diff --git a/packages/documentation/src/content/docs/admin/admin-user-guide.mdx b/packages/documentation/src/content/docs/admin/admin-user-guide.mdx index c1342c39c4..5c7fe12be2 100644 --- a/packages/documentation/src/content/docs/admin/admin-user-guide.mdx +++ b/packages/documentation/src/content/docs/admin/admin-user-guide.mdx @@ -196,9 +196,9 @@ The Edit Tenant page includes the following sections: | | Email | The tenant's email address. | | Identity Provider Information | Consent URL | The URL for the tenant's identity provider consent endpoint. | | | Secret | The secret for the tenant's identity provider. | -| Sensitive Information | API Secret | A unique identifier assigned by Rafiki when the tenant was created. This cannot be changed. | +| Sensitive Information | API Secret | The tenant's API credential used to authenticate requests. Read-only for operators. | -You can modify the public name, email, consent URL, and secret for a tenant. The tenant ID and API secret are read-only. +You can modify the public name, email, consent URL, and secret for a tenant. The tenant ID cannot be changed. The API secret is read-only for operators but can be rotated by the tenants when logged in under their own account. After editing any of the preceding fields, select **Save** to commit those changes. @@ -215,7 +215,9 @@ The Assets page allows you to manage assets in your Rafiki instance, including v On this page, all configured assets appear in a table where you can view the asset ID, the asset code, the scale, and the withdrawal threshold. The list of assets shows only those for the current tenant, as determined by your API credentials. :::note -Operators can create, edit, and delete assets for any tenant. Tenants can only view and manage their own assets. +Operators can create, view, edit, and delete both their own assets and those that belong to any tenant. + +Tenants can create, view, edit, and delete their own assets only. ::: ```graphql @@ -81,3 +80,139 @@ The `asset` object in the response will include the `tenantId` of the tenant to + +## Update an asset + +Once an asset has been created, you may need to adjust its operational threshold values. You can use the `updateAsset` mutation to modify the `liquidityThreshold`. + +This threshold determines when Rafiki triggers low‑liquidity notifications or webhooks, but does not directly deposit or withdraw asset liquidity. + +For information about adding or removing liquidity, see [Asset liquidity](/admin/liquidity/asset-liquidity). + + + + ```graphql + mutation UpdateAsset($input: UpdateAssetInput!) { + updateAsset(input: $input) { + asset { + id + code + scale + withdrawalThreshold + liquidityThreshold + tenantId + } + } + } + ``` + + + + The input object for the update operation requires the asset `id`. Only the threshold fields are editable; all other fields are immutable. + + ```json + { + "input": { + "id": "b3dffeda-1e0e-47d4-82a3-69b1a622eeb9", + "withdrawalThreshold": 100, + "liquidityThreshold": 500 + } + } + ``` + + For more information about this mutation’s input object, see [`UpdateAssetInput`](/apis/graphql/backend/#definition-UpdateAssetInput). + + :::note[Tenant ID and HMAC-signed request headers] + + ::: + + + + + ```json + { + "data": { + "updateAsset": { + "asset": { + "id": "b3dffeda-1e0e-47d4-82a3-69b1a622eeb9", + "code": "USD", + "scale": 2, + "withdrawalThreshold": 100, + "liquidityThreshold": 500, + "tenantId": "3fa85f64-5717-4562-b3fc-2c963f66afa6" + } + } + } + } + ``` + +:::note[Tenant ID in the asset response] +The `asset` object in the response will include the `tenantId` of the tenant to which the asset belongs. This `tenantId` is used to identify the tenant when processing requests related to the asset. +::: + + + + +--- + +## Delete an asset + +Deleting an asset removes it from active use within a Rafiki instance. + +You can only delete an asset if it's not associated with any peers or wallet addresses. Rafiki prevents deleting any asset that's still in use. + + + + ```graphql + mutation DeleteAsset($input: DeleteAssetInput!) { + deleteAsset(input: $input) { + asset { + id + code + scale + tenantId + } + } + } + ``` + + + + ```json + { + "input": { + "id": "b3dffeda-1e0e-47d4-82a3-69b1a622eeb9" + } + } + ``` + + For more information about this mutation’s input object, see [`DeleteAssetInput`](/apis/graphql/backend/#definition-DeleteAssetInput). + + :::note[Tenant ID and HMAC-signed request headers] + + ::: + + + + + ```json + { + "data": { + "deleteAsset": { + "asset": { + "id": "b3dffeda-1e0e-47d4-82a3-69b1a622eeb9", + "code": "USD", + "scale": 2, + "tenantId": "3fa85f64-5717-4562-b3fc-2c963f66afa6" + } + } + } + } + ``` + +:::note[Tenant ID in the asset response] +The `asset` object in the response will include the `tenantId` of the tenant to which the asset belongs. This `tenantId` is used to identify the tenant when processing requests related to the asset. +::: + + + diff --git a/packages/documentation/src/content/docs/integration/requirements/peers.mdx b/packages/documentation/src/content/docs/integration/requirements/peers.mdx index 3187146362..2288072b8a 100644 --- a/packages/documentation/src/content/docs/integration/requirements/peers.mdx +++ b/packages/documentation/src/content/docs/integration/requirements/peers.mdx @@ -21,12 +21,9 @@ Whether you are using the Backend Admin API or the Rafiki Admin application, the **Permissions** -- Operators can create peers for any tenant -- Operators can view any peer -- Operators can edit and delete peers that belong to any tenant -- Tenants can only view their own peers -- Tenants can only edit and delete their own peers -- Tenants cannot create peers +Operators can create, view, edit, and delete both their own peers and those that belong to any tenant. + +Tenants can view, edit, and delete only their own peers. They cannot create peers. ## Perform prerequisites diff --git a/packages/documentation/src/content/docs/integration/requirements/tenants.mdx b/packages/documentation/src/content/docs/integration/requirements/tenants.mdx index 7be3a1e5fd..105c428cd6 100644 --- a/packages/documentation/src/content/docs/integration/requirements/tenants.mdx +++ b/packages/documentation/src/content/docs/integration/requirements/tenants.mdx @@ -54,6 +54,10 @@ Only operators can create, edit, and delete tenants. ## Create a tenant +Use the `createTenant` mutation to register a new tenant within your Rafiki instance. + +This operation is restricted to operators. When a new tenant is created, Rafiki automatically assigns a default ILP address, applies standard configuration settings, and registers the tenant with the `auth` service. Operators can also provide initial custom settings during creation. + After you create a tenant, securely communicate the tenant `id` and `apiSecret` to the tenant out-of-band. @@ -111,6 +115,10 @@ After you create a tenant, securely communicate the tenant `id` and `apiSecret` ## Update a tenant +Use the `updateTenant` mutation to modify an existing tenant’s configuration. + +Tenants can update their own profile details such as the public name, contact email, or identity provider URLs. Tenants can also rotate their own `apiSecret` using this mutation. Operators can update any tenant’s information, but cannot modify a tenant's `apiSecret` on their behalf. + ```graphql @@ -166,6 +174,10 @@ After you create a tenant, securely communicate the tenant `id` and `apiSecret` ## Delete a tenant +Use the `deleteTenant` mutation to remove a tenant from Rafiki. Only operators can perform this action. + +Deleting a tenant marks the tenant as deleted and removes all associated tenant settings and authentication entries. After deletion, the tenant can no longer be used to create or manage resources in Rafiki. + ```graphql