OpenAPI 3.1 specification
Open specification
Use the machine-readable contract with Postman, Insomnia, code generators, or your preferred API client.
Authentication model
- Send
Authorization: Bearer <token>. Tokens are shown once and stored only as SHA-256 hashes. - Every token has explicit abilities and a maximum lifetime. Revoking an identity or role takes effect independently of token scope.
- Tenant data requires a matching tenant identity and live tenant permission. DMTG Tech identities do not silently bypass tenant access controls through the API.
- Protected media uses short-lived signed grants after the portal’s SSO, network, or audited support-access check succeeds.
Version 1 endpoints
GET
/v1/healthUnauthenticated service readiness and deployed version.
GET
/v1/meCurrent API identity, token capabilities, expiration, and effective permissions.
POST
/v1/permissions/checkBatch-check up to 50 platform or tenant permission keys.
POST
/v1/tenants/{tenant}/permissions/checkBatch-check permissions inside one explicit tenant boundary.
GET
/v1/tenants/{tenant}/announcementsCursor-paginated published content for authorized portals and integrations.