Skip to content

List a tenant's roles.

GET
/tenants/{tenant_id}/roles
curl --request GET \
--url 'https://shiftagent.example.com/tenants/example/roles?limit=20' \
--header 'Authorization: Bearer <token>'

Lists roles in the tenant. ?name= is an exact-match filter — the recovery path after a 409 name-conflict when the conflicting ID was lost.

tenant_id
required
string
/^tnt_[A-Za-z0-9]+$/

Internal tenant ID.

limit
integer
default: 20 >= 1 <= 100

Page size (1–100).

starting_after
string

Cursor: return items after this object ID (forward pagination). Use the id of the last item of the previous page.

ending_before
string

Cursor: return items before this object ID (backward pagination). Mutually exclusive with starting_after.

name
string

Exact-match filter on the tenant-unique role name.

A page of roles.

Media type application/json
object
object
required

Envelope discriminator.

string
Allowed value: list
data
required

The page of items.

Array
has_more
required

Whether more items exist beyond this page.

boolean
next_cursor

Opaque cursor for the next page (pass as starting_after). Null when has_more is false.

string | null
data
required
Array<object>

Tenant-scoped access profile: optional repository override + skill narrowing. Effective repository = repository_id ?? tenant default; effective skills = effective repository’s skills ∩ skill_access.

object
object
required
string
Allowed value: role
id
required
string
/^rol_[A-Za-z0-9]+$/
tenant_id
required
string
/^tnt_[A-Za-z0-9]+$/
name
required

Unique per tenant — load-bearing for replay-safe provisioning (deterministic 409 + conflicting_resource_id recovery).

string
<= 255 characters
description
required

Human-readable purpose.

string | null
repository_id
required

Repository override; null falls through to the tenant default repository.

string | null
/^rep_[A-Za-z0-9]+$/
skill_access
required
One of: discriminator: mode

Grant every skill of the role’s effective repository.

object
mode
required

Access-mode discriminator.

string
Allowed value: all
created_at
required

RFC 3339 / ISO 8601 timestamp, UTC.

string format: date-time
updated_at
required

RFC 3339 / ISO 8601 timestamp, UTC.

string format: date-time
Example
{
"object": "list",
"data": [
{
"object": "role",
"skill_access": {
"mode": "all"
}
}
]
}

Bad request — malformed body/parameters or an invalid parameter combination (e.g. neither or both of user_id/tenant_id on listConversations, or both pagination cursors).

Media type application/problem+json

RFC 9457 problem+json error envelope. type is a URI under https://shiftagent.example.com/problems/{slug} (deployment host substituted); see the API-level problem registry for every slug.

object
type
required

Problem type URI (registry slug).

string format: uri-reference
title
required

Short, human-readable summary of the problem type.

string
status
required

HTTP status code.

integer format: int32
detail

Human-readable explanation specific to this occurrence.

string
instance

URI reference identifying this occurrence.

string format: uri-reference
request_id

Correlation ID for support and log lookup.

string
conflicting_resource_id

On name-conflict, external-id-conflict, and resource-in-use: the ID of the existing/depended-on resource — fetch it and continue (replay recovery).

string
errors

On validation-error, field-level details.

Array<object>
object
pointer
required

JSON pointer to the offending field.

string
message
required

What failed.

string
Examples
Example bad_request

Invalid parameter combination

{
"type": "https://shiftagent.example.com/problems/validation-error",
"title": "Invalid request",
"status": 400,
"detail": "Exactly one of user_id or tenant_id is required.",
"request_id": "req_01hzx8bad001"
}

Missing or invalid credentials — no bearer token, an unknown/revoked sk_int_ key, or an expired platform JWT.

Media type application/problem+json

RFC 9457 problem+json error envelope. type is a URI under https://shiftagent.example.com/problems/{slug} (deployment host substituted); see the API-level problem registry for every slug.

object
type
required

Problem type URI (registry slug).

string format: uri-reference
title
required

Short, human-readable summary of the problem type.

string
status
required

HTTP status code.

integer format: int32
detail

Human-readable explanation specific to this occurrence.

string
instance

URI reference identifying this occurrence.

string format: uri-reference
request_id

Correlation ID for support and log lookup.

string
conflicting_resource_id

On name-conflict, external-id-conflict, and resource-in-use: the ID of the existing/depended-on resource — fetch it and continue (replay recovery).

string
errors

On validation-error, field-level details.

Array<object>
object
pointer
required

JSON pointer to the offending field.

string
message
required

What failed.

string
Examples
Example unauthorized

Missing or invalid bearer token

{
"type": "https://shiftagent.example.com/problems/insufficient-scope",
"title": "Unauthorized",
"status": 401,
"detail": "Provide a valid sk_int_ service key or platform JWT.",
"request_id": "req_01hzx8auth001"
}

Not found — the resource does not exist, was deprovisioned, or lies outside the integration key’s subtree (indistinguishable by design).

Media type application/problem+json

RFC 9457 problem+json error envelope. type is a URI under https://shiftagent.example.com/problems/{slug} (deployment host substituted); see the API-level problem registry for every slug.

object
type
required

Problem type URI (registry slug).

string format: uri-reference
title
required

Short, human-readable summary of the problem type.

string
status
required

HTTP status code.

integer format: int32
detail

Human-readable explanation specific to this occurrence.

string
instance

URI reference identifying this occurrence.

string format: uri-reference
request_id

Correlation ID for support and log lookup.

string
conflicting_resource_id

On name-conflict, external-id-conflict, and resource-in-use: the ID of the existing/depended-on resource — fetch it and continue (replay recovery).

string
errors

On validation-error, field-level details.

Array<object>
object
pointer
required

JSON pointer to the offending field.

string
message
required

What failed.

string
Examples
Example not_found

Unknown resource

{
"type": "https://shiftagent.example.com/problems/not-found",
"title": "Not found",
"status": 404,
"detail": "No tenant with external_id acme:tenant:999999.",
"request_id": "req_01hzx8nf001"
}