Replace a tenant's enabled product modules (declarative full set)
Declarative full-set replace (idempotent, D7): the body is the COMPLETE intended set of enabled modules. The server diffs against the current rows — enabling added keys and disabling removed keys in one transaction — and writes a single `tenant.modules.updated` audit row with the before/after diff. An empty array disables all modules. An unknown or `iam` key is rejected with `400 invalid_module`. Caller must hold `platform.tenants.modules.write`. Cross-tenant write runs as superuser. Disable propagation to the gated services is TTL-bounded (≤30s) — there is no cross-process invalidation. tenant-separation P2 / T008 (AC-2.2/2.5, RN-10).
Declarative full-set replace (idempotent, D7): the body is the COMPLETE
intended set of enabled modules. The server diffs against the current
rows — enabling added keys and disabling removed keys in one
transaction — and writes a single tenant.modules.updated audit row
with the before/after diff. An empty array disables all modules. An
unknown or iam key is rejected with 400 invalid_module. Caller must
hold platform.tenants.modules.write. Cross-tenant write runs as
superuser. Disable propagation to the gated services is TTL-bounded
(≤30s) — there is no cross-process invalidation. tenant-separation P2 /
T008 (AC-2.2/2.5, RN-10).
Authorization
bearerAuth JWT Bearer access token. Clock skew tolerance is ±60 seconds.
In: header
Path Parameters
Target tenant UUID (platform-admin cross-tenant operations).
uuidRequest Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
application/json
application/json
application/json
application/json
curl -X PUT "https://example.com/v1/platform/tenants/497f6eca-6276-4993-bfeb-53cbbbba6f08/modules" \ -H "Content-Type: application/json" \ -d '{ "modules": [ "payments", "recon", "kyc", "fraud" ] }'{
"modules": [
{
"key": "payments",
"enabled": true,
"enabled_at": "2026-01-15T08:00:00Z"
},
{
"key": "recon",
"enabled": true,
"enabled_at": "2026-01-15T08:00:00Z"
},
{
"key": "pos",
"enabled": false
},
{
"key": "disburse",
"enabled": false
},
{
"key": "kyc",
"enabled": true,
"enabled_at": "2026-03-01T09:00:00Z"
},
{
"key": "fraud",
"enabled": false
},
{
"key": "aml",
"enabled": false
},
{
"key": "marketplace",
"enabled": false
}
]
}{
"error": "validation_failed",
"message": "request body is invalid",
"request_id": "string"
}{
"error": "unauthenticated",
"message": "missing or invalid bearer token",
"request_id": "req_01abc123"
}{
"error": "permission_denied",
"message": "caller does not hold the required permission",
"request_id": "req_01abc124"
}{
"error": "not_found",
"message": "the requested resource was not found",
"request_id": "req_01abc125"
}Was this page helpful?