Version: 1.3.0
Law Firm Admin Provisioning API (Logto-managed RBAC)
Admin-facing endpoints to create Law Firms, provision Lawyers (AUTH_USERS + FIRM_USER_PROFILES + optional LAWYER_LICENSES), and manage RBAC via Logto (organizations, members, org-role bindings). App keeps optional fine-grained RESOURCE_ACCESS_GRANTS.
v1.2.0 adds:
- GET /admin/auth-users (search by logtoUserId/email) to resolve internal user id.
- GET /admin/law-firms/{lawFirmId}/users/{userId}/resource-policies (effective field policies).
- (Optional) GET /admin/law-firms/{lawFirmId}/users/{userId}/capabilities (aggregate scopes + policies + caseId sets).
v1.3.0 adds:
- Support Access (act-as): start/list/get/revoke short-lived admin support sessions that return a delegated token:
- POST /admin/support-access/requests
- GET /admin/support-access/sessions
- GET /admin/support-access/sessions/{id}
- DELETE /admin/support-access/sessions/{id}
- Generic staff listing:
- GET /admin/law-firms/{lawFirmId}/profiles (filterable by role/credential)
- Generic user provisioning (role/credential–driven):
- POST /admin/law-firms/{lawFirmId}/users
- POST /admin/law-firms/{lawFirmId}/users/{userId}/credentials
- GET /admin/law-firms/{lawFirmId}/users/{userId}/credentials
- DELETE /admin/law-firms/{lawFirmId}/users/{userId}/credentials/{credentialId}
Authentication
- HTTP: Bearer Auth
Security Scheme Type: | http |
|---|---|
HTTP Authorization Scheme: | bearer |
Bearer format: | JWT |