Backend Use Cases

Backend Use Cases

1. Bootstrap A New Organization

Use the global admin API key written by Backend on first startup to create a tenant and its first org admin.

1
2
3
4
5
6

GLOBAL_ADMIN_KEY="<global-admin-api-key>"

curl -sS -X POST https://dev2-admin-api.harden.cloud/admin/orgs \
  -H "X-Api-Key: ${GLOBAL_ADMIN_KEY}" \
  -H "Content-Type: application/json" \
  -d '{"name":"acme"}'

2. Self-Service Org Admin Onboarding

Let a customer create an organization, verify their email, and receive an org-admin API key.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

curl -sS -X POST https://dev2-admin-api.harden.cloud/auth/orgadmin/register \
  -H "Content-Type: application/json" \
  -d '{
    "orgName":"Acme Inc",
    "adminName":"Jane Admin",
    "email":"jane@example.com",
    "password":"CorrectHorseBatteryStaple1!",
    "countryCode":"US",
    "plan":"free",
    "billingCycle":"monthly",
    "stripePaymentMethodId":null
  }'

3. Paid Plan Activation

Starter, SMB, and Business plans complete Stripe-backed activation during email verification.

  • registration stores the requested plan and payment method
  • verification creates the subscription
  • successful verification returns the usable org-admin API key

4. User Lifecycle Management

Org admins can create service users or human users and rotate API keys when needed.

1
2
3
4

curl -sS -X POST "https://dev2-admin-api.harden.cloud/admin/orgs/${ORG_ID}/users" \
  -H "X-Api-Key: ${ORG_ADMIN_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{"name":"payments-service","isAdmin":false}'

5. Configure File Storage For Paid Orgs

Encrypted file content is stored in a per-org S3-compatible bucket. Configure it once before file uploads start.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

curl -sS -X PUT "https://dev2-admin-api.harden.cloud/admin/orgs/${ORG_ID}/storage" \
  -H "X-Api-Key: ${ORG_ADMIN_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{
    "serviceUrl":"https://s3.example.com",
    "bucket":"org-files",
    "accessKey":"AKIA...",
    "secretKey":"secret...",
    "forcePathStyle":true,
    "region":"us-east-1"
  }'

6. Build Org-Scoped User Discovery

Applications can build trusted-user pickers or internal directories with:

  • GET /users/org
  • GET /users/org/{userId}

This exposes only same-org public profiles and blocks cross-org lookups.

7. Support Trusted-User Recovery

The Backend stores trusted-user recovery shares and accepts recovery restore submissions.

Typical flow:

  1. Owner stores encrypted recovery shares for one or more trustees.
  2. Trustee lists owners who shared recovery material.
  3. Trustee submits newly restored encrypted private keys for the owner.
  4. Owner rekeys with a new user secret afterward.

8. Review Audit History

Org admins can inspect KV create, update, and delete history for compliance or incident response.

1
2

curl -sS https://dev2-admin-api.harden.cloud/audit \
  -H "X-Api-Key: ${ORG_ADMIN_API_KEY}"