Skip to main content

Admin (operator)

The /v1/admin/* routes configure an Ark instance. They are called by back-office / operator tooling (and CI/CD pipelines), not by an end-customer integration, and they set up the tenant configuration that the customer-facing routes depend on.

The formal request/response schema for every route is on the API Reference; these pages are the operator's map of what each group does, how it authenticates, and the order to call things in.

Route groups

GroupWhat it managesPage
Clients & brandsthe tenant client / brand records that anchor everything elseclients
Productsthe product catalogue and per-client/brand product mappingsproducts
External applicationsOAuth2 applications and which clients/brands each may accessexternal-applications
Routing policieswhich backing provider serves each capability for a client/brandrouting-policies
Configurationthe business-rule (BRE) definitions used for rule-driven decisionsconfiguration
Domain-object mappinglinks an Ark resource to its record at a backing provider (onboarding existing data)mapping

Authentication

Auth mode differs by group:

GroupAuth
Clients, Products, External applications, Routing policiesMicrosoft Entra ID JWT bearer with the ADMIN role (machine-to-machine via the Client-Credentials grant)
ConfigurationEntra ID JWT bearer with the ADMIN role (no API-key path)
Domain-object mappingAPI key in the X-Api-Key header

Two rules that apply across the admin surface

  • Most writes are idempotent PUT upserts by key — re-running a configuration step updates rather than duplicates, and a PUT re-activates a previously soft-deleted record. The exceptions are noted on each page (creating a provider is a POST; deleting a routing policy is deliberately not idempotent).
  • Order matters. A client/brand must exist before you can map products to it, authorise an external application for it, or set its routing policies — those all reference an existing client slug. A backing provider must be registered in the catalogue before a routing policy can target it.

For the internal flow, validation, and persistence behind these routes, see the admin architecture notes.