Backend Developer Guide

Backend Developer Guide (End Users)

This guide is for developers integrating account, organization, and user-management workflows against the Backend API.

Service Endpoint

  • Dev endpoint: https://dev2-admin-api.harden.cloud
  • Auth header for protected endpoints: X-Api-Key: <api_key>
  • JSON content type: application/json

Typical Flow

  1. Fetch available plans.
  2. Register an org admin account.
  3. Verify email and activate account.
  4. Login and receive org admin API key.
  5. Create users and rotate user API keys.

Plan Discovery

cURL

1

curl -sS https://dev2-admin-api.harden.cloud/auth/plans

JavaScript

1
2
3

const res = await fetch("https://dev2-admin-api.harden.cloud/auth/plans");
const plans = await res.json();
console.log(plans);

Register an Org Admin

cURL

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

curl -sS -X POST \
  -H "Content-Type: application/json" \
  -d '{
    "orgName":"Acme Inc",
    "adminName":"Jane Admin",
    "email":"jane@example.com",
    "password":"CorrectHorseBatteryStaple1!",
    "countryCode":"US",
    "plan":"starter",
    "billingCycle":"monthly",
    "stripePaymentMethodId":"pm_card_visa"
  }' \
  https://dev2-admin-api.harden.cloud/auth/orgadmin/register

JavaScript

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18

const registerPayload = {
  orgName: "Acme Inc",
  adminName: "Jane Admin",
  email: "jane@example.com",
  password: "CorrectHorseBatteryStaple1!",
  countryCode: "US",
  plan: "starter",
  billingCycle: "monthly",
  stripePaymentMethodId: "pm_card_visa"
};

const registerRes = await fetch("https://dev2-admin-api.harden.cloud/auth/orgadmin/register", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify(registerPayload)
});
const registerResult = await registerRes.json();
console.log(registerResult);

Verify Email

Use the link from the verification email. If you need to call it manually:

cURL

1
2

curl -sS \
  "https://dev2-admin-api.harden.cloud/auth/orgadmin/verify?token=<verification-token>"

JavaScript

1
2
3
4
5

const verifyRes = await fetch(
  "https://dev2-admin-api.harden.cloud/auth/orgadmin/verify?token=<verification-token>"
);
const verifyResult = await verifyRes.json();
console.log(verifyResult);

Login as Org Admin

cURL

1
2
3
4

curl -sS -X POST \
  -H "Content-Type: application/json" \
  -d '{"email":"jane@example.com","password":"CorrectHorseBatteryStaple1!"}' \
  https://dev2-admin-api.harden.cloud/auth/orgadmin/login

JavaScript

1
2
3
4
5
6
7
8
9

const loginRes = await fetch("https://dev2-admin-api.harden.cloud/auth/orgadmin/login", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    email: "jane@example.com",
    password: "CorrectHorseBatteryStaple1!"
  })
});
const { apiKey } = await loginRes.json();

Manage Users in Your Org

You need orgId (returned by admin APIs/UI) and an org admin apiKey.

Create user (cURL)

1
2
3
4
5

curl -sS -X POST \
  -H "X-Api-Key: ${ORG_ADMIN_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{"name":"payments-service","isAdmin":false}' \
  "https://dev2-admin-api.harden.cloud/admin/orgs/${ORG_ID}/users"

Create user (JavaScript)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

const createUserRes = await fetch(
  `https://dev2-admin-api.harden.cloud/admin/orgs/${orgId}/users`,
  {
    method: "POST",
    headers: {
      "X-Api-Key": orgAdminApiKey,
      "Content-Type": "application/json"
    },
    body: JSON.stringify({
      name: "payments-service",
      isAdmin: false
    })
  }
);
const createdUser = await createUserRes.json();

List users (cURL)

1
2
3

curl -sS \
  -H "X-Api-Key: ${ORG_ADMIN_API_KEY}" \
  "https://dev2-admin-api.harden.cloud/admin/orgs/${ORG_ID}/users"

Rotate a user API key (JavaScript)

1
2
3
4
5
6
7
8
9

const rotateRes = await fetch(
  `https://dev2-admin-api.harden.cloud/admin/orgs/${orgId}/users/${userId}/apikey/rotate`,
  {
    method: "POST",
    headers: { "X-Api-Key": orgAdminApiKey }
  }
);
const rotated = await rotateRes.json();
console.log(rotated.apiKey);

Error Handling

  • 400: validation failed (input, plan/country constraints, missing payment info for paid plans).
  • 401: missing or invalid X-Api-Key.
  • 403: insufficient role/permissions.
  • 404: requested org/user/resource not found.

Notes

  • Backend account APIs handle org/user lifecycle and billing bootstrap.
  • Secret/key/file encryption operations should go through the Proxy API (https://dev2-api.harden.cloud).