Organizations

These endpoints back the developer portal at platform.sigilkeys.com. You normally won’t call them directly — they require a Kratos session cookie which the SPA owns. Listed here for completeness.

GET /v1/orgs

List companies the authenticated portal user belongs to.

POST /v1/orgs

Create a new company. Body: { "name": "...", "slug": "...", "country": "ES" }. The caller becomes the owner.

GET /v1/orgs/{orgID}

Read one company.

PATCH /v1/orgs/{orgID}

Update branding + allowed origins.

{
  "name": "Acme",
  "logo_url": "https://...",
  "brand_color": "#1E50E0",
  "support_email": "support@acme.com",
  "allowed_origins": ["https://app.acme.com"]
}

PATCH /v1/orgs/{orgID}/auth

Update end-user auth config.

{
  "auth_config": {
    "mode": "oidc",
    "issuer": "https://auth.acme.com/realms/main",
    "audience": "acme-app"
  }
}

For Sigil-hosted: { "auth_config": { "mode": "sigil" } }.

PATCH /v1/orgs/{orgID}/recovery-mode

{ "mode": "customer_managed" }   // or "sigil_managed"

See Recovery model.