Create tenant

Prev Next

Available in Classic and VPC

Create a tenant.

Request

This section describes the request format. The method and URI are as follows:

Method URI
POST /api/v1/tenant

Request headers

For information about the headers common to all Ncloud Single Sign-On APIs, see Ncloud Single Sign-On request headers.

Request example

The request example is as follows:

curl --location --request POST 'https://sso.apigw.ntruss.com/api/v1/tenant' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}'

Response

This section describes the response format.

Response body

The response body includes the following data:

Field Type Required Description
tenantId String - Tenant ID
tenantAlias String - Tenant alias
mbrLoginAllow String - Whether to allow main account login
  • UNUSED | ALLOW | DENY
    • UNUSED: Follow settings for each application
    • ALLOW: allow
    • DENY: deny
protocols Array - Supported protocols
applicationTypeSupported Array - Application type
oauth2 Object - OAuth 2.0 information
oauth2.grantTypeSupported Array - Authorization method
  • authorization_code | refresh_token | implicit
    • authorization_code: Issue access token with self-generated authorization code.
    • refresh_token: Issue new access token without re-login after the access token expires.
    • implicit: Issue access token directly without authorization code. It is optimized for client environments where it is difficult to securely store credentials.
oauth2.responseTypeSupported Array - Response type supported by OAuth 2.0 and OpenID Connect protocols
oauth2.scopeSupported Array - Application accessible information range
  • profile | openid | groups | email
    • profile: account type, login ID, unique member identifier, username
    • openid: account type, login ID, unique member identifier, username
    • groups: account type, login ID, unique member identifier, username, group
    • email: account type, login ID, unique member identifier, username, email
oauth2.clientAuthMethodSupported Array - Application authentication method
  • client_secret_basic | client_secret_post | none
    • client_secret_basic: Client credentials are passed as HTTP basic authentication header.
    • client_secret_post: Client ID and secret are included in the POST request body.
    • none: no authentication
oauth2.accessTypeSupported Array - Application access method
  • confidential | public
    • confidential: Access after authentication with client ID and secret.
    • public: Access after authentication with client ID.
createdAt String - Tenant creation date and time
  • ISO 8601 format

Response status codes

For information about the response status codes common to all Ncloud Single Sign-On APIs, see Ncloud Single Sign-On response status codes.

Response example

The following is a sample response.

{
    "tenantId": "d71d79e8-****-****-****-281f2a1d5d45",
    "tenantAlias": "d71d79e8-****-****-****-281f2a1d5d45",
    "mbrLoginAllow": "UNUSED",
    "protocols": [
        "OAUTH2"
    ],
    "applicationTypeSupported": [
        "app",
        "web"
    ],
    "oauth2": {
        "grantTypeSupported": [
            "authorization_code",
            "implicit",
            "refresh_token"
        ],
        "responseTypeSupported": [
            "code",
            "token",
            "id_token"
        ],
        "scopeSupported": [
            "profile",
            "openid",
            "groups",
            "email"
        ],
        "clientAuthMethodSupported": [
            "client_secret_basic"
        ],
        "accessTypeSupported": [
            "confidential"
        ]
    },
    "createdAt": "2025-01-02T07:22:25Z"
}