settings

📄️ Create a new org-scoped API key with the given scopes. The full raw key value is returned exactly once in the api_key fi

Create a new org-scoped API key with the given scopes. The full raw key value is returned exactly once in the api_key field and cannot be retrieved again.

📄️ List all API keys belonging to the organization, across all key types and states. The raw key value is never returned; o

List all API keys belonging to the organization, across all key types and states. The raw key value is never returned; only the non-secret prefix is included.

📄️ Return the canonical scope registry, key-type grouped scope views, and named scope templates. Intended for dashboard UIs

Return the canonical scope registry, key-type grouped scope views, and named scope templates. Intended for dashboard UIs rendering scope selectors. Scope registry is org-agnostic; no org_id required.

📄️ Revoke an API key by setting its revoked_at timestamp. The key immediately stops authenticating. Returns the updated key

Revoke an API key by setting its revoked_at timestamp. The key immediately stops authenticating. Returns the updated key record.

📄️ Atomically revoke the given key and create a replacement with identical configuration (name, key_type, scopes, environme

Atomically revoke the given key and create a replacement with identical configuration (name, key_type, scopes, environment, federation_id, model_id, app_id). The new raw key value is returned exactly once in the api_key field.

📄️ Create an app key (oct_app_live_... or oct_app_test_...) for server-side inference tied to a specific Octomil App. App k

Create an app key (oct_app_live_... or oct_app_test_...) for server-side inference tied to a specific Octomil App. App keys inherit the app's inference configuration without requiring explicit model selection per call.

📄️ Reconcile a Stripe Checkout session after the user returns from the Stripe-hosted payment page. Re-fetches the session f

Reconcile a Stripe Checkout session after the user returns from the Stripe-hosted payment page. Re-fetches the session from Stripe, verifies org ownership, acquires the per-(org, customer) advisory lock, and projects the resulting subscription via the canonical BillingSubscriptionSyncService seam (the same path used by the webhook handler). Returns the projected subscription state.

📄️ Create a Stripe checkout session for plan upgrade.

Create a Stripe checkout session for plan upgrade.

📄️ Create a Stripe billing portal session for subscription management.

Create a Stripe billing portal session for subscription management.

📄️ Return the current billing subscription state for the organization. This is a local projection of the Stripe subscriptio

Return the current billing subscription state for the organization. This is a local projection of the Stripe subscription cache; may lag by up to one webhook delivery cycle.

📄️ Update local billing plan. Admin/dev override only — production plan changes should go through Stripe checkout.

Update local billing plan. Admin/dev override only — production plan changes should go through Stripe checkout.

📄️ List recent Stripe invoices for the organization. Fetched live from Stripe on demand and cached server-side for 90 secon

List recent Stripe invoices for the organization. Fetched live from Stripe on demand and cached server-side for 90 seconds per Stripe customer ID. Returns up to 20 invoices ordered by creation date, most recent first.

📄️ Return a billing context bundle for support handoff. Includes plan, subscription status, and the latest Stripe invoice s

Return a billing context bundle for support handoff. Includes plan, subscription status, and the latest Stripe invoice summary so support can triage a billing issue without follow-up. Latest invoice is fetched via stripe.Invoice.list(limit=1) and cached server-side for 60 seconds per customer.

📄️ Create a new cloud provider connection for the org. The server immediately verifies the credential after creation and se

Create a new cloud provider connection for the org. The server immediately verifies the credential after creation and sets verification_status accordingly.

📄️ List all cloud provider connections for the calling org. org_id is resolved from the auth context (JWT). Optionally filt

List all cloud provider connections for the calling org. org_id is resolved from the auth context (JWT). Optionally filter by provider.

📄️ Delete a cloud provider connection. Returns 204 No Content on success.

Delete a cloud provider connection. Returns 204 No Content on success.

📄️ Fetch a single cloud provider connection by id. API key is never returned.

Fetch a single cloud provider connection by id. API key is never returned.

📄️ Partially update a cloud provider connection. If api_key is provided, the server re-verifies the credential after update

Partially update a cloud provider connection. If api_key is provided, the server re-verifies the credential after update and reflects the result in verification_status.

📄️ Fetch the list of model ids available from a cloud provider connection by making a live request to the provider's models

Fetch the list of model ids available from a cloud provider connection by making a live request to the provider's models endpoint. Returns sorted model ids.

📄️ Active-probe a cloud provider connection by making a live models-listing request to the provider. On success, updates th

Active-probe a cloud provider connection by making a live models-listing request to the provider. On success, updates the connection's last_verified_at and verification_latency_ms in the database. Returns success=false (not an error status) for non-200 provider responses so the caller can surface the diagnostic.

📄️ Store a new BYOK cloud provider credential for the org. The API key is encrypted at rest and never returned. Records an

Store a new BYOK cloud provider credential for the org. The API key is encrypted at rest and never returned. Records an audit event on success.

📄️ List BYOK cloud provider credentials for the org. Optionally filter by provider. API keys are never returned — only meta

List BYOK cloud provider credentials for the org. Optionally filter by provider. API keys are never returned — only metadata.

📄️ Delete a BYOK cloud provider credential. Records an audit event on success.

Delete a BYOK cloud provider credential. Records an audit event on success.

📄️ Fetch a single BYOK cloud provider credential by id. API key is never returned.

Fetch a single BYOK cloud provider credential by id. API key is never returned.

📄️ Partially update a BYOK cloud provider credential. Providing api_key replaces the stored encrypted key. Records an audit

Partially update a BYOK cloud provider credential. Providing api_key replaces the stored encrypted key. Records an audit event on success (api_key field is never included in audit metadata).

📄️ Fetch the cloud fallback policy for the org: whether cloud inference is enabled, which credential sources are permitted,

Fetch the cloud fallback policy for the org: whether cloud inference is enabled, which credential sources are permitted, provider allowlist, and default fallback model.

📄️ Partially update the cloud fallback policy for the org. Records an audit event on success.

Partially update the cloud fallback policy for the org. Records an audit event on success.

📄️ Return the full execution configuration for the org: all local runtime targets, all cloud targets, and the current routi

Return the full execution configuration for the org: all local runtime targets, all cloud targets, and the current routing strategy and cooldown settings.

📄️ Return live health metrics for all execution targets: request rates, inflight counts, success/failure rates, cooldown st

Return live health metrics for all execution targets: request rates, inflight counts, success/failure rates, cooldown state, and last verification timestamps.

📄️ Register a new local runtime target for the org. Records an audit event on success.

Register a new local runtime target for the org. Records an audit event on success.

📄️ List all local runtime targets for the org: active, disabled, and the env-fallback sentinel row if present.

List all local runtime targets for the org: active, disabled, and the env-fallback sentinel row if present.

📄️ Delete a local runtime target. Records an audit event on success. Returns 204 No Content.

Delete a local runtime target. Records an audit event on success. Returns 204 No Content.

📄️ Partially update a local runtime target. Records an audit event on success.

Partially update a local runtime target. Records an audit event on success.

📄️ Active-probe a local runtime endpoint by making a live request. Returns success, error message, and latency. Non-2xx res

Active-probe a local runtime endpoint by making a live request. Returns success, error message, and latency. Non-2xx responses from the runtime are returned as success=false, not as HTTP errors.

📄️ Update the cloud routing strategy and/or cooldown seconds. Records an audit event on success.

Update the cloud routing strategy and/or cooldown seconds. Records an audit event on success.

📄️ Return the governance and operational settings for an organization. If no settings record exists yet the server upserts

Return the governance and operational settings for an organization. If no settings record exists yet the server upserts a default record and returns it.

📄️ Partially update org-level governance and operational settings. Only fields present in the request body are applied. Rec

Partially update org-level governance and operational settings. Only fields present in the request body are applied. Records an audit log entry on every successful mutation.

📄️ Return the authentication and identity provider configuration for the organization. OAuth provider availability (google_

Return the authentication and identity provider configuration for the organization. OAuth provider availability (google_enabled, apple_enabled, github_enabled) reflects server-level credential configuration and cannot be set per-org.

📄️ Partially update org-level authentication configuration: SSO, SCIM, and primary identity mode. Records an audit log entr

Partially update org-level authentication configuration: SSO, SCIM, and primary identity mode. Records an audit log entry on every successful mutation.

📄️ Return org-level serving and data-handling policy configuration including the active serving policy, telemetry emission

Return org-level serving and data-handling policy configuration including the active serving policy, telemetry emission toggle, and privacy mode.

📄️ Partially update org-level serving and data-handling policies.

Partially update org-level serving and data-handling policies.

📄️ Create a new notification or data integration for the organization. Enabled by default on creation. Use settings.update-

Create a new notification or data integration for the organization. Enabled by default on creation. Use settings.update-integration to configure provider-specific fields after.

📄️ List all integrations configured for the organization. Returns summary records; use settings.get-integration for provide

List all integrations configured for the organization. Returns summary records; use settings.get-integration for provider-specific detail fields.

📄️ Delete an integration. Verifies org_id ownership before deletion.

Delete an integration. Verifies org_id ownership before deletion.

📄️ Get full details for a single integration. Scoped by org_id.

Get full details for a single integration. Scoped by org_id.

📄️ Partially update an integration. Only whitelisted fields are applied.

Partially update an integration. Only whitelisted fields are applied.

📄️ Validate integration configuration. Local validation only — does not test live connectivity.

Validate integration configuration. Local validation only — does not test live connectivity.

📄️ Create a publishable key (oct_pub_live_... or oct_pub_test_...) for client-side SDK use. Publishable keys have a restric

Create a publishable key (oct_pub_live_... or oct_pub_test_...) for client-side SDK use. Publishable keys have a restricted scope set, optional origin restrictions, and a rate limit. The full raw key is returned exactly once.

📄️ Retrieve usage limits for an organization.

Retrieve usage limits for an organization.

📄️ Upsert usage limits for an organization. Creates or updates each metric limit.

Upsert usage limits for an organization. Creates or updates each metric limit.