Qentrah Partners Docs

API usage

Call Workspace Hono organization APIs with verified access tokens and least-privilege scopes.

Resource server checks

Partner apps call Workspace Hono APIs. Workspace validates issuer, audience, signature, expiry, app approval, organization connection, connection expiry, and scopes before business logic runs.

curl "$QENTRAH_WORKSPACE_API_URL/api/v1/partner/organizations/org_123/clients" \
  -H "Authorization: Bearer $QENTRAH_ACCESS_TOKEN"

Common errors

  • Bearer token is required.: send the access token in the Authorization header.
  • Token organization does not match this route.: the token was granted for a different organization.
  • connection_not_found: the organization has not authorized this app.
  • connection_expired: the 14-day authorization has expired.
  • scope_denied: the token or connection does not include the required scope.

Example backend call

import { loadQentrahClients } from "../../examples/auth/workspace-api";

const clients = await loadQentrahClients({
  workspaceBaseUrl: process.env.QENTRAH_WORKSPACE_API_URL!,
  organizationId: "org_123",
  accessToken: process.env.QENTRAH_ACCESS_TOKEN!,
});

The full tested example lives in examples/auth.

OAuth flow

Use authorization code with PKCE for public apps and confidential clients for server apps.

PDF generator example

A practical read-only integration for generating client profile PDFs.

On this page

Resource server checksCommon errorsExample backend call