Accounts module
/
Accounts
/
Get an account (tenant)

Account Management Overview

Frontegg is built with multi-tenancy in mind, allowing the creation and management of multiple accounts (tenants) within an environment. This section provides an overview of relevant API endpoints, organized into Management and Self-Service categories, supporting the creation of accounts, hierarchies, and sub-accounts.

Management Endpoints: Require environment-level authorization and offer full control over resources, including SSO (SAML and OIDC) configurations, account hierarchies, and sub-accounts.

Self-Service Endpoints: Accessible with a user token (JWT), enabling users with the appropriate permissions to create, update, and delete sub-accounts from ah hierarchy.

Download OpenAPI description
Users, Auth and Security
Single Sign-On
SCIM Provisioning
Entitlements
Entitlements Agent
Accounts (Tenants)
Languages
Servers
EU Region
https://api.frontegg.com/tenants/
US Region
https://api.us.frontegg.com/tenants/
CA Region
https://api.ca.frontegg.com/tenants/
AU Region
https://api.au.frontegg.com/tenants/
Frontegg sub-domain for use with user tokens
https://{domain}.frontegg.com/tenants/

Accounts

Operations

Delete account (tenant)

Request

Removes an account (tenant) and all users of that account. If an account is part of the hierarchy, then all of its sub-account are assigned to a deleted account's parent. A vendor token is required for this route, it can be obtained from the vendor authentication route.

Path
tenantIdstringrequired
curl -i -X DELETE \
  'https://api.frontegg.com/tenants/resources/tenants/v1/{tenantId}' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

When the given tenant doesn't exist.

Create an account (tenant)

Request

Create a new account (tenant). If an account with given ID had existed before and was removed, then this action will reactivate that tenant. A vendor token is required for this route, it can be obtained from the vendor authentication route.

Bodyapplication/jsonrequired
tenantIdstring

Send your own unique tenantId or Frontegg will auto-generate a UUID

namestring
statusstring

This field can be used for custom logic, it is not enforced in Frontegg flows

websitestring
applicationUrlstring
logostring

Base64-encoded image to use as logo.

logoUrlstring
addressstring
timezonestring
currencystring
creatorNamestring
creatorEmailstring
isResellerboolean
parentTenantIdstring
curl -i -X POST \
  https://api.frontegg.com/tenants/resources/tenants/v1 \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "tenantId": "string",
    "name": "string",
    "status": "string",
    "website": "string",
    "applicationUrl": "string",
    "logo": "string",
    "logoUrl": "string",
    "address": "string",
    "timezone": "string",
    "currency": "string",
    "creatorName": "string",
    "creatorEmail": "string",
    "isReseller": true,
    "parentTenantId": "string"
  }'

Responses

When the tenant ID does not pass the validation.

Delete current account (tenant)

Request

Removes current account and all users of that account. Only users that have the Frontegg Delete Account permission fe.account-settings.delete.account would be able to perform this action. A user token is required for this route. A user token can be obtained after user authentication.

curl -i -X DELETE \
  https://api.frontegg.com/tenants/resources/tenants/v1 \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

When current tenant has been removed.

Add account (tenant) metadata

Request

Add metadata to an account (tenant). If given metadata key already exists, its value is overwritten. A vendor token is required for this route, it can be obtained from the vendor authentication route.

Path
tenantIdstringrequired
Bodyapplication/jsonrequired
metadataobjectrequired
One of:
object
curl -i -X POST \
  'https://api.frontegg.com/tenants/resources/tenants/v1/{tenantId}/metadata' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "metadata": {
      "maximumUsers": 50
    }
  }'

Responses

When the given metadata is neither a JSON, nor JSON-string.

Delete account (tenant) metadata

Request

Remove a key/value from an account's metadata. A vendor token is required for this route, it can be obtained from the vendor authentication route.

Path
tenantIdstringrequired
keystringrequired
curl -i -X DELETE \
  'https://api.frontegg.com/tenants/resources/tenants/v1/{tenantId}/metadata/{key}' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

When the provided tenant doesn't exist.

Get accounts (tenants)

Request

This route returns all accounts (tenants) for and environment.

Query
_limitnumber

The default limit is 50 tenants per request, the maximum is 200

_offsetnumber
_filterstring

This param allows filtering the request using an account's name or tenantId

_sortBystring

This param allows sorting the results via createdAt, name, tenantId

_orderstring

This param can be used together with sortBy and define the order as ACS or DESC

_tenantIdsArray of strings

This param allows passing specific tenantIds and getting only these tenants data

curl -i -X GET \
  https://api.frontegg.com/tenants/resources/tenants/v2 \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

Get an account (tenant)

Request

Get an account (tenant) by identifier. When an account cannot be found, empty array is returned. A vendor token is required for this route, it can be obtained from the vendor authentication route.

Path
tenantIdstringrequired
curl -i -X GET \
  'https://api.frontegg.com/tenants/resources/tenants/v2/{tenantId}' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

Update an account (tenant)

Request

Update a given account (tenant). A vendor token is required for this route, it can be obtained from the vendor authentication route.

Path
tenantIdstringrequired
Bodyapplication/jsonrequired
object(UpdateTenantRequestV2)
curl -i -X PUT \
  'https://api.frontegg.com/tenants/resources/tenants/v2/{tenantId}' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{}'

Responses

Get account (tenant) by IDDeprecated

Request

Use the V2 route for Get Tenant. This route is no longer relevant.

Path
tenantIdstringrequired

The tenant ID to get.

curl -i -X GET \
  'https://api.frontegg.com/tenants/resources/tenants/v1/{tenantId}' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

When the tenant ID does not pass the validation.

Update account (tenant)Deprecated

Request

Use the V2 route for update tenant. This route is no longer relevant.

Path
tenantIdstringrequired
Bodyapplication/jsonrequired
object(UpdateTenantRequest)
curl -i -X PUT \
  'https://api.frontegg.com/tenants/resources/tenants/v1/{tenantId}' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{}'

Responses

When body doesn't contain any property to change.

Sub-accounts and hierarchy

Operations

Account migration

Operations

Account settings

Operations

Sub-accounts

Operations