Tenants API
All tenant endpoints require JWT authentication via the Authorization: Bearer <token> header.
See Authentication for details on obtaining tokens.
rahcp SDK and CLI
async with HCPClient . from_env () as client :
namespaces = await client . mapi . list_namespaces ( "dev-ai" , verbose = True )
await client . mapi . create_namespace ( "dev-ai" , { "name" : "new-ns" , "hardQuota" : "100 GB" })
rahcp ns list dev-ai --verbose
rahcp ns create dev-ai --name new-ns --quota "100 GB"
See the
Python SDK for full documentation.
Roles
Tenant-level user accounts are assigned one or more roles that control access to management operations:
Role
Description
ADMINISTRATORFull tenant administration including user, namespace, and settings management
SECURITYManage console security, search security, and user account settings
MONITORRead-only access to statistics, chargeback reports, and tenant configuration
COMPLIANCEManage compliance settings, retention classes, and content classes
Tenant Management
System-level endpoints for creating and managing tenants. Requires system-level administrator credentials.
Base path: /api/v1/mapi/tenants
Method
Path
Description
GET/api/v1/mapi/tenantsList all tenants. Add verbose=true for full details.
PUT/api/v1/mapi/tenantsCreate a new tenant. Body: TenantCreate . Query params: username, password, forcePasswordChange, initialSecurityGroup.
GET/api/v1/mapi/tenants/{tenant_name}Get tenant details.
HEAD/api/v1/mapi/tenants/{tenant_name}Check whether a tenant exists. Returns 200 or 404.
POST/api/v1/mapi/tenants/{tenant_name}Update tenant settings. Body: TenantUpdate .
Query Parameters
All list endpoints support standard query parameters:
Parameter
Type
Description
offsetinteger
Pagination offset (zero-based)
countinteger
Maximum number of results to return
sortTypestring
Field to sort by
sortOrderstring
Sort direction (asc or desc)
filterTypestring
Field to filter on
filterStringstring
Filter value
verboseboolean
Include full details in response (default: false)
TenantCreate
Field
Type
Required
Description
namestring
Yes
Tenant name (must be unique)
systemVisibleDescriptionstring
No
Description visible to system administrators
tenantVisibleDescriptionstring
No
Description visible to tenant administrators
hardQuotastring
No
Maximum storage capacity (e.g., "100 GB")
softQuotainteger
No
Soft quota percentage (0--100)
namespaceQuotastring
No
Maximum number of namespaces
authenticationTypesobject
No
Enabled authentication types
complianceConfigurationEnabledboolean
No
Allow compliance configuration
versioningConfigurationEnabledboolean
No
Allow versioning configuration
searchConfigurationEnabledboolean
No
Allow search configuration
replicationConfigurationEnabledboolean
No
Allow replication configuration
tagsobject
No
Custom tags for the tenant
TenantUpdate
Field
Type
Description
administrationAllowedboolean
Whether tenant administration is allowed
maxNamespacesPerUserinteger
Maximum namespaces a user can own
tenantVisibleDescriptionstring
Tenant-visible description
tagsobject
Custom tags
Tenant Settings
Configuration endpoints for tenant-level administrators. Use GET to read current settings and POST to update.
Base path: /api/v1/mapi/tenants/{tenant_name}
Console Security
Manage password policies, account lockout rules, and IP access restrictions.
Method
Path
Description
GET.../consoleSecurityGet current console security settings
POST.../consoleSecurityUpdate console security settings
Key fields: minimumPasswordLength, disableAfterAttempts, forcePasswordChangeDays, logoutOnInactive, loginMessage, ipSettings.
Method
Path
Description
GET.../contactInfoGet tenant contact information
POST.../contactInfoUpdate tenant contact information
Fields: firstName, lastName, emailAddress, primaryPhone, address1, city, state, zipOrPostalCode, countryOrRegion.
Email Notification
Method
Path
Description
GET.../emailNotificationGet email notification settings
POST.../emailNotificationUpdate email notification settings
Fields: enabled, emailTemplate (with from, subject, body), recipients (with address, importance, severity).
Namespace Defaults
Method
Path
Description
GET.../namespaceDefaultsGet default namespace creation settings
POST.../namespaceDefaultsUpdate default namespace creation settings
Search Security
Method
Path
Description
GET.../searchSecurityGet search console IP restrictions
POST.../searchSecurityUpdate search console IP restrictions
Service Plans
Method
Path
Description
GET.../availableServicePlansList service plans available to this tenant (read-only)
GET.../availableServicePlans/{plan_name}Get details for a specific service plan
Permissions
Method
Path
Description
GET.../permissionsGet tenant-level permissions
POST.../permissionsUpdate tenant-level permissions
CORS Configuration
Method
Path
Description
GET.../corsGet tenant CORS configuration
PUT.../corsSet tenant CORS configuration
DELETE.../corsRemove tenant CORS configuration
Tenant Statistics
Monitoring endpoints for tenant resource usage and chargeback data. Requires the MONITOR role.
Method
Path
Description
GET.../statisticsGet tenant storage statistics (object count, storage used, etc.)
GET.../chargebackReportGet chargeback usage report
Chargeback Query Parameters
Parameter
Type
Default
Description
startstring
--
Start time (ISO 8601 format)
endstring
--
End time (ISO 8601 format)
granularitystring
totalReport granularity: hour, day, or total
User Accounts
Manage tenant-level user accounts for console and API access.
Base path: /api/v1/mapi/tenants/{tenant_name}/userAccounts
Method
Path
Description
GET.../userAccountsList all user accounts in the tenant
PUT.../userAccountsCreate a new user account
GET.../userAccounts/{username}Get user account details
HEAD.../userAccounts/{username}Check whether a user account exists
POST.../userAccounts/{username}Update a user account
DELETE.../userAccounts/{username}Delete a user account
POST.../userAccounts/{username}/changePasswordChange user password
GET.../userAccounts/{username}/dataAccessPermissionsGet user data access permissions
POST.../userAccounts/{username}/dataAccessPermissionsUpdate user data access permissions
UserAccountCreate
Field
Type
Required
Description
usernamestring
Yes
Unique username
fullNamestring
Yes
User's full name
localAuthenticationboolean
Yes
Enable local (password) authentication
enabledboolean
Yes
Whether the account is active
forcePasswordChangeboolean
Yes
Require password change on first login
descriptionstring
No
Account description
rolesobject
No
Assigned roles (e.g., {"role": ["ADMINISTRATOR"]})
allowNamespaceManagementboolean
No
Allow user to create and manage namespaces
UpdatePasswordRequest
Field
Type
Required
Description
newPasswordstring
Yes
The new password
oldPasswordstring
No
The current password (required for non-admin callers)
Group Accounts
Manage tenant-level group accounts, typically mapped to external directory groups.
Base path: /api/v1/mapi/tenants/{tenant_name}/groupAccounts
Method
Path
Description
GET.../groupAccountsList all group accounts in the tenant
PUT.../groupAccountsCreate a new group account
GET.../groupAccounts/{groupname}Get group account details
HEAD.../groupAccounts/{groupname}Check whether a group account exists
POST.../groupAccounts/{groupname}Update a group account
DELETE.../groupAccounts/{groupname}Delete a group account
GET.../groupAccounts/{groupname}/dataAccessPermissionsGet group data access permissions
POST.../groupAccounts/{groupname}/dataAccessPermissionsUpdate group data access permissions
Content Classes
Define custom metadata schemas for object classification and indexing.
Base path: /api/v1/mapi/tenants/{tenant_name}/contentClasses
Method
Path
Description
GET.../contentClassesList all content classes in the tenant
PUT.../contentClassesCreate a new content class
GET.../contentClasses/{name}Get content class details
HEAD.../contentClasses/{name}Check whether a content class exists
POST.../contentClasses/{name}Update a content class
DELETE.../contentClasses/{name}Delete a content class
Code Examples
curl
BASE = "http://localhost:8000/api/v1"
TOKEN = "<your-token>"
AUTH = "Authorization: Bearer $TOKEN "
TENANT = "research"
# ── Tenant management (system admin) ──────────────────────────
# List all tenants (verbose)
curl -s " $BASE /mapi/tenants?verbose=true" -H " $AUTH " | jq .
# Create a tenant with initial admin user
curl -s -X PUT " $BASE /mapi/tenants?username=tenantadmin&password=Ch4ng3Me!" \
-H " $AUTH " \
-H "Content-Type: application/json" \
-d '{
"name": "research",
"systemVisibleDescription": "Research storage",
"hardQuota": "500 GB",
"softQuota": 80
}' | jq .
# ── Tenant settings (tenant admin) ───────────────────────────
# Get tenant details
curl -s " $BASE /mapi/tenants/ $TENANT " -H " $AUTH " | jq .
# Update tenant description
curl -s -X POST " $BASE /mapi/tenants/ $TENANT " \
-H " $AUTH " \
-H "Content-Type: application/json" \
-d '{"tenantVisibleDescription": "Updated description"}' | jq .
# ── User accounts ────────────────────────────────────────────
# List users
curl -s " $BASE /mapi/tenants/ $TENANT /userAccounts?verbose=true" \
-H " $AUTH " | jq .
# Create a user with MONITOR + COMPLIANCE roles
curl -s -X PUT " $BASE /mapi/tenants/ $TENANT /userAccounts?password=InitP4ss!" \
-H " $AUTH " \
-H "Content-Type: application/json" \
-d '{
"username": "auditor",
"fullName": "Compliance Auditor",
"localAuthentication": true,
"enabled": true,
"forcePasswordChange": true,
"roles": {"role": ["MONITOR", "COMPLIANCE"]}
}' | jq .
# Change user password
curl -s -X POST " $BASE /mapi/tenants/ $TENANT /userAccounts/auditor/changePassword" \
-H " $AUTH " \
-H "Content-Type: application/json" \
-d '{"newPassword": "N3wP4ssw0rd!"}' | jq .
# Delete a user
curl -s -X DELETE " $BASE /mapi/tenants/ $TENANT /userAccounts/auditor" \
-H " $AUTH " | jq .
# ── Group accounts ───────────────────────────────────────────
# List groups
curl -s " $BASE /mapi/tenants/ $TENANT /groupAccounts" -H " $AUTH " | jq .
# Create a group
curl -s -X PUT " $BASE /mapi/tenants/ $TENANT /groupAccounts" \
-H " $AUTH " \
-H "Content-Type: application/json" \
-d '{
"groupname": "data-engineers",
"roles": {"role": ["ADMINISTRATOR"]}
}' | jq .
# Delete a group
curl -s -X DELETE " $BASE /mapi/tenants/ $TENANT /groupAccounts/data-engineers" \
-H " $AUTH " | jq .
# ── Statistics & chargeback ──────────────────────────────────
# Tenant statistics
curl -s " $BASE /mapi/tenants/ $TENANT /statistics" -H " $AUTH " | jq .
# Chargeback report (daily, January 2025)
curl -s " $BASE /mapi/tenants/ $TENANT /chargebackReport?\
start=2025-01-01T00:00:00Z&end=2025-02-01T00:00:00Z&granularity=day" \
-H " $AUTH " | jq .
Python
import httpx
BASE = "http://localhost:8000/api/v1"
async def tenant_examples ( token : str ):
headers = { "Authorization" : f "Bearer { token } " }
tenant = "research"
async with httpx . AsyncClient ( base_url = BASE , headers = headers ) as c :
# List tenants (system admin)
resp = await c . get ( "/mapi/tenants" , params = { "verbose" : True })
print ( "Tenants:" , [ t [ "name" ] for t in resp . json ()])
# Create tenant with admin user (system admin)
resp = await c . put (
"/mapi/tenants" ,
params = { "username" : "tenantadmin" , "password" : "Ch4ng3Me!" },
json = {
"name" : "research" ,
"systemVisibleDescription" : "Research storage" ,
"hardQuota" : "500 GB" ,
"softQuota" : 80 ,
},
)
resp . raise_for_status ()
# Create a user
resp = await c . put (
f "/mapi/tenants/ { tenant } /userAccounts" ,
params = { "password" : "InitP4ss!" },
json = {
"username" : "auditor" ,
"fullName" : "Compliance Auditor" ,
"localAuthentication" : True ,
"enabled" : True ,
"forcePasswordChange" : True ,
"roles" : { "role" : [ "MONITOR" , "COMPLIANCE" ]},
},
)
resp . raise_for_status ()
# Get statistics
resp = await c . get ( f "/mapi/tenants/ { tenant } /statistics" )
print ( "Stats:" , resp . json ())
# Chargeback report
resp = await c . get (
f "/mapi/tenants/ { tenant } /chargebackReport" ,
params = {
"start" : "2025-01-01T00:00:00Z" ,
"end" : "2025-02-01T00:00:00Z" ,
"granularity" : "day" ,
},
)
print ( "Chargeback entries:" , resp . json ())