Organizations & Teams

Zatabase provides a full multi-tenant organization system with hierarchical structures, team management, workspaces, role-based access control, quota enforcement, custom branding, and cross-organization collaboration. All endpoints require authentication and are mounted under /v1 when the organizations feature is enabled.

Organizations

Organizations are the top-level tenant boundary in Zatabase. Every user, team, workspace, and resource belongs to an organization. Organizations support hierarchical nesting (parent/child), tier-based feature gating, and independent settings.

Create an Organization

curl -s -X POST https://your-project.zatabase.io/v1/organizations \
  -H "Authorization: Bearer $ZATABASE_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "acme-corp",
    "display_name": "Acme Corporation",
    "tier": "business",
    "description": "Primary organization",
    "domain": "acme.com",
    "website": "https://acme.com",
    "industry": "technology",
    "region": "us-east-1",
    "timezone": "America/New_York"
  }' | jq

Response:

{
  "id": 1709300000000,
  "ulid": "01HQXYZ...",
  "name": "acme-corp",
  "display_name": "Acme Corporation",
  "slug": "acme-corp",
  "tier": "business",
  "status": "active",
  "domain": "acme.com",
  "region": "us-east-1",
  "timezone": "America/New_York",
  "created_at": "2026-03-04T00:00:00Z",
  "updated_at": "2026-03-04T00:00:00Z"
}

The slug is auto-generated from name if not provided. Slugs must be unique across the system.

List Organizations

# List all organizations
curl -s https://your-project.zatabase.io/v1/organizations \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

# List child organizations of a parent
curl -s "https://your-project.zatabase.io/v1/organizations?parent_id=1709300000000" \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

Get Organization

curl -s https://your-project.zatabase.io/v1/organizations/1709300000000 \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

Update Organization

curl -s -X PUT https://your-project.zatabase.io/v1/organizations/1709300000000 \
  -H "Authorization: Bearer $ZATABASE_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "display_name": "Acme Corp International",
    "description": "Updated description",
    "size": "large",
    "timezone": "UTC"
  }' | jq

Only provided fields are updated. Omitted fields remain unchanged.

Delete Organization

curl -s -X DELETE https://your-project.zatabase.io/v1/organizations/1709300000000 \
  -H "Authorization: Bearer $ZATABASE_TOKEN"

Returns 204 No Content on success. Organizations with child organizations cannot be deleted until all children are removed first.

Organization Tiers

Each organization has a tier that determines feature availability and resource limits:

Tier	Max Members	Max Teams	Max Projects	Max Workspaces	Max Children	Custom Branding	SSO/2FA
`free`	5	1	3	2	0	No	No
`startup`	25	5	10	10	3	No	No
`business`	100	20	50	50	10	Yes	Yes
`enterprise`	1,000	100	200	200	50	Yes	Yes
`custom`	Unlimited	Unlimited	Unlimited	Unlimited	Unlimited	Yes	Yes

Organization Hierarchy

Organizations support parent-child relationships for modeling corporate structures (e.g. parent company with subsidiaries). Child organization creation is subject to the parent’s tier limits.

List Child Organizations

curl -s https://your-project.zatabase.io/v1/organizations/1709300000000/children \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

Create a Child Organization

Set parent_org_id when creating the organization:

curl -s -X POST https://your-project.zatabase.io/v1/organizations \
  -H "Authorization: Bearer $ZATABASE_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "acme-europe",
    "display_name": "Acme Europe",
    "tier": "business",
    "parent_org_id": 1709300000000
  }' | jq

Organization Statistics

Get usage metrics for an organization:

curl -s https://your-project.zatabase.io/v1/organizations/1709300000000/stats \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

Response:

{
  "org_id": 1709300000000,
  "member_count": 42,
  "project_count": 12,
  "team_count": 8,
  "workspace_count": 15,
  "child_organization_count": 2,
  "storage_used_bytes": 5368709120,
  "compute_hours_used": 84.5,
  "api_requests_count": 1250000,
  "last_activity": "2026-03-04T12:30:00Z",
  "created_at": "2025-06-15T00:00:00Z"
}

Members

Organization members have org-level roles that control what management actions they can perform.

Organization Roles

Role	Manage Org	Manage Teams	Manage Billing	Invite Members	Create Projects
`owner`	Yes	Yes	Yes	Yes	Yes
`admin`	Yes	Yes	No	Yes	Yes
`manager`	No	Yes	No	Yes	Yes
`member`	No	No	No	No	Yes
`billing`	No	No	Yes	No	Yes
`guest`	No	No	No	No	No

List Members

curl -s https://your-project.zatabase.io/v1/organizations/1709300000000/members \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

Add a Member

curl -s -X POST https://your-project.zatabase.io/v1/organizations/1709300000000/members \
  -H "Authorization: Bearer $ZATABASE_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "user_id": "01HQXYZ...",
    "email": "[email protected]",
    "role": "member"
  }' | jq

Remove a Member

curl -s -X DELETE https://your-project.zatabase.io/v1/organizations/1709300000000/members/01HQXYZ... \
  -H "Authorization: Bearer $ZATABASE_TOKEN"

Returns 204 No Content. The last admin cannot be removed from an organization.

Invite a Member

Send an invitation by email. Invitations expire after 72 hours by default.

curl -s -X POST https://your-project.zatabase.io/v1/organizations/1709300000000/invitations \
  -H "Authorization: Bearer $ZATABASE_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "role": "member",
    "message": "Welcome to Acme!"
  }' | jq

Response includes an invitation_token for the invitee to accept.

Accept an Invitation

curl -s -X POST https://your-project.zatabase.io/v1/organizations/1709300000000/invitations/INVITATION_TOKEN/accept \
  -H "Content-Type: application/json" \
  -d '{
    "user_id": "01HQXYZ...",
    "user_email": "[email protected]"
  }' | jq

The email must match the invitation. Expired or already-accepted invitations are rejected.

Organization Settings

Organizations have comprehensive settings covering general configuration, security policies, collaboration rules, notifications, integrations, billing, and compliance.

Get Settings

curl -s https://your-project.zatabase.io/v1/organizations/1709300000000/settings \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

Update All Settings

curl -s -X PUT https://your-project.zatabase.io/v1/organizations/1709300000000/settings \
  -H "Authorization: Bearer $ZATABASE_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "org_id": 1709300000000,
    "general": {
      "default_timezone": "America/New_York",
      "default_language": "en",
      "session_timeout_minutes": 480,
      "enable_guest_access": true
    },
    "security": {
      "require_2fa": true,
      "sso_enabled": true,
      "password_policy": {
        "min_length": 12,
        "require_uppercase": true,
        "require_lowercase": true,
        "require_numbers": true,
        "require_symbols": true
      }
    }
  }' | jq

Settings are validated against the organization’s tier. For example, require_2fa and sso_enabled require Business tier or higher.

Update General Settings Only

curl -s -X PUT https://your-project.zatabase.io/v1/organizations/1709300000000/settings/general \
  -H "Authorization: Bearer $ZATABASE_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "default_timezone": "UTC",
    "default_language": "en",
    "date_format": "YYYY-MM-DD",
    "time_format": "24h",
    "currency": "USD",
    "session_timeout_minutes": 480,
    "enable_guest_access": false
  }' | jq

Update Security Settings Only

curl -s -X PUT https://your-project.zatabase.io/v1/organizations/1709300000000/settings/security \
  -H "Authorization: Bearer $ZATABASE_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "require_2fa": true,
    "sso_enabled": false,
    "allowed_email_domains": ["acme.com", "acme.co.uk"],
    "password_policy": {
      "min_length": 10,
      "require_uppercase": true,
      "require_lowercase": true,
      "require_numbers": true,
      "require_symbols": false,
      "max_age_days": 90,
      "prevent_reuse_count": 5
    },
    "session_security": {
      "max_concurrent_sessions": 3,
      "idle_timeout_minutes": 30,
      "ip_whitelist": ["10.0.0.0/8"]
    },
    "api_security": {
      "rate_limit_requests_per_minute": 1000,
      "require_api_key_authentication": true,
      "webhook_signature_verification": true
    }
  }' | jq

Tier-Gated Settings

Certain settings require a minimum organization tier:

Setting	Minimum Tier
`require_2fa`	Business
`sso_enabled`	Business
`external_sharing_enabled`	Business
`audit_logging_enabled`	Business
Custom branding	Business

Attempting to enable a setting below its required tier returns a 400 Bad Request with "Setting not allowed for tier".

Quotas

Quotas enforce resource limits based on the organization’s tier. Each resource has a hard limit (enforced) and an optional soft limit (warning at 80% of hard limit).

Get Quota Configuration

curl -s https://your-project.zatabase.io/v1/organizations/1709300000000/quotas \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

Get Current Usage

curl -s https://your-project.zatabase.io/v1/organizations/1709300000000/quotas/usage \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

Response:

{
  "org_id": 1709300000000,
  "usage": {
    "storage_total": 5368709120,
    "tables_count": 12,
    "collections_count": 8,
    "team_members_count": 42,
    "teams_count": 8,
    "workspaces_count": 15
  },
  "last_updated": "2026-03-04T12:00:00Z",
  "billing_period_start": "2026-03-01T00:00:00Z",
  "billing_period_end": "2026-04-01T00:00:00Z"
}

Get Utilization Report

Shows usage status for each resource relative to its limit:

curl -s https://your-project.zatabase.io/v1/organizations/1709300000000/quotas/utilization \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

Response includes per-resource status (Normal, MediumUsage, HighUsage, or SoftLimitExceeded):

{
  "org_id": 1709300000000,
  "tier": "business",
  "resource_status": {
    "storage_total": {
      "Normal": { "usage": 5368709120, "limit": 107374182400, "percentage": 5 }
    },
    "max_tables": {
      "Normal": { "usage": 12, "limit": 100, "percentage": 12 }
    },
    "max_team_members": {
      "MediumUsage": { "usage": 78, "limit": 100, "percentage": 78 }
    }
  },
  "generated_at": "2026-03-04T12:00:00Z"
}

Update Quotas (Admin)

Override default tier-based quotas with custom limits:

curl -s -X PUT https://your-project.zatabase.io/v1/organizations/1709300000000/quotas \
  -H "Authorization: Bearer $ZATABASE_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "org_id": 1709300000000,
    "tier": "business",
    "limits": {
      "storage_total": 214748364800,
      "max_tables": 200,
      "max_team_members": 150
    },
    "billing_cycle": "monthly"
  }' | jq

Default Quota Limits by Tier

Resource	Free	Startup	Business	Enterprise	Custom
Total Storage	1 GB	10 GB	100 GB	1 TB	Unlimited
Storage per Table	100 MB	1 GB	10 GB	100 GB	Unlimited
Compute Hours/Month	10	100	500	2,000	Unlimited
Concurrent Jobs	1	5	20	100	Unlimited
API Requests/Day	10K	100K	1M	10M	Unlimited
API Requests/Hour	1K	10K	100K	1M	Unlimited
Concurrent Connections	5	25	100	500	Unlimited
Max Tables	5	25	100	500	Unlimited
Max Collections	10	50	200	1,000	Unlimited
Max Indexes	20	100	500	2,000	Unlimited
Backup Retention	7 days	30 days	90 days	365 days	Unlimited
Audit Log Retention	30 days	90 days	365 days	7 years	Unlimited

Branding

Organizations on Business tier or higher can customize their branding (logos, colors, themes).

Get Branding

curl -s https://your-project.zatabase.io/v1/organizations/1709300000000/branding \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

Update Branding

curl -s -X PUT https://your-project.zatabase.io/v1/organizations/1709300000000/branding \
  -H "Authorization: Bearer $ZATABASE_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "primary_color": "#0066FF",
    "secondary_color": "#004499",
    "logo_url": "https://cdn.acme.com/logo.png",
    "favicon_url": "https://cdn.acme.com/favicon.ico"
  }' | jq

Returns 402 Payment Required if the organization’s tier does not support custom branding.

List Branding Templates

curl -s https://your-project.zatabase.io/v1/organizations/1709300000000/branding/templates \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

Apply a Template

curl -s -X POST https://your-project.zatabase.io/v1/organizations/1709300000000/branding/templates/TEMPLATE_ID \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

Get Generated Assets

curl -s https://your-project.zatabase.io/v1/organizations/1709300000000/branding/assets \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

Cross-Organization Collaboration

Organizations can establish collaboration agreements to share resources across organizational boundaries. This requires Business tier or higher.

Request Collaboration

curl -s -X POST https://your-project.zatabase.io/v1/organizations/1709300000000/collaborations/requests \
  -H "Authorization: Bearer $ZATABASE_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "to_org_id": 1709400000000,
    "collaboration_type": "data_sharing",
    "message": "Would like to share analytics data"
  }' | jq

List Collaboration Requests

curl -s https://your-project.zatabase.io/v1/organizations/1709300000000/collaborations/requests \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

Respond to a Request

curl -s -X POST https://your-project.zatabase.io/v1/organizations/1709300000000/collaborations/requests/REQUEST_ID/respond \
  -H "Authorization: Bearer $ZATABASE_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "accepted": true,
    "message": "Approved for Q2 data sharing"
  }' | jq

List Active Collaborations

curl -s https://your-project.zatabase.io/v1/organizations/1709300000000/collaborations \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

Terminate a Collaboration

curl -s -X POST https://your-project.zatabase.io/v1/organizations/1709300000000/collaborations/AGREEMENT_ID/terminate \
  -H "Authorization: Bearer $ZATABASE_TOKEN"

Teams

Teams are groups of users within an organization. Teams support hierarchical nesting, multiple types (department, project, working group, etc.), role-based permissions, invitations, and analytics.

Create a Team

curl -s -X POST https://your-project.zatabase.io/v1/teams \
  -H "Authorization: Bearer $ZATABASE_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "org_id": 1709300000000,
    "created_by": "01HQXYZ...",
    "name": "engineering",
    "display_name": "Engineering",
    "description": "Core engineering team",
    "team_type": "department",
    "visibility": "organization",
    "initial_members": [
      { "user_id": "01HQXYZ...", "role": "owner" }
    ]
  }' | jq

Team Types

Type	Description	Allows Nesting	External Collaboration
`general`	General purpose	Yes	No
`department`	Department-level	Yes	No
`project`	Project-specific	No	Yes
`working_group`	Cross-functional	No	Yes
`external`	External collaboration	No	Yes
`admin`	Administrative/support	Yes	No
`temporary`	Time-limited initiative	No	No

List Teams

# List all teams in an organization
curl -s https://your-project.zatabase.io/v1/organizations/1709300000000/teams \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

# Or via query parameter
curl -s "https://your-project.zatabase.io/v1/teams?org_id=1709300000000" \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

Get Team

curl -s https://your-project.zatabase.io/v1/teams/01HQTEAM... \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

Update Team

curl -s -X PUT https://your-project.zatabase.io/v1/teams/01HQTEAM... \
  -H "Authorization: Bearer $ZATABASE_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "display_name": "Engineering - Platform",
    "description": "Platform engineering team",
    "visibility": "team"
  }' | jq

Delete Team

curl -s -X DELETE https://your-project.zatabase.io/v1/teams/01HQTEAM... \
  -H "Authorization: Bearer $ZATABASE_TOKEN"

Team Hierarchy

Teams support parent-child nesting (for types that allow it):

# Get hierarchy for a specific team
curl -s https://your-project.zatabase.io/v1/teams/01HQTEAM.../hierarchy \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

# Get full team hierarchy for an organization
curl -s https://your-project.zatabase.io/v1/organizations/1709300000000/teams/hierarchy \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

# List direct children of a team
curl -s https://your-project.zatabase.io/v1/teams/01HQTEAM.../children \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

Team Statistics

curl -s https://your-project.zatabase.io/v1/teams/01HQTEAM.../stats \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

Team Members

Team Roles

Role	Manage Team	Manage Members	Invite	View Projects	Create Projects
`owner`	Yes	Yes	Yes	Yes	Yes
`admin`	Yes	Yes	Yes	Yes	Yes
`lead`	Settings only	Yes	Yes	Yes	Yes
`member`	No	No	Yes	Yes	Yes
`collaborator`	No	No	No	Yes	No
`observer`	No	No	No	Yes	No

List Team Members

curl -s https://your-project.zatabase.io/v1/teams/01HQTEAM.../members \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

Add a Member

curl -s -X POST https://your-project.zatabase.io/v1/teams/01HQTEAM.../members \
  -H "Authorization: Bearer $ZATABASE_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "user_id": "01HQXYZ...",
    "role": "member",
    "send_notification": true
  }' | jq

Update Member Role

curl -s -X PUT https://your-project.zatabase.io/v1/teams/01HQTEAM.../members/01HQXYZ... \
  -H "Authorization: Bearer $ZATABASE_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "role": "lead",
    "permissions": ["view_members", "view_projects", "create_projects", "manage_projects", "invite_members"]
  }' | jq

Remove a Member

curl -s -X DELETE https://your-project.zatabase.io/v1/teams/01HQTEAM.../members/01HQXYZ... \
  -H "Authorization: Bearer $ZATABASE_TOKEN"

Team Invitations

Invite users to a team by user ID or email. Invitations include a token for acceptance and expire after a configurable period (default: 72 hours).

Send Invitation

curl -s -X POST https://your-project.zatabase.io/v1/teams/01HQTEAM.../invitations \
  -H "Authorization: Bearer $ZATABASE_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "role": "member",
    "message": "Join the engineering team!",
    "expires_in_hours": 168
  }' | jq

Accept Invitation

curl -s -X POST https://your-project.zatabase.io/v1/teams/invitations/INVITATION_TOKEN/accept \
  -H "Content-Type: application/json" \
  -d '{
    "user_id": "01HQXYZ..."
  }' | jq

Reject Invitation

curl -s -X POST https://your-project.zatabase.io/v1/teams/invitations/INVITATION_TOKEN/reject

Cancel Invitation

curl -s -X DELETE https://your-project.zatabase.io/v1/teams/invitations/INVITATION_TOKEN \
  -H "Authorization: Bearer $ZATABASE_TOKEN"

Team Analytics

Get activity and performance metrics for a team over a specified timeframe:

# Default (monthly)
curl -s https://your-project.zatabase.io/v1/teams/01HQTEAM.../analytics \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

# Specify timeframe: day, week, month, quarter, year
curl -s "https://your-project.zatabase.io/v1/teams/01HQTEAM.../analytics?timeframe=quarter" \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

Activity Log

# Get recent activities (default limit)
curl -s https://your-project.zatabase.io/v1/teams/01HQTEAM.../activities \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

# With custom limit
curl -s "https://your-project.zatabase.io/v1/teams/01HQTEAM.../activities?limit=50" \
  -H "Authorization: Bearer $ZATABASE_TOKEN" | jq

Activity types include: member_joined, member_left, member_role_changed, team_created, team_updated, team_archived, project_created, project_updated, collaboration_started, settings_changed, integration_added, and meeting_scheduled.

Workspaces

Workspaces are collaborative environments within an organization, optionally associated with a team. They provide scoped access to data, real-time collaboration, and configurable features based on workspace type.

Workspace Types

Type	Features
`general`	Real-time collaboration, file sharing, comments, version history
`project`	All of general, plus task management and integrations
`analytics`	Data visualization, query editor, real-time collaboration, export
`development`	Code editor, real-time collaboration, version history, testing
`documentation`	Rich text editor, collaboration, templates, version history
`research`	Data visualization, collaboration, export, citations
`training`	Collaboration, comments, templates, video conferencing
`external`	Collaboration, file sharing, comments, guest access

Workspace Visibility

organization — Visible to all organization members
team — Restricted to team members
private — Visible only to specific users
public — Public with guest access

Workspace Roles

Role	View	Edit	Comment	Share	Manage Members	Manage Settings	Delete	Export
`owner`	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
`editor`	Yes	Yes	Yes	Yes	No	No	No	Yes
`contributor`	Yes	Yes	Yes	No	No	No	No	Yes
`viewer`	Yes	No	Yes	No	No	No	No	Yes
`guest`	Yes	No	Yes	No	No	No	No	No

Workspaces are created and managed through the organization service layer. Workspace quotas are enforced by the organization’s tier limits. See the Permissions page for details on RBAC integration with workspace access control.

RBAC Integration

Organization and team roles integrate with Zatabase’s permissions system. The zpermissions crate enforces CRUD permissions at every API boundary:

Creating members requires CREATE permission on the Permissions resource kind
Removing members requires DELETE permission on the Permissions resource kind
Creating workspaces requires CREATE permission on the Collections resource kind
Reading workspaces requires READ permission on the Collections resource kind
Inviting members is subject to both permission checks and tier-based quota enforcement

The permission check uses the acting user’s principal (User, Role, Group, or Label) against the organization’s permission grants. See Authentication for session management and Permissions for the full RBAC model.

API Reference

Organization Endpoints

Method	Path	Description
`POST`	`/v1/organizations`	Create organization
`GET`	`/v1/organizations`	List organizations
`GET`	`/v1/organizations/:org_id`	Get organization
`PUT`	`/v1/organizations/:org_id`	Update organization
`DELETE`	`/v1/organizations/:org_id`	Delete organization
`GET`	`/v1/organizations/:org_id/children`	List child organizations
`GET`	`/v1/organizations/:org_id/stats`	Get organization statistics
`GET`	`/v1/organizations/:org_id/members`	List members
`POST`	`/v1/organizations/:org_id/members`	Add member
`DELETE`	`/v1/organizations/:org_id/members/:user_id`	Remove member
`POST`	`/v1/organizations/:org_id/invitations`	Invite member
`POST`	`/v1/organizations/:org_id/invitations/:token/accept`	Accept invitation
`GET`	`/v1/organizations/:org_id/settings`	Get settings
`PUT`	`/v1/organizations/:org_id/settings`	Update all settings
`PUT`	`/v1/organizations/:org_id/settings/general`	Update general settings
`PUT`	`/v1/organizations/:org_id/settings/security`	Update security settings
`GET`	`/v1/organizations/:org_id/quotas`	Get quota configuration
`PUT`	`/v1/organizations/:org_id/quotas`	Update quotas
`GET`	`/v1/organizations/:org_id/quotas/usage`	Get current usage
`GET`	`/v1/organizations/:org_id/quotas/utilization`	Get utilization report
`GET`	`/v1/organizations/:org_id/branding`	Get branding
`PUT`	`/v1/organizations/:org_id/branding`	Update branding
`GET`	`/v1/organizations/:org_id/branding/templates`	List branding templates
`POST`	`/v1/organizations/:org_id/branding/templates/:template_id`	Apply template
`GET`	`/v1/organizations/:org_id/branding/assets`	Get generated assets
`GET`	`/v1/organizations/:org_id/collaborations/requests`	List collaboration requests
`POST`	`/v1/organizations/:org_id/collaborations/requests`	Create collaboration request
`POST`	`/v1/organizations/:org_id/collaborations/requests/:request_id/respond`	Respond to request
`GET`	`/v1/organizations/:org_id/collaborations`	List active collaborations
`GET`	`/v1/organizations/:org_id/collaborations/:agreement_id`	Get collaboration details
`POST`	`/v1/organizations/:org_id/collaborations/:agreement_id/terminate`	Terminate collaboration

Team Endpoints

Method	Path	Description
`POST`	`/v1/teams`	Create team
`GET`	`/v1/teams`	List teams (use `?org_id=` filter)
`GET`	`/v1/teams/:team_id`	Get team
`PUT`	`/v1/teams/:team_id`	Update team
`DELETE`	`/v1/teams/:team_id`	Delete team
`GET`	`/v1/teams/:team_id/hierarchy`	Get team hierarchy
`GET`	`/v1/teams/:team_id/children`	List child teams
`GET`	`/v1/teams/:team_id/stats`	Get team statistics
`GET`	`/v1/teams/:team_id/members`	List team members
`POST`	`/v1/teams/:team_id/members`	Add team member
`PUT`	`/v1/teams/:team_id/members/:user_id`	Update member role
`DELETE`	`/v1/teams/:team_id/members/:user_id`	Remove team member
`POST`	`/v1/teams/:team_id/invitations`	Invite to team
`POST`	`/v1/teams/invitations/:token/accept`	Accept invitation
`POST`	`/v1/teams/invitations/:token/reject`	Reject invitation
`DELETE`	`/v1/teams/invitations/:token`	Cancel invitation
`GET`	`/v1/teams/:team_id/analytics`	Get team analytics
`GET`	`/v1/teams/:team_id/activities`	Get activity log
`GET`	`/v1/organizations/:org_id/teams`	List organization teams
`GET`	`/v1/organizations/:org_id/teams/hierarchy`	Get org team hierarchy