Enterprise API

The Enterprise API provides full administrative control over your self-hosted Snipara deployment. Manage users, workspaces, API keys, webhooks, audit logs, and view usage statistics.

Enterprise Only

The Enterprise API is only available for self-hosted Enterprise deployments. Contact enterprise@snipara.com for licensing information.

Authentication

All Enterprise API endpoints require an Enterprise Admin Token. Generate tokens from:

Team Settings: Dashboard → Team → Settings → Enterprise Admin Tokens
Enterprise Console: snipara.com/enterprise/login

curl -H "Authorization: Bearer ent_admin_xxx" https://your-instance.example.com/api/v1/enterprise/...

Base URL

https://your-instance.example.com/api/v1/enterprise

API Overview

Resource	Endpoints	Description
`/users`	CRUD + Permissions	Manage users and their project permissions
`/workspaces`	CRUD + Members + Transfer	Manage workspaces, members, and ownership
`/api-keys`	CRUD + Rotate	Manage API keys for projects and teams
`/webhooks`	CRUD + Test + Deliveries	Configure webhook endpoints for events
`/audit`	List + Export	View and export audit logs
`/usage`	Statistics	Enterprise-wide usage metrics and trends

Users API

List Users

GET /users?page=1&limit=20&search=john

Query Parameters

page - Page number (default: 1)
limit - Results per page (default: 20, max: 100)
search - Search by email or name

Get User

GET /users/:userId

Create User

POST /users

  "email": "user@example.com",

  "name": "John Doe"

Update User

PATCH /users/:userId

Delete User

DELETE /users/:userId

Get User Permissions

GET /users/:userId/permissions

Returns project-level permissions for the user.

Update User Permissions

PUT /users/:userId/permissions

  "permissions": [

    { "projectId": "proj_123", "accessLevel": "EDITOR" },

    { "projectId": "proj_456", "accessLevel": "ADMIN" }

Access levels: NONE, VIEWER, EDITOR, ADMIN

Workspaces API

List Workspaces

GET /workspaces?page=1&limit=20&search=engineering

Create Workspace

POST /workspaces

  "name": "Engineering Team",

  "ownerId": "user_abc" // Optional

Get Workspace

GET /workspaces/:workspaceId

Update Workspace

PATCH /workspaces/:workspaceId

Delete Workspace

DELETE /workspaces/:workspaceId

List Workspace Members

GET /workspaces/:workspaceId/members

Add Workspace Member

POST /workspaces/:workspaceId/members

  "userId": "user_abc",

  "role": "MEMBER" // ADMIN or MEMBER

Update Member Role

PATCH /workspaces/:workspaceId/members/:memberId

Remove Member

DELETE /workspaces/:workspaceId/members/:memberId

Transfer Ownership

POST /workspaces/:workspaceId/transfer

  "newOwnerId": "user_xyz"

The new owner must be an existing member. Current owner is demoted to Admin.

API Keys API

List API Keys

GET /api-keys?type=PROJECT&status=active

Query Parameters

type - Filter by type: PROJECT or TEAM
status - Filter: active, revoked, expired

Create API Key

POST /api-keys

  "name": "CI/CD Key",

  "type": "PROJECT", // PROJECT or TEAM

  "projectId": "proj_123", // Required for PROJECT type

  "teamId": "team_456", // Required for TEAM type

  "accessLevel": "EDITOR", // VIEWER, EDITOR, or ADMIN

  "expiresInDays": 90 // Optional

Save the API Key

The full API key is only returned once during creation. Store it securely.

Get API Key

GET /api-keys/:keyId

Update API Key

PATCH /api-keys/:keyId

Revoke API Key

DELETE /api-keys/:keyId

Rotate API Key

POST /api-keys/:keyId/rotate

Generates a new key while preserving all settings. The old key becomes invalid immediately.

Webhooks API

List Webhooks

GET /webhooks?status=ACTIVE

Create Webhook

POST /webhooks

  "name": "Production Webhook",

  "url": "https://example.com/webhook",

  "events": [

    "user.created",

    "project.indexed",

    "api_key.rotated"

],

  "headers": { "X-Custom": "value" }, // Optional

  "maxRetries": 3, // 0-10, default: 3

  "retryDelay": 60 // 10-3600 seconds

Available Events

user.createduser.updateduser.deletedproject.createdproject.updatedproject.deletedproject.indexedapi_key.createdapi_key.revokedapi_key.rotatedworkspace.createdworkspace.updatedworkspace.deletedworkspace.member_addedworkspace.member_removedsubscription.createdsubscription.updatedsubscription.cancelled

Get Webhook

GET /webhooks/:webhookId

Update Webhook

PATCH /webhooks/:webhookId

Delete Webhook

DELETE /webhooks/:webhookId

Test Webhook

POST /webhooks/:webhookId/test

Sends a test delivery to verify the webhook endpoint. Returns delivery status and response.

List Webhook Deliveries

GET /webhooks/:webhookId/deliveries?status=failed

Webhook Signature Verification

All webhook deliveries include an X-Webhook-Signature header for verification:

X-Webhook-Signature: t=1234567890,v1=abc123...

Verify by computing HMAC-SHA256(timestamp + "." + body, secret) and comparing to the v1 value.

Audit Logs API

List Audit Logs

GET /audit?action=user.*&startDate=2024-01-01&endDate=2024-01-31

Query Parameters

action - Filter by action pattern (e.g., user.*, api_key.rotate)
entityType - Filter by entity: user, team, project, api_key, webhook
actorId - Filter by actor (user who performed action)
teamId - Filter by workspace
startDate, endDate - Date range (ISO 8601)

Export Audit Logs

GET /audit/export?format=csv&startDate=2024-01-01&endDate=2024-01-31

Query Parameters

format - Export format: csv or json
startDate, endDate - Required date range
Supports same filters as list endpoint

Maximum 10,000 records per export. Returns a downloadable file.

Usage API

Get Usage Statistics

GET /usage?period=30d

Query Parameters

period - Time period: 7d, 30d, 90d, or all

Response

  "period": "30d",

  "overview": {

    "totalUsers": 150,

    "activeUsers": 89,

    "totalWorkspaces": 12,

    "totalProjects": 45,

    "totalApiKeys": 78,

    "totalQueries": 125000,

    "recentAuditLogs": 3500

},

  "trends": {

    "dailyQueries": [...],

    "userGrowth": [...]

},

  "topWorkspaces": [...],

  "subscriptions": [...]

Error Responses

All Enterprise API errors follow a consistent format:

  "success": false,

  "error": {

    "code": "FORBIDDEN",

    "message": "Insufficient permissions"

Common Error Codes

Status	Code	Description
400	`BAD_REQUEST`	Invalid request body or parameters
401	`UNAUTHORIZED`	Missing or invalid Enterprise Admin Token
403	`FORBIDDEN`	Insufficient permissions for this operation
404	`NOT_FOUND`	Resource not found
409	`CONFLICT`	Resource already exists or conflict detected
500	`INTERNAL_ERROR`	Server error

Required Permissions

Enterprise Admin Tokens have granular permissions:

Permission	Required For
`USERS_READ`	List/Get users, Get permissions
`USERS_WRITE`	Create/Update/Delete users, Update permissions
`WORKSPACES_READ`	List/Get workspaces, List members
`WORKSPACES_WRITE`	Create/Update/Delete workspaces, Manage members, Transfer
`API_KEYS_READ`	List/Get API keys
`API_KEYS_WRITE`	Create/Revoke/Rotate API keys
`WEBHOOKS_READ`	List/Get webhooks, View deliveries
`WEBHOOKS_WRITE`	Create/Update/Delete webhooks, Test webhook
`AUDIT_READ`	List/Export audit logs
`USAGE_READ`	View usage statistics

Enterprise API

Enterprise Only

Authentication

Base URL

API Overview

Users API

List Users

Query Parameters

Get User

Create User

Update User

Delete User

Get User Permissions

Update User Permissions

Workspaces API

List Workspaces

Create Workspace

Get Workspace

Update Workspace

Delete Workspace

List Workspace Members

Add Workspace Member

Update Member Role

Remove Member

Transfer Ownership

API Keys API

List API Keys

Query Parameters

Create API Key

Save the API Key

Get API Key

Update API Key

Revoke API Key

Rotate API Key

Webhooks API

List Webhooks

Create Webhook

Available Events

Get Webhook

Update Webhook

Delete Webhook

Test Webhook

List Webhook Deliveries

Webhook Signature Verification

Audit Logs API

List Audit Logs

Query Parameters

Export Audit Logs

Query Parameters

Usage API

Get Usage Statistics

Query Parameters

Response

Error Responses

Common Error Codes

Required Permissions

Next Steps

REST API Reference

MCP Tools Reference