Bearer token, per partner.
Every request authenticates with a partner-admin token issued to your backend. Send it as a bearer token; never expose it in client code.
Authorization header
HTTP
Authorization: Bearer po_part_...What you can call.
Users & Tenants
Mirror partner tenants and users into PatchOps and issue per-user MCP bearer tokens.
- POST
/api/partner-admin/usersPartnerProvision or reactivate a partner user
- POST
/api/partner-admin/users/{userId}/rotate-tokenPartnerRotate a user's MCP bearer token
Connector Entitlements
Create partner-scoped connector entitlements without exposing premium connector secrets to PatchOps.
- GET
/api/partner-admin/connectionsPartnerList connector entitlements
- POST
/api/partner-admin/connectionsPartnerCreate a connector entitlement
- PUT
/api/partner-admin/connections/{id}PartnerRotate connector custody reference
- DELETE
/api/partner-admin/connections/{id}PartnerDisable a connector entitlement
Usage & Billing
Read current usage, inspect closed billing periods, and submit partner seat reports.
- GET
/api/partner-admin/usage/currentPartnerRead current-period usage
- GET
/api/partner-admin/usage/periodsPartnerList closed usage periods
- GET
/api/partner-admin/usage/periods/{periodId}PartnerRead one usage period
- POST
/api/partner-admin/usage/periods/{periodId}/self-reportPartnerSubmit partner seat report