity provider. + The email address of the user. - `name: string` - Display name of the group. + The name of the user. - `has_more: boolean` - Whether additional groups are available when paginating. + Whether more users are available when paginating. - `next: string` - Cursor to fetch the next page of results, or `null` if there are no more results. + Cursor to fetch the next page of results, or `null` when no further users are available. - `object: "list"` @@ -6722,8 +8452,9 @@ Lists all groups in the organization. ### Example ```cli -openai admin:organization:groups list \ - --admin-api-key 'My Admin API Key' +openai admin:organization:groups:users list \ + --admin-api-key 'My Admin API Key' \ + --group-id group_id ``` #### Response @@ -6733,9 +8464,7 @@ openai admin:organization:groups list \ "data": [ { "id": "id", - "created_at": 0, - "group_type": "group_type", - "is_scim_managed": true, + "email": "email", "name": "name" } ], @@ -6745,73 +8474,68 @@ openai admin:organization:groups list \ } ``` -## Create group +## Add group user -`$ openai admin:organization:groups create` +`$ openai admin:organization:groups:users create` -**post** `/organization/groups` +**post** `/organization/groups/{group_id}/users` -Creates a new group in the organization. +Adds a user to a group. ### Parameters -- `--name: string` - - Human readable name for the group. - -### Returns +- `--group-id: string` -- `group: object { id, created_at, group_type, 2 more }` + The ID of the group to update. - Details about an organization group. +- `--user-id: string` - - `id: string` + Identifier of the user to add to the group. - Identifier for the group. +### Returns - - `created_at: number` +- `AdminOrganizationGroupUserNewResponse: object { group_id, object, user_id }` - Unix timestamp (in seconds) when the group was created. + Confirmation payload returned after adding a user to a group. - - `group_type: string` + - `group_id: string` - The type of the group. + Identifier of the group the user was added to. - - `is_scim_managed: boolean` + - `object: "group.user"` - Whether the group is managed through SCIM and controlled by your identity provider. + Always `group.user`. - - `name: string` + - `user_id: string` - Display name of the group. + Identifier of the user that was added. ### Example ```cli -openai admin:organization:groups create \ +openai admin:organization:groups:users create \ --admin-api-key 'My Admin API Key' \ - --name x + --group-id group_id \ + --user-id user_id ``` #### Response ```json { - "id": "id", - "created_at": 0, - "group_type": "group_type", - "is_scim_managed": true, - "name": "name" + "group_id": "group_id", + "object": "group.user", + "user_id": "user_id" } ``` -## Update group +## Remove group user -`$ openai admin:organization:groups update` +`$ openai admin:organization:groups:users delete` -**post** `/organization/groups/{group_id}` +**delete** `/organization/groups/{group_id}/users/{user_id}` -Updates a group's information. +Removes a user from a group. ### Parameters @@ -6819,88 +8543,160 @@ Updates a group's information. The ID of the group to update. -- `--name: string` +- `--user-id: string` - New display name for the group. + The ID of the user to remove from the group. ### Returns -- `AdminOrganizationGroupUpdateResponse: object { id, created_at, is_scim_managed, name }` - - Response returned after updating a group. - - - `id: string` - - Identifier for the group. - - - `created_at: number` +- `AdminOrganizationGroupUserDeleteResponse: object { deleted, object }` - Unix timestamp (in seconds) when the group was created. + Confirmation payload returned after removing a user from a group. - - `is_scim_managed: boolean` + - `deleted: boolean` - Whether the group is managed through SCIM and controlled by your identity provider. + Whether the group membership was removed. - - `name: string` + - `object: "group.user.deleted"` - Updated display name for the group. + Always `group.user.deleted`. ### Example ```cli -openai admin:organization:groups update \ +openai admin:organization:groups:users delete \ --admin-api-key 'My Admin API Key' \ --group-id group_id \ - --name x + --user-id user_id ``` #### Response ```json { - "id": "id", - "created_at": 0, - "is_scim_managed": true, - "name": "name" + "deleted": true, + "object": "group.user.deleted" } ``` -## Delete group +## Domain Types -`$ openai admin:organization:groups delete` +### Organization Group User -**delete** `/organization/groups/{group_id}` +- `organization_group_user: object { id, email, name }` + + Represents an individual user returned when inspecting group membership. + + - `id: string` + + The identifier, which can be referenced in API endpoints + + - `email: string` + + The email address of the user. + + - `name: string` + + The name of the user. + +# Roles + +## List group organization role assignments + +`$ openai admin:organization:groups:roles list` + +**get** `/organization/groups/{group_id}/roles` + +Lists the organization roles assigned to a group within the organization. + +### Parameters + +- `--group-id: string` + + The ID of the group whose organization role assignments you want to list. + +- `--after: optional string` + + Cursor for pagination. Provide the value from the previous response's `next` field to continue listing organization roles. + +- `--limit: optional number` + + A limit on the number of organization role assignments to return. + +- `--order: optional "asc" or "desc"` + + Sort order for the returned organization roles. + +### Returns + +- `RoleListResource: object { data, has_more, next, object }` + + Paginated list of roles assigned to a principal. + + - `data: array of object { id, created_at, created_by, 8 more }` + + Role assignments returned in the current page. + + - `id: string` + + Identifier for the role. + + - `created_at: number` + + When the role was created. + + - `created_by: string` + + Identifier of the actor who created the role. + + - `created_by_user_obj: map[unknown]` + + User details for the actor that created the role, when available. + + - `description: string` + + Description of the role. + + - `metadata: map[unknown]` + + Arbitrary metadata stored on the role. + + - `name: string` + + Name of the role. + + - `permissions: array of string` -Deletes a group from the organization. + Permissions associated with the role. -### Parameters + - `predefined_role: boolean` -- `--group-id: string` + Whether the role is predefined by OpenAI. - The ID of the group to delete. + - `resource_type: string` -### Returns + Resource type the role applies to. -- `AdminOrganizationGroupDeleteResponse: object { id, deleted, object }` + - `updated_at: number` - Confirmation payload returned after deleting a group. + When the role was last updated. - - `id: string` + - `has_more: boolean` - Identifier of the deleted group. + Whether additional assignments are available when paginating. - - `deleted: boolean` + - `next: string` - Whether the group was deleted. + Cursor to fetch the next page of results, or `null` when there are no more assignments. - - `object: "group.deleted"` + - `object: "list"` - Always `group.deleted`. + Always `list`. ### Example ```cli -openai admin:organization:groups delete \ +openai admin:organization:groups:roles list \ --admin-api-key 'My Admin API Key' \ --group-id group_id ``` @@ -6909,438 +8705,526 @@ openai admin:organization:groups delete \ ```json { + "data": [ + { "id": "id", - "deleted": true, - "object": "group.deleted" + "created_at": 0, + "created_by": "created_by", + "created_by_user_obj": { + "foo": "bar" + }, + "description": "description", + "metadata": { + "foo": "bar" + }, + "name": "name", + "permissions": [ + "string" + ], + "predefined_role": true, + "resource_type": "resource_type", + "updated_at": 0 + } + ], + "has_more": true, + "next": "next", + "object": "list" } ``` -## Domain Types - -### Group - -- `group: object { id, created_at, group_type, 2 more }` - - Details about an organization group. - - - `id: string` - - Identifier for the group. +## Assign organization role to group - - `created_at: number` +`$ openai admin:organization:groups:roles create` - Unix timestamp (in seconds) when the group was created. +**post** `/organization/groups/{group_id}/roles` - - `group_type: string` +Assigns an organization role to a group within the organization. - The type of the group. +### Parameters - - `is_scim_managed: boolean` +- `--group-id: string` - Whether the group is managed through SCIM and controlled by your identity provider. + The ID of the group that should receive the organization role. - - `name: string` +- `--role-id: string` - Display name of the group. + Identifier of the role to assign. -# Users +### Returns -## List group users +- `AdminOrganizationGroupRoleNewResponse: object { group, object, role }` -`$ openai admin:organization:groups:users list` + Role assignment linking a group to a role. -**get** `/organization/groups/{group_id}/users` + - `group: object { id, created_at, name, 2 more }` -Lists the users assigned to a group. + Summary information about a group returned in role assignment responses. -### Parameters + - `id: string` -- `--group-id: string` + Identifier for the group. - The ID of the group to inspect. + - `created_at: number` -- `--after: optional string` + Unix timestamp (in seconds) when the group was created. - A cursor for use in pagination. Provide the ID of the last user from the previous list response to retrieve the next page. + - `name: string` -- `--limit: optional number` + Display name of the group. - A limit on the number of users to be returned. Limit can range between 0 and 1000, and the default is 100. + - `object: "group"` -- `--order: optional "asc" or "desc"` + Always `group`. - Specifies the sort order of users in the list. + - `scim_managed: boolean` -### Returns + Whether the group is managed through SCIM. -- `UserListResource: object { data, has_more, next, object }` + - `object: "group.role"` - Paginated list of user objects returned when inspecting group membership. + Always `group.role`. - - `data: array of OrganizationGroupUser` + - `role: object { id, description, name, 4 more }` - Users in the current page. + Details about a role that can be assigned through the public Roles API. - `id: string` - The identifier, which can be referenced in API endpoints + Identifier for the role. - - `email: string` + - `description: string` - The email address of the user. + Optional description of the role. - `name: string` - The name of the user. + Unique name for the role. - - `has_more: boolean` + - `object: "role"` - Whether more users are available when paginating. + Always `role`. - - `next: string` + - `permissions: array of string` - Cursor to fetch the next page of results, or `null` when no further users are available. + Permissions granted by the role. - - `object: "list"` + - `predefined_role: boolean` - Always `list`. + Whether the role is predefined and managed by OpenAI. + + - `resource_type: string` + + Resource type the role is bound to (for example `api.organization` or `api.project`). ### Example ```cli -openai admin:organization:groups:users list \ +openai admin:organization:groups:roles create \ --admin-api-key 'My Admin API Key' \ - --group-id group_id + --group-id group_id \ + --role-id role_id ``` #### Response ```json { - "data": [ - { + "group": { "id": "id", - "email": "email", - "name": "name" - } + "created_at": 0, + "name": "name", + "object": "group", + "scim_managed": true + }, + "object": "group.role", + "role": { + "id": "id", + "description": "description", + "name": "name", + "object": "role", + "permissions": [ + "string" ], - "has_more": true, - "next": "next", - "object": "list" + "predefined_role": true, + "resource_type": "resource_type" + } } ``` -## Add group user +## Unassign organization role from group -`$ openai admin:organization:groups:users create` +`$ openai admin:organization:groups:roles delete` -**post** `/organization/groups/{group_id}/users` +**delete** `/organization/groups/{group_id}/roles/{role_id}` -Adds a user to a group. +Unassigns an organization role from a group within the organization. ### Parameters - `--group-id: string` - The ID of the group to update. + The ID of the group to modify. -- `--user-id: string` +- `--role-id: string` - Identifier of the user to add to the group. + The ID of the organization role to remove from the group. ### Returns -- `AdminOrganizationGroupUserNewResponse: object { group_id, object, user_id }` - - Confirmation payload returned after adding a user to a group. - - - `group_id: string` +- `AdminOrganizationGroupRoleDeleteResponse: object { deleted, object }` - Identifier of the group the user was added to. + Confirmation payload returned after unassigning a role. - - `object: "group.user"` + - `deleted: boolean` - Always `group.user`. + Whether the assignment was removed. - - `user_id: string` + - `object: string` - Identifier of the user that was added. + Identifier for the deleted assignment, such as `group.role.deleted` or `user.role.deleted`. ### Example ```cli -openai admin:organization:groups:users create \ +openai admin:organization:groups:roles delete \ --admin-api-key 'My Admin API Key' \ --group-id group_id \ - --user-id user_id + --role-id role_id ``` #### Response ```json { - "group_id": "group_id", - "object": "group.user", - "user_id": "user_id" + "deleted": true, + "object": "object" } ``` -## Remove group user +# Roles + +## List organization roles + +`$ openai admin:organization:roles list` + +**get** `/organization/roles` + +Lists the roles configured for the organization. + +### Parameters + +- `--after: optional string` + + Cursor for pagination. Provide the value from the previous response's `next` field to continue listing roles. + +- `--limit: optional number` + + A limit on the number of roles to return. Defaults to 1000. + +- `--order: optional "asc" or "desc"` + + Sort order for the returned roles. + +### Returns + +- `PublicRoleListResource: object { data, has_more, next, object }` + + Paginated list of roles available on an organization or project. + + - `data: array of Role` + + Roles returned in the current page. + + - `id: string` + + Identifier for the role. + + - `description: string` + + Optional description of the role. + + - `name: string` -`$ openai admin:organization:groups:users delete` + Unique name for the role. -**delete** `/organization/groups/{group_id}/users/{user_id}` + - `object: "role"` -Removes a user from a group. + Always `role`. -### Parameters + - `permissions: array of string` -- `--group-id: string` + Permissions granted by the role. - The ID of the group to update. + - `predefined_role: boolean` -- `--user-id: string` + Whether the role is predefined and managed by OpenAI. - The ID of the user to remove from the group. + - `resource_type: string` -### Returns + Resource type the role is bound to (for example `api.organization` or `api.project`). -- `AdminOrganizationGroupUserDeleteResponse: object { deleted, object }` + - `has_more: boolean` - Confirmation payload returned after removing a user from a group. + Whether more roles are available when paginating. - - `deleted: boolean` + - `next: string` - Whether the group membership was removed. + Cursor to fetch the next page of results, or `null` when there are no additional roles. - - `object: "group.user.deleted"` + - `object: "list"` - Always `group.user.deleted`. + Always `list`. ### Example ```cli -openai admin:organization:groups:users delete \ - --admin-api-key 'My Admin API Key' \ - --group-id group_id \ - --user-id user_id +openai admin:organization:roles list \ + --admin-api-key 'My Admin API Key' ``` #### Response ```json { - "deleted": true, - "object": "group.user.deleted" + "data": [ + { + "id": "id", + "description": "description", + "name": "name", + "object": "role", + "permissions": [ + "string" + ], + "predefined_role": true, + "resource_type": "resource_type" + } + ], + "has_more": true, + "next": "next", + "object": "list" } ``` -## Domain Types +## Create organization role -### Organization Group User +`$ openai admin:organization:roles create` -- `organization_group_user: object { id, email, name }` +**post** `/organization/roles` - Represents an individual user returned when inspecting group membership. +Creates a custom role for the organization. - - `id: string` +### Parameters - The identifier, which can be referenced in API endpoints +- `--permission: array of string` - - `email: string` + Permissions to grant to the role. - The email address of the user. +- `--role-name: string` - - `name: string` + Unique name for the role. - The name of the user. +- `--description: optional string` -# Roles + Optional description of the role. -## List group organization role assignments +### Returns -`$ openai admin:organization:groups:roles list` +- `role: object { id, description, name, 4 more }` -**get** `/organization/groups/{group_id}/roles` + Details about a role that can be assigned through the public Roles API. -Lists the organization roles assigned to a group within the organization. + - `id: string` -### Parameters + Identifier for the role. -- `--group-id: string` + - `description: string` - The ID of the group whose organization role assignments you want to list. + Optional description of the role. -- `--after: optional string` + - `name: string` - Cursor for pagination. Provide the value from the previous response's `next` field to continue listing organization roles. + Unique name for the role. -- `--limit: optional number` + - `object: "role"` - A limit on the number of organization role assignments to return. + Always `role`. -- `--order: optional "asc" or "desc"` + - `permissions: array of string` - Sort order for the returned organization roles. + Permissions granted by the role. -### Returns + - `predefined_role: boolean` -- `RoleListResource: object { data, has_more, next, object }` + Whether the role is predefined and managed by OpenAI. - Paginated list of roles assigned to a principal. + - `resource_type: string` - - `data: array of object { id, created_at, created_by, 8 more }` + Resource type the role is bound to (for example `api.organization` or `api.project`). - Role assignments returned in the current page. +### Example - - `id: string` +```cli +openai admin:organization:roles create \ + --admin-api-key 'My Admin API Key' \ + --permission string \ + --role-name role_name +``` - Identifier for the role. +#### Response - - `created_at: number` +```json +{ + "id": "id", + "description": "description", + "name": "name", + "object": "role", + "permissions": [ + "string" + ], + "predefined_role": true, + "resource_type": "resource_type" +} +``` - When the role was created. +## Update organization role - - `created_by: string` +`$ openai admin:organization:roles update` - Identifier of the actor who created the role. +**post** `/organization/roles/{role_id}` - - `created_by_user_obj: map[unknown]` +Updates an existing organization role. - User details for the actor that created the role, when available. +### Parameters - - `description: string` +- `--role-id: string` - Description of the role. + The ID of the role to update. - - `metadata: map[unknown]` +- `--description: optional string` - Arbitrary metadata stored on the role. + New description for the role. - - `name: string` +- `--permission: optional array of string` - Name of the role. + Updated set of permissions for the role. - - `permissions: array of string` +- `--role-name: optional string` - Permissions associated with the role. + New name for the role. - - `predefined_role: boolean` +### Returns - Whether the role is predefined by OpenAI. +- `role: object { id, description, name, 4 more }` - - `resource_type: string` + Details about a role that can be assigned through the public Roles API. - Resource type the role applies to. + - `id: string` - - `updated_at: number` + Identifier for the role. - When the role was last updated. + - `description: string` - - `has_more: boolean` + Optional description of the role. - Whether additional assignments are available when paginating. + - `name: string` - - `next: string` + Unique name for the role. - Cursor to fetch the next page of results, or `null` when there are no more assignments. + - `object: "role"` - - `object: "list"` + Always `role`. - Always `list`. + - `permissions: array of string` + + Permissions granted by the role. + + - `predefined_role: boolean` + + Whether the role is predefined and managed by OpenAI. + + - `resource_type: string` + + Resource type the role is bound to (for example `api.organization` or `api.project`). ### Example ```cli -openai admin:organization:groups:roles list \ +openai admin:organization:roles update \ --admin-api-key 'My Admin API Key' \ - --group-id group_id + --role-id role_id ``` #### Response ```json { - "data": [ - { "id": "id", - "created_at": 0, - "created_by": "created_by", - "created_by_user_obj": { - "foo": "bar" - }, "description": "description", - "metadata": { - "foo": "bar" - }, "name": "name", + "object": "role", "permissions": [ "string" ], "predefined_role": true, - "resource_type": "resource_type", - "updated_at": 0 - } - ], - "has_more": true, - "next": "next", - "object": "list" + "resource_type": "resource_type" } ``` -## Assign organization role to group +## Delete organization role -`$ openai admin:organization:groups:roles create` +`$ openai admin:organization:roles delete` -**post** `/organization/groups/{group_id}/roles` +**delete** `/organization/roles/{role_id}` -Assigns an organization role to a group within the organization. +Deletes a custom role from the organization. ### Parameters -- `--group-id: string` - - The ID of the group that should receive the organization role. - - `--role-id: string` - Identifier of the role to assign. + The ID of the role to delete. ### Returns -- `AdminOrganizationGroupRoleNewResponse: object { group, object, role }` - - Role assignment linking a group to a role. - - - `group: object { id, created_at, name, 2 more }` +- `AdminOrganizationRoleDeleteResponse: object { id, deleted, object }` - Summary information about a group returned in role assignment responses. + Confirmation payload returned after deleting a role. - `id: string` - Identifier for the group. + Identifier of the deleted role. - - `created_at: number` + - `deleted: boolean` - Unix timestamp (in seconds) when the group was created. + Whether the role was deleted. - - `name: string` + - `object: "role.deleted"` - Display name of the group. + Always `role.deleted`. - - `object: "group"` +### Example - Always `group`. +```cli +openai admin:organization:roles delete \ + --admin-api-key 'My Admin API Key' \ + --role-id role_id +``` - - `scim_managed: boolean` +#### Response - Whether the group is managed through SCIM. +```json +{ + "id": "id", + "deleted": true, + "object": "role.deleted" +} +``` - - `object: "group.role"` +## Domain Types - Always `group.role`. +### Role - - `role: object { id, description, name, 4 more }` +- `role: object { id, description, name, 4 more }` Details about a role that can be assigned through the public Roles API. @@ -7372,258 +9256,276 @@ Assigns an organization role to a group within the organization. Resource type the role is bound to (for example `api.organization` or `api.project`). -### Example - -```cli -openai admin:organization:groups:roles create \ - --admin-api-key 'My Admin API Key' \ - --group-id group_id \ - --role-id role_id -``` +# Certificates -#### Response +## List organization certificates -```json -{ - "group": { - "id": "id", - "created_at": 0, - "name": "name", - "object": "group", - "scim_managed": true - }, - "object": "group.role", - "role": { - "id": "id", - "description": "description", - "name": "name", - "object": "role", - "permissions": [ - "string" - ], - "predefined_role": true, - "resource_type": "resource_type" - } -} -``` +`$ openai admin:organization:certificates list` -## Unassign organization role from group +**get** `/organization/certificates` -`$ openai admin:organization:groups:roles delete` +List uploaded certificates for this organization. -**delete** `/organization/groups/{group_id}/roles/{role_id}` +### Parameters -Unassigns an organization role from a group within the organization. +- `--after: optional string` -### Parameters + A cursor for use in pagination. `after` is an object ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, ending with obj_foo, your subsequent call can include after=obj_foo in order to fetch the next page of the list. -- `--group-id: string` +- `--limit: optional number` - The ID of the group to modify. + A limit on the number of objects to be returned. Limit can range between 1 and 100, and the default is 20. -- `--role-id: string` +- `--order: optional "asc" or "desc"` - The ID of the organization role to remove from the group. + Sort order by the `created_at` timestamp of the objects. `asc` for ascending order and `desc` for descending order. ### Returns -- `AdminOrganizationGroupRoleDeleteResponse: object { deleted, object }` +- `ListCertificatesResponse: object { data, first_id, has_more, 2 more }` - Confirmation payload returned after unassigning a role. + - `data: array of object { id, active, certificate_details, 3 more }` - - `deleted: boolean` + - `id: string` - Whether the assignment was removed. + The identifier, which can be referenced in API endpoints - - `object: string` + - `active: boolean` - Identifier for the deleted assignment, such as `group.role.deleted` or `user.role.deleted`. + Whether the certificate is currently active at the organization level. + + - `certificate_details: object { expires_at, valid_at }` + + - `expires_at: optional number` + + The Unix timestamp (in seconds) of when the certificate expires. + + - `valid_at: optional number` + + The Unix timestamp (in seconds) of when the certificate becomes valid. + + - `created_at: number` + + The Unix timestamp (in seconds) of when the certificate was uploaded. + + - `name: string` + + The name of the certificate. + + - `object: "organization.certificate"` + + The object type, which is always `organization.certificate`. + + - `first_id: string` + + - `has_more: boolean` + + - `last_id: string` + + - `object: "list"` ### Example ```cli -openai admin:organization:groups:roles delete \ - --admin-api-key 'My Admin API Key' \ - --group-id group_id \ - --role-id role_id +openai admin:organization:certificates list \ + --admin-api-key 'My Admin API Key' ``` #### Response ```json { - "deleted": true, - "object": "object" + "data": [ + { + "id": "id", + "active": true, + "certificate_details": { + "expires_at": 0, + "valid_at": 0 + }, + "created_at": 0, + "name": "name", + "object": "organization.certificate" + } + ], + "first_id": "cert_abc", + "has_more": true, + "last_id": "cert_abc", + "object": "list" } ``` -# Roles +## Upload certificate -## List organization roles +`$ openai admin:organization:certificates create` -`$ openai admin:organization:roles list` +**post** `/organization/certificates` -**get** `/organization/roles` +Upload a certificate to the organization. This does **not** automatically activate the certificate. -Lists the roles configured for the organization. +Organizations can upload up to 50 certificates. ### Parameters -- `--after: optional string` - - Cursor for pagination. Provide the value from the previous response's `next` field to continue listing roles. - -- `--limit: optional number` +- `--certificate: string` - A limit on the number of roles to return. Defaults to 1000. + The certificate content in PEM format -- `--order: optional "asc" or "desc"` +- `--name: optional string` - Sort order for the returned roles. + An optional name for the certificate ### Returns -- `PublicRoleListResource: object { data, has_more, next, object }` - - Paginated list of roles available on an organization or project. - - - `data: array of Role` +- `certificate: object { id, certificate_details, created_at, 3 more }` - Roles returned in the current page. + Represents an individual `certificate` uploaded to the organization. - `id: string` - Identifier for the role. + The identifier, which can be referenced in API endpoints - - `description: string` + - `certificate_details: object { content, expires_at, valid_at }` - Optional description of the role. + - `content: optional string` - - `name: string` + The content of the certificate in PEM format. - Unique name for the role. + - `expires_at: optional number` - - `object: "role"` + The Unix timestamp (in seconds) of when the certificate expires. - Always `role`. + - `valid_at: optional number` - - `permissions: array of string` + The Unix timestamp (in seconds) of when the certificate becomes valid. - Permissions granted by the role. + - `created_at: number` - - `predefined_role: boolean` + The Unix timestamp (in seconds) of when the certificate was uploaded. - Whether the role is predefined and managed by OpenAI. + - `name: string` - - `resource_type: string` + The name of the certificate. - Resource type the role is bound to (for example `api.organization` or `api.project`). + - `object: "certificate" or "organization.certificate" or "organization.project.certificate"` - - `has_more: boolean` + The object type. - Whether more roles are available when paginating. + - If creating, updating, or getting a specific certificate, the object type is `certificate`. + - If listing, activating, or deactivating certificates for the organization, the object type is `organization.certificate`. + - If listing, activating, or deactivating certificates for a project, the object type is `organization.project.certificate`. - - `next: string` + - `"certificate"` - Cursor to fetch the next page of results, or `null` when there are no additional roles. + - `"organization.certificate"` - - `object: "list"` + - `"organization.project.certificate"` - Always `list`. + - `active: optional boolean` + + Whether the certificate is currently active at the specified scope. Not returned when getting details for a specific certificate. ### Example ```cli -openai admin:organization:roles list \ - --admin-api-key 'My Admin API Key' +openai admin:organization:certificates create \ + --admin-api-key 'My Admin API Key' \ + --certificate certificate ``` #### Response ```json { - "data": [ - { "id": "id", - "description": "description", + "certificate_details": { + "content": "content", + "expires_at": 0, + "valid_at": 0 + }, + "created_at": 0, "name": "name", - "object": "role", - "permissions": [ - "string" - ], - "predefined_role": true, - "resource_type": "resource_type" - } - ], - "has_more": true, - "next": "next", - "object": "list" + "object": "certificate", + "active": true } ``` -## Create organization role +## Get certificate -`$ openai admin:organization:roles create` +`$ openai admin:organization:certificates retrieve` -**post** `/organization/roles` +**get** `/organization/certificates/{certificate_id}` -Creates a custom role for the organization. +Get a certificate that has been uploaded to the organization. + +You can get a certificate regardless of whether it is active or not. ### Parameters -- `--permission: array of string` +- `--certificate-id: string` + + Unique ID of the certificate to retrieve. + +- `--include: optional array of "content"` + + A list of additional fields to include in the response. Currently the only supported value is `content` to fetch the PEM content of the certificate. + +### Returns + +- `certificate: object { id, certificate_details, created_at, 3 more }` - Permissions to grant to the role. + Represents an individual `certificate` uploaded to the organization. -- `--role-name: string` + - `id: string` - Unique name for the role. + The identifier, which can be referenced in API endpoints -- `--description: optional string` + - `certificate_details: object { content, expires_at, valid_at }` - Optional description of the role. + - `content: optional string` -### Returns + The content of the certificate in PEM format. -- `role: object { id, description, name, 4 more }` + - `expires_at: optional number` - Details about a role that can be assigned through the public Roles API. + The Unix timestamp (in seconds) of when the certificate expires. - - `id: string` + - `valid_at: optional number` - Identifier for the role. + The Unix timestamp (in seconds) of when the certificate becomes valid. - - `description: string` + - `created_at: number` - Optional description of the role. + The Unix timestamp (in seconds) of when the certificate was uploaded. - `name: string` - Unique name for the role. + The name of the certificate. - - `object: "role"` + - `object: "certificate" or "organization.certificate" or "organization.project.certificate"` - Always `role`. + The object type. - - `permissions: array of string` + - If creating, updating, or getting a specific certificate, the object type is `certificate`. + - If listing, activating, or deactivating certificates for the organization, the object type is `organization.certificate`. + - If listing, activating, or deactivating certificates for a project, the object type is `organization.project.certificate`. - Permissions granted by the role. + - `"certificate"` - - `predefined_role: boolean` + - `"organization.certificate"` - Whether the role is predefined and managed by OpenAI. + - `"organization.project.certificate"` - - `resource_type: string` + - `active: optional boolean` - Resource type the role is bound to (for example `api.organization` or `api.project`). + Whether the certificate is currently active at the specified scope. Not returned when getting details for a specific certificate. ### Example ```cli -openai admin:organization:roles create \ +openai admin:organization:certificates retrieve \ --admin-api-key 'My Admin API Key' \ - --permission string \ - --role-name role_name + --certificate-id certificate_id ``` #### Response @@ -7631,83 +9533,92 @@ openai admin:organization:roles create \ ```json { "id": "id", - "description": "description", + "certificate_details": { + "content": "content", + "expires_at": 0, + "valid_at": 0 + }, + "created_at": 0, "name": "name", - "object": "role", - "permissions": [ - "string" - ], - "predefined_role": true, - "resource_type": "resource_type" + "object": "certificate", + "active": true } ``` -## Update organization role +## Modify certificate -`$ openai admin:organization:roles update` +`$ openai admin:organization:certificates update` -**post** `/organization/roles/{role_id}` +**post** `/organization/certificates/{certificate_id}` -Updates an existing organization role. +Modify a certificate. Note that only the name can be modified. ### Parameters -- `--role-id: string` +- `--certificate-id: string` - The ID of the role to update. + Unique ID of the certificate to modify. -- `--description: optional string` +- `--name: optional string` - New description for the role. + The updated name for the certificate -- `--permission: optional array of string` +### Returns - Updated set of permissions for the role. +- `certificate: object { id, certificate_details, created_at, 3 more }` -- `--role-name: optional string` + Represents an individual `certificate` uploaded to the organization. - New name for the role. + - `id: string` -### Returns + The identifier, which can be referenced in API endpoints -- `role: object { id, description, name, 4 more }` + - `certificate_details: object { content, expires_at, valid_at }` - Details about a role that can be assigned through the public Roles API. + - `content: optional string` - - `id: string` + The content of the certificate in PEM format. - Identifier for the role. + - `expires_at: optional number` - - `description: string` + The Unix timestamp (in seconds) of when the certificate expires. - Optional description of the role. + - `valid_at: optional number` + + The Unix timestamp (in seconds) of when the certificate becomes valid. + + - `created_at: number` + + The Unix timestamp (in seconds) of when the certificate was uploaded. - `name: string` - Unique name for the role. + The name of the certificate. - - `object: "role"` + - `object: "certificate" or "organization.certificate" or "organization.project.certificate"` - Always `role`. + The object type. - - `permissions: array of string` + - If creating, updating, or getting a specific certificate, the object type is `certificate`. + - If listing, activating, or deactivating certificates for the organization, the object type is `organization.certificate`. + - If listing, activating, or deactivating certificates for a project, the object type is `organization.project.certificate`. - Permissions granted by the role. + - `"certificate"` - - `predefined_role: boolean` + - `"organization.certificate"` - Whether the role is predefined and managed by OpenAI. + - `"organization.project.certificate"` - - `resource_type: string` + - `active: optional boolean` - Resource type the role is bound to (for example `api.organization` or `api.project`). + Whether the certificate is currently active at the specified scope. Not returned when getting details for a specific certificate. ### Example ```cli -openai admin:organization:roles update \ +openai admin:organization:certificates update \ --admin-api-key 'My Admin API Key' \ - --role-id role_id + --certificate-id certificate_id ``` #### Response @@ -7715,55 +9626,52 @@ openai admin:organization:roles update \ ```json { "id": "id", - "description": "description", + "certificate_details": { + "content": "content", + "expires_at": 0, + "valid_at": 0 + }, + "created_at": 0, "name": "name", - "object": "role", - "permissions": [ - "string" - ], - "predefined_role": true, - "resource_type": "resource_type" + "object": "certificate", + "active": true } ``` -## Delete organization role +## Delete certificate -`$ openai admin:organization:roles delete` +`$ openai admin:organization:certificates delete` -**delete** `/organization/roles/{role_id}` +**delete** `/organization/certificates/{certificate_id}` -Deletes a custom role from the organization. +Delete a certificate from the organization. + +The certificate must be inactive for the organization and all projects. ### Parameters -- `--role-id: string` +- `--certificate-id: string` - The ID of the role to delete. + Unique ID of the certificate to delete. ### Returns -- `AdminOrganizationRoleDeleteResponse: object { id, deleted, object }` - - Confirmation payload returned after deleting a role. +- `AdminOrganizationCertificateDeleteResponse: object { id, object }` - `id: string` - Identifier of the deleted role. - - - `deleted: boolean` - - Whether the role was deleted. + The ID of the certificate that was deleted. - - `object: "role.deleted"` + - `object: "certificate.deleted"` - Always `role.deleted`. + The object type, must be `certificate.deleted`. ### Example ```cli -openai admin:organization:roles delete \ +openai admin:organization:certificates delete \ --admin-api-key 'My Admin API Key' \ - --role-id role_id + --certificate-id certificate_id ``` #### Response @@ -7771,74 +9679,110 @@ openai admin:organization:roles delete \ ```json { "id": "id", - "deleted": true, - "object": "role.deleted" + "object": "certificate.deleted" } ``` -## Domain Types +## Activate certificates for organization -### Role +`$ openai admin:organization:certificates activate` -- `role: object { id, description, name, 4 more }` +**post** `/organization/certificates/activate` - Details about a role that can be assigned through the public Roles API. +Activate certificates at the organization level. + +You can atomically and idempotently activate up to 10 certificates at a time. + +### Parameters + +- `--certificate-id: array of string` + +### Returns + +- `OrganizationCertificateActivationResponse: object { data, object }` + + - `data: array of object { id, active, certificate_details, 3 more }` - `id: string` - Identifier for the role. + The identifier, which can be referenced in API endpoints - - `description: string` + - `active: boolean` - Optional description of the role. + Whether the certificate is currently active at the organization level. + + - `certificate_details: object { expires_at, valid_at }` + + - `expires_at: optional number` + + The Unix timestamp (in seconds) of when the certificate expires. + + - `valid_at: optional number` + + The Unix timestamp (in seconds) of when the certificate becomes valid. + + - `created_at: number` + + The Unix timestamp (in seconds) of when the certificate was uploaded. - `name: string` - Unique name for the role. + The name of the certificate. - - `object: "role"` + - `object: "organization.certificate"` - Always `role`. + The object type, which is always `organization.certificate`. - - `permissions: array of string` + - `object: "organization.certificate.activation"` - Permissions granted by the role. + The organization certificate activation result type. - - `predefined_role: boolean` +### Example - Whether the role is predefined and managed by OpenAI. +```cli +openai admin:organization:certificates activate \ + --admin-api-key 'My Admin API Key' \ + --certificate-id cert_abc +``` - - `resource_type: string` +#### Response - Resource type the role is bound to (for example `api.organization` or `api.project`). +```json +{ + "data": [ + { + "id": "id", + "active": true, + "certificate_details": { + "expires_at": 0, + "valid_at": 0 + }, + "created_at": 0, + "name": "name", + "object": "organization.certificate" + } + ], + "object": "organization.certificate.activation" +} +``` -# Certificates +## Deactivate certificates for organization -## List organization certificates +`$ openai admin:organization:certificates deactivate` -`$ openai admin:organization:certificates list` +**post** `/organization/certificates/deactivate` -**get** `/organization/certificates` +Deactivate certificates at the organization level. -List uploaded certificates for this organization. +You can atomically and idempotently deactivate up to 10 certificates at a time. ### Parameters -- `--after: optional string` - - A cursor for use in pagination. `after` is an object ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, ending with obj_foo, your subsequent call can include after=obj_foo in order to fetch the next page of the list. - -- `--limit: optional number` - - A limit on the number of objects to be returned. Limit can range between 1 and 100, and the default is 20. - -- `--order: optional "asc" or "desc"` - - Sort order by the `created_at` timestamp of the objects. `asc` for ascending order and `desc` for descending order. +- `--certificate-id: array of string` ### Returns -- `ListCertificatesResponse: object { data, first_id, has_more, 2 more }` +- `OrganizationCertificateDeactivationResponse: object { data, object }` - `data: array of object { id, active, certificate_details, 3 more }` @@ -7872,19 +9816,16 @@ List uploaded certificates for this organization. The object type, which is always `organization.certificate`. - - `first_id: string` - - - `has_more: boolean` - - - `last_id: string` + - `object: "organization.certificate.deactivation"` - - `object: "list"` + The organization certificate deactivation result type. ### Example ```cli -openai admin:organization:certificates list \ - --admin-api-key 'My Admin API Key' +openai admin:organization:certificates deactivate \ + --admin-api-key 'My Admin API Key' \ + --certificate-id cert_abc ``` #### Response @@ -7904,34 +9845,13 @@ openai admin:organization:certificates list \ "object": "organization.certificate" } ], - "first_id": "cert_abc", - "has_more": true, - "last_id": "cert_abc", - "object": "list" + "object": "organization.certificate.deactivation" } ``` -## Upload certificate - -`$ openai admin:organization:certificates create` - -**post** `/organization/certificates` - -Upload a certificate to the organization. This does **not** automatically activate the certificate. - -Organizations can upload up to 50 certificates. - -### Parameters - -- `--certificate: string` - - The certificate content in PEM format - -- `--name: optional string` - - An optional name for the certificate +## Domain Types -### Returns +### Certificate - `certificate: object { id, certificate_details, created_at, 3 more }` @@ -7981,200 +9901,163 @@ Organizations can upload up to 50 certificates. Whether the certificate is currently active at the specified scope. Not returned when getting details for a specific certificate. -### Example - -```cli -openai admin:organization:certificates create \ - --admin-api-key 'My Admin API Key' \ - --certificate certificate -``` - -#### Response +# Projects -```json -{ - "id": "id", - "certificate_details": { - "content": "content", - "expires_at": 0, - "valid_at": 0 - }, - "created_at": 0, - "name": "name", - "object": "certificate", - "active": true -} -``` +## List projects -## Get certificate +`$ openai admin:organization:projects list` -`$ openai admin:organization:certificates retrieve` +**get** `/organization/projects` -**get** `/organization/certificates/{certificate_id}` +Returns a list of projects. -Get a certificate that has been uploaded to the organization. +### Parameters -You can get a certificate regardless of whether it is active or not. +- `--after: optional string` -### Parameters + A cursor for use in pagination. `after` is an object ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, ending with obj_foo, your subsequent call can include after=obj_foo in order to fetch the next page of the list. -- `--certificate-id: string` +- `--include-archived: optional boolean` - Unique ID of the certificate to retrieve. + If `true` returns all projects including those that have been `archived`. Archived projects are not included by default. -- `--include: optional array of "content"` +- `--limit: optional number` - A list of additional fields to include in the response. Currently the only supported value is `content` to fetch the PEM content of the certificate. + A limit on the number of objects to be returned. Limit can range between 1 and 100, and the default is 20. ### Returns -- `certificate: object { id, certificate_details, created_at, 3 more }` +- `ProjectListResponse: object { data, has_more, object, 2 more }` - Represents an individual `certificate` uploaded to the organization. + - `data: array of Project` - `id: string` The identifier, which can be referenced in API endpoints - - `certificate_details: object { content, expires_at, valid_at }` - - - `content: optional string` - - The content of the certificate in PEM format. - - - `expires_at: optional number` + - `created_at: number` - The Unix timestamp (in seconds) of when the certificate expires. + The Unix timestamp (in seconds) of when the project was created. - - `valid_at: optional number` + - `object: "organization.project"` - The Unix timestamp (in seconds) of when the certificate becomes valid. + The object type, which is always `organization.project` - - `created_at: number` + - `archived_at: optional number` - The Unix timestamp (in seconds) of when the certificate was uploaded. + The Unix timestamp (in seconds) of when the project was archived or `null`. - - `name: string` + - `external_key_id: optional string` - The name of the certificate. + The external key associated with the project. - - `object: "certificate" or "organization.certificate" or "organization.project.certificate"` + - `name: optional string` - The object type. + The name of the project. This appears in reporting. - - If creating, updating, or getting a specific certificate, the object type is `certificate`. - - If listing, activating, or deactivating certificates for the organization, the object type is `organization.certificate`. - - If listing, activating, or deactivating certificates for a project, the object type is `organization.project.certificate`. + - `status: optional string` - - `"certificate"` + `active` or `archived` - - `"organization.certificate"` + - `has_more: boolean` - - `"organization.project.certificate"` + - `object: "list"` - - `active: optional boolean` + - `first_id: optional string` - Whether the certificate is currently active at the specified scope. Not returned when getting details for a specific certificate. + - `last_id: optional string` ### Example ```cli -openai admin:organization:certificates retrieve \ - --admin-api-key 'My Admin API Key' \ - --certificate-id certificate_id +openai admin:organization:projects list \ + --admin-api-key 'My Admin API Key' ``` #### Response ```json { + "data": [ + { "id": "id", - "certificate_details": { - "content": "content", - "expires_at": 0, - "valid_at": 0 - }, "created_at": 0, + "object": "organization.project", + "archived_at": 0, + "external_key_id": "external_key_id", "name": "name", - "object": "certificate", - "active": true + "status": "status" + } + ], + "has_more": true, + "object": "list", + "first_id": "first_id", + "last_id": "last_id" } ``` -## Modify certificate +## Create project -`$ openai admin:organization:certificates update` +`$ openai admin:organization:projects create` -**post** `/organization/certificates/{certificate_id}` +**post** `/organization/projects` -Modify a certificate. Note that only the name can be modified. +Create a new project in the organization. Projects can be created and archived, but cannot be deleted. ### Parameters -- `--certificate-id: string` +- `--name: string` - Unique ID of the certificate to modify. + The friendly name of the project, this name appears in reports. -- `--name: optional string` +- `--external-key-id: optional string` - The updated name for the certificate + External key ID to associate with the project. + +- `--geography: optional string` + + Create the project with the specified data residency region. Your organization must have access to Data residency functionality in order to use. See [data residency controls](https://platform.openai.com/docs/guides/your-data#data-residency-controls) to review the functionality and limitations of setting this field. ### Returns -- `certificate: object { id, certificate_details, created_at, 3 more }` +- `project: object { id, created_at, object, 4 more }` - Represents an individual `certificate` uploaded to the organization. + Represents an individual project. - `id: string` The identifier, which can be referenced in API endpoints - - `certificate_details: object { content, expires_at, valid_at }` - - - `content: optional string` - - The content of the certificate in PEM format. - - - `expires_at: optional number` - - The Unix timestamp (in seconds) of when the certificate expires. - - - `valid_at: optional number` - - The Unix timestamp (in seconds) of when the certificate becomes valid. - - `created_at: number` - The Unix timestamp (in seconds) of when the certificate was uploaded. + The Unix timestamp (in seconds) of when the project was created. - - `name: string` + - `object: "organization.project"` - The name of the certificate. + The object type, which is always `organization.project` - - `object: "certificate" or "organization.certificate" or "organization.project.certificate"` + - `archived_at: optional number` - The object type. + The Unix timestamp (in seconds) of when the project was archived or `null`. - - If creating, updating, or getting a specific certificate, the object type is `certificate`. - - If listing, activating, or deactivating certificates for the organization, the object type is `organization.certificate`. - - If listing, activating, or deactivating certificates for a project, the object type is `organization.project.certificate`. + - `external_key_id: optional string` - - `"certificate"` + The external key associated with the project. - - `"organization.certificate"` + - `name: optional string` - - `"organization.project.certificate"` + The name of the project. This appears in reporting. - - `active: optional boolean` + - `status: optional string` - Whether the certificate is currently active at the specified scope. Not returned when getting details for a specific certificate. + `active` or `archived` ### Example ```cli -openai admin:organization:certificates update \ +openai admin:organization:projects create \ --admin-api-key 'My Admin API Key' \ - --certificate-id certificate_id + --name name ``` #### Response @@ -8182,52 +10065,69 @@ openai admin:organization:certificates update \ ```json { "id": "id", - "certificate_details": { - "content": "content", - "expires_at": 0, - "valid_at": 0 - }, "created_at": 0, + "object": "organization.project", + "archived_at": 0, + "external_key_id": "external_key_id", "name": "name", - "object": "certificate", - "active": true + "status": "status" } ``` -## Delete certificate - -`$ openai admin:organization:certificates delete` +## Retrieve project -**delete** `/organization/certificates/{certificate_id}` +`$ openai admin:organization:projects retrieve` -Delete a certificate from the organization. +**get** `/organization/projects/{project_id}` -The certificate must be inactive for the organization and all projects. +Retrieves a project. ### Parameters -- `--certificate-id: string` +- `--project-id: string` - Unique ID of the certificate to delete. + The ID of the project. ### Returns -- `AdminOrganizationCertificateDeleteResponse: object { id, object }` +- `project: object { id, created_at, object, 4 more }` + + Represents an individual project. - `id: string` - The ID of the certificate that was deleted. + The identifier, which can be referenced in API endpoints - - `object: "certificate.deleted"` + - `created_at: number` - The object type, must be `certificate.deleted`. + The Unix timestamp (in seconds) of when the project was created. + + - `object: "organization.project"` + + The object type, which is always `organization.project` + + - `archived_at: optional number` + + The Unix timestamp (in seconds) of when the project was archived or `null`. + + - `external_key_id: optional string` + + The external key associated with the project. + + - `name: optional string` + + The name of the project. This appears in reporting. + + - `status: optional string` + + `active` or `archived` ### Example ```cli -openai admin:organization:certificates delete \ +openai admin:organization:projects retrieve \ --admin-api-key 'My Admin API Key' \ - --certificate-id certificate_id + --project-id project_id ``` #### Response @@ -8235,247 +10135,222 @@ openai admin:organization:certificates delete \ ```json { "id": "id", - "object": "certificate.deleted" + "created_at": 0, + "object": "organization.project", + "archived_at": 0, + "external_key_id": "external_key_id", + "name": "name", + "status": "status" } ``` -## Activate certificates for organization - -`$ openai admin:organization:certificates activate` +## Modify project -**post** `/organization/certificates/activate` +`$ openai admin:organization:projects update` -Activate certificates at the organization level. +**post** `/organization/projects/{project_id}` -You can atomically and idempotently activate up to 10 certificates at a time. +Modifies a project in the organization. ### Parameters -- `--certificate-id: array of string` +- `--project-id: string` -### Returns + The ID of the project. -- `OrganizationCertificateActivationResponse: object { data, object }` +- `--external-key-id: optional string` - - `data: array of object { id, active, certificate_details, 3 more }` + External key ID to associate with the project. - - `id: string` +- `--geography: optional string` - The identifier, which can be referenced in API endpoints + Geography for the project. - - `active: boolean` +- `--name: optional string` - Whether the certificate is currently active at the organization level. + The updated name of the project, this name appears in reports. - - `certificate_details: object { expires_at, valid_at }` +### Returns - - `expires_at: optional number` +- `project: object { id, created_at, object, 4 more }` - The Unix timestamp (in seconds) of when the certificate expires. + Represents an individual project. - - `valid_at: optional number` + - `id: string` - The Unix timestamp (in seconds) of when the certificate becomes valid. + The identifier, which can be referenced in API endpoints - `created_at: number` - The Unix timestamp (in seconds) of when the certificate was uploaded. + The Unix timestamp (in seconds) of when the project was created. - - `name: string` + - `object: "organization.project"` - The name of the certificate. + The object type, which is always `organization.project` - - `object: "organization.certificate"` + - `archived_at: optional number` - The object type, which is always `organization.certificate`. + The Unix timestamp (in seconds) of when the project was archived or `null`. - - `object: "organization.certificate.activation"` + - `external_key_id: optional string` - The organization certificate activation result type. + The external key associated with the project. + + - `name: optional string` + + The name of the project. This appears in reporting. + + - `status: optional string` + + `active` or `archived` ### Example ```cli -openai admin:organization:certificates activate \ +openai admin:organization:projects update \ --admin-api-key 'My Admin API Key' \ - --certificate-id cert_abc + --project-id project_id ``` #### Response ```json { - "data": [ - { "id": "id", - "active": true, - "certificate_details": { - "expires_at": 0, - "valid_at": 0 - }, "created_at": 0, + "object": "organization.project", + "archived_at": 0, + "external_key_id": "external_key_id", "name": "name", - "object": "organization.certificate" - } - ], - "object": "organization.certificate.activation" + "status": "status" } ``` -## Deactivate certificates for organization - -`$ openai admin:organization:certificates deactivate` +## Archive project -**post** `/organization/certificates/deactivate` +`$ openai admin:organization:projects archive` -Deactivate certificates at the organization level. +**post** `/organization/projects/{project_id}/archive` -You can atomically and idempotently deactivate up to 10 certificates at a time. +Archives a project in the organization. Archived projects cannot be used or updated. ### Parameters -- `--certificate-id: array of string` +- `--project-id: string` + + The ID of the project. ### Returns -- `OrganizationCertificateDeactivationResponse: object { data, object }` +- `project: object { id, created_at, object, 4 more }` - - `data: array of object { id, active, certificate_details, 3 more }` + Represents an individual project. - `id: string` The identifier, which can be referenced in API endpoints - - `active: boolean` - - Whether the certificate is currently active at the organization level. - - - `certificate_details: object { expires_at, valid_at }` - - - `expires_at: optional number` + - `created_at: number` - The Unix timestamp (in seconds) of when the certificate expires. + The Unix timestamp (in seconds) of when the project was created. - - `valid_at: optional number` + - `object: "organization.project"` - The Unix timestamp (in seconds) of when the certificate becomes valid. + The object type, which is always `organization.project` - - `created_at: number` + - `archived_at: optional number` - The Unix timestamp (in seconds) of when the certificate was uploaded. + The Unix timestamp (in seconds) of when the project was archived or `null`. - - `name: string` + - `external_key_id: optional string` - The name of the certificate. + The external key associated with the project. - - `object: "organization.certificate"` + - `name: optional string` - The object type, which is always `organization.certificate`. + The name of the project. This appears in reporting. - - `object: "organization.certificate.deactivation"` + - `status: optional string` - The organization certificate deactivation result type. + `active` or `archived` ### Example ```cli -openai admin:organization:certificates deactivate \ +openai admin:organization:projects archive \ --admin-api-key 'My Admin API Key' \ - --certificate-id cert_abc + --project-id project_id ``` #### Response ```json { - "data": [ - { "id": "id", - "active": true, - "certificate_details": { - "expires_at": 0, - "valid_at": 0 - }, "created_at": 0, + "object": "organization.project", + "archived_at": 0, + "external_key_id": "external_key_id", "name": "name", - "object": "organization.certificate" - } - ], - "object": "organization.certificate.deactivation" + "status": "status" } ``` ## Domain Types -### Certificate +### Project -- `certificate: object { id, certificate_details, created_at, 3 more }` +- `project: object { id, created_at, object, 4 more }` - Represents an individual `certificate` uploaded to the organization. + Represents an individual project. - `id: string` The identifier, which can be referenced in API endpoints - - `certificate_details: object { content, expires_at, valid_at }` - - - `content: optional string` - - The content of the certificate in PEM format. - - - `expires_at: optional number` - - The Unix timestamp (in seconds) of when the certificate expires. - - - `valid_at: optional number` - - The Unix timestamp (in seconds) of when the certificate becomes valid. - - `created_at: number` - The Unix timestamp (in seconds) of when the certificate was uploaded. + The Unix timestamp (in seconds) of when the project was created. - - `name: string` + - `object: "organization.project"` - The name of the certificate. + The object type, which is always `organization.project` - - `object: "certificate" or "organization.certificate" or "organization.project.certificate"` + - `archived_at: optional number` - The object type. + The Unix timestamp (in seconds) of when the project was archived or `null`. - - If creating, updating, or getting a specific certificate, the object type is `certificate`. - - If listing, activating, or deactivating certificates for the organization, the object type is `organization.certificate`. - - If listing, activating, or deactivating certificates for a project, the object type is `organization.project.certificate`. + - `external_key_id: optional string` - - `"certificate"` + The external key associated with the project. - - `"organization.certificate"` + - `name: optional string` - - `"organization.project.certificate"` + The name of the project. This appears in reporting. - - `active: optional boolean` + - `status: optional string` - Whether the certificate is currently active at the specified scope. Not returned when getting details for a specific certificate. + `active` or `archived` -# Projects +# Users -## List projects +## List project users -`$ openai admin:organization:projects list` +`$ openai admin:organization:projects:users list` -**get** `/organization/projects` +**get** `/organization/projects/{project_id}/users` -Returns a list of projects. +Returns a list of users in the project. ### Parameters -- `--after: optional string` +- `--project-id: string` - A cursor for use in pagination. `after` is an object ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, ending with obj_foo, your subsequent call can include after=obj_foo in order to fetch the next page of the list. + The ID of the project. -- `--include-archived: optional boolean` +- `--after: optional string` - If `true` returns all projects including those that have been `archived`. Archived projects are not included by default. + A cursor for use in pagination. `after` is an object ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, ending with obj_foo, your subsequent call can include after=obj_foo in order to fetch the next page of the list. - `--limit: optional number` @@ -8483,41 +10358,37 @@ Returns a list of projects. ### Returns -- `ProjectListResponse: object { data, has_more, object, 2 more }` +- `ProjectUserListResponse: object { data, has_more, object, 2 more }` - - `data: array of Project` + - `data: array of ProjectUser` - `id: string` The identifier, which can be referenced in API endpoints - - `created_at: number` + - `added_at: number` - The Unix timestamp (in seconds) of when the project was created. + The Unix timestamp (in seconds) of when the project was added. - - `object: "organization.project"` + - `object: "organization.project.user"` - The object type, which is always `organization.project` + The object type, which is always `organization.project.user` - - `archived_at: optional number` + - `role: string` - The Unix timestamp (in seconds) of when the project was archived or `null`. + `owner` or `member` - - `external_key_id: optional string` + - `email: optional string` - The external key associated with the project. + The email address of the user - `name: optional string` - The name of the project. This appears in reporting. - - - `status: optional string` - - `active` or `archived` + The name of the user - `has_more: boolean` - - `object: "list"` + - `object: string` - `first_id: optional string` @@ -8526,8 +10397,9 @@ Returns a list of projects. ### Example ```cli -openai admin:organization:projects list \ - --admin-api-key 'My Admin API Key' +openai admin:organization:projects:users list \ + --admin-api-key 'My Admin API Key' \ + --project-id project_id ``` #### Response @@ -8537,83 +10409,83 @@ openai admin:organization:projects list \ "data": [ { "id": "id", - "created_at": 0, - "object": "organization.project", - "archived_at": 0, - "external_key_id": "external_key_id", - "name": "name", - "status": "status" + "added_at": 0, + "object": "organization.project.user", + "role": "role", + "email": "email", + "name": "name" } ], "has_more": true, - "object": "list", + "object": "object", "first_id": "first_id", "last_id": "last_id" } ``` -## Create project +## Create project user -`$ openai admin:organization:projects create` +`$ openai admin:organization:projects:users create` -**post** `/organization/projects` +**post** `/organization/projects/{project_id}/users` -Create a new project in the organization. Projects can be created and archived, but cannot be deleted. +Adds a user to the project. Users must already be members of the organization to be added to a project. ### Parameters -- `--name: string` +- `--project-id: string` - The friendly name of the project, this name appears in reports. + The ID of the project. -- `--external-key-id: optional string` +- `--role: string` - External key ID to associate with the project. + `owner` or `member` -- `--geography: optional string` +- `--email: optional string` - Create the project with the specified data residency region. Your organization must have access to Data residency functionality in order to use. See [data residency controls](https://platform.openai.com/docs/guides/your-data#data-residency-controls) to review the functionality and limitations of setting this field. + Email of the user to add. + +- `--user-id: optional string` + + The ID of the user. ### Returns -- `project: object { id, created_at, object, 4 more }` +- `project_user: object { id, added_at, object, 3 more }` - Represents an individual project. + Represents an individual user in a project. - `id: string` The identifier, which can be referenced in API endpoints - - `created_at: number` + - `added_at: number` - The Unix timestamp (in seconds) of when the project was created. + The Unix timestamp (in seconds) of when the project was added. - - `object: "organization.project"` + - `object: "organization.project.user"` - The object type, which is always `organization.project` + The object type, which is always `organization.project.user` - - `archived_at: optional number` + - `role: string` - The Unix timestamp (in seconds) of when the project was archived or `null`. + `owner` or `member` - - `external_key_id: optional string` + - `email: optional string` - The external key associated with the project. + The email address of the user - `name: optional string` - The name of the project. This appears in reporting. - - - `status: optional string` - - `active` or `archived` + The name of the user ### Example ```cli -openai admin:organization:projects create \ +openai admin:organization:projects:users create \ --admin-api-key 'My Admin API Key' \ - --name name + --project-id project_id \ + --role role ``` #### Response @@ -8621,22 +10493,21 @@ openai admin:organization:projects create \ ```json { "id": "id", - "created_at": 0, - "object": "organization.project", - "archived_at": 0, - "external_key_id": "external_key_id", - "name": "name", - "status": "status" + "added_at": 0, + "object": "organization.project.user", + "role": "role", + "email": "email", + "name": "name" } ``` -## Retrieve project +## Retrieve project user -`$ openai admin:organization:projects retrieve` +`$ openai admin:organization:projects:users retrieve` -**get** `/organization/projects/{project_id}` +**get** `/organization/projects/{project_id}/users/{user_id}` -Retrieves a project. +Retrieves a user in the project. ### Parameters @@ -8644,46 +10515,47 @@ Retrieves a project. The ID of the project. +- `--user-id: string` + + The ID of the user. + ### Returns -- `project: object { id, created_at, object, 4 more }` +- `project_user: object { id, added_at, object, 3 more }` - Represents an individual project. + Represents an individual user in a project. - `id: string` The identifier, which can be referenced in API endpoints - - `created_at: number` + - `added_at: number` - The Unix timestamp (in seconds) of when the project was created. + The Unix timestamp (in seconds) of when the project was added. - - `object: "organization.project"` + - `object: "organization.project.user"` - The object type, which is always `organization.project` + The object type, which is always `organization.project.user` - - `archived_at: optional number` + - `role: string` - The Unix timestamp (in seconds) of when the project was archived or `null`. + `owner` or `member` - - `external_key_id: optional string` + - `email: optional string` - The external key associated with the project. + The email address of the user - `name: optional string` - The name of the project. This appears in reporting. - - - `status: optional string` - - `active` or `archived` + The name of the user ### Example ```cli -openai admin:organization:projects retrieve \ +openai admin:organization:projects:users retrieve \ --admin-api-key 'My Admin API Key' \ - --project-id project_id + --project-id project_id \ + --user-id user_id ``` #### Response @@ -8691,22 +10563,21 @@ openai admin:organization:projects retrieve \ ```json { "id": "id", - "created_at": 0, - "object": "organization.project", - "archived_at": 0, - "external_key_id": "external_key_id", - "name": "name", - "status": "status" + "added_at": 0, + "object": "organization.project.user", + "role": "role", + "email": "email", + "name": "name" } ``` -## Modify project +## Modify project user -`$ openai admin:organization:projects update` +`$ openai admin:organization:projects:users update` -**post** `/organization/projects/{project_id}` +**post** `/organization/projects/{project_id}/users/{user_id}` -Modifies a project in the organization. +Modifies a user's role in the project. ### Parameters @@ -8714,128 +10585,104 @@ Modifies a project in the organization. The ID of the project. -- `--external-key-id: optional string` - - External key ID to associate with the project. - -- `--geography: optional string` +- `--user-id: string` - Geography for the project. + The ID of the user. -- `--name: optional string` +- `--role: optional string` - The updated name of the project, this name appears in reports. + `owner` or `member` ### Returns -- `project: object { id, created_at, object, 4 more }` +- `project_user: object { id, added_at, object, 3 more }` - Represents an individual project. + Represents an individual user in a project. - `id: string` The identifier, which can be referenced in API endpoints - - `created_at: number` + - `added_at: number` - The Unix timestamp (in seconds) of when the project was created. + The Unix timestamp (in seconds) of when the project was added. - - `object: "organization.project"` + - `object: "organization.project.user"` - The object type, which is always `organization.project` + The object type, which is always `organization.project.user` - - `archived_at: optional number` + - `role: string` - The Unix timestamp (in seconds) of when the project was archived or `null`. + `owner` or `member` - - `external_key_id: optional string` + - `email: optional string` - The external key associated with the project. + The email address of the user - `name: optional string` - The name of the project. This appears in reporting. - - - `status: optional string` - - `active` or `archived` + The name of the user ### Example ```cli -openai admin:organization:projects update \ +openai admin:organization:projects:users update \ --admin-api-key 'My Admin API Key' \ - --project-id project_id + --project-id project_id \ + --user-id user_id ``` #### Response -```json -{ - "id": "id", - "created_at": 0, - "object": "organization.project", - "archived_at": 0, - "external_key_id": "external_key_id", - "name": "name", - "status": "status" -} -``` - -## Archive project - -`$ openai admin:organization:projects archive` - -**post** `/organization/projects/{project_id}/archive` - -Archives a project in the organization. Archived projects cannot be used or updated. - -### Parameters - -- `--project-id: string` - - The ID of the project. - -### Returns - -- `project: object { id, created_at, object, 4 more }` +```json +{ + "id": "id", + "added_at": 0, + "object": "organization.project.user", + "role": "role", + "email": "email", + "name": "name" +} +``` - Represents an individual project. +## Delete project user - - `id: string` +`$ openai admin:organization:projects:users delete` - The identifier, which can be referenced in API endpoints +**delete** `/organization/projects/{project_id}/users/{user_id}` - - `created_at: number` +Deletes a user from the project. - The Unix timestamp (in seconds) of when the project was created. +Returns confirmation of project user deletion, or an error if the project is +archived (archived projects have no users). - - `object: "organization.project"` +### Parameters - The object type, which is always `organization.project` +- `--project-id: string` - - `archived_at: optional number` + The ID of the project. - The Unix timestamp (in seconds) of when the project was archived or `null`. +- `--user-id: string` - - `external_key_id: optional string` + The ID of the user. - The external key associated with the project. +### Returns - - `name: optional string` +- `AdminOrganizationProjectUserDeleteResponse: object { id, deleted, object }` - The name of the project. This appears in reporting. + - `id: string` - - `status: optional string` + - `deleted: boolean` - `active` or `archived` + - `object: "organization.project.user.deleted"` ### Example ```cli -openai admin:organization:projects archive \ +openai admin:organization:projects:users delete \ --admin-api-key 'My Admin API Key' \ - --project-id project_id + --project-id project_id \ + --user-id user_id ``` #### Response @@ -8843,119 +10690,148 @@ openai admin:organization:projects archive \ ```json { "id": "id", - "created_at": 0, - "object": "organization.project", - "archived_at": 0, - "external_key_id": "external_key_id", - "name": "name", - "status": "status" + "deleted": true, + "object": "organization.project.user.deleted" } ``` ## Domain Types -### Project +### Project User -- `project: object { id, created_at, object, 4 more }` +- `project_user: object { id, added_at, object, 3 more }` - Represents an individual project. + Represents an individual user in a project. - `id: string` The identifier, which can be referenced in API endpoints - - `created_at: number` + - `added_at: number` - The Unix timestamp (in seconds) of when the project was created. + The Unix timestamp (in seconds) of when the project was added. - - `object: "organization.project"` + - `object: "organization.project.user"` - The object type, which is always `organization.project` + The object type, which is always `organization.project.user` - - `archived_at: optional number` + - `role: string` - The Unix timestamp (in seconds) of when the project was archived or `null`. + `owner` or `member` - - `external_key_id: optional string` + - `email: optional string` - The external key associated with the project. + The email address of the user - `name: optional string` - The name of the project. This appears in reporting. - - - `status: optional string` - - `active` or `archived` + The name of the user -# Users +# Roles -## List project users +## List project user role assignments -`$ openai admin:organization:projects:users list` +`$ openai admin:organization:projects:users:roles list` -**get** `/organization/projects/{project_id}/users` +**get** `/projects/{project_id}/users/{user_id}/roles` -Returns a list of users in the project. +Lists the project roles assigned to a user within a project. ### Parameters - `--project-id: string` - The ID of the project. + The ID of the project to inspect. + +- `--user-id: string` + + The ID of the user to inspect. - `--after: optional string` - A cursor for use in pagination. `after` is an object ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, ending with obj_foo, your subsequent call can include after=obj_foo in order to fetch the next page of the list. + Cursor for pagination. Provide the value from the previous response's `next` field to continue listing project roles. - `--limit: optional number` - A limit on the number of objects to be returned. Limit can range between 1 and 100, and the default is 20. + A limit on the number of project role assignments to return. + +- `--order: optional "asc" or "desc"` + + Sort order for the returned project roles. ### Returns -- `ProjectUserListResponse: object { data, has_more, object, 2 more }` +- `RoleListResource: object { data, has_more, next, object }` - - `data: array of ProjectUser` + Paginated list of roles assigned to a principal. + + - `data: array of object { id, created_at, created_by, 8 more }` + + Role assignments returned in the current page. - `id: string` - The identifier, which can be referenced in API endpoints + Identifier for the role. - - `added_at: number` + - `created_at: number` - The Unix timestamp (in seconds) of when the project was added. + When the role was created. - - `object: "organization.project.user"` + - `created_by: string` - The object type, which is always `organization.project.user` + Identifier of the actor who created the role. - - `role: string` + - `created_by_user_obj: map[unknown]` - `owner` or `member` + User details for the actor that created the role, when available. - - `email: optional string` + - `description: string` - The email address of the user + Description of the role. - - `name: optional string` + - `metadata: map[unknown]` - The name of the user + Arbitrary metadata stored on the role. + + - `name: string` + + Name of the role. + + - `permissions: array of string` + + Permissions associated with the role. + + - `predefined_role: boolean` + + Whether the role is predefined by OpenAI. + + - `resource_type: string` + + Resource type the role applies to. + + - `updated_at: number` + + When the role was last updated. - `has_more: boolean` - - `object: string` + Whether additional assignments are available when paginating. - - `first_id: optional string` + - `next: string` - - `last_id: optional string` + Cursor to fetch the next page of results, or `null` when there are no more assignments. + + - `object: "list"` + + Always `list`. ### Example ```cli -openai admin:organization:projects:users list \ +openai admin:organization:projects:users:roles list \ --admin-api-key 'My Admin API Key' \ - --project-id project_id + --project-id project_id \ + --user-id user_id ``` #### Response @@ -8965,121 +10841,97 @@ openai admin:organization:projects:users list \ "data": [ { "id": "id", - "added_at": 0, - "object": "organization.project.user", - "role": "role", - "email": "email", - "name": "name" + "created_at": 0, + "created_by": "created_by", + "created_by_user_obj": { + "foo": "bar" + }, + "description": "description", + "metadata": { + "foo": "bar" + }, + "name": "name", + "permissions": [ + "string" + ], + "predefined_role": true, + "resource_type": "resource_type", + "updated_at": 0 } ], "has_more": true, - "object": "object", - "first_id": "first_id", - "last_id": "last_id" + "next": "next", + "object": "list" } ``` -## Create project user +## Assign project role to user -`$ openai admin:organization:projects:users create` +`$ openai admin:organization:projects:users:roles create` -**post** `/organization/projects/{project_id}/users` +**post** `/projects/{project_id}/users/{user_id}/roles` -Adds a user to the project. Users must already be members of the organization to be added to a project. +Assigns a project role to a user within a project. ### Parameters - `--project-id: string` - The ID of the project. - -- `--role: string` - - `owner` or `member` + The ID of the project to update. -- `--email: optional string` +- `--user-id: string` - Email of the user to add. + The ID of the user that should receive the project role. -- `--user-id: optional string` +- `--role-id: string` - The ID of the user. + Identifier of the role to assign. ### Returns -- `project_user: object { id, added_at, object, 3 more }` - - Represents an individual user in a project. - - - `id: string` - - The identifier, which can be referenced in API endpoints - - - `added_at: number` - - The Unix timestamp (in seconds) of when the project was added. - - - `object: "organization.project.user"` - - The object type, which is always `organization.project.user` - - - `role: string` - - `owner` or `member` +- `AdminOrganizationProjectUserRoleNewResponse: object { object, role, user }` - - `email: optional string` + Role assignment linking a user to a role. - The email address of the user + - `object: "user.role"` - - `name: optional string` + Always `user.role`. - The name of the user + - `role: object { id, description, name, 4 more }` -### Example + Details about a role that can be assigned through the public Roles API. -```cli -openai admin:organization:projects:users create \ - --admin-api-key 'My Admin API Key' \ - --project-id project_id \ - --role role -``` + - `id: string` -#### Response + Identifier for the role. -```json -{ - "id": "id", - "added_at": 0, - "object": "organization.project.user", - "role": "role", - "email": "email", - "name": "name" -} -``` + - `description: string` -## Retrieve project user + Optional description of the role. -`$ openai admin:organization:projects:users retrieve` + - `name: string` -**get** `/organization/projects/{project_id}/users/{user_id}` + Unique name for the role. -Retrieves a user in the project. + - `object: "role"` -### Parameters + Always `role`. -- `--project-id: string` + - `permissions: array of string` - The ID of the project. + Permissions granted by the role. -- `--user-id: string` + - `predefined_role: boolean` - The ID of the user. + Whether the role is predefined and managed by OpenAI. -### Returns + - `resource_type: string` -- `project_user: object { id, added_at, object, 3 more }` + Resource type the role is bound to (for example `api.organization` or `api.project`). - Represents an individual user in a project. + - `user: object { id, added_at, object, 13 more }` + + Represents an individual `user` within an organization. - `id: string` @@ -9087,307 +10939,278 @@ Retrieves a user in the project. - `added_at: number` - The Unix timestamp (in seconds) of when the project was added. + The Unix timestamp (in seconds) of when the user was added. - - `object: "organization.project.user"` + - `object: "organization.user"` - The object type, which is always `organization.project.user` + The object type, which is always `organization.user` - - `role: string` + - `api_key_last_used_at: optional number` - `owner` or `member` + The Unix timestamp (in seconds) of the user's last API key usage. + + - `created: optional number` + + The Unix timestamp (in seconds) of when the user was created. + + - `developer_persona: optional string` + + The developer persona metadata for the user. - `email: optional string` The email address of the user - - `name: optional string` - - The name of the user + - `is_default: optional boolean` -### Example + Whether this is the organization's default user. -```cli -openai admin:organization:projects:users retrieve \ - --admin-api-key 'My Admin API Key' \ - --project-id project_id \ - --user-id user_id -``` + - `is_scale_tier_authorized_purchaser: optional boolean` -#### Response + Whether the user is an authorized purchaser for Scale Tier. -```json -{ - "id": "id", - "added_at": 0, - "object": "organization.project.user", - "role": "role", - "email": "email", - "name": "name" -} -``` + - `is_scim_managed: optional boolean` -## Modify project user + Whether the user is managed through SCIM. -`$ openai admin:organization:projects:users update` + - `is_service_account: optional boolean` -**post** `/organization/projects/{project_id}/users/{user_id}` + Whether the user is a service account. -Modifies a user's role in the project. + - `name: optional string` -### Parameters + The name of the user -- `--project-id: string` + - `projects: optional object { data, object }` - The ID of the project. + Projects associated with the user, if included. -- `--user-id: string` + - `data: array of object { id, name, role }` - The ID of the user. + - `id: optional string` -- `--role: optional string` + - `name: optional string` - `owner` or `member` + - `role: optional string` -### Returns + - `object: "list"` -- `project_user: object { id, added_at, object, 3 more }` + - `role: optional string` - Represents an individual user in a project. + `owner` or `reader` - - `id: string` + - `technical_level: optional string` - The identifier, which can be referenced in API endpoints + The technical level metadata for the user. - - `added_at: number` + - `user: optional object { id, object, banned, 5 more }` - The Unix timestamp (in seconds) of when the project was added. + Nested user details. - - `object: "organization.project.user"` + - `id: string` - The object type, which is always `organization.project.user` + - `object: "user"` - - `role: string` + - `banned: optional boolean` - `owner` or `member` + - `banned_at: optional number` - `email: optional string` - The email address of the user + - `enabled: optional boolean` - `name: optional string` - The name of the user + - `picture: optional string` ### Example ```cli -openai admin:organization:projects:users update \ +openai admin:organization:projects:users:roles create \ --admin-api-key 'My Admin API Key' \ --project-id project_id \ - --user-id user_id + --user-id user_id \ + --role-id role_id ``` #### Response ```json { + "object": "user.role", + "role": { + "id": "id", + "description": "description", + "name": "name", + "object": "role", + "permissions": [ + "string" + ], + "predefined_role": true, + "resource_type": "resource_type" + }, + "user": { "id": "id", "added_at": 0, - "object": "organization.project.user", + "object": "organization.user", + "api_key_last_used_at": 0, + "created": 0, + "developer_persona": "developer_persona", + "email": "email", + "is_default": true, + "is_scale_tier_authorized_purchaser": true, + "is_scim_managed": true, + "is_service_account": true, + "name": "name", + "projects": { + "data": [ + { + "id": "id", + "name": "name", + "role": "role" + } + ], + "object": "list" + }, "role": "role", + "technical_level": "technical_level", + "user": { + "id": "id", + "object": "user", + "banned": true, + "banned_at": 0, "email": "email", - "name": "name" + "enabled": true, + "name": "name", + "picture": "picture" + } + } } ``` -## Delete project user - -`$ openai admin:organization:projects:users delete` +## Unassign project role from user -**delete** `/organization/projects/{project_id}/users/{user_id}` +`$ openai admin:organization:projects:users:roles delete` -Deletes a user from the project. +**delete** `/projects/{project_id}/users/{user_id}/roles/{role_id}` -Returns confirmation of project user deletion, or an error if the project is -archived (archived projects have no users). +Unassigns a project role from a user within a project. ### Parameters - `--project-id: string` - The ID of the project. + The ID of the project to modify. - `--user-id: string` - The ID of the user. + The ID of the user whose project role assignment should be removed. + +- `--role-id: string` + + The ID of the project role to remove from the user. ### Returns -- `AdminOrganizationProjectUserDeleteResponse: object { id, deleted, object }` +- `AdminOrganizationProjectUserRoleDeleteResponse: object { deleted, object }` - - `id: string` + Confirmation payload returned after unassigning a role. - `deleted: boolean` - - `object: "organization.project.user.deleted"` + Whether the assignment was removed. + + - `object: string` + + Identifier for the deleted assignment, such as `group.role.deleted` or `user.role.deleted`. ### Example ```cli -openai admin:organization:projects:users delete \ +openai admin:organization:projects:users:roles delete \ --admin-api-key 'My Admin API Key' \ --project-id project_id \ - --user-id user_id + --user-id user_id \ + --role-id role_id ``` #### Response ```json { - "id": "id", "deleted": true, - "object": "organization.project.user.deleted" + "object": "object" } ``` -## Domain Types - -### Project User - -- `project_user: object { id, added_at, object, 3 more }` - - Represents an individual user in a project. - - - `id: string` - - The identifier, which can be referenced in API endpoints - - - `added_at: number` - - The Unix timestamp (in seconds) of when the project was added. - - - `object: "organization.project.user"` - - The object type, which is always `organization.project.user` - - - `role: string` - - `owner` or `member` - - - `email: optional string` - - The email address of the user - - - `name: optional string` - - The name of the user - -# Roles +# Service Accounts -## List project user role assignments +## List project service accounts -`$ openai admin:organization:projects:users:roles list` +`$ openai admin:organization:projects:service-accounts list` -**get** `/projects/{project_id}/users/{user_id}/roles` +**get** `/organization/projects/{project_id}/service_accounts` -Lists the project roles assigned to a user within a project. +Returns a list of service accounts in the project. ### Parameters - `--project-id: string` - The ID of the project to inspect. - -- `--user-id: string` - - The ID of the user to inspect. + The ID of the project. - `--after: optional string` - Cursor for pagination. Provide the value from the previous response's `next` field to continue listing project roles. + A cursor for use in pagination. `after` is an object ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, ending with obj_foo, your subsequent call can include after=obj_foo in order to fetch the next page of the list. - `--limit: optional number` - A limit on the number of project role assignments to return. - -- `--order: optional "asc" or "desc"` - - Sort order for the returned project roles. + A limit on the number of objects to be returned. Limit can range between 1 and 100, and the default is 20. ### Returns -- `RoleListResource: object { data, has_more, next, object }` - - Paginated list of roles assigned to a principal. - - - `data: array of object { id, created_at, created_by, 8 more }` +- `ProjectServiceAccountListResponse: object { data, has_more, object, 2 more }` - Role assignments returned in the current page. + - `data: array of ProjectServiceAccount` - `id: string` - Identifier for the role. + The identifier, which can be referenced in API endpoints - `created_at: number` - When the role was created. - - - `created_by: string` - - Identifier of the actor who created the role. - - - `created_by_user_obj: map[unknown]` - - User details for the actor that created the role, when available. - - - `description: string` - - Description of the role. - - - `metadata: map[unknown]` - - Arbitrary metadata stored on the role. + The Unix timestamp (in seconds) of when the service account was created - `name: string` - Name of the role. - - - `permissions: array of string` - - Permissions associated with the role. + The name of the service account - - `predefined_role: boolean` + - `object: "organization.project.service_account"` - Whether the role is predefined by OpenAI. + The object type, which is always `organization.project.service_account` - - `resource_type: string` + - `role: "owner" or "member"` - Resource type the role applies to. + `owner` or `member` - - `updated_at: number` + - `"owner"` - When the role was last updated. + - `"member"` - `has_more: boolean` - Whether additional assignments are available when paginating. - - - `next: string` - - Cursor to fetch the next page of results, or `null` when there are no more assignments. - - `object: "list"` - Always `list`. + - `first_id: optional string` + + - `last_id: optional string` ### Example ```cli -openai admin:organization:projects:users:roles list \ +openai admin:organization:projects:service-accounts list \ --admin-api-key 'My Admin API Key' \ - --project-id project_id \ - --user-id user_id + --project-id project_id ``` #### Response @@ -9398,316 +11221,254 @@ openai admin:organization:projects:users:roles list \ { "id": "id", "created_at": 0, - "created_by": "created_by", - "created_by_user_obj": { - "foo": "bar" - }, - "description": "description", - "metadata": { - "foo": "bar" - }, "name": "name", - "permissions": [ - "string" - ], - "predefined_role": true, - "resource_type": "resource_type", - "updated_at": 0 + "object": "organization.project.service_account", + "role": "owner" } ], "has_more": true, - "next": "next", - "object": "list" + "object": "list", + "first_id": "first_id", + "last_id": "last_id" } ``` -## Assign project role to user +## Create project service account -`$ openai admin:organization:projects:users:roles create` +`$ openai admin:organization:projects:service-accounts create` -**post** `/projects/{project_id}/users/{user_id}/roles` +**post** `/organization/projects/{project_id}/service_accounts` -Assigns a project role to a user within a project. +Creates a new service account in the project. This also returns an unredacted API key for the service account. ### Parameters - `--project-id: string` - The ID of the project to update. - -- `--user-id: string` - - The ID of the user that should receive the project role. + The ID of the project. -- `--role-id: string` +- `--name: string` - Identifier of the role to assign. + The name of the service account being created. ### Returns -- `AdminOrganizationProjectUserRoleNewResponse: object { object, role, user }` - - Role assignment linking a user to a role. - - - `object: "user.role"` - - Always `user.role`. - - - `role: object { id, description, name, 4 more }` - - Details about a role that can be assigned through the public Roles API. +- `AdminOrganizationProjectServiceAccountNewResponse: object { id, api_key, created_at, 3 more }` - `id: string` - Identifier for the role. - - - `description: string` - - Optional description of the role. - - - `name: string` - - Unique name for the role. - - - `object: "role"` - - Always `role`. - - - `permissions: array of string` - - Permissions granted by the role. - - - `predefined_role: boolean` - - Whether the role is predefined and managed by OpenAI. - - - `resource_type: string` - - Resource type the role is bound to (for example `api.organization` or `api.project`). - - - `user: object { id, added_at, object, 13 more }` - - Represents an individual `user` within an organization. + - `api_key: object { id, created_at, name, 2 more }` - `id: string` - The identifier, which can be referenced in API endpoints - - - `added_at: number` - - The Unix timestamp (in seconds) of when the user was added. - - - `object: "organization.user"` - - The object type, which is always `organization.user` - - - `api_key_last_used_at: optional number` - - The Unix timestamp (in seconds) of the user's last API key usage. + - `created_at: number` - - `created: optional number` + - `name: string` - The Unix timestamp (in seconds) of when the user was created. + - `object: "organization.project.service_account.api_key"` - - `developer_persona: optional string` + The object type, which is always `organization.project.service_account.api_key` - The developer persona metadata for the user. + - `value: string` - - `email: optional string` + - `created_at: number` - The email address of the user + - `name: string` - - `is_default: optional boolean` + - `object: "organization.project.service_account"` - Whether this is the organization's default user. + - `role: "member"` - - `is_scale_tier_authorized_purchaser: optional boolean` + Service accounts can only have one role of type `member` - Whether the user is an authorized purchaser for Scale Tier. +### Example - - `is_scim_managed: optional boolean` +```cli +openai admin:organization:projects:service-accounts create \ + --admin-api-key 'My Admin API Key' \ + --project-id project_id \ + --name name +``` - Whether the user is managed through SCIM. +#### Response - - `is_service_account: optional boolean` +```json +{ + "id": "id", + "api_key": { + "id": "id", + "created_at": 0, + "name": "name", + "object": "organization.project.service_account.api_key", + "value": "value" + }, + "created_at": 0, + "name": "name", + "object": "organization.project.service_account", + "role": "member" +} +``` - Whether the user is a service account. +## Retrieve project service account - - `name: optional string` +`$ openai admin:organization:projects:service-accounts retrieve` - The name of the user +**get** `/organization/projects/{project_id}/service_accounts/{service_account_id}` - - `projects: optional object { data, object }` +Retrieves a service account in the project. - Projects associated with the user, if included. +### Parameters - - `data: array of object { id, name, role }` +- `--project-id: string` - - `id: optional string` + The ID of the project. - - `name: optional string` +- `--service-account-id: string` - - `role: optional string` + The ID of the service account. - - `object: "list"` +### Returns - - `role: optional string` +- `project_service_account: object { id, created_at, name, 2 more }` - `owner` or `reader` + Represents an individual service account in a project. - - `technical_level: optional string` + - `id: string` - The technical level metadata for the user. + The identifier, which can be referenced in API endpoints - - `user: optional object { id, object, banned, 5 more }` + - `created_at: number` - Nested user details. + The Unix timestamp (in seconds) of when the service account was created - - `id: string` + - `name: string` - - `object: "user"` + The name of the service account - - `banned: optional boolean` + - `object: "organization.project.service_account"` - - `banned_at: optional number` + The object type, which is always `organization.project.service_account` - - `email: optional string` + - `role: "owner" or "member"` - - `enabled: optional boolean` + `owner` or `member` - - `name: optional string` + - `"owner"` - - `picture: optional string` + - `"member"` ### Example ```cli -openai admin:organization:projects:users:roles create \ +openai admin:organization:projects:service-accounts retrieve \ --admin-api-key 'My Admin API Key' \ --project-id project_id \ - --user-id user_id \ - --role-id role_id + --service-account-id service_account_id ``` #### Response ```json { - "object": "user.role", - "role": { - "id": "id", - "description": "description", - "name": "name", - "object": "role", - "permissions": [ - "string" - ], - "predefined_role": true, - "resource_type": "resource_type" - }, - "user": { "id": "id", - "added_at": 0, - "object": "organization.user", - "api_key_last_used_at": 0, - "created": 0, - "developer_persona": "developer_persona", - "email": "email", - "is_default": true, - "is_scale_tier_authorized_purchaser": true, - "is_scim_managed": true, - "is_service_account": true, - "name": "name", - "projects": { - "data": [ - { - "id": "id", - "name": "name", - "role": "role" - } - ], - "object": "list" - }, - "role": "role", - "technical_level": "technical_level", - "user": { - "id": "id", - "object": "user", - "banned": true, - "banned_at": 0, - "email": "email", - "enabled": true, + "created_at": 0, "name": "name", - "picture": "picture" - } - } + "object": "organization.project.service_account", + "role": "owner" } ``` -## Unassign project role from user +## Delete project service account -`$ openai admin:organization:projects:users:roles delete` +`$ openai admin:organization:projects:service-accounts delete` -**delete** `/projects/{project_id}/users/{user_id}/roles/{role_id}` +**delete** `/organization/projects/{project_id}/service_accounts/{service_account_id}` -Unassigns a project role from a user within a project. +Deletes a service account from the project. + +Returns confirmation of service account deletion, or an error if the project +is archived (archived projects have no service accounts). ### Parameters - `--project-id: string` - The ID of the project to modify. - -- `--user-id: string` - - The ID of the user whose project role assignment should be removed. + The ID of the project. -- `--role-id: string` +- `--service-account-id: string` - The ID of the project role to remove from the user. + The ID of the service account. ### Returns -- `AdminOrganizationProjectUserRoleDeleteResponse: object { deleted, object }` +- `AdminOrganizationProjectServiceAccountDeleteResponse: object { id, deleted, object }` - Confirmation payload returned after unassigning a role. + - `id: string` - `deleted: boolean` - Whether the assignment was removed. - - - `object: string` - - Identifier for the deleted assignment, such as `group.role.deleted` or `user.role.deleted`. + - `object: "organization.project.service_account.deleted"` ### Example ```cli -openai admin:organization:projects:users:roles delete \ +openai admin:organization:projects:service-accounts delete \ --admin-api-key 'My Admin API Key' \ --project-id project_id \ - --user-id user_id \ - --role-id role_id + --service-account-id service_account_id ``` #### Response ```json { + "id": "id", "deleted": true, - "object": "object" + "object": "organization.project.service_account.deleted" } ``` -# Service Accounts +## Domain Types -## List project service accounts +### Project Service Account -`$ openai admin:organization:projects:service-accounts list` +- `project_service_account: object { id, created_at, name, 2 more }` -**get** `/organization/projects/{project_id}/service_accounts` + Represents an individual service account in a project. -Returns a list of service accounts in the project. + - `id: string` + + The identifier, which can be referenced in API endpoints + + - `created_at: number` + + The Unix timestamp (in seconds) of when the service account was created + + - `name: string` + + The name of the service account + + - `object: "organization.project.service_account"` + + The object type, which is always `organization.project.service_account` + + - `role: "owner" or "member"` + + `owner` or `member` + + - `"owner"` + + - `"member"` + +# API Keys + +## List project API keys + +`$ openai admin:organization:projects:api-keys list` + +**get** `/organization/projects/{project_id}/api_keys` + +Returns a list of API keys in the project. ### Parameters @@ -9725,9 +11486,9 @@ Returns a list of service accounts in the project. ### Returns -- `ProjectServiceAccountListResponse: object { data, has_more, object, 2 more }` +- `ProjectApiKeyListResponse: object { data, has_more, object, 2 more }` - - `data: array of ProjectServiceAccount` + - `data: array of ProjectAPIKey` - `id: string` @@ -9735,23 +11496,77 @@ Returns a list of service accounts in the project. - `created_at: number` - The Unix timestamp (in seconds) of when the service account was created + The Unix timestamp (in seconds) of when the API key was created + + - `last_used_at: number` + + The Unix timestamp (in seconds) of when the API key was last used. - `name: string` - The name of the service account + The name of the API key - - `object: "organization.project.service_account"` + - `object: "organization.project.api_key"` - The object type, which is always `organization.project.service_account` + The object type, which is always `organization.project.api_key` - - `role: "owner" or "member"` + - `owner: object { service_account, type, user }` - `owner` or `member` + - `service_account: optional object { id, created_at, name, role }` - - `"owner"` + The service account that owns a project API key. - - `"member"` + - `id: string` + + The identifier, which can be referenced in API endpoints + + - `created_at: number` + + The Unix timestamp (in seconds) of when the service account was created. + + - `name: string` + + The name of the service account. + + - `role: string` + + The service account's project role. + + - `type: optional "user" or "service_account"` + + `user` or `service_account` + + - `"user"` + + - `"service_account"` + + - `user: optional object { id, created_at, email, 2 more }` + + The user that owns a project API key. + + - `id: string` + + The identifier, which can be referenced in API endpoints + + - `created_at: number` + + The Unix timestamp (in seconds) of when the user was created. + + - `email: string` + + The email address of the user. + + - `name: string` + + The name of the user. + + - `role: string` + + The user's project role. + + - `redacted_value: string` + + The redacted value of the API key - `has_more: boolean` @@ -9764,7 +11579,7 @@ Returns a list of service accounts in the project. ### Example ```cli -openai admin:organization:projects:service-accounts list \ +openai admin:organization:projects:api-keys list \ --admin-api-key 'My Admin API Key' \ --project-id project_id ``` @@ -9777,9 +11592,26 @@ openai admin:organization:projects:service-accounts list \ { "id": "id", "created_at": 0, + "last_used_at": 0, "name": "name", - "object": "organization.project.service_account", - "role": "owner" + "object": "organization.project.api_key", + "owner": { + "service_account": { + "id": "id", + "created_at": 0, + "name": "name", + "role": "role" + }, + "type": "user", + "user": { + "id": "id", + "created_at": 0, + "email": "email", + "name": "name", + "role": "role" + } + }, + "redacted_value": "redacted_value" } ], "has_more": true, @@ -9789,13 +11621,13 @@ openai admin:organization:projects:service-accounts list \ } ``` -## Create project service account +## Retrieve project API key -`$ openai admin:organization:projects:service-accounts create` +`$ openai admin:organization:projects:api-keys retrieve` -**post** `/organization/projects/{project_id}/service_accounts` +**get** `/organization/projects/{project_id}/api_keys/{api_key_id}` -Creates a new service account in the project. This also returns an unredacted API key for the service account. +Retrieves an API key in the project. ### Parameters @@ -9803,91 +11635,69 @@ Creates a new service account in the project. This also returns an unredacted AP The ID of the project. -- `--name: string` +- `--api-key-id: string` - The name of the service account being created. + The ID of the API key. ### Returns -- `AdminOrganizationProjectServiceAccountNewResponse: object { id, api_key, created_at, 3 more }` - - - `id: string` +- `project_api_key: object { id, created_at, last_used_at, 4 more }` - - `api_key: object { id, created_at, name, 2 more }` + Represents an individual API key in a project. - `id: string` - - `created_at: number` - - - `name: string` + The identifier, which can be referenced in API endpoints - - `object: "organization.project.service_account.api_key"` + - `created_at: number` - The object type, which is always `organization.project.service_account.api_key` + The Unix timestamp (in seconds) of when the API key was created - - `value: string` + - `last_used_at: number` - - `created_at: number` + The Unix timestamp (in seconds) of when the API key was last used. - `name: string` - - `object: "organization.project.service_account"` + The name of the API key - - `role: "member"` + - `object: "organization.project.api_key"` - Service accounts can only have one role of type `member` + The object type, which is always `organization.project.api_key` -### Example + - `owner: object { service_account, type, user }` -```cli -openai admin:organization:projects:service-accounts create \ - --admin-api-key 'My Admin API Key' \ - --project-id project_id \ - --name name -``` + - `service_account: optional object { id, created_at, name, role }` -#### Response + The service account that owns a project API key. -```json -{ - "id": "id", - "api_key": { - "id": "id", - "created_at": 0, - "name": "name", - "object": "organization.project.service_account.api_key", - "value": "value" - }, - "created_at": 0, - "name": "name", - "object": "organization.project.service_account", - "role": "member" -} -``` + - `id: string` -## Retrieve project service account + The identifier, which can be referenced in API endpoints -`$ openai admin:organization:projects:service-accounts retrieve` + - `created_at: number` -**get** `/organization/projects/{project_id}/service_accounts/{service_account_id}` + The Unix timestamp (in seconds) of when the service account was created. -Retrieves a service account in the project. + - `name: string` -### Parameters + The name of the service account. -- `--project-id: string` + - `role: string` - The ID of the project. + The service account's project role. -- `--service-account-id: string` + - `type: optional "user" or "service_account"` - The ID of the service account. + `user` or `service_account` -### Returns + - `"user"` -- `project_service_account: object { id, created_at, name, 2 more }` + - `"service_account"` - Represents an individual service account in a project. + - `user: optional object { id, created_at, email, 2 more }` + + The user that owns a project API key. - `id: string` @@ -9895,31 +11705,31 @@ Retrieves a service account in the project. - `created_at: number` - The Unix timestamp (in seconds) of when the service account was created + The Unix timestamp (in seconds) of when the user was created. - - `name: string` + - `email: string` - The name of the service account + The email address of the user. - - `object: "organization.project.service_account"` + - `name: string` - The object type, which is always `organization.project.service_account` + The name of the user. - - `role: "owner" or "member"` + - `role: string` - `owner` or `member` + The user's project role. - - `"owner"` + - `redacted_value: string` - - `"member"` + The redacted value of the API key ### Example ```cli -openai admin:organization:projects:service-accounts retrieve \ +openai admin:organization:projects:api-keys retrieve \ --admin-api-key 'My Admin API Key' \ --project-id project_id \ - --service-account-id service_account_id + --api-key-id api_key_id ``` #### Response @@ -9928,22 +11738,39 @@ openai admin:organization:projects:service-accounts retrieve \ { "id": "id", "created_at": 0, + "last_used_at": 0, "name": "name", - "object": "organization.project.service_account", - "role": "owner" + "object": "organization.project.api_key", + "owner": { + "service_account": { + "id": "id", + "created_at": 0, + "name": "name", + "role": "role" + }, + "type": "user", + "user": { + "id": "id", + "created_at": 0, + "email": "email", + "name": "name", + "role": "role" + } + }, + "redacted_value": "redacted_value" } ``` -## Delete project service account +## Delete project API key -`$ openai admin:organization:projects:service-accounts delete` +`$ openai admin:organization:projects:api-keys delete` -**delete** `/organization/projects/{project_id}/service_accounts/{service_account_id}` +**delete** `/organization/projects/{project_id}/api_keys/{api_key_id}` -Deletes a service account from the project. +Deletes an API key from the project. -Returns confirmation of service account deletion, or an error if the project -is archived (archived projects have no service accounts). +Returns confirmation of the key deletion, or an error if the key belonged to +a service account. ### Parameters @@ -9951,27 +11778,27 @@ is archived (archived projects have no service accounts). The ID of the project. -- `--service-account-id: string` +- `--api-key-id: string` - The ID of the service account. + The ID of the API key. ### Returns -- `AdminOrganizationProjectServiceAccountDeleteResponse: object { id, deleted, object }` +- `AdminOrganizationProjectAPIKeyDeleteResponse: object { id, deleted, object }` - `id: string` - `deleted: boolean` - - `object: "organization.project.service_account.deleted"` + - `object: "organization.project.api_key.deleted"` ### Example ```cli -openai admin:organization:projects:service-accounts delete \ +openai admin:organization:projects:api-keys delete \ --admin-api-key 'My Admin API Key' \ --project-id project_id \ - --service-account-id service_account_id + --api-key-id api_key_id ``` #### Response @@ -9980,17 +11807,17 @@ openai admin:organization:projects:service-accounts delete \ { "id": "id", "deleted": true, - "object": "organization.project.service_account.deleted" + "object": "organization.project.api_key.deleted" } ``` ## Domain Types -### Project Service Account +### Project API Key -- `project_service_account: object { id, created_at, name, 2 more }` +- `project_api_key: object { id, created_at, last_used_at, 4 more }` - Represents an individual service account in a project. + Represents an individual API key in a project. - `id: string` @@ -9998,53 +11825,53 @@ openai admin:organization:projects:service-accounts delete \ - `created_at: number` - The Unix timestamp (in seconds) of when the service account was created + The Unix timestamp (in seconds) of when the API key was created - - `name: string` + - `last_used_at: number` - The name of the service account + The Unix timestamp (in seconds) of when the API key was last used. - - `object: "organization.project.service_account"` + - `name: string` - The object type, which is always `organization.project.service_account` + The name of the API key - - `role: "owner" or "member"` + - `object: "organization.project.api_key"` - `owner` or `member` + The object type, which is always `organization.project.api_key` - - `"owner"` + - `owner: object { service_account, type, user }` - - `"member"` + - `service_account: optional object { id, created_at, name, role }` -# API Keys + The service account that owns a project API key. -## List project API keys + - `id: string` -`$ openai admin:organization:projects:api-keys list` + The identifier, which can be referenced in API endpoints -**get** `/organization/projects/{project_id}/api_keys` + - `created_at: number` -Returns a list of API keys in the project. + The Unix timestamp (in seconds) of when the service account was created. -### Parameters + - `name: string` -- `--project-id: string` + The name of the service account. - The ID of the project. + - `role: string` -- `--after: optional string` + The service account's project role. - A cursor for use in pagination. `after` is an object ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, ending with obj_foo, your subsequent call can include after=obj_foo in order to fetch the next page of the list. + - `type: optional "user" or "service_account"` -- `--limit: optional number` + `user` or `service_account` - A limit on the number of objects to be returned. Limit can range between 1 and 100, and the default is 20. + - `"user"` -### Returns + - `"service_account"` -- `ProjectApiKeyListResponse: object { data, has_more, object, 2 more }` + - `user: optional object { id, created_at, email, 2 more }` - - `data: array of ProjectAPIKey` + The user that owns a project API key. - `id: string` @@ -10052,77 +11879,93 @@ Returns a list of API keys in the project. - `created_at: number` - The Unix timestamp (in seconds) of when the API key was created + The Unix timestamp (in seconds) of when the user was created. - - `last_used_at: number` + - `email: string` - The Unix timestamp (in seconds) of when the API key was last used. + The email address of the user. - `name: string` - The name of the API key + The name of the user. - - `object: "organization.project.api_key"` + - `role: string` - The object type, which is always `organization.project.api_key` + The user's project role. - - `owner: object { service_account, type, user }` + - `redacted_value: string` - - `service_account: optional object { id, created_at, name, role }` + The redacted value of the API key - The service account that owns a project API key. +# Rate Limits - - `id: string` +## List project rate limits - The identifier, which can be referenced in API endpoints +`$ openai admin:organization:projects:rate-limits list-rate-limits` - - `created_at: number` +**get** `/organization/projects/{project_id}/rate_limits` - The Unix timestamp (in seconds) of when the service account was created. +Returns the rate limits per model for a project. - - `name: string` +### Parameters - The name of the service account. +- `--project-id: string` - - `role: string` + The ID of the project. - The service account's project role. +- `--after: optional string` - - `type: optional "user" or "service_account"` + A cursor for use in pagination. `after` is an object ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, ending with obj_foo, your subsequent call can include after=obj_foo in order to fetch the next page of the list. - `user` or `service_account` +- `--before: optional string` + + A cursor for use in pagination. `before` is an object ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, beginning with obj_foo, your subsequent call can include before=obj_foo in order to fetch the previous page of the list. + +- `--limit: optional number` + + A limit on the number of objects to be returned. The default is 100. + +### Returns + +- `ProjectRateLimitListResponse: object { data, has_more, object, 2 more }` + + - `data: array of ProjectRateLimit` + + - `id: string` + + The identifier, which can be referenced in API endpoints. - - `"user"` + - `max_requests_per_1_minute: number` - - `"service_account"` + The maximum requests per minute. - - `user: optional object { id, created_at, email, 2 more }` + - `max_tokens_per_1_minute: number` - The user that owns a project API key. + The maximum tokens per minute. - - `id: string` + - `model: string` - The identifier, which can be referenced in API endpoints + The model this rate limit applies to. - - `created_at: number` + - `object: "project.rate_limit"` - The Unix timestamp (in seconds) of when the user was created. + The object type, which is always `project.rate_limit` - - `email: string` + - `batch_1_day_max_input_tokens: optional number` - The email address of the user. + The maximum batch input tokens per day. Only present for relevant models. - - `name: string` + - `max_audio_megabytes_per_1_minute: optional number` - The name of the user. + The maximum audio megabytes per minute. Only present for relevant models. - - `role: string` + - `max_images_per_1_minute: optional number` - The user's project role. + The maximum images per minute. Only present for relevant models. - - `redacted_value: string` + - `max_requests_per_1_day: optional number` - The redacted value of the API key + The maximum requests per day. Only present for relevant models. - `has_more: boolean` @@ -10135,7 +11978,7 @@ Returns a list of API keys in the project. ### Example ```cli -openai admin:organization:projects:api-keys list \ +openai admin:organization:projects:rate-limits list-rate-limits \ --admin-api-key 'My Admin API Key' \ --project-id project_id ``` @@ -10147,27 +11990,14 @@ openai admin:organization:projects:api-keys list \ "data": [ { "id": "id", - "created_at": 0, - "last_used_at": 0, - "name": "name", - "object": "organization.project.api_key", - "owner": { - "service_account": { - "id": "id", - "created_at": 0, - "name": "name", - "role": "role" - }, - "type": "user", - "user": { - "id": "id", - "created_at": 0, - "email": "email", - "name": "name", - "role": "role" - } - }, - "redacted_value": "redacted_value" + "max_requests_per_1_minute": 0, + "max_tokens_per_1_minute": 0, + "model": "model", + "object": "project.rate_limit", + "batch_1_day_max_input_tokens": 0, + "max_audio_megabytes_per_1_minute": 0, + "max_images_per_1_minute": 0, + "max_requests_per_1_day": 0 } ], "has_more": true, @@ -10177,13 +12007,13 @@ openai admin:organization:projects:api-keys list \ } ``` -## Retrieve project API key +## Modify project rate limit -`$ openai admin:organization:projects:api-keys retrieve` +`$ openai admin:organization:projects:rate-limits update-rate-limit` -**get** `/organization/projects/{project_id}/api_keys/{api_key_id}` +**post** `/organization/projects/{project_id}/rate_limits/{rate_limit_id}` -Retrieves an API key in the project. +Updates a project rate limit. ### Parameters @@ -10191,142 +12021,210 @@ Retrieves an API key in the project. The ID of the project. -- `--api-key-id: string` +- `--rate-limit-id: string` - The ID of the API key. + The ID of the rate limit. + +- `--batch-1-day-max-input-tokens: optional number` + + The maximum batch input tokens per day. Only relevant for certain models. + +- `--max-audio-megabytes-per-1-minute: optional number` + + The maximum audio megabytes per minute. Only relevant for certain models. + +- `--max-images-per-1-minute: optional number` + + The maximum images per minute. Only relevant for certain models. + +- `--max-requests-per-1-day: optional number` + + The maximum requests per day. Only relevant for certain models. + +- `--max-requests-per-1-minute: optional number` + + The maximum requests per minute. + +- `--max-tokens-per-1-minute: optional number` + + The maximum tokens per minute. ### Returns -- `project_api_key: object { id, created_at, last_used_at, 4 more }` +- `project_rate_limit: object { id, max_requests_per_1_minute, max_tokens_per_1_minute, 6 more }` - Represents an individual API key in a project. + Represents a project rate limit config. - `id: string` - The identifier, which can be referenced in API endpoints + The identifier, which can be referenced in API endpoints. - - `created_at: number` + - `max_requests_per_1_minute: number` - The Unix timestamp (in seconds) of when the API key was created + The maximum requests per minute. - - `last_used_at: number` + - `max_tokens_per_1_minute: number` - The Unix timestamp (in seconds) of when the API key was last used. + The maximum tokens per minute. - - `name: string` + - `model: string` - The name of the API key + The model this rate limit applies to. - - `object: "organization.project.api_key"` + - `object: "project.rate_limit"` - The object type, which is always `organization.project.api_key` + The object type, which is always `project.rate_limit` - - `owner: object { service_account, type, user }` + - `batch_1_day_max_input_tokens: optional number` - - `service_account: optional object { id, created_at, name, role }` + The maximum batch input tokens per day. Only present for relevant models. - The service account that owns a project API key. + - `max_audio_megabytes_per_1_minute: optional number` + + The maximum audio megabytes per minute. Only present for relevant models. + + - `max_images_per_1_minute: optional number` + + The maximum images per minute. Only present for relevant models. + + - `max_requests_per_1_day: optional number` + + The maximum requests per day. Only present for relevant models. + +### Example + +```cli +openai admin:organization:projects:rate-limits update-rate-limit \ + --admin-api-key 'My Admin API Key' \ + --project-id project_id \ + --rate-limit-id rate_limit_id +``` + +#### Response + +```json +{ + "id": "id", + "max_requests_per_1_minute": 0, + "max_tokens_per_1_minute": 0, + "model": "model", + "object": "project.rate_limit", + "batch_1_day_max_input_tokens": 0, + "max_audio_megabytes_per_1_minute": 0, + "max_images_per_1_minute": 0, + "max_requests_per_1_day": 0 +} +``` + +## Domain Types + +### Project Rate Limit + +- `project_rate_limit: object { id, max_requests_per_1_minute, max_tokens_per_1_minute, 6 more }` + + Represents a project rate limit config. - `id: string` - The identifier, which can be referenced in API endpoints + The identifier, which can be referenced in API endpoints. - - `created_at: number` + - `max_requests_per_1_minute: number` - The Unix timestamp (in seconds) of when the service account was created. + The maximum requests per minute. - - `name: string` + - `max_tokens_per_1_minute: number` - The name of the service account. + The maximum tokens per minute. - - `role: string` + - `model: string` - The service account's project role. + The model this rate limit applies to. - - `type: optional "user" or "service_account"` + - `object: "project.rate_limit"` - `user` or `service_account` + The object type, which is always `project.rate_limit` - - `"user"` + - `batch_1_day_max_input_tokens: optional number` - - `"service_account"` + The maximum batch input tokens per day. Only present for relevant models. - - `user: optional object { id, created_at, email, 2 more }` + - `max_audio_megabytes_per_1_minute: optional number` - The user that owns a project API key. + The maximum audio megabytes per minute. Only present for relevant models. - - `id: string` + - `max_images_per_1_minute: optional number` - The identifier, which can be referenced in API endpoints + The maximum images per minute. Only present for relevant models. - - `created_at: number` + - `max_requests_per_1_day: optional number` - The Unix timestamp (in seconds) of when the user was created. + The maximum requests per day. Only present for relevant models. - - `email: string` +# Model Permissions - The email address of the user. +## Retrieve project model permissions - - `name: string` +`$ openai admin:organization:projects:model-permissions retrieve` - The name of the user. +**get** `/organization/projects/{project_id}/model_permissions` - - `role: string` +Returns model permissions for a project. - The user's project role. +### Parameters - - `redacted_value: string` +- `--project-id: string` - The redacted value of the API key + The ID of the project. -### Example +### Returns -```cli -openai admin:organization:projects:api-keys retrieve \ - --admin-api-key 'My Admin API Key' \ - --project-id project_id \ - --api-key-id api_key_id -``` +- `project_model_permissions: object { mode, model_ids, object }` -#### Response + Represents the model allowlist or denylist policy for a project. -```json -{ - "id": "id", - "created_at": 0, - "last_used_at": 0, - "name": "name", - "object": "organization.project.api_key", - "owner": { - "service_account": { - "id": "id", - "created_at": 0, - "name": "name", - "role": "role" - }, - "type": "user", - "user": { - "id": "id", - "created_at": 0, - "email": "email", - "name": "name", - "role": "role" - } - }, - "redacted_value": "redacted_value" -} + - `mode: "allow_list" or "deny_list"` + + Whether the project uses an allowlist or a denylist. + + - `"allow_list"` + + - `"deny_list"` + + - `model_ids: array of string` + + The model IDs included in the model permissions policy. + + - `object: "project.model_permissions"` + + The object type, which is always `project.model_permissions`. + +### Example + +```cli +openai admin:organization:projects:model-permissions retrieve \ + --admin-api-key 'My Admin API Key' \ + --project-id project_id ``` -## Delete project API key +#### Response -`$ openai admin:organization:projects:api-keys delete` +```json +{ + "mode": "allow_list", + "model_ids": [ + "string" + ], + "object": "project.model_permissions" +} +``` -**delete** `/organization/projects/{project_id}/api_keys/{api_key_id}` +## Modify project model permissions -Deletes an API key from the project. +`$ openai admin:organization:projects:model-permissions update` -Returns confirmation of the key deletion, or an error if the key belonged to -a service account. +**post** `/organization/projects/{project_id}/model_permissions` + +Updates model permissions for a project. ### Parameters @@ -10334,134 +12232,150 @@ a service account. The ID of the project. -- `--api-key-id: string` +- `--mode: "allow_list" or "deny_list"` - The ID of the API key. + The model permissions mode to apply. + +- `--model-id: array of string` + + The model IDs included in this permissions policy. ### Returns -- `AdminOrganizationProjectAPIKeyDeleteResponse: object { id, deleted, object }` +- `project_model_permissions: object { mode, model_ids, object }` - - `id: string` + Represents the model allowlist or denylist policy for a project. - - `deleted: boolean` + - `mode: "allow_list" or "deny_list"` - - `object: "organization.project.api_key.deleted"` + Whether the project uses an allowlist or a denylist. + + - `"allow_list"` + + - `"deny_list"` + + - `model_ids: array of string` + + The model IDs included in the model permissions policy. + + - `object: "project.model_permissions"` + + The object type, which is always `project.model_permissions`. ### Example ```cli -openai admin:organization:projects:api-keys delete \ +openai admin:organization:projects:model-permissions update \ --admin-api-key 'My Admin API Key' \ --project-id project_id \ - --api-key-id api_key_id + --mode allow_list \ + --model-id string ``` #### Response ```json { - "id": "id", - "deleted": true, - "object": "organization.project.api_key.deleted" + "mode": "allow_list", + "model_ids": [ + "string" + ], + "object": "project.model_permissions" } ``` -## Domain Types - -### Project API Key - -- `project_api_key: object { id, created_at, last_used_at, 4 more }` - - Represents an individual API key in a project. - - - `id: string` - - The identifier, which can be referenced in API endpoints - - - `created_at: number` +## Delete project model permissions - The Unix timestamp (in seconds) of when the API key was created +`$ openai admin:organization:projects:model-permissions delete` - - `last_used_at: number` +**delete** `/organization/projects/{project_id}/model_permissions` - The Unix timestamp (in seconds) of when the API key was last used. +Deletes model permissions for a project. - - `name: string` +### Parameters - The name of the API key +- `--project-id: string` - - `object: "organization.project.api_key"` + The ID of the project. - The object type, which is always `organization.project.api_key` +### Returns - - `owner: object { service_account, type, user }` +- `project_model_permissions_deleted: object { deleted, object }` - - `service_account: optional object { id, created_at, name, role }` + Confirmation payload returned after deleting project model permissions. - The service account that owns a project API key. + - `deleted: boolean` - - `id: string` + Whether the project model permissions were deleted. - The identifier, which can be referenced in API endpoints + - `object: "project.model_permissions.deleted"` - - `created_at: number` + The object type, which is always `project.model_permissions.deleted`. - The Unix timestamp (in seconds) of when the service account was created. +### Example - - `name: string` +```cli +openai admin:organization:projects:model-permissions delete \ + --admin-api-key 'My Admin API Key' \ + --project-id project_id +``` - The name of the service account. +#### Response - - `role: string` +```json +{ + "deleted": true, + "object": "project.model_permissions.deleted" +} +``` - The service account's project role. +## Domain Types - - `type: optional "user" or "service_account"` +### Project Model Permissions - `user` or `service_account` +- `project_model_permissions: object { mode, model_ids, object }` - - `"user"` + Represents the model allowlist or denylist policy for a project. - - `"service_account"` + - `mode: "allow_list" or "deny_list"` - - `user: optional object { id, created_at, email, 2 more }` + Whether the project uses an allowlist or a denylist. - The user that owns a project API key. + - `"allow_list"` - - `id: string` + - `"deny_list"` - The identifier, which can be referenced in API endpoints + - `model_ids: array of string` - - `created_at: number` + The model IDs included in the model permissions policy. - The Unix timestamp (in seconds) of when the user was created. + - `object: "project.model_permissions"` - - `email: string` + The object type, which is always `project.model_permissions`. - The email address of the user. +### Project Model Permissions Deleted - - `name: string` +- `project_model_permissions_deleted: object { deleted, object }` - The name of the user. + Confirmation payload returned after deleting project model permissions. - - `role: string` + - `deleted: boolean` - The user's project role. + Whether the project model permissions were deleted. - - `redacted_value: string` + - `object: "project.model_permissions.deleted"` - The redacted value of the API key + The object type, which is always `project.model_permissions.deleted`. -# Rate Limits +# Hosted Tool Permissions -## List project rate limits +## Retrieve project hosted tool permissions -`$ openai admin:organization:projects:rate-limits list-rate-limits` +`$ openai admin:organization:projects:hosted-tool-permissions retrieve` -**get** `/organization/projects/{project_id}/rate_limits` +**get** `/organization/projects/{project_id}/hosted_tool_permissions` -Returns the rate limits per model for a project. +Returns hosted tool permissions for a project. ### Parameters @@ -10469,72 +12383,56 @@ Returns the rate limits per model for a project. The ID of the project. -- `--after: optional string` - - A cursor for use in pagination. `after` is an object ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, ending with obj_foo, your subsequent call can include after=obj_foo in order to fetch the next page of the list. - -- `--before: optional string` - - A cursor for use in pagination. `before` is an object ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, beginning with obj_foo, your subsequent call can include before=obj_foo in order to fetch the previous page of the list. - -- `--limit: optional number` - - A limit on the number of objects to be returned. The default is 100. - ### Returns -- `ProjectRateLimitListResponse: object { data, has_more, object, 2 more }` - - - `data: array of ProjectRateLimit` - - - `id: string` +- `project_hosted_tool_permissions: object { code_interpreter, file_search, image_generation, 2 more }` - The identifier, which can be referenced in API endpoints. + Represents hosted tool permissions for a project. - - `max_requests_per_1_minute: number` + - `code_interpreter: object { enabled }` - The maximum requests per minute. + Permission state for a single hosted tool on a project. - - `max_tokens_per_1_minute: number` + - `enabled: boolean` - The maximum tokens per minute. + Whether the hosted tool is enabled for the project. - - `model: string` + - `file_search: object { enabled }` - The model this rate limit applies to. + Permission state for a single hosted tool on a project. - - `object: "project.rate_limit"` + - `enabled: boolean` - The object type, which is always `project.rate_limit` + Whether the hosted tool is enabled for the project. - - `batch_1_day_max_input_tokens: optional number` + - `image_generation: object { enabled }` - The maximum batch input tokens per day. Only present for relevant models. + Permission state for a single hosted tool on a project. - - `max_audio_megabytes_per_1_minute: optional number` + - `enabled: boolean` - The maximum audio megabytes per minute. Only present for relevant models. + Whether the hosted tool is enabled for the project. - - `max_images_per_1_minute: optional number` + - `mcp: object { enabled }` - The maximum images per minute. Only present for relevant models. + Permission state for a single hosted tool on a project. - - `max_requests_per_1_day: optional number` + - `enabled: boolean` - The maximum requests per day. Only present for relevant models. + Whether the hosted tool is enabled for the project. - - `has_more: boolean` + - `web_search: object { enabled }` - - `object: "list"` + Permission state for a single hosted tool on a project. - - `first_id: optional string` + - `enabled: boolean` - - `last_id: optional string` + Whether the hosted tool is enabled for the project. ### Example ```cli -openai admin:organization:projects:rate-limits list-rate-limits \ +openai admin:organization:projects:hosted-tool-permissions retrieve \ --admin-api-key 'My Admin API Key' \ --project-id project_id ``` @@ -10543,33 +12441,31 @@ openai admin:organization:projects:rate-limits list-rate-limits \ ```json { - "data": [ - { - "id": "id", - "max_requests_per_1_minute": 0, - "max_tokens_per_1_minute": 0, - "model": "model", - "object": "project.rate_limit", - "batch_1_day_max_input_tokens": 0, - "max_audio_megabytes_per_1_minute": 0, - "max_images_per_1_minute": 0, - "max_requests_per_1_day": 0 + "code_interpreter": { + "enabled": true + }, + "file_search": { + "enabled": true + }, + "image_generation": { + "enabled": true + }, + "mcp": { + "enabled": true + }, + "web_search": { + "enabled": true } - ], - "has_more": true, - "object": "list", - "first_id": "first_id", - "last_id": "last_id" } ``` -## Modify project rate limit +## Modify project hosted tool permissions -`$ openai admin:organization:projects:rate-limits update-rate-limit` +`$ openai admin:organization:projects:hosted-tool-permissions update` -**post** `/organization/projects/{project_id}/rate_limits/{rate_limit_id}` +**post** `/organization/projects/{project_id}/hosted_tool_permissions` -Updates a project rate limit. +Updates hosted tool permissions for a project. ### Parameters @@ -10577,144 +12473,149 @@ Updates a project rate limit. The ID of the project. -- `--rate-limit-id: string` - - The ID of the rate limit. - -- `--batch-1-day-max-input-tokens: optional number` +- `--code-interpreter: optional object { enabled }` - The maximum batch input tokens per day. Only relevant for certain models. + The code interpreter permission update. -- `--max-audio-megabytes-per-1-minute: optional number` +- `--file-search: optional object { enabled }` - The maximum audio megabytes per minute. Only relevant for certain models. + The file search permission update. -- `--max-images-per-1-minute: optional number` +- `--image-generation: optional object { enabled }` - The maximum images per minute. Only relevant for certain models. + The image generation permission update. -- `--max-requests-per-1-day: optional number` +- `--mcp: optional object { enabled }` - The maximum requests per day. Only relevant for certain models. + The MCP permission update. -- `--max-requests-per-1-minute: optional number` +- `--web-search: optional object { enabled }` - The maximum requests per minute. + The web search permission update. -- `--max-tokens-per-1-minute: optional number` +### Returns - The maximum tokens per minute. +- `project_hosted_tool_permissions: object { code_interpreter, file_search, image_generation, 2 more }` -### Returns + Represents hosted tool permissions for a project. -- `project_rate_limit: object { id, max_requests_per_1_minute, max_tokens_per_1_minute, 6 more }` + - `code_interpreter: object { enabled }` - Represents a project rate limit config. + Permission state for a single hosted tool on a project. - - `id: string` + - `enabled: boolean` - The identifier, which can be referenced in API endpoints. + Whether the hosted tool is enabled for the project. - - `max_requests_per_1_minute: number` + - `file_search: object { enabled }` - The maximum requests per minute. + Permission state for a single hosted tool on a project. - - `max_tokens_per_1_minute: number` + - `enabled: boolean` - The maximum tokens per minute. + Whether the hosted tool is enabled for the project. - - `model: string` + - `image_generation: object { enabled }` - The model this rate limit applies to. + Permission state for a single hosted tool on a project. - - `object: "project.rate_limit"` + - `enabled: boolean` - The object type, which is always `project.rate_limit` + Whether the hosted tool is enabled for the project. - - `batch_1_day_max_input_tokens: optional number` + - `mcp: object { enabled }` - The maximum batch input tokens per day. Only present for relevant models. + Permission state for a single hosted tool on a project. - - `max_audio_megabytes_per_1_minute: optional number` + - `enabled: boolean` - The maximum audio megabytes per minute. Only present for relevant models. + Whether the hosted tool is enabled for the project. - - `max_images_per_1_minute: optional number` + - `web_search: object { enabled }` - The maximum images per minute. Only present for relevant models. + Permission state for a single hosted tool on a project. - - `max_requests_per_1_day: optional number` + - `enabled: boolean` - The maximum requests per day. Only present for relevant models. + Whether the hosted tool is enabled for the project. ### Example ```cli -openai admin:organization:projects:rate-limits update-rate-limit \ +openai admin:organization:projects:hosted-tool-permissions update \ --admin-api-key 'My Admin API Key' \ - --project-id project_id \ - --rate-limit-id rate_limit_id + --project-id project_id ``` #### Response ```json { - "id": "id", - "max_requests_per_1_minute": 0, - "max_tokens_per_1_minute": 0, - "model": "model", - "object": "project.rate_limit", - "batch_1_day_max_input_tokens": 0, - "max_audio_megabytes_per_1_minute": 0, - "max_images_per_1_minute": 0, - "max_requests_per_1_day": 0 + "code_interpreter": { + "enabled": true + }, + "file_search": { + "enabled": true + }, + "image_generation": { + "enabled": true + }, + "mcp": { + "enabled": true + }, + "web_search": { + "enabled": true + } } ``` ## Domain Types -### Project Rate Limit +### Project Hosted Tool Permissions -- `project_rate_limit: object { id, max_requests_per_1_minute, max_tokens_per_1_minute, 6 more }` +- `project_hosted_tool_permissions: object { code_interpreter, file_search, image_generation, 2 more }` - Represents a project rate limit config. + Represents hosted tool permissions for a project. - - `id: string` + - `code_interpreter: object { enabled }` - The identifier, which can be referenced in API endpoints. + Permission state for a single hosted tool on a project. - - `max_requests_per_1_minute: number` + - `enabled: boolean` - The maximum requests per minute. + Whether the hosted tool is enabled for the project. - - `max_tokens_per_1_minute: number` + - `file_search: object { enabled }` - The maximum tokens per minute. + Permission state for a single hosted tool on a project. - - `model: string` + - `enabled: boolean` - The model this rate limit applies to. + Whether the hosted tool is enabled for the project. - - `object: "project.rate_limit"` + - `image_generation: object { enabled }` - The object type, which is always `project.rate_limit` + Permission state for a single hosted tool on a project. - - `batch_1_day_max_input_tokens: optional number` + - `enabled: boolean` - The maximum batch input tokens per day. Only present for relevant models. + Whether the hosted tool is enabled for the project. - - `max_audio_megabytes_per_1_minute: optional number` + - `mcp: object { enabled }` - The maximum audio megabytes per minute. Only present for relevant models. + Permission state for a single hosted tool on a project. - - `max_images_per_1_minute: optional number` + - `enabled: boolean` - The maximum images per minute. Only present for relevant models. + Whether the hosted tool is enabled for the project. - - `max_requests_per_1_day: optional number` + - `web_search: object { enabled }` - The maximum requests per day. Only present for relevant models. + Permission state for a single hosted tool on a project. + + - `enabled: boolean` + + Whether the hosted tool is enabled for the project. # Groups