FruxonDocs
UsersAPI Access

Provision a service account.

Creates a new workload principal with the requested scope grant and mints its first API key. The key's plaintext secret is returned once in the response and never again — capture it now. Provisioning is an administrative action; gate access with the `keys:write` scope.

POST
/v1/tenants/{tenant}/serviceAccounts

Authorization

Bearer
AuthorizationBearer <token>

JWT Authorization header using the Bearer scheme. Enter 'Bearer' [space] and then your token.

In: header

Path Parameters

tenant*string

The tenant identifier

Request Body

The service account name, description, scope grant, and first-key expiry.

name?string|null

Human-readable workload name, e.g. stripe-webhook.

description?string|null

Optional description of what the workload does.

scopes?|null

The permission grant for the account. Unioned with Fruxon.Model.ServiceAccounts.ProvisionServiceAccountRequest.Preset when both are supplied; validated against the shared TokenScopes vocabulary. Empty (and no preset) means the account can do nothing until scopes are added.

preset?string|null

Optional named preset (runner / builder / read-only / admin) expanded at provision time.

keyExpirationDays?integer|null

Optional expiry (in days) for the first key. Null = the key never expires. The service account itself does not expire — only its keys.

Formatint32
[key: string]?never

Response Body

curl -X POST "https://api.fruxon.com/v1/tenants/string/serviceAccounts" \  -H "Content-Type: application/json" \  -d '{}'
{
  "serviceAccount": {
    "id": "00000000-0000-0000-0000-000000000000",
    "name": "string",
    "description": "string",
    "scopes": [
      "string"
    ],
    "isActive": false,
    "createdBy": "string",
    "createdAt": 0,
    "modifiedAt": 0,
    "revokedAt": 0
  },
  "key": {
    "id": "string",
    "name": "string",
    "token": "string",
    "keyPrefix": "string",
    "scopes": [
      "string"
    ],
    "createdAt": 0,
    "expiresAt": 0,
    "type": "USER",
    "createdBy": "string"
  }
}
{
  "type": "string",
  "title": "string",
  "status": 0,
  "detail": "string",
  "instance": "string",
  "property1": null,
  "property2": null
}
Empty
{
  "type": "string",
  "title": "string",
  "status": 0,
  "detail": "string",
  "instance": "string",
  "property1": null,
  "property2": null
}
{
  "type": "string",
  "title": "string",
  "status": 0,
  "detail": "string",
  "instance": "string",
  "property1": null,
  "property2": null
}

Revoke a service account.

Marks the service account inactive and cascade-revokes every key it owns. The principal being dead is the source of truth — subsequent use of any of its keys returns 401, even if a key row was missed by the sweep.

Rotate a service account's credential.

Mints a fresh API key for the service account and revokes its other active keys. Zero-downtime — the new key is live before the old ones are retired. The new key's plaintext secret is returned once.