Admin API overview

The Admin API lets Organization administrators and solutions engineers automate account management. Use it to provision users, manage Workspaces and groups, rotate API keys, set spend and rate limits, and retrieve usage and audit logs.

i
Information

The Admin API is in Preview. We may adjust endpoints and fields as we refine the API.

Concepts

Concepts

Enterprise Accounts sit on top of Organizations. An Enterprise Account can group several Organizations, while an Organization belongs to at most one Enterprise Account (most Organizations are standalone). They give enterprise customers full isolation between groups of users, beyond what Workspaces provide.

The Backoffice (backoffice.mistral.ai) is the customer-facing app for managing an Enterprise Account: its Organizations, its members, and the Admin API keys of each Organization.

Avertissement

The Backoffice is not the Admin Console. The Admin Console (admin.mistral.ai) administers a single Organization. The Backoffice (backoffice.mistral.ai) manages an Enterprise Account and the Organizations under it.

A user group bundles users so you can manage them together. For example, create a group, add members, then assign the group to a Workspace with a given role. See Groups.

Authentication

Authentication

The Admin API uses a dedicated Admin API key, created in the Backoffice and passed in the x-api-key header. A user's standard API key never grants admin access. See Authentication and Admin API keys for details.

Capabilities

Capabilities

Use the Admin API to manage:

Roles and RBAC

Roles and RBAC

Several endpoints accept role fields by UUID (roles) or by name (role_names). Workspace assignment endpoints accept workspace_role (UUID) or workspace_role_name (name). When RBAC is enabled, list the available roles and their UUIDs with GET /api/admin/roles.

Note

Singular role fields (role, role_name) are deprecated. Use the plural equivalents (roles, role_names), which support assigning multiple roles to a user.

For the full role model, see Roles and permissions.

In this section

In this section