# Management API (GraphQL) For any other CRUD operations, a **GraphQL** API is provided. The **GraphQL** API endpoint is `https://{tenant_id}.api.quasr.io/graphql` The Management API allows to create, read, update, delete the following entities: * accounts * controls * consents * permissions * rules * factors * enrollments * extensions * tenants * events {% hint style="info" %} You can find our interactive **GraphQL Explorer** here: {% endhint %}

## **Postman Collection** {% hint style="info" %} **Postman collection** here: {% endhint %} ## API Authorization The Management API requires an **access token (JWT)** with scope `https://api.quasr.io/scopes/admin` or `https://api.quasr.io/scopes/account` (then limited to own resources only) in the **Authorization header**. You can either use your own **personal access token** or create a **dedicated** [**API Client**](/quasr/getting-started/setup-your-tenant/setting-up-an-api-client-m2m.md) for it, if you prefer. You can grab your **personal access token** from the [Tenant Administration](broken://pages/xT9DB1eLOv3hNxZlVxGT) > APIs, as shown in the screenshot below. Do not share the personal access token with anyone.

Personal access token under APIs in the Quasr Tenant Admin UI

### Mutation Scopes

Mutation	Scopes	Notes
createTenant	https://api.quasr.io/scopes/account https://api.quasr.io/scopes/account/tenants https://api.quasr.io/scopes/account/tenants/create	Root user
updateTenant	https://api.quasr.io/scopes/account https://api.quasr.io/scopes/account/tenants https://api.quasr.io/scopes/account/tenants/update	Root user
updateTenant	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/tenants https://api.quasr.io/scopes/admin/tenants/update	Tenant admin
deleteTenant	https://api.quasr.io/scopes/account https://api.quasr.io/scopes/account/tenants https://api.quasr.io/scopes/account/tenants/delete	Root user
createFactor	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/factors https://api.quasr.io/scopes/admin/factors/create	Tenant admin
updateFactor	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/factors https://api.quasr.io/scopes/admin/factors/update	Tenant admin
deleteFactor	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/factors https://api.quasr.io/scopes/admin/factors/delete	Tenant admin
createAttribute	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/attributes https://api.quasr.io/scopes/admin/attributes/create	Tenant admin
updateAttribute	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/attributes https://api.quasr.io/scopes/admin/attributes/update	Tenant admin
deleteAttribute	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/attributes https://api.quasr.io/scopes/admin/attributes/delete	Tenant admin
createControl	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/controls https://api.quasr.io/scopes/admin/controls/create	Tenant admin
updateControl	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/controls https://api.quasr.io/scopes/admin/controls/update	Tenant admin
deleteControl	ttps://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/controls https://api.quasr.io/scopes/admin/controls/delete	Tenant admin
createAccount	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/accounts https://api.quasr.io/scopes/admin/accounts/create	Tenant admin
updateAccount	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/accounts https://api.quasr.io/scopes/admin/accounts/update	Tenant admin
deleteAccount	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/accounts https://api.quasr.io/scopes/admin/accounts/delete	Tenant admin
createExtension	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/extensions https://api.quasr.io/scopes/admin/extensions/create	Tenant admin
updateExtension	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/extensions https://api.quasr.io/scopes/admin/extensions/update	Tenant admin
deleteExtension	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/extensions https://api.quasr.io/scopes/admin/extensions/delete	Tenant admin
createClaim	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/claims https://api.quasr.io/scopes/admin/claims/create	Tenant admin
createClaim	https://api.quasr.io/scopes/account https://api.quasr.io/scopes/account/claims https://api.quasr.io/scopes/account/claims/create	Account
updateClaim	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/claims https://api.quasr.io/scopes/admin/claims/update	Tenant admin
updateClaim	ttps://api.quasr.io/scopes/account https://api.quasr.io/scopes/account/claims https://api.quasr.io/scopes/account/claims/update	Account
deleteClaim	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/claims https://api.quasr.io/scopes/admin/claims/delete	Tenant admin
deleteClaim	https://api.quasr.io/scopes/account https://api.quasr.io/scopes/account/claims https://api.quasr.io/scopes/account/claims/delete	Account
createEnrollment	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/enrollments https://api.quasr.io/scopes/admin/enrollments/create	Tenant admin (only internal accounts)
createEnrollment	https://api.quasr.io/scopes/account https://api.quasr.io/scopes/account/enrollments https://api.quasr.io/scopes/account/enrollments/create	Account
updateEnrollment	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/enrollments https://api.quasr.io/scopes/admin/enrollments/update	Tenant admin (only disable for internal accounts)
updateEnrollment	https://api.quasr.io/scopes/account https://api.quasr.io/scopes/account/enrollments https://api.quasr.io/scopes/account/enrollments/update	Account
deleteEnrollment	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/enrollments https://api.quasr.io/scopes/admin/enrollments/delete	Tenant admin (only internal accounts)
deleteEnrollment	https://api.quasr.io/scopes/account https://api.quasr.io/scopes/account/enrollments https://api.quasr.io/scopes/account/enrollments/delete	Account
updateConsent	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/consents https://api.quasr.io/scopes/admin/consents/update	Tenant admin
updateConsent	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/consents https://api.quasr.io/scopes/admin/consents/update	Account
createPermission	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/permissions https://api.quasr.io/scopes/admin/permissions/create	Tenant admin
updatePermission	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/permissions https://api.quasr.io/scopes/admin/permissions/update	Tenant admin
deletePermission	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/permissions https://api.quasr.io/scopes/admin/permissions/delete	Tenant admin
createRule	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/rules https://api.quasr.io/scopes/admin/rules/create	Tenant admin
updateRule	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/rules https://api.quasr.io/scopes/admin/rules/update	Tenant admin
deleteRule	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/rules https://api.quasr.io/scopes/admin/rules/delete	Tenant admin
createSource	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/sources https://api.quasr.io/scopes/admin/sources/create	Tenant admin
updateSource	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/sources https://api.quasr.io/scopes/admin/sources/update	Tenant admin
deleteSource	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/sources https://api.quasr.io/scopes/admin/sources/delete	Tenant admin

### Query Scopes

Query	Scopes	Notes
getTenant	https://api.quasr.io/scopes/account https://api.quasr.io/scopes/account/tenants https://api.quasr.io/scopes/account/tenants/get	Root user
getTenant	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/tenants https://api.quasr.io/scopes/admin/tenants/get	Tenant admin
listTenants	https://api.quasr.io/scopes/account https://api.quasr.io/scopes/account/tenants https://api.quasr.io/scopes/account/tenants/list	Root user
getFactor	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/factors https://api.quasr.io/scopes/admin/factors/get	Tenant admin
listFactors	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/factors https://api.quasr.io/scopes/admin/factors/list	Tenant admin
getAttribute	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/attributes https://api.quasr.io/scopes/admin/attributes/get	Tenant admin
listAttributes	ps://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/attributes https://api.quasr.io/scopes/admin/attributes/list	Tenant admin
getControl	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/controls https://api.quasr.io/scopes/admin/controls/get	Tenant admin
listControls	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/controls https://api.quasr.io/scopes/admin/controls/list	Tenant admin
getAccount	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/accounts https://api.quasr.io/scopes/admin/accounts/get	Tenant admin
getAccount	https://api.quasr.io/scopes/account https://api.quasr.io/scopes/account/get	Account
listAccounts	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/accounts https://api.quasr.io/scopes/admin/accounts/list	Tenant admin
getExtension	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/extensions https://api.quasr.io/scopes/admin/extensions/get	Tenant admin
listExtensions	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/extensions https://api.quasr.io/scopes/admin/extensions/list	Tenant admin
getClaim	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/claims https://api.quasr.io/scopes/admin/claims/get	Tenant admin
getClaim	https://api.quasr.io/scopes/account https://api.quasr.io/scopes/account/claims https://api.quasr.io/scopes/account/claims/get	Account
listClaims	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/claims https://api.quasr.io/scopes/admin/claims/list	Tenant admin (only per account)
listClaims	https://api.quasr.io/scopes/account https://api.quasr.io/scopes/account/claims https://api.quasr.io/scopes/account/claims/list	Account
searchClaims	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/claims https://api.quasr.io/scopes/admin/claims/search	Tenant admin (only min. 2 characters)
getEnrollment	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/enrollments https://api.quasr.io/scopes/admin/enrollments/get	Tenant admin
getEnrollment	https://api.quasr.io/scopes/account https://api.quasr.io/scopes/account/enrollments https://api.quasr.io/scopes/account/enrollments/get	Account
listEnrollments	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/enrollments https://api.quasr.io/scopes/admin/enrollments/list	Tenant admin
listEnrollments	https://api.quasr.io/scopes/account https://api.quasr.io/scopes/account/enrollments https://api.quasr.io/scopes/account/enrollments/list	Account
getConsent	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/consents https://api.quasr.io/scopes/admin/consents/get	Tenant admin
getConsent	https://api.quasr.io/scopes/account https://api.quasr.io/scopes/account/consents https://api.quasr.io/scopes/account/consents/get	Account
listConsents	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/consents https://api.quasr.io/scopes/admin/consents/list	Tenant admin
listConsents	https://api.quasr.io/scopes/account https://api.quasr.io/scopes/account/consents https://api.quasr.io/scopes/account/consents/list	Account
getPermission	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/permissions https://api.quasr.io/scopes/admin/permissions/get	Tenant admin
getPermission	https://api.quasr.io/scopes/account https://api.quasr.io/scopes/account/permissions https://api.quasr.io/scopes/account/permissions/get	Account
listPermissions	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/permissions https://api.quasr.io/scopes/admin/permissions/list	Tenant admin
listPermissions	https://api.quasr.io/scopes/account https://api.quasr.io/scopes/account/permissions https://api.quasr.io/scopes/account/permissions/list	Account
getRule	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/rules https://api.quasr.io/scopes/admin/rules/get	Tenant admin
listRules	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/rules https://api.quasr.io/scopes/admin/rules/list	Tenant admin
getSource	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/sources https://api.quasr.io/scopes/admin/sources/get	Tenant admin
listSources	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/sources https://api.quasr.io/scopes/admin/sources/list	Tenant admin
getLink	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/links https://api.quasr.io/scopes/admin/links/get	Tenant admin
getLink	https://api.quasr.io/scopes/account https://api.quasr.io/scopes/account/links https://api.quasr.io/scopes/account/links/get	Account
listLinks	https://api.quasr.io/scopes/admin https://api.quasr.io/scopes/admin/links https://api.quasr.io/scopes/admin/links/list	Tenant admin
listLinks	https://api.quasr.io/scopes/account https://api.quasr.io/scopes/account/links https://api.quasr.io/scopes/account/links/list	Account

## Rate Limits The GraphQL API has a limit of 2000 request tokens per second. As your requests could consume one or more tokens per request it's hard to estimate the expected max RPS but if we'd assume an average of 2 tokens per request it means the API should be able to support \~1000 RPS. The burst limit is 40 requests. {% hint style="danger" %} If you exceed 300 requests in 5 min from a single IP address it will be temporarily blocked until you reduce your rate (this can sometimes take a couple minutes). **This limitation can be relevant for large shared networks or back-end integrations that operate via fixed IP.** {% endhint %} {% hint style="danger" %} We block IPs that are listed as either malicious or actively engaged in reconnaissance or DDOS activities (AWS IP reputation list). {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.quasr.io/quasr/tenant-administration/apis/management-api-graphql.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.