Skip to content
StraventaDocs

Replace a tenant's enabled product modules (declarative full set)

Declarative full-set replace (idempotent, D7): the body is the COMPLETE intended set of enabled modules. The server diffs against the current rows — enabling added keys and disabling removed keys in one transaction — and writes a single `tenant.modules.updated` audit row with the before/after diff. An empty array disables all modules. An unknown or `iam` key is rejected with `400 invalid_module`. Caller must hold `platform.tenants.modules.write`. Cross-tenant write runs as superuser. Disable propagation to the gated services is TTL-bounded (≤30s) — there is no cross-process invalidation. tenant-separation P2 / T008 (AC-2.2/2.5, RN-10).

PUT
/v1/platform/tenants/{tenantId}/modules

Declarative full-set replace (idempotent, D7): the body is the COMPLETE intended set of enabled modules. The server diffs against the current rows — enabling added keys and disabling removed keys in one transaction — and writes a single tenant.modules.updated audit row with the before/after diff. An empty array disables all modules. An unknown or iam key is rejected with 400 invalid_module. Caller must hold platform.tenants.modules.write. Cross-tenant write runs as superuser. Disable propagation to the gated services is TTL-bounded (≤30s) — there is no cross-process invalidation. tenant-separation P2 / T008 (AC-2.2/2.5, RN-10).

Authorization

bearerAuth
AuthorizationBearer <token>

JWT Bearer access token. Clock skew tolerance is ±60 seconds.

In: header

Path Parameters

tenantId*string

Target tenant UUID (platform-admin cross-tenant operations).

Formatuuid

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

Response Body

application/json

application/json

application/json

application/json

application/json

curl -X PUT "https://example.com/v1/platform/tenants/497f6eca-6276-4993-bfeb-53cbbbba6f08/modules" \  -H "Content-Type: application/json" \  -d '{    "modules": [      "payments",      "recon",      "kyc",      "fraud"    ]  }'
{
  "modules": [
    {
      "key": "payments",
      "enabled": true,
      "enabled_at": "2026-01-15T08:00:00Z"
    },
    {
      "key": "recon",
      "enabled": true,
      "enabled_at": "2026-01-15T08:00:00Z"
    },
    {
      "key": "pos",
      "enabled": false
    },
    {
      "key": "disburse",
      "enabled": false
    },
    {
      "key": "kyc",
      "enabled": true,
      "enabled_at": "2026-03-01T09:00:00Z"
    },
    {
      "key": "fraud",
      "enabled": false
    },
    {
      "key": "aml",
      "enabled": false
    },
    {
      "key": "marketplace",
      "enabled": false
    }
  ]
}
{
  "error": "validation_failed",
  "message": "request body is invalid",
  "request_id": "string"
}
{
  "error": "unauthenticated",
  "message": "missing or invalid bearer token",
  "request_id": "req_01abc123"
}
{
  "error": "permission_denied",
  "message": "caller does not hold the required permission",
  "request_id": "req_01abc124"
}
{
  "error": "not_found",
  "message": "the requested resource was not found",
  "request_id": "req_01abc125"
}

Was this page helpful?