Tenancy
PIE V2 has no separate admin and client URL trees. Tenant context is expressed directly in the path.
/v2/clients/{client_id}/domains/{domain_id}/service/{service_id}Client ids
Section titled “Client ids”client_id is the registry tenant id. It is both a routing key and an
authorization boundary.
Use the same client_id that your platform team assigned to your tenant. For
non-admin callers, the API checks the JWT can access that tenant before it runs
the operation.
Domain ids
Section titled “Domain ids”domain_id groups a set of related services and assignments under a client. A
domain is where you define feature contracts and domain-scoped assignments.
Use a domain when:
- Multiple services share the same feature definitions.
- A domain-level model decides what service-level models or assignments should exist.
- You need a single business scope for reporting or management.
Service ids
Section titled “Service ids”service_id identifies a concrete service inside a domain. Service initialization
stores caller-provided features, applies defaults from domain feature schemas,
and can trigger assignment-linked inference.
Use service-scoped routes when the action depends on a specific initialized service. Use domain-scoped routes when the action applies to the domain as a whole.
Authorization examples
Section titled “Authorization examples”| Caller | Tenant access |
|---|---|
Human in admin group | Any client_id. |
Human in client:sealink group | /v2/clients/sealink/... only. |
Machine token with JWT client_id=sealink | /v2/clients/sealink/... unless granted admin scope. |
Machine token with streamline/admin | Any client_id. |