diff --git a/en/resources/admin/subresources/organization/index.md b/en/resources/admin/subresources/organization/index.md index 647f48b..65d1198 100644 --- a/en/resources/admin/subresources/organization/index.md +++ b/en/resources/admin/subresources/organization/index.md @@ -14189,7 +14189,7 @@ Lists the organization roles assigned to a user within the organization. ### Returns -- `data: array of object { id, created_at, created_by, 8 more }` +- `data: array of object { id, assignment_sources, created_at, 9 more }` Role assignments returned in the current page. @@ -14197,6 +14197,14 @@ Lists the organization roles assigned to a user within the organization. Identifier for the role. + - `assignment_sources: array of object { principal_id, principal_type }` + + Principals from which the role assignment is inherited, when available. + + - `principal_id: string` + + - `principal_type: string` + - `created_at: number` When the role was created. @@ -14265,6 +14273,12 @@ curl https://api.openai.com/v1/organization/users/$USER_ID/roles \ "data": [ { "id": "id", + "assignment_sources": [ + { + "principal_id": "principal_id", + "principal_type": "principal_type" + } + ], "created_at": 0, "created_by": "created_by", "created_by_user_obj": { @@ -14592,6 +14606,139 @@ curl -X POST https://api.openai.com/v1/organization/users/user_abc123/roles \ } ``` +## Retrieve user organization role + +**get** `/organization/users/{user_id}/roles/{role_id}` + +Retrieves an organization role assigned to a user. + +### Path Parameters + +- `user_id: string` + +- `role_id: string` + +### Returns + +- `id: string` + + Identifier for the role. + +- `assignment_sources: array of object { principal_id, principal_type }` + + Principals from which the role assignment is inherited, when available. + + - `principal_id: string` + + - `principal_type: string` + +- `created_at: number` + + When the role was created. + +- `created_by: string` + + Identifier of the actor who created the role. + +- `created_by_user_obj: map[unknown]` + + User details for the actor that created the role, when available. + +- `description: string` + + Description of the role. + +- `metadata: map[unknown]` + + Arbitrary metadata stored on the role. + +- `name: string` + + Name of the role. + +- `permissions: array of string` + + Permissions associated with the role. + +- `predefined_role: boolean` + + Whether the role is predefined by OpenAI. + +- `resource_type: string` + + Resource type the role applies to. + +- `updated_at: number` + + When the role was last updated. + +### Example + +```http +curl https://api.openai.com/v1/organization/users/$USER_ID/roles/$ROLE_ID \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" +``` + +#### Response + +```json +{ + "id": "id", + "assignment_sources": [ + { + "principal_id": "principal_id", + "principal_type": "principal_type" + } + ], + "created_at": 0, + "created_by": "created_by", + "created_by_user_obj": { + "foo": "bar" + }, + "description": "description", + "metadata": { + "foo": "bar" + }, + "name": "name", + "permissions": [ + "string" + ], + "predefined_role": true, + "resource_type": "resource_type", + "updated_at": 0 +} +``` + +### Example + +```http +curl https://api.openai.com/v1/organization/users/user_abc123/roles/role_01J1F8ROLE01 \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" +``` + +#### Response + +```json +{ + "id": "role_01J1F8ROLE01", + "name": "API Group Manager", + "permissions": [ + "api.groups.read", + "api.groups.write" + ], + "resource_type": "api.organization", + "predefined_role": false, + "description": "Allows managing organization groups", + "created_at": 1711471533, + "updated_at": 1711472599, + "created_by": "user_abc123", + "created_by_user_obj": null, + "metadata": {}, + "assignment_sources": null +} +``` + ## Unassign organization role from user **delete** `/organization/users/{user_id}/roles/{role_id}` @@ -14652,7 +14799,7 @@ curl -X DELETE https://api.openai.com/v1/organization/users/user_abc123/roles/ro ### Role List Response -- `RoleListResponse object { id, created_at, created_by, 8 more }` +- `RoleListResponse object { id, assignment_sources, created_at, 9 more }` Detailed information about a role assignment entry returned when listing assignments. @@ -14660,6 +14807,14 @@ curl -X DELETE https://api.openai.com/v1/organization/users/user_abc123/roles/ro Identifier for the role. + - `assignment_sources: array of object { principal_id, principal_type }` + + Principals from which the role assignment is inherited, when available. + + - `principal_id: string` + + - `principal_type: string` + - `created_at: number` When the role was created. @@ -14846,6 +15001,64 @@ curl -X DELETE https://api.openai.com/v1/organization/users/user_abc123/roles/ro - `picture: optional string` +### Role Retrieve Response + +- `RoleRetrieveResponse object { id, assignment_sources, created_at, 9 more }` + + Detailed information about a role assignment entry returned when listing assignments. + + - `id: string` + + Identifier for the role. + + - `assignment_sources: array of object { principal_id, principal_type }` + + Principals from which the role assignment is inherited, when available. + + - `principal_id: string` + + - `principal_type: string` + + - `created_at: number` + + When the role was created. + + - `created_by: string` + + Identifier of the actor who created the role. + + - `created_by_user_obj: map[unknown]` + + User details for the actor that created the role, when available. + + - `description: string` + + Description of the role. + + - `metadata: map[unknown]` + + Arbitrary metadata stored on the role. + + - `name: string` + + Name of the role. + + - `permissions: array of string` + + Permissions associated with the role. + + - `predefined_role: boolean` + + Whether the role is predefined by OpenAI. + + - `resource_type: string` + + Resource type the role applies to. + + - `updated_at: number` + + When the role was last updated. + ### Role Delete Response - `RoleDeleteResponse object { deleted, object }` @@ -14900,10 +15113,14 @@ Lists all groups in the organization. Unix timestamp (in seconds) when the group was created. - - `group_type: string` + - `group_type: "group" or "tenant_group"` The type of the group. + - `"group"` + + - `"tenant_group"` + - `is_scim_managed: boolean` Whether the group is managed through SCIM and controlled by your identity provider. @@ -14941,7 +15158,7 @@ curl https://api.openai.com/v1/organization/groups \ { "id": "id", "created_at": 0, - "group_type": "group_type", + "group_type": "group", "is_scim_managed": true, "name": "name" } @@ -15005,10 +15222,14 @@ Creates a new group in the organization. Unix timestamp (in seconds) when the group was created. - - `group_type: string` + - `group_type: "group" or "tenant_group"` The type of the group. + - `"group"` + + - `"tenant_group"` + - `is_scim_managed: boolean` Whether the group is managed through SCIM and controlled by your identity provider. @@ -15034,7 +15255,7 @@ curl https://api.openai.com/v1/organization/groups \ { "id": "id", "created_at": 0, - "group_type": "group_type", + "group_type": "group", "is_scim_managed": true, "name": "name" } @@ -15063,6 +15284,85 @@ curl -X POST https://api.openai.com/v1/organization/groups \ } ``` +## Retrieve group + +**get** `/organization/groups/{group_id}` + +Retrieves a group. + +### Path Parameters + +- `group_id: string` + +### Returns + +- `Group object { id, created_at, group_type, 2 more }` + + Details about an organization group. + + - `id: string` + + Identifier for the group. + + - `created_at: number` + + Unix timestamp (in seconds) when the group was created. + + - `group_type: "group" or "tenant_group"` + + The type of the group. + + - `"group"` + + - `"tenant_group"` + + - `is_scim_managed: boolean` + + Whether the group is managed through SCIM and controlled by your identity provider. + + - `name: string` + + Display name of the group. + +### Example + +```http +curl https://api.openai.com/v1/organization/groups/$GROUP_ID \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" +``` + +#### Response + +```json +{ + "id": "id", + "created_at": 0, + "group_type": "group", + "is_scim_managed": true, + "name": "name" +} +``` + +### Example + +```http +curl https://api.openai.com/v1/organization/groups/group_01J1F8ABCDXYZ \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" +``` + +#### Response + +```json +{ + "id": "group_01J1F8ABCDXYZ", + "name": "Support Team", + "created_at": 1711471533, + "is_scim_managed": false, + "group_type": "group" +} +``` + ## Update group **post** `/organization/groups/{group_id}` @@ -15219,11 +15519,15 @@ curl -X DELETE https://api.openai.com/v1/organization/groups/group_01J1F8ABCDXYZ Unix timestamp (in seconds) when the group was created. - - `group_type: string` + - `group_type: "group" or "tenant_group"` The type of the group. - - `is_scim_managed: boolean` + - `"group"` + + - `"tenant_group"` + + - `is_scim_managed: boolean` Whether the group is managed through SCIM and controlled by your identity provider. @@ -15458,6 +15762,89 @@ curl -X POST https://api.openai.com/v1/organization/groups/group_01J1F8ABCDXYZ/u } ``` +## Retrieve group user + +**get** `/organization/groups/{group_id}/users/{user_id}` + +Retrieves a user in a group. + +### Path Parameters + +- `group_id: string` + +- `user_id: string` + +### Returns + +- `id: string` + + Identifier for the user. + +- `email: string` + + Email address of the user, or `null` for users without an email. + +- `is_service_account: boolean` + + Whether the user is a service account. + +- `name: string` + + Display name of the user. + +- `picture: string` + + URL of the user's profile picture, if available. + +- `user_type: "user" or "tenant_user"` + + The type of user. + + - `"user"` + + - `"tenant_user"` + +### Example + +```http +curl https://api.openai.com/v1/organization/groups/$GROUP_ID/users/$USER_ID \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" +``` + +#### Response + +```json +{ + "id": "id", + "email": "email", + "is_service_account": true, + "name": "name", + "picture": "picture", + "user_type": "user" +} +``` + +### Example + +```http +curl https://api.openai.com/v1/organization/groups/group_01J1F8ABCDXYZ/users/user_abc123 \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" +``` + +#### Response + +```json +{ + "id": "user_abc123", + "name": "Ada Lovelace", + "email": "ada@example.com", + "picture": null, + "is_service_account": false, + "user_type": "user" +} +``` + ## Remove group user **delete** `/organization/groups/{group_id}/users/{user_id}` @@ -15556,6 +15943,40 @@ curl -X DELETE https://api.openai.com/v1/organization/groups/group_01J1F8ABCDXYZ Identifier of the user that was added. +### User Retrieve Response + +- `UserRetrieveResponse object { id, email, is_service_account, 3 more }` + + Details about a user returned from an organization group membership lookup. + + - `id: string` + + Identifier for the user. + + - `email: string` + + Email address of the user, or `null` for users without an email. + + - `is_service_account: boolean` + + Whether the user is a service account. + + - `name: string` + + Display name of the user. + + - `picture: string` + + URL of the user's profile picture, if available. + + - `user_type: "user" or "tenant_user"` + + The type of user. + + - `"user"` + + - `"tenant_user"` + ### User Delete Response - `UserDeleteResponse object { deleted, object }` @@ -15604,7 +16025,7 @@ Lists the organization roles assigned to a group within the organization. ### Returns -- `data: array of object { id, created_at, created_by, 8 more }` +- `data: array of object { id, assignment_sources, created_at, 9 more }` Role assignments returned in the current page. @@ -15612,6 +16033,14 @@ Lists the organization roles assigned to a group within the organization. Identifier for the role. + - `assignment_sources: array of object { principal_id, principal_type }` + + Principals from which the role assignment is inherited, when available. + + - `principal_id: string` + + - `principal_type: string` + - `created_at: number` When the role was created. @@ -15680,6 +16109,12 @@ curl https://api.openai.com/v1/organization/groups/$GROUP_ID/roles \ "data": [ { "id": "id", + "assignment_sources": [ + { + "principal_id": "principal_id", + "principal_type": "principal_type" + } + ], "created_at": 0, "created_by": "created_by", "created_by_user_obj": { @@ -15903,6 +16338,139 @@ curl -X POST https://api.openai.com/v1/organization/groups/group_01J1F8ABCDXYZ/r } ``` +## Retrieve group organization role + +**get** `/organization/groups/{group_id}/roles/{role_id}` + +Retrieves an organization role assigned to a group. + +### Path Parameters + +- `group_id: string` + +- `role_id: string` + +### Returns + +- `id: string` + + Identifier for the role. + +- `assignment_sources: array of object { principal_id, principal_type }` + + Principals from which the role assignment is inherited, when available. + + - `principal_id: string` + + - `principal_type: string` + +- `created_at: number` + + When the role was created. + +- `created_by: string` + + Identifier of the actor who created the role. + +- `created_by_user_obj: map[unknown]` + + User details for the actor that created the role, when available. + +- `description: string` + + Description of the role. + +- `metadata: map[unknown]` + + Arbitrary metadata stored on the role. + +- `name: string` + + Name of the role. + +- `permissions: array of string` + + Permissions associated with the role. + +- `predefined_role: boolean` + + Whether the role is predefined by OpenAI. + +- `resource_type: string` + + Resource type the role applies to. + +- `updated_at: number` + + When the role was last updated. + +### Example + +```http +curl https://api.openai.com/v1/organization/groups/$GROUP_ID/roles/$ROLE_ID \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" +``` + +#### Response + +```json +{ + "id": "id", + "assignment_sources": [ + { + "principal_id": "principal_id", + "principal_type": "principal_type" + } + ], + "created_at": 0, + "created_by": "created_by", + "created_by_user_obj": { + "foo": "bar" + }, + "description": "description", + "metadata": { + "foo": "bar" + }, + "name": "name", + "permissions": [ + "string" + ], + "predefined_role": true, + "resource_type": "resource_type", + "updated_at": 0 +} +``` + +### Example + +```http +curl https://api.openai.com/v1/organization/groups/group_01J1F8ABCDXYZ/roles/role_01J1F8ROLE01 \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" +``` + +#### Response + +```json +{ + "id": "role_01J1F8ROLE01", + "name": "API Group Manager", + "permissions": [ + "api.groups.read", + "api.groups.write" + ], + "resource_type": "api.organization", + "predefined_role": false, + "description": "Allows managing organization groups", + "created_at": 1711471533, + "updated_at": 1711472599, + "created_by": "user_abc123", + "created_by_user_obj": null, + "metadata": {}, + "assignment_sources": null +} +``` + ## Unassign organization role from group **delete** `/organization/groups/{group_id}/roles/{role_id}` @@ -15963,7 +16531,7 @@ curl -X DELETE https://api.openai.com/v1/organization/groups/group_01J1F8ABCDXYZ ### Role List Response -- `RoleListResponse object { id, created_at, created_by, 8 more }` +- `RoleListResponse object { id, assignment_sources, created_at, 9 more }` Detailed information about a role assignment entry returned when listing assignments. @@ -15971,6 +16539,14 @@ curl -X DELETE https://api.openai.com/v1/organization/groups/group_01J1F8ABCDXYZ Identifier for the role. + - `assignment_sources: array of object { principal_id, principal_type }` + + Principals from which the role assignment is inherited, when available. + + - `principal_id: string` + + - `principal_type: string` + - `created_at: number` When the role was created. @@ -16083,51 +16659,109 @@ curl -X DELETE https://api.openai.com/v1/organization/groups/group_01J1F8ABCDXYZ Resource type the role is bound to (for example `api.organization` or `api.project`). -### Role Delete Response +### Role Retrieve Response -- `RoleDeleteResponse object { deleted, object }` +- `RoleRetrieveResponse object { id, assignment_sources, created_at, 9 more }` - Confirmation payload returned after unassigning a role. + Detailed information about a role assignment entry returned when listing assignments. - - `deleted: boolean` + - `id: string` - Whether the assignment was removed. + Identifier for the role. - - `object: string` + - `assignment_sources: array of object { principal_id, principal_type }` - Identifier for the deleted assignment, such as `group.role.deleted` or `user.role.deleted`. + Principals from which the role assignment is inherited, when available. -# Roles + - `principal_id: string` -## List organization roles + - `principal_type: string` -**get** `/organization/roles` + - `created_at: number` -Lists the roles configured for the organization. + When the role was created. -### Query Parameters + - `created_by: string` -- `after: optional string` + Identifier of the actor who created the role. - Cursor for pagination. Provide the value from the previous response's `next` field to continue listing roles. + - `created_by_user_obj: map[unknown]` -- `limit: optional number` + User details for the actor that created the role, when available. - A limit on the number of roles to return. Defaults to 1000. + - `description: string` -- `order: optional "asc" or "desc"` + Description of the role. - Sort order for the returned roles. + - `metadata: map[unknown]` - - `"asc"` + Arbitrary metadata stored on the role. - - `"desc"` + - `name: string` -### Returns + Name of the role. -- `data: array of Role` + - `permissions: array of string` - Roles returned in the current page. + Permissions associated with the role. + + - `predefined_role: boolean` + + Whether the role is predefined by OpenAI. + + - `resource_type: string` + + Resource type the role applies to. + + - `updated_at: number` + + When the role was last updated. + +### Role Delete Response + +- `RoleDeleteResponse object { deleted, object }` + + Confirmation payload returned after unassigning a role. + + - `deleted: boolean` + + Whether the assignment was removed. + + - `object: string` + + Identifier for the deleted assignment, such as `group.role.deleted` or `user.role.deleted`. + +# Roles + +## List organization roles + +**get** `/organization/roles` + +Lists the roles configured for the organization. + +### Query Parameters + +- `after: optional string` + + Cursor for pagination. Provide the value from the previous response's `next` field to continue listing roles. + +- `limit: optional number` + + A limit on the number of roles to return. Defaults to 1000. + +- `order: optional "asc" or "desc"` + + Sort order for the returned roles. + + - `"asc"` + + - `"desc"` + +### Returns + +- `data: array of Role` + + Roles returned in the current page. - `id: string` @@ -16354,6 +16988,100 @@ curl -X POST https://api.openai.com/v1/organization/roles \ } ``` +## Retrieve organization role + +**get** `/organization/roles/{role_id}` + +Retrieves an organization role. + +### Path Parameters + +- `role_id: string` + +### Returns + +- `Role object { id, description, name, 4 more }` + + Details about a role that can be assigned through the public Roles API. + + - `id: string` + + Identifier for the role. + + - `description: string` + + Optional description of the role. + + - `name: string` + + Unique name for the role. + + - `object: "role"` + + Always `role`. + + - `"role"` + + - `permissions: array of string` + + Permissions granted by the role. + + - `predefined_role: boolean` + + Whether the role is predefined and managed by OpenAI. + + - `resource_type: string` + + Resource type the role is bound to (for example `api.organization` or `api.project`). + +### Example + +```http +curl https://api.openai.com/v1/organization/roles/$ROLE_ID \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" +``` + +#### Response + +```json +{ + "id": "id", + "description": "description", + "name": "name", + "object": "role", + "permissions": [ + "string" + ], + "predefined_role": true, + "resource_type": "resource_type" +} +``` + +### Example + +```http +curl https://api.openai.com/v1/organization/roles/role_01J1F8ROLE01 \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" +``` + +#### Response + +```json +{ + "object": "role", + "id": "role_01J1F8ROLE01", + "name": "API Group Manager", + "description": "Allows managing organization groups", + "permissions": [ + "api.groups.read", + "api.groups.write" + ], + "resource_type": "api.organization", + "predefined_role": false +} +``` + ## Update organization role **post** `/organization/roles/{role_id}` @@ -16592,338 +17320,455 @@ curl -X DELETE https://api.openai.com/v1/organization/roles/role_01J1F8ROLE01 \ - `"role.deleted"` -# Certificates +# Data Retention -## List organization certificates +## Retrieve organization data retention -**get** `/organization/certificates` +**get** `/organization/data_retention` -List uploaded certificates for this organization. +Retrieves organization data retention controls. -### Query Parameters +### Returns -- `after: optional string` +- `OrganizationDataRetention object { object, type }` - A cursor for use in pagination. `after` is an object ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, ending with obj_foo, your subsequent call can include after=obj_foo in order to fetch the next page of the list. + Represents the organization's data retention control setting. -- `limit: optional number` + - `object: "organization.data_retention"` - A limit on the number of objects to be returned. Limit can range between 1 and 100, and the default is 20. + The object type, which is always `organization.data_retention`. -- `order: optional "asc" or "desc"` + - `"organization.data_retention"` - Sort order by the `created_at` timestamp of the objects. `asc` for ascending order and `desc` for descending order. + - `type: "zero_data_retention" or "modified_abuse_monitoring" or "enhanced_zero_data_retention" or "enhanced_modified_abuse_monitoring"` - - `"asc"` + The configured organization data retention type. - - `"desc"` + - `"zero_data_retention"` -### Returns + - `"modified_abuse_monitoring"` -- `data: array of object { id, active, certificate_details, 3 more }` + - `"enhanced_zero_data_retention"` - - `id: string` + - `"enhanced_modified_abuse_monitoring"` - The identifier, which can be referenced in API endpoints +### Example - - `active: boolean` +```http +curl https://api.openai.com/v1/organization/data_retention \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" +``` - Whether the certificate is currently active at the organization level. +#### Response - - `certificate_details: object { expires_at, valid_at }` +```json +{ + "object": "organization.data_retention", + "type": "zero_data_retention" +} +``` - - `expires_at: optional number` +### Example - The Unix timestamp (in seconds) of when the certificate expires. +```http +curl https://api.openai.com/v1/organization/data_retention \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" +``` - - `valid_at: optional number` +#### Response - The Unix timestamp (in seconds) of when the certificate becomes valid. +```json +{ + "object": "organization.data_retention", + "type": "modified_abuse_monitoring" +} +``` - - `created_at: number` +## Update organization data retention - The Unix timestamp (in seconds) of when the certificate was uploaded. +**post** `/organization/data_retention` - - `name: string` +Updates organization data retention controls. - The name of the certificate. +### Body Parameters - - `object: "organization.certificate"` +- `retention_type: "zero_data_retention" or "modified_abuse_monitoring" or "enhanced_zero_data_retention" or "enhanced_modified_abuse_monitoring"` - The object type, which is always `organization.certificate`. + The desired organization data retention type. - - `"organization.certificate"` + - `"zero_data_retention"` -- `first_id: string` + - `"modified_abuse_monitoring"` -- `has_more: boolean` + - `"enhanced_zero_data_retention"` -- `last_id: string` + - `"enhanced_modified_abuse_monitoring"` -- `object: "list"` +### Returns - - `"list"` +- `OrganizationDataRetention object { object, type }` + + Represents the organization's data retention control setting. + + - `object: "organization.data_retention"` + + The object type, which is always `organization.data_retention`. + + - `"organization.data_retention"` + + - `type: "zero_data_retention" or "modified_abuse_monitoring" or "enhanced_zero_data_retention" or "enhanced_modified_abuse_monitoring"` + + The configured organization data retention type. + + - `"zero_data_retention"` + + - `"modified_abuse_monitoring"` + + - `"enhanced_zero_data_retention"` + + - `"enhanced_modified_abuse_monitoring"` ### Example ```http -curl https://api.openai.com/v1/organization/certificates \ - -H "Authorization: Bearer $OPENAI_ADMIN_KEY" +curl https://api.openai.com/v1/organization/data_retention \ + -H 'Content-Type: application/json' \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -d '{ + "retention_type": "zero_data_retention" + }' ``` #### Response ```json { - "data": [ - { - "id": "id", - "active": true, - "certificate_details": { - "expires_at": 0, - "valid_at": 0 - }, - "created_at": 0, - "name": "name", - "object": "organization.certificate" - } - ], - "first_id": "cert_abc", - "has_more": true, - "last_id": "cert_abc", - "object": "list" + "object": "organization.data_retention", + "type": "zero_data_retention" } ``` ### Example ```http -curl https://api.openai.com/v1/organization/certificates \ --H "Authorization: Bearer $OPENAI_ADMIN_KEY" +curl -X POST https://api.openai.com/v1/organization/data_retention \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" \ + -d '{ + "retention_type": "modified_abuse_monitoring" + }' ``` #### Response ```json { - "object": "list", - "data": [ - { - "object": "organization.certificate", - "id": "cert_abc", - "name": "My Example Certificate", - "active": true, - "created_at": 1234567, - "certificate_details": { - "valid_at": 12345667, - "expires_at": 12345678 - } - }, - ], - "first_id": "cert_abc", - "last_id": "cert_abc", - "has_more": false + "object": "organization.data_retention", + "type": "modified_abuse_monitoring" } ``` -## Upload certificate +## Domain Types -**post** `/organization/certificates` +### Organization Data Retention -Upload a certificate to the organization. This does **not** automatically activate the certificate. +- `OrganizationDataRetention object { object, type }` -Organizations can upload up to 50 certificates. + Represents the organization's data retention control setting. -### Body Parameters + - `object: "organization.data_retention"` -- `certificate: string` + The object type, which is always `organization.data_retention`. - The certificate content in PEM format + - `"organization.data_retention"` -- `name: optional string` + - `type: "zero_data_retention" or "modified_abuse_monitoring" or "enhanced_zero_data_retention" or "enhanced_modified_abuse_monitoring"` - An optional name for the certificate + The configured organization data retention type. + + - `"zero_data_retention"` + + - `"modified_abuse_monitoring"` + + - `"enhanced_zero_data_retention"` + + - `"enhanced_modified_abuse_monitoring"` + +# Spend Alerts + +## List organization spend alerts + +**get** `/organization/spend_alerts` + +Lists organization spend alerts. + +### Query Parameters + +- `after: optional string` + + Cursor for pagination. Provide the ID of the last spend alert from the previous response to fetch the next page. + +- `before: optional string` + + Cursor for pagination. Provide the ID of the first spend alert from the previous response to fetch the previous page. + +- `limit: optional number` + + A limit on the number of spend alerts to return. Defaults to 20. + +- `order: optional "asc" or "desc"` + + Sort order for the returned spend alerts. + + - `"asc"` + + - `"desc"` ### Returns -- `Certificate object { id, certificate_details, created_at, 3 more }` +- `data: array of OrganizationSpendAlert` - Represents an individual `certificate` uploaded to the organization. + Spend alerts returned in the current page. - `id: string` - The identifier, which can be referenced in API endpoints + The identifier, which can be referenced in API endpoints. - - `certificate_details: object { content, expires_at, valid_at }` + - `currency: "USD"` - - `content: optional string` + The currency for the threshold amount. - The content of the certificate in PEM format. + - `"USD"` - - `expires_at: optional number` + - `interval: "month"` - The Unix timestamp (in seconds) of when the certificate expires. + The time interval for evaluating spend against the threshold. - - `valid_at: optional number` + - `"month"` - The Unix timestamp (in seconds) of when the certificate becomes valid. + - `notification_channel: object { recipients, type, subject_prefix }` - - `created_at: number` + Email notification settings for a spend alert. - The Unix timestamp (in seconds) of when the certificate was uploaded. + - `recipients: array of string` - - `name: string` + Email addresses that receive the spend alert notification. - The name of the certificate. + - `type: "email"` - - `object: "certificate" or "organization.certificate" or "organization.project.certificate"` + The notification channel type. Currently only `email` is supported. - The object type. + - `"email"` - - If creating, updating, or getting a specific certificate, the object type is `certificate`. - - If listing, activating, or deactivating certificates for the organization, the object type is `organization.certificate`. - - If listing, activating, or deactivating certificates for a project, the object type is `organization.project.certificate`. + - `subject_prefix: optional string` - - `"certificate"` + Optional subject prefix for alert emails. - - `"organization.certificate"` + - `object: "organization.spend_alert"` - - `"organization.project.certificate"` + The object type, which is always `organization.spend_alert`. - - `active: optional boolean` + - `"organization.spend_alert"` - Whether the certificate is currently active at the specified scope. Not returned when getting details for a specific certificate. + - `threshold_amount: number` + + The alert threshold amount, in cents. + +- `first_id: string` + + The ID of the first spend alert in this page. + +- `has_more: boolean` + + Whether more spend alerts are available when paginating. + +- `last_id: string` + + The ID of the last spend alert in this page. + +- `object: "list"` + + Always `list`. + + - `"list"` ### Example ```http -curl https://api.openai.com/v1/organization/certificates \ - -H 'Content-Type: application/json' \ - -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ - -d '{ - "certificate": "certificate" - }' +curl https://api.openai.com/v1/organization/spend_alerts \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" ``` #### Response ```json { + "data": [ + { "id": "id", - "certificate_details": { - "content": "content", - "expires_at": 0, - "valid_at": 0 + "currency": "USD", + "interval": "month", + "notification_channel": { + "recipients": [ + "string" + ], + "type": "email", + "subject_prefix": "subject_prefix" }, - "created_at": 0, - "name": "name", - "object": "certificate", - "active": true + "object": "organization.spend_alert", + "threshold_amount": 0 + } + ], + "first_id": "first_id", + "has_more": true, + "last_id": "last_id", + "object": "list" } ``` ### Example ```http -curl -X POST https://api.openai.com/v1/organization/certificates \ --H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ --H "Content-Type: application/json" \ --d '{ - "name": "My Example Certificate", - "certificate": "-----BEGIN CERTIFICATE-----\\nMIIDeT...\\n-----END CERTIFICATE-----" -}' +curl https://api.openai.com/v1/organization/spend_alerts?limit=20&order=asc \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" ``` #### Response ```json { - "object": "certificate", - "id": "cert_abc", - "name": "My Example Certificate", - "created_at": 1234567, - "certificate_details": { - "valid_at": 12345667, - "expires_at": 12345678 + "object": "list", + "data": [ + { + "id": "alert_abc123", + "object": "organization.spend_alert", + "threshold_amount": 100000, + "currency": "USD", + "interval": "month", + "notification_channel": { + "type": "email", + "recipients": ["finance@example.com"], + "subject_prefix": "OpenAI spend alert" } + } + ], + "first_id": "alert_abc123", + "last_id": "alert_abc123", + "has_more": false } ``` -## Get certificate +## Create organization spend alert -**get** `/organization/certificates/{certificate_id}` +**post** `/organization/spend_alerts` -Get a certificate that has been uploaded to the organization. +Creates an organization spend alert. -You can get a certificate regardless of whether it is active or not. +### Body Parameters -### Path Parameters +- `currency: "USD"` -- `certificate_id: string` + The currency for the threshold amount. -### Query Parameters + - `"USD"` -- `include: optional array of "content"` +- `interval: "month"` - A list of additional fields to include in the response. Currently the only supported value is `content` to fetch the PEM content of the certificate. + The time interval for evaluating spend against the threshold. - - `"content"` + - `"month"` + +- `notification_channel: object { recipients, type, subject_prefix }` + + Email notification settings for a spend alert. + + - `recipients: array of string` + + Email addresses that receive the spend alert notification. + + - `type: "email"` + + The notification channel type. Currently only `email` is supported. + + - `"email"` + + - `subject_prefix: optional string` + + Optional subject prefix for alert emails. + +- `threshold_amount: number` + + The alert threshold amount, in cents. ### Returns -- `Certificate object { id, certificate_details, created_at, 3 more }` +- `OrganizationSpendAlert object { id, currency, interval, 3 more }` - Represents an individual `certificate` uploaded to the organization. + Represents a spend alert configured at the organization level. - `id: string` - The identifier, which can be referenced in API endpoints + The identifier, which can be referenced in API endpoints. - - `certificate_details: object { content, expires_at, valid_at }` + - `currency: "USD"` - - `content: optional string` + The currency for the threshold amount. - The content of the certificate in PEM format. + - `"USD"` - - `expires_at: optional number` + - `interval: "month"` - The Unix timestamp (in seconds) of when the certificate expires. + The time interval for evaluating spend against the threshold. - - `valid_at: optional number` + - `"month"` - The Unix timestamp (in seconds) of when the certificate becomes valid. + - `notification_channel: object { recipients, type, subject_prefix }` - - `created_at: number` + Email notification settings for a spend alert. - The Unix timestamp (in seconds) of when the certificate was uploaded. + - `recipients: array of string` - - `name: string` + Email addresses that receive the spend alert notification. - The name of the certificate. + - `type: "email"` - - `object: "certificate" or "organization.certificate" or "organization.project.certificate"` + The notification channel type. Currently only `email` is supported. - The object type. + - `"email"` - - If creating, updating, or getting a specific certificate, the object type is `certificate`. - - If listing, activating, or deactivating certificates for the organization, the object type is `organization.certificate`. - - If listing, activating, or deactivating certificates for a project, the object type is `organization.project.certificate`. + - `subject_prefix: optional string` - - `"certificate"` + Optional subject prefix for alert emails. - - `"organization.certificate"` + - `object: "organization.spend_alert"` - - `"organization.project.certificate"` + The object type, which is always `organization.spend_alert`. - - `active: optional boolean` + - `"organization.spend_alert"` - Whether the certificate is currently active at the specified scope. Not returned when getting details for a specific certificate. + - `threshold_amount: number` + + The alert threshold amount, in cents. ### Example ```http -curl https://api.openai.com/v1/organization/certificates/$CERTIFICATE_ID \ - -H "Authorization: Bearer $OPENAI_ADMIN_KEY" +curl https://api.openai.com/v1/organization/spend_alerts \ + -H 'Content-Type: application/json' \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -d '{ + "currency": "USD", + "interval": "month", + "notification_channel": { + "recipients": [ + "string" + ], + "type": "email" + }, + "threshold_amount": 0 + }' ``` #### Response @@ -16931,187 +17776,258 @@ curl https://api.openai.com/v1/organization/certificates/$CERTIFICATE_ID \ ```json { "id": "id", - "certificate_details": { - "content": "content", - "expires_at": 0, - "valid_at": 0 + "currency": "USD", + "interval": "month", + "notification_channel": { + "recipients": [ + "string" + ], + "type": "email", + "subject_prefix": "subject_prefix" }, - "created_at": 0, - "name": "name", - "object": "certificate", - "active": true + "object": "organization.spend_alert", + "threshold_amount": 0 } ``` ### Example ```http -curl "https://api.openai.com/v1/organization/certificates/cert_abc?include[]=content" \ --H "Authorization: Bearer $OPENAI_ADMIN_KEY" +curl -X POST https://api.openai.com/v1/organization/spend_alerts \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" \ + -d '{ + "threshold_amount": 100000, + "currency": "USD", + "interval": "month", + "notification_channel": { + "type": "email", + "recipients": ["finance@example.com"], + "subject_prefix": "OpenAI spend alert" + } + }' ``` #### Response ```json { - "object": "certificate", - "id": "cert_abc", - "name": "My Example Certificate", - "created_at": 1234567, - "certificate_details": { - "valid_at": 1234567, - "expires_at": 12345678, - "content": "-----BEGIN CERTIFICATE-----MIIDeT...-----END CERTIFICATE-----" + "id": "alert_abc123", + "object": "organization.spend_alert", + "threshold_amount": 100000, + "currency": "USD", + "interval": "month", + "notification_channel": { + "type": "email", + "recipients": ["finance@example.com"], + "subject_prefix": "OpenAI spend alert" } } ``` -## Modify certificate +## Update organization spend alert -**post** `/organization/certificates/{certificate_id}` +**post** `/organization/spend_alerts/{alert_id}` -Modify a certificate. Note that only the name can be modified. +Updates an organization spend alert. ### Path Parameters -- `certificate_id: string` +- `alert_id: string` ### Body Parameters -- `name: optional string` +- `currency: "USD"` - The updated name for the certificate + The currency for the threshold amount. -### Returns + - `"USD"` -- `Certificate object { id, certificate_details, created_at, 3 more }` +- `interval: "month"` - Represents an individual `certificate` uploaded to the organization. + The time interval for evaluating spend against the threshold. - - `id: string` + - `"month"` - The identifier, which can be referenced in API endpoints +- `notification_channel: object { recipients, type, subject_prefix }` - - `certificate_details: object { content, expires_at, valid_at }` + Email notification settings for a spend alert. - - `content: optional string` + - `recipients: array of string` - The content of the certificate in PEM format. + Email addresses that receive the spend alert notification. - - `expires_at: optional number` + - `type: "email"` - The Unix timestamp (in seconds) of when the certificate expires. + The notification channel type. Currently only `email` is supported. - - `valid_at: optional number` + - `"email"` - The Unix timestamp (in seconds) of when the certificate becomes valid. + - `subject_prefix: optional string` - - `created_at: number` + Optional subject prefix for alert emails. - The Unix timestamp (in seconds) of when the certificate was uploaded. +- `threshold_amount: number` - - `name: string` + The alert threshold amount, in cents. - The name of the certificate. +### Returns - - `object: "certificate" or "organization.certificate" or "organization.project.certificate"` +- `OrganizationSpendAlert object { id, currency, interval, 3 more }` - The object type. + Represents a spend alert configured at the organization level. - - If creating, updating, or getting a specific certificate, the object type is `certificate`. - - If listing, activating, or deactivating certificates for the organization, the object type is `organization.certificate`. - - If listing, activating, or deactivating certificates for a project, the object type is `organization.project.certificate`. + - `id: string` - - `"certificate"` + The identifier, which can be referenced in API endpoints. - - `"organization.certificate"` + - `currency: "USD"` - - `"organization.project.certificate"` + The currency for the threshold amount. - - `active: optional boolean` + - `"USD"` - Whether the certificate is currently active at the specified scope. Not returned when getting details for a specific certificate. + - `interval: "month"` -### Example + The time interval for evaluating spend against the threshold. -```http -curl https://api.openai.com/v1/organization/certificates/$CERTIFICATE_ID \ - -H 'Content-Type: application/json' \ - -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ - -d '{}' -``` + - `"month"` -#### Response + - `notification_channel: object { recipients, type, subject_prefix }` -```json -{ + Email notification settings for a spend alert. + + - `recipients: array of string` + + Email addresses that receive the spend alert notification. + + - `type: "email"` + + The notification channel type. Currently only `email` is supported. + + - `"email"` + + - `subject_prefix: optional string` + + Optional subject prefix for alert emails. + + - `object: "organization.spend_alert"` + + The object type, which is always `organization.spend_alert`. + + - `"organization.spend_alert"` + + - `threshold_amount: number` + + The alert threshold amount, in cents. + +### Example + +```http +curl https://api.openai.com/v1/organization/spend_alerts/$ALERT_ID \ + -H 'Content-Type: application/json' \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -d '{ + "currency": "USD", + "interval": "month", + "notification_channel": { + "recipients": [ + "string" + ], + "type": "email" + }, + "threshold_amount": 0 + }' +``` + +#### Response + +```json +{ "id": "id", - "certificate_details": { - "content": "content", - "expires_at": 0, - "valid_at": 0 + "currency": "USD", + "interval": "month", + "notification_channel": { + "recipients": [ + "string" + ], + "type": "email", + "subject_prefix": "subject_prefix" }, - "created_at": 0, - "name": "name", - "object": "certificate", - "active": true + "object": "organization.spend_alert", + "threshold_amount": 0 } ``` ### Example ```http -curl -X POST https://api.openai.com/v1/organization/certificates/cert_abc \ --H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ --H "Content-Type: application/json" \ --d '{ - "name": "Renamed Certificate" -}' +curl -X POST https://api.openai.com/v1/organization/spend_alerts/alert_abc123 \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" \ + -d '{ + "threshold_amount": 150000, + "currency": "USD", + "interval": "month", + "notification_channel": { + "type": "email", + "recipients": ["finance@example.com"], + "subject_prefix": "OpenAI spend alert" + } + }' ``` #### Response ```json { - "object": "certificate", - "id": "cert_abc", - "name": "Renamed Certificate", - "created_at": 1234567, - "certificate_details": { - "valid_at": 12345667, - "expires_at": 12345678 + "id": "alert_abc123", + "object": "organization.spend_alert", + "threshold_amount": 150000, + "currency": "USD", + "interval": "month", + "notification_channel": { + "type": "email", + "recipients": ["finance@example.com"], + "subject_prefix": "OpenAI spend alert" } } ``` -## Delete certificate - -**delete** `/organization/certificates/{certificate_id}` +## Delete organization spend alert -Delete a certificate from the organization. +**delete** `/organization/spend_alerts/{alert_id}` -The certificate must be inactive for the organization and all projects. +Deletes an organization spend alert. ### Path Parameters -- `certificate_id: string` +- `alert_id: string` ### Returns -- `id: string` +- `OrganizationSpendAlertDeleted object { id, deleted, object }` - The ID of the certificate that was deleted. + Confirmation payload returned after deleting an organization spend alert. -- `object: "certificate.deleted"` + - `id: string` - The object type, must be `certificate.deleted`. + The deleted spend alert ID. - - `"certificate.deleted"` + - `deleted: boolean` + + Whether the spend alert was deleted. + + - `object: "organization.spend_alert.deleted"` + + Always `organization.spend_alert.deleted`. + + - `"organization.spend_alert.deleted"` ### Example ```http -curl https://api.openai.com/v1/organization/certificates/$CERTIFICATE_ID \ +curl https://api.openai.com/v1/organization/spend_alerts/$ALERT_ID \ -X DELETE \ -H "Authorization: Bearer $OPENAI_ADMIN_KEY" ``` @@ -17121,37 +18037,126 @@ curl https://api.openai.com/v1/organization/certificates/$CERTIFICATE_ID \ ```json { "id": "id", - "object": "certificate.deleted" + "deleted": true, + "object": "organization.spend_alert.deleted" } ``` ### Example ```http -curl -X DELETE https://api.openai.com/v1/organization/certificates/cert_abc \ --H "Authorization: Bearer $OPENAI_ADMIN_KEY" +curl -X DELETE https://api.openai.com/v1/organization/spend_alerts/alert_abc123 \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" ``` #### Response ```json { - "object": "certificate.deleted", - "id": "cert_abc" + "id": "alert_abc123", + "object": "organization.spend_alert.deleted", + "deleted": true } ``` -## Activate certificates for organization +## Domain Types -**post** `/organization/certificates/activate` +### Organization Spend Alert -Activate certificates at the organization level. +- `OrganizationSpendAlert object { id, currency, interval, 3 more }` -You can atomically and idempotently activate up to 10 certificates at a time. + Represents a spend alert configured at the organization level. -### Body Parameters + - `id: string` -- `certificate_ids: array of string` + The identifier, which can be referenced in API endpoints. + + - `currency: "USD"` + + The currency for the threshold amount. + + - `"USD"` + + - `interval: "month"` + + The time interval for evaluating spend against the threshold. + + - `"month"` + + - `notification_channel: object { recipients, type, subject_prefix }` + + Email notification settings for a spend alert. + + - `recipients: array of string` + + Email addresses that receive the spend alert notification. + + - `type: "email"` + + The notification channel type. Currently only `email` is supported. + + - `"email"` + + - `subject_prefix: optional string` + + Optional subject prefix for alert emails. + + - `object: "organization.spend_alert"` + + The object type, which is always `organization.spend_alert`. + + - `"organization.spend_alert"` + + - `threshold_amount: number` + + The alert threshold amount, in cents. + +### Organization Spend Alert Deleted + +- `OrganizationSpendAlertDeleted object { id, deleted, object }` + + Confirmation payload returned after deleting an organization spend alert. + + - `id: string` + + The deleted spend alert ID. + + - `deleted: boolean` + + Whether the spend alert was deleted. + + - `object: "organization.spend_alert.deleted"` + + Always `organization.spend_alert.deleted`. + + - `"organization.spend_alert.deleted"` + +# Certificates + +## List organization certificates + +**get** `/organization/certificates` + +List uploaded certificates for this organization. + +### Query Parameters + +- `after: optional string` + + A cursor for use in pagination. `after` is an object ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, ending with obj_foo, your subsequent call can include after=obj_foo in order to fetch the next page of the list. + +- `limit: optional number` + + A limit on the number of objects to be returned. Limit can range between 1 and 100, and the default is 20. + +- `order: optional "asc" or "desc"` + + Sort order by the `created_at` timestamp of the objects. `asc` for ascending order and `desc` for descending order. + + - `"asc"` + + - `"desc"` ### Returns @@ -17189,23 +18194,21 @@ You can atomically and idempotently activate up to 10 certificates at a time. - `"organization.certificate"` -- `object: "organization.certificate.activation"` +- `first_id: string` - The organization certificate activation result type. +- `has_more: boolean` - - `"organization.certificate.activation"` +- `last_id: string` + +- `object: "list"` + + - `"list"` ### Example ```http -curl https://api.openai.com/v1/organization/certificates/activate \ - -H 'Content-Type: application/json' \ - -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ - -d '{ - "certificate_ids": [ - "cert_abc" - ] - }' +curl https://api.openai.com/v1/organization/certificates \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" ``` #### Response @@ -17225,26 +18228,25 @@ curl https://api.openai.com/v1/organization/certificates/activate \ "object": "organization.certificate" } ], - "object": "organization.certificate.activation" + "first_id": "cert_abc", + "has_more": true, + "last_id": "cert_abc", + "object": "list" } ``` ### Example ```http -curl https://api.openai.com/v1/organization/certificates/activate \ --H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ --H "Content-Type: application/json" \ --d '{ - "certificate_ids": ["cert_abc", "cert_def"] -}' +curl https://api.openai.com/v1/organization/certificates \ +-H "Authorization: Bearer $OPENAI_ADMIN_KEY" ``` #### Response ```json { - "object": "organization.certificate.activation", + "object": "list", "data": [ { "object": "organization.certificate", @@ -17257,46 +18259,46 @@ curl https://api.openai.com/v1/organization/certificates/activate \ "expires_at": 12345678 } }, - { - "object": "organization.certificate", - "id": "cert_def", - "name": "My Example Certificate 2", - "active": true, - "created_at": 1234567, - "certificate_details": { - "valid_at": 12345667, - "expires_at": 12345678 - } - }, ], + "first_id": "cert_abc", + "last_id": "cert_abc", + "has_more": false } ``` -## Deactivate certificates for organization +## Upload certificate -**post** `/organization/certificates/deactivate` +**post** `/organization/certificates` -Deactivate certificates at the organization level. +Upload a certificate to the organization. This does **not** automatically activate the certificate. -You can atomically and idempotently deactivate up to 10 certificates at a time. +Organizations can upload up to 50 certificates. ### Body Parameters -- `certificate_ids: array of string` +- `certificate: string` + + The certificate content in PEM format + +- `name: optional string` + + An optional name for the certificate ### Returns -- `data: array of object { id, active, certificate_details, 3 more }` +- `Certificate object { id, certificate_details, created_at, 3 more }` + + Represents an individual `certificate` uploaded to the organization. - `id: string` The identifier, which can be referenced in API endpoints - - `active: boolean` + - `certificate_details: object { content, expires_at, valid_at }` - Whether the certificate is currently active at the organization level. + - `content: optional string` - - `certificate_details: object { expires_at, valid_at }` + The content of the certificate in PEM format. - `expires_at: optional number` @@ -17314,28 +18316,32 @@ You can atomically and idempotently deactivate up to 10 certificates at a time. The name of the certificate. - - `object: "organization.certificate"` + - `object: "certificate" or "organization.certificate" or "organization.project.certificate"` - The object type, which is always `organization.certificate`. + The object type. + + - If creating, updating, or getting a specific certificate, the object type is `certificate`. + - If listing, activating, or deactivating certificates for the organization, the object type is `organization.certificate`. + - If listing, activating, or deactivating certificates for a project, the object type is `organization.project.certificate`. + + - `"certificate"` - `"organization.certificate"` -- `object: "organization.certificate.deactivation"` + - `"organization.project.certificate"` - The organization certificate deactivation result type. + - `active: optional boolean` - - `"organization.certificate.deactivation"` + Whether the certificate is currently active at the specified scope. Not returned when getting details for a specific certificate. ### Example ```http -curl https://api.openai.com/v1/organization/certificates/deactivate \ +curl https://api.openai.com/v1/organization/certificates \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ -d '{ - "certificate_ids": [ - "cert_abc" - ] + "certificate": "certificate" }' ``` @@ -17343,31 +18349,28 @@ curl https://api.openai.com/v1/organization/certificates/deactivate \ ```json { - "data": [ - { "id": "id", - "active": true, "certificate_details": { + "content": "content", "expires_at": 0, "valid_at": 0 }, "created_at": 0, "name": "name", - "object": "organization.certificate" - } - ], - "object": "organization.certificate.deactivation" + "object": "certificate", + "active": true } ``` ### Example ```http -curl https://api.openai.com/v1/organization/certificates/deactivate \ +curl -X POST https://api.openai.com/v1/organization/certificates \ -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ -H "Content-Type: application/json" \ -d '{ - "certificate_ids": ["cert_abc", "cert_def"] + "name": "My Example Certificate", + "certificate": "-----BEGIN CERTIFICATE-----\\nMIIDeT...\\n-----END CERTIFICATE-----" }' ``` @@ -17375,37 +18378,38 @@ curl https://api.openai.com/v1/organization/certificates/deactivate \ ```json { - "object": "organization.certificate.deactivation", - "data": [ - { - "object": "organization.certificate", + "object": "certificate", "id": "cert_abc", "name": "My Example Certificate", - "active": false, - "created_at": 1234567, - "certificate_details": { - "valid_at": 12345667, - "expires_at": 12345678 - } - }, - { - "object": "organization.certificate", - "id": "cert_def", - "name": "My Example Certificate 2", - "active": false, "created_at": 1234567, "certificate_details": { "valid_at": 12345667, "expires_at": 12345678 } - }, - ], } ``` -## Domain Types +## Get certificate -### Certificate +**get** `/organization/certificates/{certificate_id}` + +Get a certificate that has been uploaded to the organization. + +You can get a certificate regardless of whether it is active or not. + +### Path Parameters + +- `certificate_id: string` + +### Query Parameters + +- `include: optional array of "content"` + + A list of additional fields to include in the response. Currently the only supported value is `content` to fetch the PEM content of the certificate. + + - `"content"` + +### Returns - `Certificate object { id, certificate_details, created_at, 3 more }` @@ -17455,73 +18459,84 @@ curl https://api.openai.com/v1/organization/certificates/deactivate \ Whether the certificate is currently active at the specified scope. Not returned when getting details for a specific certificate. -### Certificate List Response - -- `CertificateListResponse object { id, active, certificate_details, 3 more }` - - Represents an individual certificate configured at the organization level. - - - `id: string` - - The identifier, which can be referenced in API endpoints - - - `active: boolean` - - Whether the certificate is currently active at the organization level. - - - `certificate_details: object { expires_at, valid_at }` - - - `expires_at: optional number` - - The Unix timestamp (in seconds) of when the certificate expires. - - - `valid_at: optional number` +### Example - The Unix timestamp (in seconds) of when the certificate becomes valid. +```http +curl https://api.openai.com/v1/organization/certificates/$CERTIFICATE_ID \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" +``` - - `created_at: number` +#### Response - The Unix timestamp (in seconds) of when the certificate was uploaded. +```json +{ + "id": "id", + "certificate_details": { + "content": "content", + "expires_at": 0, + "valid_at": 0 + }, + "created_at": 0, + "name": "name", + "object": "certificate", + "active": true +} +``` - - `name: string` +### Example - The name of the certificate. +```http +curl "https://api.openai.com/v1/organization/certificates/cert_abc?include[]=content" \ +-H "Authorization: Bearer $OPENAI_ADMIN_KEY" +``` - - `object: "organization.certificate"` +#### Response - The object type, which is always `organization.certificate`. +```json +{ + "object": "certificate", + "id": "cert_abc", + "name": "My Example Certificate", + "created_at": 1234567, + "certificate_details": { + "valid_at": 1234567, + "expires_at": 12345678, + "content": "-----BEGIN CERTIFICATE-----MIIDeT...-----END CERTIFICATE-----" + } +} +``` - - `"organization.certificate"` +## Modify certificate -### Certificate Delete Response +**post** `/organization/certificates/{certificate_id}` -- `CertificateDeleteResponse object { id, object }` +Modify a certificate. Note that only the name can be modified. - - `id: string` +### Path Parameters - The ID of the certificate that was deleted. +- `certificate_id: string` - - `object: "certificate.deleted"` +### Body Parameters - The object type, must be `certificate.deleted`. +- `name: optional string` - - `"certificate.deleted"` + The updated name for the certificate -### Certificate Activate Response +### Returns -- `CertificateActivateResponse object { id, active, certificate_details, 3 more }` +- `Certificate object { id, certificate_details, created_at, 3 more }` - Represents an individual certificate configured at the organization level. + Represents an individual `certificate` uploaded to the organization. - `id: string` The identifier, which can be referenced in API endpoints - - `active: boolean` + - `certificate_details: object { content, expires_at, valid_at }` - Whether the certificate is currently active at the organization level. + - `content: optional string` - - `certificate_details: object { expires_at, valid_at }` + The content of the certificate in PEM format. - `expires_at: optional number` @@ -17539,121 +18554,198 @@ curl https://api.openai.com/v1/organization/certificates/deactivate \ The name of the certificate. - - `object: "organization.certificate"` + - `object: "certificate" or "organization.certificate" or "organization.project.certificate"` - The object type, which is always `organization.certificate`. + The object type. - - `"organization.certificate"` + - If creating, updating, or getting a specific certificate, the object type is `certificate`. + - If listing, activating, or deactivating certificates for the organization, the object type is `organization.certificate`. + - If listing, activating, or deactivating certificates for a project, the object type is `organization.project.certificate`. -### Certificate Deactivate Response + - `"certificate"` -- `CertificateDeactivateResponse object { id, active, certificate_details, 3 more }` + - `"organization.certificate"` - Represents an individual certificate configured at the organization level. + - `"organization.project.certificate"` - - `id: string` + - `active: optional boolean` - The identifier, which can be referenced in API endpoints + Whether the certificate is currently active at the specified scope. Not returned when getting details for a specific certificate. - - `active: boolean` +### Example - Whether the certificate is currently active at the organization level. +```http +curl https://api.openai.com/v1/organization/certificates/$CERTIFICATE_ID \ + -H 'Content-Type: application/json' \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -d '{}' +``` - - `certificate_details: object { expires_at, valid_at }` +#### Response - - `expires_at: optional number` +```json +{ + "id": "id", + "certificate_details": { + "content": "content", + "expires_at": 0, + "valid_at": 0 + }, + "created_at": 0, + "name": "name", + "object": "certificate", + "active": true +} +``` - The Unix timestamp (in seconds) of when the certificate expires. +### Example - - `valid_at: optional number` +```http +curl -X POST https://api.openai.com/v1/organization/certificates/cert_abc \ +-H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ +-H "Content-Type: application/json" \ +-d '{ + "name": "Renamed Certificate" +}' +``` - The Unix timestamp (in seconds) of when the certificate becomes valid. +#### Response - - `created_at: number` +```json +{ + "object": "certificate", + "id": "cert_abc", + "name": "Renamed Certificate", + "created_at": 1234567, + "certificate_details": { + "valid_at": 12345667, + "expires_at": 12345678 + } +} +``` - The Unix timestamp (in seconds) of when the certificate was uploaded. +## Delete certificate - - `name: string` +**delete** `/organization/certificates/{certificate_id}` - The name of the certificate. +Delete a certificate from the organization. - - `object: "organization.certificate"` +The certificate must be inactive for the organization and all projects. - The object type, which is always `organization.certificate`. +### Path Parameters - - `"organization.certificate"` +- `certificate_id: string` -# Projects +### Returns -## List projects +- `id: string` -**get** `/organization/projects` + The ID of the certificate that was deleted. -Returns a list of projects. +- `object: "certificate.deleted"` -### Query Parameters + The object type, must be `certificate.deleted`. -- `after: optional string` + - `"certificate.deleted"` - A cursor for use in pagination. `after` is an object ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, ending with obj_foo, your subsequent call can include after=obj_foo in order to fetch the next page of the list. +### Example -- `include_archived: optional boolean` +```http +curl https://api.openai.com/v1/organization/certificates/$CERTIFICATE_ID \ + -X DELETE \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" +``` - If `true` returns all projects including those that have been `archived`. Archived projects are not included by default. +#### Response -- `limit: optional number` +```json +{ + "id": "id", + "object": "certificate.deleted" +} +``` - A limit on the number of objects to be returned. Limit can range between 1 and 100, and the default is 20. +### Example + +```http +curl -X DELETE https://api.openai.com/v1/organization/certificates/cert_abc \ +-H "Authorization: Bearer $OPENAI_ADMIN_KEY" +``` + +#### Response + +```json +{ + "object": "certificate.deleted", + "id": "cert_abc" +} +``` + +## Activate certificates for organization + +**post** `/organization/certificates/activate` + +Activate certificates at the organization level. + +You can atomically and idempotently activate up to 10 certificates at a time. + +### Body Parameters + +- `certificate_ids: array of string` ### Returns -- `data: array of Project` +- `data: array of object { id, active, certificate_details, 3 more }` - `id: string` The identifier, which can be referenced in API endpoints - - `created_at: number` - - The Unix timestamp (in seconds) of when the project was created. + - `active: boolean` - - `object: "organization.project"` + Whether the certificate is currently active at the organization level. - The object type, which is always `organization.project` + - `certificate_details: object { expires_at, valid_at }` - - `"organization.project"` + - `expires_at: optional number` - - `archived_at: optional number` + The Unix timestamp (in seconds) of when the certificate expires. - The Unix timestamp (in seconds) of when the project was archived or `null`. + - `valid_at: optional number` - - `external_key_id: optional string` + The Unix timestamp (in seconds) of when the certificate becomes valid. - The external key associated with the project. + - `created_at: number` - - `name: optional string` + The Unix timestamp (in seconds) of when the certificate was uploaded. - The name of the project. This appears in reporting. + - `name: string` - - `status: optional string` + The name of the certificate. - `active` or `archived` + - `object: "organization.certificate"` -- `has_more: boolean` + The object type, which is always `organization.certificate`. -- `object: "list"` + - `"organization.certificate"` - - `"list"` +- `object: "organization.certificate.activation"` -- `first_id: optional string` + The organization certificate activation result type. -- `last_id: optional string` + - `"organization.certificate.activation"` ### Example ```http -curl https://api.openai.com/v1/organization/projects \ - -H "Authorization: Bearer $OPENAI_ADMIN_KEY" +curl https://api.openai.com/v1/organization/certificates/activate \ + -H 'Content-Type: application/json' \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -d '{ + "certificate_ids": [ + "cert_abc" + ] + }' ``` #### Response @@ -17663,114 +18755,127 @@ curl https://api.openai.com/v1/organization/projects \ "data": [ { "id": "id", + "active": true, + "certificate_details": { + "expires_at": 0, + "valid_at": 0 + }, "created_at": 0, - "object": "organization.project", - "archived_at": 0, - "external_key_id": "external_key_id", "name": "name", - "status": "status" + "object": "organization.certificate" } ], - "has_more": true, - "object": "list", - "first_id": "first_id", - "last_id": "last_id" + "object": "organization.certificate.activation" } ``` ### Example ```http -curl https://api.openai.com/v1/organization/projects?after=proj_abc&limit=20&include_archived=false \ - -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ - -H "Content-Type: application/json" +curl https://api.openai.com/v1/organization/certificates/activate \ +-H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ +-H "Content-Type: application/json" \ +-d '{ + "certificate_ids": ["cert_abc", "cert_def"] +}' ``` #### Response ```json { - "object": "list", + "object": "organization.certificate.activation", "data": [ { - "id": "proj_abc", - "object": "organization.project", - "name": "Project example", - "created_at": 1711471533, - "archived_at": null, - "status": "active" + "object": "organization.certificate", + "id": "cert_abc", + "name": "My Example Certificate", + "active": true, + "created_at": 1234567, + "certificate_details": { + "valid_at": 12345667, + "expires_at": 12345678 + } + }, + { + "object": "organization.certificate", + "id": "cert_def", + "name": "My Example Certificate 2", + "active": true, + "created_at": 1234567, + "certificate_details": { + "valid_at": 12345667, + "expires_at": 12345678 } + }, ], - "first_id": "proj-abc", - "last_id": "proj-xyz", - "has_more": false } ``` -## Create project - -**post** `/organization/projects` +## Deactivate certificates for organization -Create a new project in the organization. Projects can be created and archived, but cannot be deleted. +**post** `/organization/certificates/deactivate` -### Body Parameters +Deactivate certificates at the organization level. -- `name: string` +You can atomically and idempotently deactivate up to 10 certificates at a time. - The friendly name of the project, this name appears in reports. +### Body Parameters -- `external_key_id: optional string` +- `certificate_ids: array of string` - External key ID to associate with the project. +### Returns -- `geography: optional string` +- `data: array of object { id, active, certificate_details, 3 more }` - Create the project with the specified data residency region. Your organization must have access to Data residency functionality in order to use. See [data residency controls](/docs/guides/your-data#data-residency-controls) to review the functionality and limitations of setting this field. + - `id: string` -### Returns + The identifier, which can be referenced in API endpoints -- `Project object { id, created_at, object, 4 more }` + - `active: boolean` - Represents an individual project. + Whether the certificate is currently active at the organization level. - - `id: string` + - `certificate_details: object { expires_at, valid_at }` - The identifier, which can be referenced in API endpoints + - `expires_at: optional number` - - `created_at: number` + The Unix timestamp (in seconds) of when the certificate expires. - The Unix timestamp (in seconds) of when the project was created. + - `valid_at: optional number` - - `object: "organization.project"` + The Unix timestamp (in seconds) of when the certificate becomes valid. - The object type, which is always `organization.project` + - `created_at: number` - - `"organization.project"` + The Unix timestamp (in seconds) of when the certificate was uploaded. - - `archived_at: optional number` + - `name: string` - The Unix timestamp (in seconds) of when the project was archived or `null`. + The name of the certificate. - - `external_key_id: optional string` + - `object: "organization.certificate"` - The external key associated with the project. + The object type, which is always `organization.certificate`. - - `name: optional string` + - `"organization.certificate"` - The name of the project. This appears in reporting. +- `object: "organization.certificate.deactivation"` - - `status: optional string` + The organization certificate deactivation result type. - `active` or `archived` + - `"organization.certificate.deactivation"` ### Example ```http -curl https://api.openai.com/v1/organization/projects \ +curl https://api.openai.com/v1/organization/certificates/deactivate \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ -d '{ - "name": "name" + "certificate_ids": [ + "cert_abc" + ] }' ``` @@ -17778,55 +18883,271 @@ curl https://api.openai.com/v1/organization/projects \ ```json { + "data": [ + { "id": "id", + "active": true, + "certificate_details": { + "expires_at": 0, + "valid_at": 0 + }, "created_at": 0, - "object": "organization.project", - "archived_at": 0, - "external_key_id": "external_key_id", "name": "name", - "status": "status" + "object": "organization.certificate" + } + ], + "object": "organization.certificate.deactivation" } ``` ### Example ```http -curl -X POST https://api.openai.com/v1/organization/projects \ - -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ - -H "Content-Type: application/json" \ - -d '{ - "name": "Project ABC" - }' +curl https://api.openai.com/v1/organization/certificates/deactivate \ +-H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ +-H "Content-Type: application/json" \ +-d '{ + "certificate_ids": ["cert_abc", "cert_def"] +}' ``` #### Response ```json { - "id": "proj_abc", - "object": "organization.project", - "name": "Project ABC", - "created_at": 1711471533, - "archived_at": null, - "status": "active" + "object": "organization.certificate.deactivation", + "data": [ + { + "object": "organization.certificate", + "id": "cert_abc", + "name": "My Example Certificate", + "active": false, + "created_at": 1234567, + "certificate_details": { + "valid_at": 12345667, + "expires_at": 12345678 + } + }, + { + "object": "organization.certificate", + "id": "cert_def", + "name": "My Example Certificate 2", + "active": false, + "created_at": 1234567, + "certificate_details": { + "valid_at": 12345667, + "expires_at": 12345678 + } + }, + ], } ``` -## Retrieve project +## Domain Types -**get** `/organization/projects/{project_id}` +### Certificate -Retrieves a project. +- `Certificate object { id, certificate_details, created_at, 3 more }` -### Path Parameters + Represents an individual `certificate` uploaded to the organization. -- `project_id: string` + - `id: string` -### Returns + The identifier, which can be referenced in API endpoints -- `Project object { id, created_at, object, 4 more }` + - `certificate_details: object { content, expires_at, valid_at }` - Represents an individual project. + - `content: optional string` + + The content of the certificate in PEM format. + + - `expires_at: optional number` + + The Unix timestamp (in seconds) of when the certificate expires. + + - `valid_at: optional number` + + The Unix timestamp (in seconds) of when the certificate becomes valid. + + - `created_at: number` + + The Unix timestamp (in seconds) of when the certificate was uploaded. + + - `name: string` + + The name of the certificate. + + - `object: "certificate" or "organization.certificate" or "organization.project.certificate"` + + The object type. + + - If creating, updating, or getting a specific certificate, the object type is `certificate`. + - If listing, activating, or deactivating certificates for the organization, the object type is `organization.certificate`. + - If listing, activating, or deactivating certificates for a project, the object type is `organization.project.certificate`. + + - `"certificate"` + + - `"organization.certificate"` + + - `"organization.project.certificate"` + + - `active: optional boolean` + + Whether the certificate is currently active at the specified scope. Not returned when getting details for a specific certificate. + +### Certificate List Response + +- `CertificateListResponse object { id, active, certificate_details, 3 more }` + + Represents an individual certificate configured at the organization level. + + - `id: string` + + The identifier, which can be referenced in API endpoints + + - `active: boolean` + + Whether the certificate is currently active at the organization level. + + - `certificate_details: object { expires_at, valid_at }` + + - `expires_at: optional number` + + The Unix timestamp (in seconds) of when the certificate expires. + + - `valid_at: optional number` + + The Unix timestamp (in seconds) of when the certificate becomes valid. + + - `created_at: number` + + The Unix timestamp (in seconds) of when the certificate was uploaded. + + - `name: string` + + The name of the certificate. + + - `object: "organization.certificate"` + + The object type, which is always `organization.certificate`. + + - `"organization.certificate"` + +### Certificate Delete Response + +- `CertificateDeleteResponse object { id, object }` + + - `id: string` + + The ID of the certificate that was deleted. + + - `object: "certificate.deleted"` + + The object type, must be `certificate.deleted`. + + - `"certificate.deleted"` + +### Certificate Activate Response + +- `CertificateActivateResponse object { id, active, certificate_details, 3 more }` + + Represents an individual certificate configured at the organization level. + + - `id: string` + + The identifier, which can be referenced in API endpoints + + - `active: boolean` + + Whether the certificate is currently active at the organization level. + + - `certificate_details: object { expires_at, valid_at }` + + - `expires_at: optional number` + + The Unix timestamp (in seconds) of when the certificate expires. + + - `valid_at: optional number` + + The Unix timestamp (in seconds) of when the certificate becomes valid. + + - `created_at: number` + + The Unix timestamp (in seconds) of when the certificate was uploaded. + + - `name: string` + + The name of the certificate. + + - `object: "organization.certificate"` + + The object type, which is always `organization.certificate`. + + - `"organization.certificate"` + +### Certificate Deactivate Response + +- `CertificateDeactivateResponse object { id, active, certificate_details, 3 more }` + + Represents an individual certificate configured at the organization level. + + - `id: string` + + The identifier, which can be referenced in API endpoints + + - `active: boolean` + + Whether the certificate is currently active at the organization level. + + - `certificate_details: object { expires_at, valid_at }` + + - `expires_at: optional number` + + The Unix timestamp (in seconds) of when the certificate expires. + + - `valid_at: optional number` + + The Unix timestamp (in seconds) of when the certificate becomes valid. + + - `created_at: number` + + The Unix timestamp (in seconds) of when the certificate was uploaded. + + - `name: string` + + The name of the certificate. + + - `object: "organization.certificate"` + + The object type, which is always `organization.certificate`. + + - `"organization.certificate"` + +# Projects + +## List projects + +**get** `/organization/projects` + +Returns a list of projects. + +### Query Parameters + +- `after: optional string` + + A cursor for use in pagination. `after` is an object ID that defines your place in the list. For instance, if you make a list request and receive 100 objects, ending with obj_foo, your subsequent call can include after=obj_foo in order to fetch the next page of the list. + +- `include_archived: optional boolean` + + If `true` returns all projects including those that have been `archived`. Archived projects are not included by default. + +- `limit: optional number` + + A limit on the number of objects to be returned. Limit can range between 1 and 100, and the default is 20. + +### Returns + +- `data: array of Project` - `id: string` @@ -17858,10 +19179,20 @@ Retrieves a project. `active` or `archived` +- `has_more: boolean` + +- `object: "list"` + + - `"list"` + +- `first_id: optional string` + +- `last_id: optional string` + ### Example ```http -curl https://api.openai.com/v1/organization/projects/$PROJECT_ID \ +curl https://api.openai.com/v1/organization/projects \ -H "Authorization: Bearer $OPENAI_ADMIN_KEY" ``` @@ -17869,6 +19200,8 @@ curl https://api.openai.com/v1/organization/projects/$PROJECT_ID \ ```json { + "data": [ + { "id": "id", "created_at": 0, "object": "organization.project", @@ -17876,13 +19209,19 @@ curl https://api.openai.com/v1/organization/projects/$PROJECT_ID \ "external_key_id": "external_key_id", "name": "name", "status": "status" + } + ], + "has_more": true, + "object": "list", + "first_id": "first_id", + "last_id": "last_id" } ``` ### Example ```http -curl https://api.openai.com/v1/organization/projects/proj_abc \ +curl https://api.openai.com/v1/organization/projects?after=proj_abc&limit=20&include_archived=false \ -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ -H "Content-Type: application/json" ``` @@ -17891,26 +19230,34 @@ curl https://api.openai.com/v1/organization/projects/proj_abc \ ```json { + "object": "list", + "data": [ + { "id": "proj_abc", "object": "organization.project", "name": "Project example", "created_at": 1711471533, "archived_at": null, "status": "active" + } + ], + "first_id": "proj-abc", + "last_id": "proj-xyz", + "has_more": false } ``` -## Modify project +## Create project -**post** `/organization/projects/{project_id}` +**post** `/organization/projects` -Modifies a project in the organization. +Create a new project in the organization. Projects can be created and archived, but cannot be deleted. -### Path Parameters +### Body Parameters -- `project_id: string` +- `name: string` -### Body Parameters + The friendly name of the project, this name appears in reports. - `external_key_id: optional string` @@ -17918,11 +19265,7 @@ Modifies a project in the organization. - `geography: optional string` - Geography for the project. - -- `name: optional string` - - The updated name of the project, this name appears in reports. + Create the project with the specified data residency region. Your organization must have access to Data residency functionality in order to use. See [data residency controls](/docs/guides/your-data#data-residency-controls) to review the functionality and limitations of setting this field. ### Returns @@ -17963,10 +19306,12 @@ Modifies a project in the organization. ### Example ```http -curl https://api.openai.com/v1/organization/projects/$PROJECT_ID \ +curl https://api.openai.com/v1/organization/projects \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ - -d '{}' + -d '{ + "name": "name" + }' ``` #### Response @@ -17986,11 +19331,206 @@ curl https://api.openai.com/v1/organization/projects/$PROJECT_ID \ ### Example ```http -curl -X POST https://api.openai.com/v1/organization/projects/proj_abc \ +curl -X POST https://api.openai.com/v1/organization/projects \ -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ -H "Content-Type: application/json" \ -d '{ - "name": "Project DEF" + "name": "Project ABC" + }' +``` + +#### Response + +```json +{ + "id": "proj_abc", + "object": "organization.project", + "name": "Project ABC", + "created_at": 1711471533, + "archived_at": null, + "status": "active" +} +``` + +## Retrieve project + +**get** `/organization/projects/{project_id}` + +Retrieves a project. + +### Path Parameters + +- `project_id: string` + +### Returns + +- `Project object { id, created_at, object, 4 more }` + + Represents an individual project. + + - `id: string` + + The identifier, which can be referenced in API endpoints + + - `created_at: number` + + The Unix timestamp (in seconds) of when the project was created. + + - `object: "organization.project"` + + The object type, which is always `organization.project` + + - `"organization.project"` + + - `archived_at: optional number` + + The Unix timestamp (in seconds) of when the project was archived or `null`. + + - `external_key_id: optional string` + + The external key associated with the project. + + - `name: optional string` + + The name of the project. This appears in reporting. + + - `status: optional string` + + `active` or `archived` + +### Example + +```http +curl https://api.openai.com/v1/organization/projects/$PROJECT_ID \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" +``` + +#### Response + +```json +{ + "id": "id", + "created_at": 0, + "object": "organization.project", + "archived_at": 0, + "external_key_id": "external_key_id", + "name": "name", + "status": "status" +} +``` + +### Example + +```http +curl https://api.openai.com/v1/organization/projects/proj_abc \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" +``` + +#### Response + +```json +{ + "id": "proj_abc", + "object": "organization.project", + "name": "Project example", + "created_at": 1711471533, + "archived_at": null, + "status": "active" +} +``` + +## Modify project + +**post** `/organization/projects/{project_id}` + +Modifies a project in the organization. + +### Path Parameters + +- `project_id: string` + +### Body Parameters + +- `external_key_id: optional string` + + External key ID to associate with the project. + +- `geography: optional string` + + Geography for the project. + +- `name: optional string` + + The updated name of the project, this name appears in reports. + +### Returns + +- `Project object { id, created_at, object, 4 more }` + + Represents an individual project. + + - `id: string` + + The identifier, which can be referenced in API endpoints + + - `created_at: number` + + The Unix timestamp (in seconds) of when the project was created. + + - `object: "organization.project"` + + The object type, which is always `organization.project` + + - `"organization.project"` + + - `archived_at: optional number` + + The Unix timestamp (in seconds) of when the project was archived or `null`. + + - `external_key_id: optional string` + + The external key associated with the project. + + - `name: optional string` + + The name of the project. This appears in reporting. + + - `status: optional string` + + `active` or `archived` + +### Example + +```http +curl https://api.openai.com/v1/organization/projects/$PROJECT_ID \ + -H 'Content-Type: application/json' \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -d '{}' +``` + +#### Response + +```json +{ + "id": "id", + "created_at": 0, + "object": "organization.project", + "archived_at": 0, + "external_key_id": "external_key_id", + "name": "name", + "status": "status" +} +``` + +### Example + +```http +curl -X POST https://api.openai.com/v1/organization/projects/proj_abc \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" \ + -d '{ + "name": "Project DEF" }' ``` @@ -18664,7 +20204,7 @@ Lists the project roles assigned to a user within a project. ### Returns -- `data: array of object { id, created_at, created_by, 8 more }` +- `data: array of object { id, assignment_sources, created_at, 9 more }` Role assignments returned in the current page. @@ -18672,6 +20212,14 @@ Lists the project roles assigned to a user within a project. Identifier for the role. + - `assignment_sources: array of object { principal_id, principal_type }` + + Principals from which the role assignment is inherited, when available. + + - `principal_id: string` + + - `principal_type: string` + - `created_at: number` When the role was created. @@ -18740,6 +20288,12 @@ curl https://api.openai.com/v1/projects/$PROJECT_ID/users/$USER_ID/roles \ "data": [ { "id": "id", + "assignment_sources": [ + { + "principal_id": "principal_id", + "principal_type": "principal_type" + } + ], "created_at": 0, "created_by": "created_by", "created_by_user_obj": { @@ -19069,11 +20623,11 @@ curl -X POST https://api.openai.com/v1/projects/proj_abc123/users/user_abc123/ro } ``` -## Unassign project role from user +## Retrieve project user role -**delete** `/projects/{project_id}/users/{user_id}/roles/{role_id}` +**get** `/projects/{project_id}/users/{user_id}/roles/{role_id}` -Unassigns a project role from a user within a project. +Retrieves a project role assigned to a user. ### Path Parameters @@ -19085,63 +20639,206 @@ Unassigns a project role from a user within a project. ### Returns -- `deleted: boolean` +- `id: string` - Whether the assignment was removed. + Identifier for the role. -- `object: string` +- `assignment_sources: array of object { principal_id, principal_type }` - Identifier for the deleted assignment, such as `group.role.deleted` or `user.role.deleted`. + Principals from which the role assignment is inherited, when available. -### Example + - `principal_id: string` -```http -curl https://api.openai.com/v1/projects/$PROJECT_ID/users/$USER_ID/roles/$ROLE_ID \ - -X DELETE \ - -H "Authorization: Bearer $OPENAI_ADMIN_KEY" -``` + - `principal_type: string` -#### Response +- `created_at: number` -```json -{ - "deleted": true, - "object": "object" -} -``` + When the role was created. -### Example +- `created_by: string` -```http -curl -X DELETE https://api.openai.com/v1/projects/proj_abc123/users/user_abc123/roles/role_01J1F8PROJ \ - -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ - -H "Content-Type: application/json" -``` + Identifier of the actor who created the role. -#### Response +- `created_by_user_obj: map[unknown]` -```json -{ - "object": "user.role.deleted", - "deleted": true -} -``` + User details for the actor that created the role, when available. -## Domain Types +- `description: string` -### Role List Response + Description of the role. -- `RoleListResponse object { id, created_at, created_by, 8 more }` +- `metadata: map[unknown]` - Detailed information about a role assignment entry returned when listing assignments. + Arbitrary metadata stored on the role. - - `id: string` +- `name: string` - Identifier for the role. + Name of the role. - - `created_at: number` +- `permissions: array of string` - When the role was created. + Permissions associated with the role. + +- `predefined_role: boolean` + + Whether the role is predefined by OpenAI. + +- `resource_type: string` + + Resource type the role applies to. + +- `updated_at: number` + + When the role was last updated. + +### Example + +```http +curl https://api.openai.com/v1/projects/$PROJECT_ID/users/$USER_ID/roles/$ROLE_ID \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" +``` + +#### Response + +```json +{ + "id": "id", + "assignment_sources": [ + { + "principal_id": "principal_id", + "principal_type": "principal_type" + } + ], + "created_at": 0, + "created_by": "created_by", + "created_by_user_obj": { + "foo": "bar" + }, + "description": "description", + "metadata": { + "foo": "bar" + }, + "name": "name", + "permissions": [ + "string" + ], + "predefined_role": true, + "resource_type": "resource_type", + "updated_at": 0 +} +``` + +### Example + +```http +curl https://api.openai.com/v1/projects/proj_abc123/users/user_abc123/roles/role_01J1F8PROJ \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" +``` + +#### Response + +```json +{ + "id": "role_01J1F8PROJ", + "name": "API Project Key Manager", + "permissions": [ + "api.organization.projects.api_keys.read", + "api.organization.projects.api_keys.write" + ], + "resource_type": "api.project", + "predefined_role": false, + "description": "Allows managing API keys for the project", + "created_at": 1711471533, + "updated_at": 1711472599, + "created_by": "user_abc123", + "created_by_user_obj": null, + "metadata": {}, + "assignment_sources": null +} +``` + +## Unassign project role from user + +**delete** `/projects/{project_id}/users/{user_id}/roles/{role_id}` + +Unassigns a project role from a user within a project. + +### Path Parameters + +- `project_id: string` + +- `user_id: string` + +- `role_id: string` + +### Returns + +- `deleted: boolean` + + Whether the assignment was removed. + +- `object: string` + + Identifier for the deleted assignment, such as `group.role.deleted` or `user.role.deleted`. + +### Example + +```http +curl https://api.openai.com/v1/projects/$PROJECT_ID/users/$USER_ID/roles/$ROLE_ID \ + -X DELETE \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" +``` + +#### Response + +```json +{ + "deleted": true, + "object": "object" +} +``` + +### Example + +```http +curl -X DELETE https://api.openai.com/v1/projects/proj_abc123/users/user_abc123/roles/role_01J1F8PROJ \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" +``` + +#### Response + +```json +{ + "object": "user.role.deleted", + "deleted": true +} +``` + +## Domain Types + +### Role List Response + +- `RoleListResponse object { id, assignment_sources, created_at, 9 more }` + + Detailed information about a role assignment entry returned when listing assignments. + + - `id: string` + + Identifier for the role. + + - `assignment_sources: array of object { principal_id, principal_type }` + + Principals from which the role assignment is inherited, when available. + + - `principal_id: string` + + - `principal_type: string` + + - `created_at: number` + + When the role was created. - `created_by: string` @@ -19325,6 +21022,64 @@ curl -X DELETE https://api.openai.com/v1/projects/proj_abc123/users/user_abc123/ - `picture: optional string` +### Role Retrieve Response + +- `RoleRetrieveResponse object { id, assignment_sources, created_at, 9 more }` + + Detailed information about a role assignment entry returned when listing assignments. + + - `id: string` + + Identifier for the role. + + - `assignment_sources: array of object { principal_id, principal_type }` + + Principals from which the role assignment is inherited, when available. + + - `principal_id: string` + + - `principal_type: string` + + - `created_at: number` + + When the role was created. + + - `created_by: string` + + Identifier of the actor who created the role. + + - `created_by_user_obj: map[unknown]` + + User details for the actor that created the role, when available. + + - `description: string` + + Description of the role. + + - `metadata: map[unknown]` + + Arbitrary metadata stored on the role. + + - `name: string` + + Name of the role. + + - `permissions: array of string` + + Permissions associated with the role. + + - `predefined_role: boolean` + + Whether the role is predefined by OpenAI. + + - `resource_type: string` + + Resource type the role applies to. + + - `updated_at: number` + + When the role was last updated. + ### Role Delete Response - `RoleDeleteResponse object { deleted, object }` @@ -19649,14 +21404,11 @@ curl https://api.openai.com/v1/organization/projects/proj_abc/service_accounts/s } ``` -## Delete project service account - -**delete** `/organization/projects/{project_id}/service_accounts/{service_account_id}` +## Update project service account -Deletes a service account from the project. +**post** `/organization/projects/{project_id}/service_accounts/{service_account_id}` -Returns confirmation of service account deletion, or an error if the project -is archived (archived projects have no service accounts). +Updates a service account in the project. ### Path Parameters @@ -19664,55 +21416,21 @@ is archived (archived projects have no service accounts). - `service_account_id: string` -### Returns - -- `id: string` - -- `deleted: boolean` - -- `object: "organization.project.service_account.deleted"` - - - `"organization.project.service_account.deleted"` - -### Example - -```http -curl https://api.openai.com/v1/organization/projects/$PROJECT_ID/service_accounts/$SERVICE_ACCOUNT_ID \ - -X DELETE \ - -H "Authorization: Bearer $OPENAI_ADMIN_KEY" -``` - -#### Response +### Body Parameters -```json -{ - "id": "id", - "deleted": true, - "object": "organization.project.service_account.deleted" -} -``` +- `name: optional string` -### Example + The updated service account name. -```http -curl -X DELETE https://api.openai.com/v1/organization/projects/proj_abc/service_accounts/svc_acct_abc \ - -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ - -H "Content-Type: application/json" -``` +- `role: optional "member" or "owner"` -#### Response + The updated service account role. -```json -{ - "object": "organization.project.service_account.deleted", - "id": "svc_acct_abc", - "deleted": true -} -``` + - `"member"` -## Domain Types + - `"owner"` -### Project Service Account +### Returns - `ProjectServiceAccount object { id, created_at, name, 2 more }` @@ -19744,9 +21462,149 @@ curl -X DELETE https://api.openai.com/v1/organization/projects/proj_abc/service_ - `"member"` -### Service Account Create Response +### Example -- `ServiceAccountCreateResponse object { id, api_key, created_at, 3 more }` +```http +curl https://api.openai.com/v1/organization/projects/$PROJECT_ID/service_accounts/$SERVICE_ACCOUNT_ID \ + -H 'Content-Type: application/json' \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -d '{}' +``` + +#### Response + +```json +{ + "id": "id", + "created_at": 0, + "name": "name", + "object": "organization.project.service_account", + "role": "owner" +} +``` + +### Example + +```http +curl -X POST https://api.openai.com/v1/organization/projects/proj_abc/service_accounts/svc_acct_abc \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" \ + -d '{ + "name": "Updated service account", + "role": "member" + }' +``` + +#### Response + +```json +{ + "object": "organization.project.service_account", + "id": "svc_acct_abc", + "name": "Updated service account", + "role": "member", + "created_at": 1711471533 +} +``` + +## Delete project service account + +**delete** `/organization/projects/{project_id}/service_accounts/{service_account_id}` + +Deletes a service account from the project. + +Returns confirmation of service account deletion, or an error if the project +is archived (archived projects have no service accounts). + +### Path Parameters + +- `project_id: string` + +- `service_account_id: string` + +### Returns + +- `id: string` + +- `deleted: boolean` + +- `object: "organization.project.service_account.deleted"` + + - `"organization.project.service_account.deleted"` + +### Example + +```http +curl https://api.openai.com/v1/organization/projects/$PROJECT_ID/service_accounts/$SERVICE_ACCOUNT_ID \ + -X DELETE \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" +``` + +#### Response + +```json +{ + "id": "id", + "deleted": true, + "object": "organization.project.service_account.deleted" +} +``` + +### Example + +```http +curl -X DELETE https://api.openai.com/v1/organization/projects/proj_abc/service_accounts/svc_acct_abc \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" +``` + +#### Response + +```json +{ + "object": "organization.project.service_account.deleted", + "id": "svc_acct_abc", + "deleted": true +} +``` + +## Domain Types + +### Project Service Account + +- `ProjectServiceAccount object { id, created_at, name, 2 more }` + + Represents an individual service account in a project. + + - `id: string` + + The identifier, which can be referenced in API endpoints + + - `created_at: number` + + The Unix timestamp (in seconds) of when the service account was created + + - `name: string` + + The name of the service account + + - `object: "organization.project.service_account"` + + The object type, which is always `organization.project.service_account` + + - `"organization.project.service_account"` + + - `role: "owner" or "member"` + + `owner` or `member` + + - `"owner"` + + - `"member"` + +### Service Account Create Response + +- `ServiceAccountCreateResponse object { id, api_key, created_at, 3 more }` - `id: string` @@ -21290,10 +23148,14 @@ Lists the groups that have access to a project. Display name of the group. - - `group_type: string` + - `group_type: "group" or "tenant_group"` The type of the group. + - `"group"` + + - `"tenant_group"` + - `object: "project.group"` Always `project.group`. @@ -21334,7 +23196,7 @@ curl https://api.openai.com/v1/organization/projects/$PROJECT_ID/groups \ "created_at": 0, "group_id": "group_id", "group_name": "group_name", - "group_type": "group_type", + "group_type": "group", "object": "project.group", "project_id": "project_id" } @@ -21410,10 +23272,14 @@ Grants a group access to a project. Display name of the group. - - `group_type: string` + - `group_type: "group" or "tenant_group"` The type of the group. + - `"group"` + + - `"tenant_group"` + - `object: "project.group"` Always `project.group`. @@ -21443,7 +23309,7 @@ curl https://api.openai.com/v1/organization/projects/$PROJECT_ID/groups \ "created_at": 0, "group_id": "group_id", "group_name": "group_name", - "group_type": "group_type", + "group_type": "group", "object": "project.group", "project_id": "project_id" } @@ -21473,6 +23339,105 @@ curl -X POST https://api.openai.com/v1/organization/projects/proj_abc123/groups } ``` +## Retrieve project group + +**get** `/organization/projects/{project_id}/groups/{group_id}` + +Retrieves a project's group. + +### Path Parameters + +- `project_id: string` + +- `group_id: string` + +### Query Parameters + +- `group_type: optional "group" or "tenant_group"` + + The type of group to retrieve. + + - `"group"` + + - `"tenant_group"` + +### Returns + +- `ProjectGroup object { created_at, group_id, group_name, 3 more }` + + Details about a group's membership in a project. + + - `created_at: number` + + Unix timestamp (in seconds) when the group was granted project access. + + - `group_id: string` + + Identifier of the group that has access to the project. + + - `group_name: string` + + Display name of the group. + + - `group_type: "group" or "tenant_group"` + + The type of the group. + + - `"group"` + + - `"tenant_group"` + + - `object: "project.group"` + + Always `project.group`. + + - `"project.group"` + + - `project_id: string` + + Identifier of the project. + +### Example + +```http +curl https://api.openai.com/v1/organization/projects/$PROJECT_ID/groups/$GROUP_ID \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" +``` + +#### Response + +```json +{ + "created_at": 0, + "group_id": "group_id", + "group_name": "group_name", + "group_type": "group", + "object": "project.group", + "project_id": "project_id" +} +``` + +### Example + +```http +curl https://api.openai.com/v1/organization/projects/proj_abc123/groups/group_01J1F8ABCDXYZ \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" +``` + +#### Response + +```json +{ + "object": "project.group", + "project_id": "proj_abc123", + "group_id": "group_01J1F8ABCDXYZ", + "group_name": "Support Team", + "group_type": "group", + "created_at": 1711471533 +} +``` + ## Remove project group **delete** `/organization/projects/{project_id}/groups/{group_id}` @@ -21551,10 +23516,14 @@ curl -X DELETE https://api.openai.com/v1/organization/projects/proj_abc123/group Display name of the group. - - `group_type: string` + - `group_type: "group" or "tenant_group"` The type of the group. + - `"group"` + + - `"tenant_group"` + - `object: "project.group"` Always `project.group`. @@ -21615,7 +23584,7 @@ Lists the project roles assigned to a group within a project. ### Returns -- `data: array of object { id, created_at, created_by, 8 more }` +- `data: array of object { id, assignment_sources, created_at, 9 more }` Role assignments returned in the current page. @@ -21623,6 +23592,14 @@ Lists the project roles assigned to a group within a project. Identifier for the role. + - `assignment_sources: array of object { principal_id, principal_type }` + + Principals from which the role assignment is inherited, when available. + + - `principal_id: string` + + - `principal_type: string` + - `created_at: number` When the role was created. @@ -21691,6 +23668,12 @@ curl https://api.openai.com/v1/projects/$PROJECT_ID/groups/$GROUP_ID/roles \ "data": [ { "id": "id", + "assignment_sources": [ + { + "principal_id": "principal_id", + "principal_type": "principal_type" + } + ], "created_at": 0, "created_by": "created_by", "created_by_user_obj": { @@ -21789,25 +23772,920 @@ Assigns a project role to a group within a project. - `name: string` - Display name of the group. + Display name of the group. + + - `object: "group"` + + Always `group`. + + - `"group"` + + - `scim_managed: boolean` + + Whether the group is managed through SCIM. + +- `object: "group.role"` + + Always `group.role`. + + - `"group.role"` + +- `role: Role` + + Details about a role that can be assigned through the public Roles API. + + - `id: string` + + Identifier for the role. + + - `description: string` + + Optional description of the role. + + - `name: string` + + Unique name for the role. + + - `object: "role"` + + Always `role`. + + - `"role"` + + - `permissions: array of string` + + Permissions granted by the role. + + - `predefined_role: boolean` + + Whether the role is predefined and managed by OpenAI. + + - `resource_type: string` + + Resource type the role is bound to (for example `api.organization` or `api.project`). + +### Example + +```http +curl https://api.openai.com/v1/projects/$PROJECT_ID/groups/$GROUP_ID/roles \ + -H 'Content-Type: application/json' \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -d '{ + "role_id": "role_id" + }' +``` + +#### Response + +```json +{ + "group": { + "id": "id", + "created_at": 0, + "name": "name", + "object": "group", + "scim_managed": true + }, + "object": "group.role", + "role": { + "id": "id", + "description": "description", + "name": "name", + "object": "role", + "permissions": [ + "string" + ], + "predefined_role": true, + "resource_type": "resource_type" + } +} +``` + +### Example + +```http +curl -X POST https://api.openai.com/v1/projects/proj_abc123/groups/group_01J1F8ABCDXYZ/roles \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" \ + -d '{ + "role_id": "role_01J1F8PROJ" + }' +``` + +#### Response + +```json +{ + "object": "group.role", + "group": { + "object": "group", + "id": "group_01J1F8ABCDXYZ", + "name": "Support Team", + "created_at": 1711471533, + "scim_managed": false + }, + "role": { + "object": "role", + "id": "role_01J1F8PROJ", + "name": "API Project Key Manager", + "description": "Allows managing API keys for the project", + "permissions": [ + "api.organization.projects.api_keys.read", + "api.organization.projects.api_keys.write" + ], + "resource_type": "api.project", + "predefined_role": false + } +} +``` + +## Retrieve project group role + +**get** `/projects/{project_id}/groups/{group_id}/roles/{role_id}` + +Retrieves a project role assigned to a group. + +### Path Parameters + +- `project_id: string` + +- `group_id: string` + +- `role_id: string` + +### Returns + +- `id: string` + + Identifier for the role. + +- `assignment_sources: array of object { principal_id, principal_type }` + + Principals from which the role assignment is inherited, when available. + + - `principal_id: string` + + - `principal_type: string` + +- `created_at: number` + + When the role was created. + +- `created_by: string` + + Identifier of the actor who created the role. + +- `created_by_user_obj: map[unknown]` + + User details for the actor that created the role, when available. + +- `description: string` + + Description of the role. + +- `metadata: map[unknown]` + + Arbitrary metadata stored on the role. + +- `name: string` + + Name of the role. + +- `permissions: array of string` + + Permissions associated with the role. + +- `predefined_role: boolean` + + Whether the role is predefined by OpenAI. + +- `resource_type: string` + + Resource type the role applies to. + +- `updated_at: number` + + When the role was last updated. + +### Example + +```http +curl https://api.openai.com/v1/projects/$PROJECT_ID/groups/$GROUP_ID/roles/$ROLE_ID \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" +``` + +#### Response + +```json +{ + "id": "id", + "assignment_sources": [ + { + "principal_id": "principal_id", + "principal_type": "principal_type" + } + ], + "created_at": 0, + "created_by": "created_by", + "created_by_user_obj": { + "foo": "bar" + }, + "description": "description", + "metadata": { + "foo": "bar" + }, + "name": "name", + "permissions": [ + "string" + ], + "predefined_role": true, + "resource_type": "resource_type", + "updated_at": 0 +} +``` + +### Example + +```http +curl https://api.openai.com/v1/projects/proj_abc123/groups/group_01J1F8ABCDXYZ/roles/role_01J1F8PROJ \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" +``` + +#### Response + +```json +{ + "id": "role_01J1F8PROJ", + "name": "API Project Key Manager", + "permissions": [ + "api.organization.projects.api_keys.read", + "api.organization.projects.api_keys.write" + ], + "resource_type": "api.project", + "predefined_role": false, + "description": "Allows managing API keys for the project", + "created_at": 1711471533, + "updated_at": 1711472599, + "created_by": "user_abc123", + "created_by_user_obj": null, + "metadata": {}, + "assignment_sources": null +} +``` + +## Unassign project role from group + +**delete** `/projects/{project_id}/groups/{group_id}/roles/{role_id}` + +Unassigns a project role from a group within a project. + +### Path Parameters + +- `project_id: string` + +- `group_id: string` + +- `role_id: string` + +### Returns + +- `deleted: boolean` + + Whether the assignment was removed. + +- `object: string` + + Identifier for the deleted assignment, such as `group.role.deleted` or `user.role.deleted`. + +### Example + +```http +curl https://api.openai.com/v1/projects/$PROJECT_ID/groups/$GROUP_ID/roles/$ROLE_ID \ + -X DELETE \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" +``` + +#### Response + +```json +{ + "deleted": true, + "object": "object" +} +``` + +### Example + +```http +curl -X DELETE https://api.openai.com/v1/projects/proj_abc123/groups/group_01J1F8ABCDXYZ/roles/role_01J1F8PROJ \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" +``` + +#### Response + +```json +{ + "object": "group.role.deleted", + "deleted": true +} +``` + +## Domain Types + +### Role List Response + +- `RoleListResponse object { id, assignment_sources, created_at, 9 more }` + + Detailed information about a role assignment entry returned when listing assignments. + + - `id: string` + + Identifier for the role. + + - `assignment_sources: array of object { principal_id, principal_type }` + + Principals from which the role assignment is inherited, when available. + + - `principal_id: string` + + - `principal_type: string` + + - `created_at: number` + + When the role was created. + + - `created_by: string` + + Identifier of the actor who created the role. + + - `created_by_user_obj: map[unknown]` + + User details for the actor that created the role, when available. + + - `description: string` + + Description of the role. + + - `metadata: map[unknown]` + + Arbitrary metadata stored on the role. + + - `name: string` + + Name of the role. + + - `permissions: array of string` + + Permissions associated with the role. + + - `predefined_role: boolean` + + Whether the role is predefined by OpenAI. + + - `resource_type: string` + + Resource type the role applies to. + + - `updated_at: number` + + When the role was last updated. + +### Role Create Response + +- `RoleCreateResponse object { group, object, role }` + + Role assignment linking a group to a role. + + - `group: object { id, created_at, name, 2 more }` + + Summary information about a group returned in role assignment responses. + + - `id: string` + + Identifier for the group. + + - `created_at: number` + + Unix timestamp (in seconds) when the group was created. + + - `name: string` + + Display name of the group. + + - `object: "group"` + + Always `group`. + + - `"group"` + + - `scim_managed: boolean` + + Whether the group is managed through SCIM. + + - `object: "group.role"` + + Always `group.role`. + + - `"group.role"` + + - `role: Role` + + Details about a role that can be assigned through the public Roles API. + + - `id: string` + + Identifier for the role. + + - `description: string` + + Optional description of the role. + + - `name: string` + + Unique name for the role. + + - `object: "role"` + + Always `role`. + + - `"role"` + + - `permissions: array of string` + + Permissions granted by the role. + + - `predefined_role: boolean` + + Whether the role is predefined and managed by OpenAI. + + - `resource_type: string` + + Resource type the role is bound to (for example `api.organization` or `api.project`). + +### Role Retrieve Response + +- `RoleRetrieveResponse object { id, assignment_sources, created_at, 9 more }` + + Detailed information about a role assignment entry returned when listing assignments. + + - `id: string` + + Identifier for the role. + + - `assignment_sources: array of object { principal_id, principal_type }` + + Principals from which the role assignment is inherited, when available. + + - `principal_id: string` + + - `principal_type: string` + + - `created_at: number` + + When the role was created. + + - `created_by: string` + + Identifier of the actor who created the role. + + - `created_by_user_obj: map[unknown]` + + User details for the actor that created the role, when available. + + - `description: string` + + Description of the role. + + - `metadata: map[unknown]` + + Arbitrary metadata stored on the role. + + - `name: string` + + Name of the role. + + - `permissions: array of string` + + Permissions associated with the role. + + - `predefined_role: boolean` + + Whether the role is predefined by OpenAI. + + - `resource_type: string` + + Resource type the role applies to. + + - `updated_at: number` + + When the role was last updated. + +### Role Delete Response + +- `RoleDeleteResponse object { deleted, object }` + + Confirmation payload returned after unassigning a role. + + - `deleted: boolean` + + Whether the assignment was removed. + + - `object: string` + + Identifier for the deleted assignment, such as `group.role.deleted` or `user.role.deleted`. + +# Roles + +## List project roles + +**get** `/projects/{project_id}/roles` + +Lists the roles configured for a project. + +### Path Parameters + +- `project_id: string` + +### Query Parameters + +- `after: optional string` + + Cursor for pagination. Provide the value from the previous response's `next` field to continue listing roles. + +- `limit: optional number` + + A limit on the number of roles to return. Defaults to 1000. + +- `order: optional "asc" or "desc"` + + Sort order for the returned roles. + + - `"asc"` + + - `"desc"` + +### Returns + +- `data: array of Role` + + Roles returned in the current page. + + - `id: string` + + Identifier for the role. + + - `description: string` + + Optional description of the role. + + - `name: string` + + Unique name for the role. + + - `object: "role"` + + Always `role`. + + - `"role"` + + - `permissions: array of string` + + Permissions granted by the role. + + - `predefined_role: boolean` + + Whether the role is predefined and managed by OpenAI. + + - `resource_type: string` + + Resource type the role is bound to (for example `api.organization` or `api.project`). + +- `has_more: boolean` + + Whether more roles are available when paginating. + +- `next: string` + + Cursor to fetch the next page of results, or `null` when there are no additional roles. + +- `object: "list"` + + Always `list`. + + - `"list"` + +### Example + +```http +curl https://api.openai.com/v1/projects/$PROJECT_ID/roles \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" +``` + +#### Response + +```json +{ + "data": [ + { + "id": "id", + "description": "description", + "name": "name", + "object": "role", + "permissions": [ + "string" + ], + "predefined_role": true, + "resource_type": "resource_type" + } + ], + "has_more": true, + "next": "next", + "object": "list" +} +``` + +### Example + +```http +curl https://api.openai.com/v1/projects/proj_abc123/roles?limit=20 \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" +``` + +#### Response + +```json +{ + "object": "list", + "data": [ + { + "object": "role", + "id": "role_01J1F8PROJ", + "name": "API Project Key Manager", + "description": "Allows managing API keys for the project", + "permissions": [ + "api.organization.projects.api_keys.read", + "api.organization.projects.api_keys.write" + ], + "resource_type": "api.project", + "predefined_role": false + } + ], + "has_more": false, + "next": null +} +``` + +## Create project role + +**post** `/projects/{project_id}/roles` + +Creates a custom role for a project. + +### Path Parameters + +- `project_id: string` + +### Body Parameters + +- `permissions: array of string` + + Permissions to grant to the role. + +- `role_name: string` + + Unique name for the role. + +- `description: optional string` + + Optional description of the role. + +### Returns + +- `Role object { id, description, name, 4 more }` + + Details about a role that can be assigned through the public Roles API. + + - `id: string` + + Identifier for the role. + + - `description: string` + + Optional description of the role. + + - `name: string` + + Unique name for the role. + + - `object: "role"` + + Always `role`. + + - `"role"` + + - `permissions: array of string` + + Permissions granted by the role. + + - `predefined_role: boolean` + + Whether the role is predefined and managed by OpenAI. + + - `resource_type: string` + + Resource type the role is bound to (for example `api.organization` or `api.project`). + +### Example + +```http +curl https://api.openai.com/v1/projects/$PROJECT_ID/roles \ + -H 'Content-Type: application/json' \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -d '{ + "permissions": [ + "string" + ], + "role_name": "role_name" + }' +``` + +#### Response + +```json +{ + "id": "id", + "description": "description", + "name": "name", + "object": "role", + "permissions": [ + "string" + ], + "predefined_role": true, + "resource_type": "resource_type" +} +``` + +### Example + +```http +curl -X POST https://api.openai.com/v1/projects/proj_abc123/roles \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" \ + -d '{ + "role_name": "API Project Key Manager", + "permissions": [ + "api.organization.projects.api_keys.read", + "api.organization.projects.api_keys.write" + ], + "description": "Allows managing API keys for the project" + }' +``` + +#### Response + +```json +{ + "object": "role", + "id": "role_01J1F8PROJ", + "name": "API Project Key Manager", + "description": "Allows managing API keys for the project", + "permissions": [ + "api.organization.projects.api_keys.read", + "api.organization.projects.api_keys.write" + ], + "resource_type": "api.project", + "predefined_role": false +} +``` + +## Retrieve project role + +**get** `/projects/{project_id}/roles/{role_id}` + +Retrieves a project role. + +### Path Parameters + +- `project_id: string` + +- `role_id: string` + +### Returns + +- `Role object { id, description, name, 4 more }` + + Details about a role that can be assigned through the public Roles API. + + - `id: string` + + Identifier for the role. + + - `description: string` + + Optional description of the role. + + - `name: string` + + Unique name for the role. + + - `object: "role"` + + Always `role`. + + - `"role"` + + - `permissions: array of string` + + Permissions granted by the role. + + - `predefined_role: boolean` + + Whether the role is predefined and managed by OpenAI. + + - `resource_type: string` + + Resource type the role is bound to (for example `api.organization` or `api.project`). + +### Example + +```http +curl https://api.openai.com/v1/projects/$PROJECT_ID/roles/$ROLE_ID \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" +``` + +#### Response + +```json +{ + "id": "id", + "description": "description", + "name": "name", + "object": "role", + "permissions": [ + "string" + ], + "predefined_role": true, + "resource_type": "resource_type" +} +``` + +### Example + +```http +curl https://api.openai.com/v1/projects/proj_abc123/roles/role_01J1F8PROJ \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" +``` + +#### Response + +```json +{ + "object": "role", + "id": "role_01J1F8PROJ", + "name": "API Project Key Manager", + "description": "Allows managing API keys for the project", + "permissions": [ + "api.organization.projects.api_keys.read", + "api.organization.projects.api_keys.write" + ], + "resource_type": "api.project", + "predefined_role": false +} +``` + +## Update project role + +**post** `/projects/{project_id}/roles/{role_id}` + +Updates an existing project role. + +### Path Parameters + +- `project_id: string` + +- `role_id: string` - - `object: "group"` +### Body Parameters - Always `group`. +- `description: optional string` - - `"group"` + New description for the role. - - `scim_managed: boolean` +- `permissions: optional array of string` - Whether the group is managed through SCIM. + Updated set of permissions for the role. -- `object: "group.role"` +- `role_name: optional string` - Always `group.role`. + New name for the role. - - `"group.role"` +### Returns -- `role: Role` +- `Role object { id, description, name, 4 more }` Details about a role that can be assigned through the public Roles API. @@ -21844,27 +24722,16 @@ Assigns a project role to a group within a project. ### Example ```http -curl https://api.openai.com/v1/projects/$PROJECT_ID/groups/$GROUP_ID/roles \ +curl https://api.openai.com/v1/projects/$PROJECT_ID/roles/$ROLE_ID \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ - -d '{ - "role_id": "role_id" - }' + -d '{}' ``` #### Response ```json { - "group": { - "id": "id", - "created_at": 0, - "name": "name", - "object": "group", - "scim_managed": true - }, - "object": "group.role", - "role": { "id": "id", "description": "description", "name": "name", @@ -21874,18 +24741,22 @@ curl https://api.openai.com/v1/projects/$PROJECT_ID/groups/$GROUP_ID/roles \ ], "predefined_role": true, "resource_type": "resource_type" - } } ``` ### Example ```http -curl -X POST https://api.openai.com/v1/projects/proj_abc123/groups/group_01J1F8ABCDXYZ/roles \ +curl -X POST https://api.openai.com/v1/projects/proj_abc123/roles/role_01J1F8PROJ \ -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ -H "Content-Type: application/json" \ -d '{ - "role_id": "role_01J1F8PROJ" + "role_name": "API Project Key Manager", + "permissions": [ + "api.organization.projects.api_keys.read", + "api.organization.projects.api_keys.write" + ], + "description": "Allows managing API keys for the project" }' ``` @@ -21893,15 +24764,6 @@ curl -X POST https://api.openai.com/v1/projects/proj_abc123/groups/group_01J1F8A ```json { - "object": "group.role", - "group": { - "object": "group", - "id": "group_01J1F8ABCDXYZ", - "name": "Support Team", - "created_at": 1711471533, - "scim_managed": false - }, - "role": { "object": "role", "id": "role_01J1F8PROJ", "name": "API Project Key Manager", @@ -21912,38 +24774,41 @@ curl -X POST https://api.openai.com/v1/projects/proj_abc123/groups/group_01J1F8A ], "resource_type": "api.project", "predefined_role": false - } } ``` -## Unassign project role from group +## Delete project role -**delete** `/projects/{project_id}/groups/{group_id}/roles/{role_id}` +**delete** `/projects/{project_id}/roles/{role_id}` -Unassigns a project role from a group within a project. +Deletes a custom role from a project. ### Path Parameters - `project_id: string` -- `group_id: string` - - `role_id: string` ### Returns +- `id: string` + + Identifier of the deleted role. + - `deleted: boolean` - Whether the assignment was removed. + Whether the role was deleted. -- `object: string` +- `object: "role.deleted"` - Identifier for the deleted assignment, such as `group.role.deleted` or `user.role.deleted`. + Always `role.deleted`. + + - `"role.deleted"` ### Example ```http -curl https://api.openai.com/v1/projects/$PROJECT_ID/groups/$GROUP_ID/roles/$ROLE_ID \ +curl https://api.openai.com/v1/projects/$PROJECT_ID/roles/$ROLE_ID \ -X DELETE \ -H "Authorization: Bearer $OPENAI_ADMIN_KEY" ``` @@ -21952,15 +24817,16 @@ curl https://api.openai.com/v1/projects/$PROJECT_ID/groups/$GROUP_ID/roles/$ROLE ```json { + "id": "id", "deleted": true, - "object": "object" + "object": "role.deleted" } ``` ### Example ```http -curl -X DELETE https://api.openai.com/v1/projects/proj_abc123/groups/group_01J1F8ABCDXYZ/roles/role_01J1F8PROJ \ +curl -X DELETE https://api.openai.com/v1/projects/proj_abc123/roles/role_01J1F8PROJ \ -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ -H "Content-Type: application/json" ``` @@ -21969,156 +24835,240 @@ curl -X DELETE https://api.openai.com/v1/projects/proj_abc123/groups/group_01J1F ```json { - "object": "group.role.deleted", + "object": "role.deleted", + "id": "role_01J1F8PROJ", "deleted": true } ``` ## Domain Types -### Role List Response +### Role Delete Response -- `RoleListResponse object { id, created_at, created_by, 8 more }` +- `RoleDeleteResponse object { id, deleted, object }` - Detailed information about a role assignment entry returned when listing assignments. + Confirmation payload returned after deleting a role. - `id: string` - Identifier for the role. + Identifier of the deleted role. - - `created_at: number` + - `deleted: boolean` - When the role was created. + Whether the role was deleted. - - `created_by: string` + - `object: "role.deleted"` - Identifier of the actor who created the role. + Always `role.deleted`. - - `created_by_user_obj: map[unknown]` + - `"role.deleted"` - User details for the actor that created the role, when available. +# Data Retention - - `description: string` +## Retrieve project data retention - Description of the role. +**get** `/organization/projects/{project_id}/data_retention` - - `metadata: map[unknown]` +Retrieves project data retention controls. - Arbitrary metadata stored on the role. +### Path Parameters - - `name: string` +- `project_id: string` - Name of the role. +### Returns - - `permissions: array of string` +- `ProjectDataRetention object { object, type }` - Permissions associated with the role. + Represents a project's data retention control setting. - - `predefined_role: boolean` + - `object: "project.data_retention"` - Whether the role is predefined by OpenAI. + The object type, which is always `project.data_retention`. - - `resource_type: string` + - `"project.data_retention"` - Resource type the role applies to. + - `type: "organization_default" or "none" or "zero_data_retention" or 3 more` - - `updated_at: number` + The configured project data retention type. - When the role was last updated. + - `"organization_default"` -### Role Create Response + - `"none"` -- `RoleCreateResponse object { group, object, role }` + - `"zero_data_retention"` - Role assignment linking a group to a role. + - `"modified_abuse_monitoring"` - - `group: object { id, created_at, name, 2 more }` + - `"enhanced_zero_data_retention"` - Summary information about a group returned in role assignment responses. + - `"enhanced_modified_abuse_monitoring"` - - `id: string` +### Example - Identifier for the group. +```http +curl https://api.openai.com/v1/organization/projects/$PROJECT_ID/data_retention \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" +``` - - `created_at: number` +#### Response - Unix timestamp (in seconds) when the group was created. +```json +{ + "object": "project.data_retention", + "type": "organization_default" +} +``` - - `name: string` +### Example - Display name of the group. +```http +curl https://api.openai.com/v1/organization/projects/proj_abc/data_retention \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" +``` - - `object: "group"` +#### Response - Always `group`. +```json +{ + "object": "project.data_retention", + "type": "organization_default" +} +``` - - `"group"` +## Update project data retention - - `scim_managed: boolean` +**post** `/organization/projects/{project_id}/data_retention` - Whether the group is managed through SCIM. +Updates project data retention controls. - - `object: "group.role"` +### Path Parameters - Always `group.role`. +- `project_id: string` - - `"group.role"` +### Body Parameters - - `role: Role` +- `retention_type: "organization_default" or "none" or "zero_data_retention" or 3 more` - Details about a role that can be assigned through the public Roles API. + The desired project data retention type. - - `id: string` + - `"organization_default"` - Identifier for the role. + - `"none"` - - `description: string` + - `"zero_data_retention"` - Optional description of the role. + - `"modified_abuse_monitoring"` - - `name: string` + - `"enhanced_zero_data_retention"` - Unique name for the role. + - `"enhanced_modified_abuse_monitoring"` - - `object: "role"` +### Returns - Always `role`. +- `ProjectDataRetention object { object, type }` - - `"role"` + Represents a project's data retention control setting. - - `permissions: array of string` + - `object: "project.data_retention"` - Permissions granted by the role. + The object type, which is always `project.data_retention`. - - `predefined_role: boolean` + - `"project.data_retention"` - Whether the role is predefined and managed by OpenAI. + - `type: "organization_default" or "none" or "zero_data_retention" or 3 more` - - `resource_type: string` + The configured project data retention type. - Resource type the role is bound to (for example `api.organization` or `api.project`). + - `"organization_default"` -### Role Delete Response + - `"none"` -- `RoleDeleteResponse object { deleted, object }` + - `"zero_data_retention"` - Confirmation payload returned after unassigning a role. + - `"modified_abuse_monitoring"` - - `deleted: boolean` + - `"enhanced_zero_data_retention"` - Whether the assignment was removed. + - `"enhanced_modified_abuse_monitoring"` - - `object: string` +### Example - Identifier for the deleted assignment, such as `group.role.deleted` or `user.role.deleted`. +```http +curl https://api.openai.com/v1/organization/projects/$PROJECT_ID/data_retention \ + -H 'Content-Type: application/json' \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -d '{ + "retention_type": "organization_default" + }' +``` -# Roles +#### Response -## List project roles +```json +{ + "object": "project.data_retention", + "type": "organization_default" +} +``` -**get** `/projects/{project_id}/roles` +### Example -Lists the roles configured for a project. +```http +curl -X POST https://api.openai.com/v1/organization/projects/proj_abc/data_retention \ + -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ + -H "Content-Type: application/json" \ + -d '{ + "retention_type": "modified_abuse_monitoring" + }' +``` + +#### Response + +```json +{ + "object": "project.data_retention", + "type": "modified_abuse_monitoring" +} +``` + +## Domain Types + +### Project Data Retention + +- `ProjectDataRetention object { object, type }` + + Represents a project's data retention control setting. + + - `object: "project.data_retention"` + + The object type, which is always `project.data_retention`. + + - `"project.data_retention"` + + - `type: "organization_default" or "none" or "zero_data_retention" or 3 more` + + The configured project data retention type. + + - `"organization_default"` + + - `"none"` + + - `"zero_data_retention"` + + - `"modified_abuse_monitoring"` + + - `"enhanced_zero_data_retention"` + + - `"enhanced_modified_abuse_monitoring"` + +# Spend Alerts + +## List project spend alerts + +**get** `/organization/projects/{project_id}/spend_alerts` + +Lists project spend alerts. ### Path Parameters @@ -22128,63 +25078,85 @@ Lists the roles configured for a project. - `after: optional string` - Cursor for pagination. Provide the value from the previous response's `next` field to continue listing roles. + Cursor for pagination. Provide the ID of the last spend alert from the previous response to fetch the next page. + +- `before: optional string` + + Cursor for pagination. Provide the ID of the first spend alert from the previous response to fetch the previous page. - `limit: optional number` - A limit on the number of roles to return. Defaults to 1000. + A limit on the number of spend alerts to return. Defaults to 20. - `order: optional "asc" or "desc"` - Sort order for the returned roles. + Sort order for the returned spend alerts. - `"asc"` - - `"desc"` + - `"desc"` + +### Returns + +- `data: array of ProjectSpendAlert` + + Spend alerts returned in the current page. + + - `id: string` + + The identifier, which can be referenced in API endpoints. + + - `currency: "USD"` + + The currency for the threshold amount. + + - `"USD"` + + - `interval: "month"` -### Returns + The time interval for evaluating spend against the threshold. -- `data: array of Role` + - `"month"` - Roles returned in the current page. + - `notification_channel: object { recipients, type, subject_prefix }` - - `id: string` + Email notification settings for a spend alert. - Identifier for the role. + - `recipients: array of string` - - `description: string` + Email addresses that receive the spend alert notification. - Optional description of the role. + - `type: "email"` - - `name: string` + The notification channel type. Currently only `email` is supported. - Unique name for the role. + - `"email"` - - `object: "role"` + - `subject_prefix: optional string` - Always `role`. + Optional subject prefix for alert emails. - - `"role"` + - `object: "project.spend_alert"` - - `permissions: array of string` + The object type, which is always `project.spend_alert`. - Permissions granted by the role. + - `"project.spend_alert"` - - `predefined_role: boolean` + - `threshold_amount: number` - Whether the role is predefined and managed by OpenAI. + The alert threshold amount, in cents. - - `resource_type: string` +- `first_id: string` - Resource type the role is bound to (for example `api.organization` or `api.project`). + The ID of the first spend alert in this page. - `has_more: boolean` - Whether more roles are available when paginating. + Whether more spend alerts are available when paginating. -- `next: string` +- `last_id: string` - Cursor to fetch the next page of results, or `null` when there are no additional roles. + The ID of the last spend alert in this page. - `object: "list"` @@ -22195,7 +25167,7 @@ Lists the roles configured for a project. ### Example ```http -curl https://api.openai.com/v1/projects/$PROJECT_ID/roles \ +curl https://api.openai.com/v1/organization/projects/$PROJECT_ID/spend_alerts \ -H "Authorization: Bearer $OPENAI_ADMIN_KEY" ``` @@ -22206,18 +25178,22 @@ curl https://api.openai.com/v1/projects/$PROJECT_ID/roles \ "data": [ { "id": "id", - "description": "description", - "name": "name", - "object": "role", - "permissions": [ + "currency": "USD", + "interval": "month", + "notification_channel": { + "recipients": [ "string" ], - "predefined_role": true, - "resource_type": "resource_type" + "type": "email", + "subject_prefix": "subject_prefix" + }, + "object": "project.spend_alert", + "threshold_amount": 0 } ], + "first_id": "first_id", "has_more": true, - "next": "next", + "last_id": "last_id", "object": "list" } ``` @@ -22225,7 +25201,7 @@ curl https://api.openai.com/v1/projects/$PROJECT_ID/roles \ ### Example ```http -curl https://api.openai.com/v1/projects/proj_abc123/roles?limit=20 \ +curl https://api.openai.com/v1/organization/projects/proj_abc/spend_alerts?limit=20&order=asc \ -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ -H "Content-Type: application/json" ``` @@ -22237,28 +25213,29 @@ curl https://api.openai.com/v1/projects/proj_abc123/roles?limit=20 \ "object": "list", "data": [ { - "object": "role", - "id": "role_01J1F8PROJ", - "name": "API Project Key Manager", - "description": "Allows managing API keys for the project", - "permissions": [ - "api.organization.projects.api_keys.read", - "api.organization.projects.api_keys.write" - ], - "resource_type": "api.project", - "predefined_role": false + "id": "alert_abc123", + "object": "project.spend_alert", + "threshold_amount": 100000, + "currency": "USD", + "interval": "month", + "notification_channel": { + "type": "email", + "recipients": ["finance@example.com"], + "subject_prefix": "OpenAI spend alert" + } } ], - "has_more": false, - "next": null + "first_id": "alert_abc123", + "last_id": "alert_abc123", + "has_more": false } ``` -## Create project role +## Create project spend alert -**post** `/projects/{project_id}/roles` +**post** `/organization/projects/{project_id}/spend_alerts` -Creates a custom role for a project. +Creates a project spend alert. ### Path Parameters @@ -22266,65 +25243,106 @@ Creates a custom role for a project. ### Body Parameters -- `permissions: array of string` +- `currency: "USD"` - Permissions to grant to the role. + The currency for the threshold amount. -- `role_name: string` + - `"USD"` - Unique name for the role. +- `interval: "month"` -- `description: optional string` + The time interval for evaluating spend against the threshold. - Optional description of the role. + - `"month"` + +- `notification_channel: object { recipients, type, subject_prefix }` + + Email notification settings for a spend alert. + + - `recipients: array of string` + + Email addresses that receive the spend alert notification. + + - `type: "email"` + + The notification channel type. Currently only `email` is supported. + + - `"email"` + + - `subject_prefix: optional string` + + Optional subject prefix for alert emails. + +- `threshold_amount: number` + + The alert threshold amount, in cents. ### Returns -- `Role object { id, description, name, 4 more }` +- `ProjectSpendAlert object { id, currency, interval, 3 more }` - Details about a role that can be assigned through the public Roles API. + Represents a spend alert configured at the project level. - `id: string` - Identifier for the role. + The identifier, which can be referenced in API endpoints. - - `description: string` + - `currency: "USD"` - Optional description of the role. + The currency for the threshold amount. - - `name: string` + - `"USD"` - Unique name for the role. + - `interval: "month"` - - `object: "role"` + The time interval for evaluating spend against the threshold. - Always `role`. + - `"month"` - - `"role"` + - `notification_channel: object { recipients, type, subject_prefix }` - - `permissions: array of string` + Email notification settings for a spend alert. - Permissions granted by the role. + - `recipients: array of string` - - `predefined_role: boolean` + Email addresses that receive the spend alert notification. - Whether the role is predefined and managed by OpenAI. + - `type: "email"` - - `resource_type: string` + The notification channel type. Currently only `email` is supported. - Resource type the role is bound to (for example `api.organization` or `api.project`). + - `"email"` + + - `subject_prefix: optional string` + + Optional subject prefix for alert emails. + + - `object: "project.spend_alert"` + + The object type, which is always `project.spend_alert`. + + - `"project.spend_alert"` + + - `threshold_amount: number` + + The alert threshold amount, in cents. ### Example ```http -curl https://api.openai.com/v1/projects/$PROJECT_ID/roles \ +curl https://api.openai.com/v1/organization/projects/$PROJECT_ID/spend_alerts \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ -d '{ - "permissions": [ + "currency": "USD", + "interval": "month", + "notification_channel": { + "recipients": [ "string" ], - "role_name": "role_name" + "type": "email" + }, + "threshold_amount": 0 }' ``` @@ -22333,30 +25351,35 @@ curl https://api.openai.com/v1/projects/$PROJECT_ID/roles \ ```json { "id": "id", - "description": "description", - "name": "name", - "object": "role", - "permissions": [ + "currency": "USD", + "interval": "month", + "notification_channel": { + "recipients": [ "string" ], - "predefined_role": true, - "resource_type": "resource_type" + "type": "email", + "subject_prefix": "subject_prefix" + }, + "object": "project.spend_alert", + "threshold_amount": 0 } ``` ### Example ```http -curl -X POST https://api.openai.com/v1/projects/proj_abc123/roles \ +curl -X POST https://api.openai.com/v1/organization/projects/proj_abc/spend_alerts \ -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ -H "Content-Type: application/json" \ -d '{ - "role_name": "API Project Key Manager", - "permissions": [ - "api.organization.projects.api_keys.read", - "api.organization.projects.api_keys.write" - ], - "description": "Allows managing API keys for the project" + "threshold_amount": 100000, + "currency": "USD", + "interval": "month", + "notification_channel": { + "type": "email", + "recipients": ["finance@example.com"], + "subject_prefix": "OpenAI spend alert" + } }' ``` @@ -22364,88 +25387,134 @@ curl -X POST https://api.openai.com/v1/projects/proj_abc123/roles \ ```json { - "object": "role", - "id": "role_01J1F8PROJ", - "name": "API Project Key Manager", - "description": "Allows managing API keys for the project", - "permissions": [ - "api.organization.projects.api_keys.read", - "api.organization.projects.api_keys.write" - ], - "resource_type": "api.project", - "predefined_role": false + "id": "alert_abc123", + "object": "project.spend_alert", + "threshold_amount": 100000, + "currency": "USD", + "interval": "month", + "notification_channel": { + "type": "email", + "recipients": ["finance@example.com"], + "subject_prefix": "OpenAI spend alert" + } } ``` -## Update project role +## Update project spend alert -**post** `/projects/{project_id}/roles/{role_id}` +**post** `/organization/projects/{project_id}/spend_alerts/{alert_id}` -Updates an existing project role. +Updates a project spend alert. ### Path Parameters - `project_id: string` -- `role_id: string` +- `alert_id: string` ### Body Parameters -- `description: optional string` +- `currency: "USD"` - New description for the role. + The currency for the threshold amount. -- `permissions: optional array of string` + - `"USD"` - Updated set of permissions for the role. +- `interval: "month"` -- `role_name: optional string` + The time interval for evaluating spend against the threshold. - New name for the role. + - `"month"` + +- `notification_channel: object { recipients, type, subject_prefix }` + + Email notification settings for a spend alert. + + - `recipients: array of string` + + Email addresses that receive the spend alert notification. + + - `type: "email"` + + The notification channel type. Currently only `email` is supported. + + - `"email"` + + - `subject_prefix: optional string` + + Optional subject prefix for alert emails. + +- `threshold_amount: number` + + The alert threshold amount, in cents. ### Returns -- `Role object { id, description, name, 4 more }` +- `ProjectSpendAlert object { id, currency, interval, 3 more }` - Details about a role that can be assigned through the public Roles API. + Represents a spend alert configured at the project level. - `id: string` - Identifier for the role. + The identifier, which can be referenced in API endpoints. - - `description: string` + - `currency: "USD"` - Optional description of the role. + The currency for the threshold amount. - - `name: string` + - `"USD"` - Unique name for the role. + - `interval: "month"` - - `object: "role"` + The time interval for evaluating spend against the threshold. - Always `role`. + - `"month"` - - `"role"` + - `notification_channel: object { recipients, type, subject_prefix }` - - `permissions: array of string` + Email notification settings for a spend alert. - Permissions granted by the role. + - `recipients: array of string` - - `predefined_role: boolean` + Email addresses that receive the spend alert notification. - Whether the role is predefined and managed by OpenAI. + - `type: "email"` - - `resource_type: string` + The notification channel type. Currently only `email` is supported. - Resource type the role is bound to (for example `api.organization` or `api.project`). + - `"email"` + + - `subject_prefix: optional string` + + Optional subject prefix for alert emails. + + - `object: "project.spend_alert"` + + The object type, which is always `project.spend_alert`. + + - `"project.spend_alert"` + + - `threshold_amount: number` + + The alert threshold amount, in cents. ### Example ```http -curl https://api.openai.com/v1/projects/$PROJECT_ID/roles/$ROLE_ID \ +curl https://api.openai.com/v1/organization/projects/$PROJECT_ID/spend_alerts/$ALERT_ID \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ - -d '{}' + -d '{ + "currency": "USD", + "interval": "month", + "notification_channel": { + "recipients": [ + "string" + ], + "type": "email" + }, + "threshold_amount": 0 + }' ``` #### Response @@ -22453,30 +25522,35 @@ curl https://api.openai.com/v1/projects/$PROJECT_ID/roles/$ROLE_ID \ ```json { "id": "id", - "description": "description", - "name": "name", - "object": "role", - "permissions": [ + "currency": "USD", + "interval": "month", + "notification_channel": { + "recipients": [ "string" ], - "predefined_role": true, - "resource_type": "resource_type" + "type": "email", + "subject_prefix": "subject_prefix" + }, + "object": "project.spend_alert", + "threshold_amount": 0 } ``` ### Example ```http -curl -X POST https://api.openai.com/v1/projects/proj_abc123/roles/role_01J1F8PROJ \ +curl -X POST https://api.openai.com/v1/organization/projects/proj_abc/spend_alerts/alert_abc123 \ -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ -H "Content-Type: application/json" \ -d '{ - "role_name": "API Project Key Manager", - "permissions": [ - "api.organization.projects.api_keys.read", - "api.organization.projects.api_keys.write" - ], - "description": "Allows managing API keys for the project" + "threshold_amount": 150000, + "currency": "USD", + "interval": "month", + "notification_channel": { + "type": "email", + "recipients": ["finance@example.com"], + "subject_prefix": "OpenAI spend alert" + } }' ``` @@ -22484,51 +25558,55 @@ curl -X POST https://api.openai.com/v1/projects/proj_abc123/roles/role_01J1F8PRO ```json { - "object": "role", - "id": "role_01J1F8PROJ", - "name": "API Project Key Manager", - "description": "Allows managing API keys for the project", - "permissions": [ - "api.organization.projects.api_keys.read", - "api.organization.projects.api_keys.write" - ], - "resource_type": "api.project", - "predefined_role": false + "id": "alert_abc123", + "object": "project.spend_alert", + "threshold_amount": 150000, + "currency": "USD", + "interval": "month", + "notification_channel": { + "type": "email", + "recipients": ["finance@example.com"], + "subject_prefix": "OpenAI spend alert" + } } ``` -## Delete project role +## Delete project spend alert -**delete** `/projects/{project_id}/roles/{role_id}` +**delete** `/organization/projects/{project_id}/spend_alerts/{alert_id}` -Deletes a custom role from a project. +Deletes a project spend alert. ### Path Parameters - `project_id: string` -- `role_id: string` +- `alert_id: string` ### Returns -- `id: string` +- `ProjectSpendAlertDeleted object { id, deleted, object }` - Identifier of the deleted role. + Confirmation payload returned after deleting a project spend alert. -- `deleted: boolean` + - `id: string` - Whether the role was deleted. + The deleted spend alert ID. -- `object: "role.deleted"` + - `deleted: boolean` - Always `role.deleted`. + Whether the spend alert was deleted. - - `"role.deleted"` + - `object: "project.spend_alert.deleted"` + + Always `project.spend_alert.deleted`. + + - `"project.spend_alert.deleted"` ### Example ```http -curl https://api.openai.com/v1/projects/$PROJECT_ID/roles/$ROLE_ID \ +curl https://api.openai.com/v1/organization/projects/$PROJECT_ID/spend_alerts/$ALERT_ID \ -X DELETE \ -H "Authorization: Bearer $OPENAI_ADMIN_KEY" ``` @@ -22539,14 +25617,14 @@ curl https://api.openai.com/v1/projects/$PROJECT_ID/roles/$ROLE_ID \ { "id": "id", "deleted": true, - "object": "role.deleted" + "object": "project.spend_alert.deleted" } ``` ### Example ```http -curl -X DELETE https://api.openai.com/v1/projects/proj_abc123/roles/role_01J1F8PROJ \ +curl -X DELETE https://api.openai.com/v1/organization/projects/proj_abc/spend_alerts/alert_abc123 \ -H "Authorization: Bearer $OPENAI_ADMIN_KEY" \ -H "Content-Type: application/json" ``` @@ -22555,33 +25633,83 @@ curl -X DELETE https://api.openai.com/v1/projects/proj_abc123/roles/role_01J1F8P ```json { - "object": "role.deleted", - "id": "role_01J1F8PROJ", + "id": "alert_abc123", + "object": "project.spend_alert.deleted", "deleted": true } ``` ## Domain Types -### Role Delete Response +### Project Spend Alert -- `RoleDeleteResponse object { id, deleted, object }` +- `ProjectSpendAlert object { id, currency, interval, 3 more }` - Confirmation payload returned after deleting a role. + Represents a spend alert configured at the project level. - `id: string` - Identifier of the deleted role. + The identifier, which can be referenced in API endpoints. + + - `currency: "USD"` + + The currency for the threshold amount. + + - `"USD"` + + - `interval: "month"` + + The time interval for evaluating spend against the threshold. + + - `"month"` + + - `notification_channel: object { recipients, type, subject_prefix }` + + Email notification settings for a spend alert. + + - `recipients: array of string` + + Email addresses that receive the spend alert notification. + + - `type: "email"` + + The notification channel type. Currently only `email` is supported. + + - `"email"` + + - `subject_prefix: optional string` + + Optional subject prefix for alert emails. + + - `object: "project.spend_alert"` + + The object type, which is always `project.spend_alert`. + + - `"project.spend_alert"` + + - `threshold_amount: number` + + The alert threshold amount, in cents. + +### Project Spend Alert Deleted + +- `ProjectSpendAlertDeleted object { id, deleted, object }` + + Confirmation payload returned after deleting a project spend alert. + + - `id: string` + + The deleted spend alert ID. - `deleted: boolean` - Whether the role was deleted. + Whether the spend alert was deleted. - - `object: "role.deleted"` + - `object: "project.spend_alert.deleted"` - Always `role.deleted`. + Always `project.spend_alert.deleted`. - - `"role.deleted"` + - `"project.spend_alert.deleted"` # Certificates