Team and tenant management (Mgmt REST API)
Requires the Mgmt REST API add-on (rest_api_mgmt) on the tenant bound to your REST token, plus a valid portal-issued REST API token:
Mgmt tokens are scoped to one MQTT tenant (account_id in topics and billing). They carry owner-equivalent automation for team and tenant operations on that tenant. Issue tokens only from trusted automation; portal Owners create tokens under Settings → REST API tokens.
Platform operator tokens (isr_mqtt_platform_rest_…) also work and require X-ISR-Account-Id to select the target tenant.
Tenants
Create an additional MQTT tenant under the same enterprise as the token tenant. Every owner on the token tenant receives owner on the new tenant.
curl -sS -X POST "https://mqtt.example.com/api/v1/subscriber/tenants" \
-H "Authorization: Bearer isr_mqtt_rest_…" \
-H "Accept-Encoding: gzip" \
-H "Content-Type: application/json" \
--data '{"display_name":"Production East"}'
Team members
| Method | Path | Description |
|---|---|---|
GET |
/api/v1/subscriber/members |
List members (email, role) |
POST |
/api/v1/subscriber/members/invites |
Email invite (member or data_manager; 48h) |
GET |
/api/v1/subscriber/members/invites |
List invites |
DELETE |
/api/v1/subscriber/members/invites/{invite_id} |
Revoke pending invite |
DELETE |
/api/v1/subscriber/members/{user_id} |
Remove member (not last owner) |
PATCH |
/api/v1/subscriber/members/{user_id} |
Change role (owner, member, data_manager) |
Invite example:
curl -sS -X POST "https://mqtt.example.com/api/v1/subscriber/members/invites" \
-H "Authorization: Bearer isr_mqtt_rest_…" \
-H "Accept-Encoding: gzip" \
-H "Content-Type: application/json" \
--data '{"email":"colleague@example.com","role":"member"}'
Invitees accept via the portal link /team-invite/{token} (sign in or register with the invited email).
Related
- Enterprise teams — roles and portal Members UI
- MQTT client management — same Mgmt add-on for MQTT clients