OpenPermit Docs
Concepts

Auth and Organizations

How service accounts, organization context, and product roles control API access.

OpenPermit APIs are scoped to organizations. Service accounts and authenticated sessions carry capabilities that determine which buyer, seller, receipt, webhook, audit, and emergency routes they may use.

The SDK supports organization scoping with organizationId:

import { createOpenPermitClient } from '@openpermit/sdk/client';

const openpermit = createOpenPermitClient({
	baseUrl: 'https://api.openpermit.ai',
	apiKey: process.env.OPENPERMIT_API_KEY,
	organizationId: 'org_...',
});

This sends X-OpenPermit-Organization-Id on API requests unless you override it per request.

Product roles are intentionally separate from platform identity:

  • Buyer roles manage mandates, payment authorization, payment execution, receipts, and audit reads.
  • Seller roles manage sellers, resources, seller challenges, payment verification, refunds, webhooks, receipts, and audit reads.
  • Admin and owner roles manage organizations, service accounts, invitations, and emergency actions.

Receipts and Audit

Use receipts, audit events, and webhooks to prove policy, payment, and delivery outcomes.

SDK

Stable public SDK entrypoints for OpenPermit integrations.