Dvara — Admin API
The Admin API is the control plane for a running Dvara deployment. Every resource that the DVARA Console can edit is also available over this REST API, so you can provision interactively from the Console and automate the same actions from CI/CD, Terraform, or any other tooling that speaks HTTP.
Both surfaces read and write the same tenants, routes, policies, budgets, credentials, and audit trail — a change made from a script is immediately visible in the Console, and vice versa.
Authentication. Every /v1/admin/* call requires an authenticated
session. For automation, issue a Personal Access Token from the DVARA
Console (Settings → Tokens) and pass it as Authorization: Bearer dvara_pat_…. For OIDC or SAML deployments the same endpoints accept a
signed JWT from the identity provider.
RBAC. Every endpoint enforces a two-level role model. Platform roles
(owner, policy-admin, billing-admin) can act across every tenant;
tenant roles (admin, developer, viewer) can only see and modify
their own tenant's resources. A tenant-scoped caller that passes another
tenant's tenant_id on a query parameter is either silently scoped down
to their own tenant or rejected with 403, depending on the endpoint.
Scope of this reference. This spec covers the core GitOps surface — tenants, API keys, routes, policies, budgets, pricing, provider credentials, webhooks, MCP servers, audit events, and config export/import. The full Admin API has additional endpoints for compliance reports, cost forecasts, chargeback, prompt templates, eval pipelines, guardrail plugins, and MCP approvals — see the DVARA Flightdeck feature pages for those in context.
Authentication
- HTTP: Bearer Auth
Personal access token issued from the DVARA Console (Settings → Tokens). OIDC / SAML deployments accept a signed JWT from the identity provider instead.
Security Scheme Type: | http |
|---|---|
HTTP Authorization Scheme: | bearer |
Bearer format: | dvara_pat_ |
Contact Dvara: URL: https://dvara.ai
License Commercial