Tenant config API
Auth: Clerk session (admin role).
Read
GET /v1/tenant/config
{
"data": {
"license_jurisdiction": "mga", // null until configured
"verticals": ["casino", "sportsbook"],
"kyc_model": "dual", // platform_owns | crm_owns | dual | none
"config": {
"rg_features": ["self_exclusion", "deposit_limit_daily", "session_limit_minutes"],
"messaging": {
"quiet_hours": { "start": "22:00", "end": "09:00", "default_timezone": "Europe/Malta" },
"frequency_caps": {
"email": { "per_day": 1, "per_week": 5 },
"sms": { "per_day": 1, "per_week": 3 }
}
}
},
"base_currency": "EUR",
"catalogue": {
// Read-only — drives admin UI dropdowns
"licenses": [{ "value": "mga", "label": "Malta Gaming Authority" }, ...],
"verticals": [{ "value": "casino", "label": "Casino" }, ...],
"kyc_models": [{ "value": "dual", "label": "Dual — split by KYC level" }, ...],
"rg_features": ["self_exclusion", "deposit_limit_daily", ...],
"license_defaults": {
"mga": { "suggested_verticals": [...], "rg_features": [...], "kyc_model": "dual", "hint": "..." },
...
}
}
}
}
The catalogue field is the SSOT for admin UI dropdowns + license-default auto-fill.
Update
PATCH /v1/tenant/config — partial update:
{
"license_jurisdiction": "mga",
"verticals": ["casino", "sportsbook"],
"kyc_model": "dual",
"config": {
"rg_features": ["self_exclusion", "deposit_limit_daily"],
"messaging": {
"quiet_hours": { "start": "22:00", "end": "09:00", "default_timezone": "Europe/Malta" }
}
}
}
Validates each field against the catalogue. Invalid license / vertical / kyc_model / rg_feature → 422 VALIDATION_ERROR.
config merges shallowly over the existing blob — sending { messaging: { quiet_hours: ... } } doesn't clobber messaging.frequency_caps.
After save, the capability cache is invalidated for this tenant — the next request sees the new config without waiting for the 30s TTL.