Get the caller's organization
Returns the organization associated with the bearer token. Singleton endpoint — there is no `{organizationId}` in the path and there is no way for a caller to read a different organization's record. **Spec-vs-implementation note (SAL-232).** The spec exposes `plan` and `rateLimits.*` fields; today the organization model does not carry a per-org plan or rate-limit override. The response stubs `plan` to `"free"` and populates `rateLimits` with the system-wide defaults (100 requests/min per org, 50 requests/min per endpoint). When per-org overrides land (SAL-220 follow-up #7) the same wire fields will start reflecting per-org values — the response shape is designed to be forwards-compatible.
Authorization
bearerAuth Salfio API tokens start with the literal prefix sk_live_ followed
by 32 base62 characters (≈190 bits of entropy). Tokens are hashed
at rest with argon2id and shown to the user only once at creation.
In: header
Response Body
application/json
application/json
application/json
curl -X GET "https://api.salfio.com/v1/organization"{
"meta": {
"cursor": "string",
"hasMore": true
},
"data": {
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"name": "Acme Inc.",
"slug": "acme",
"plan": "free",
"defaultTimezone": "Europe/Amsterdam",
"defaultCurrency": "EUR",
"rateLimits": {
"organizationPerMinute": 100,
"endpointPerMinute": 50
},
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z"
}
}{
"error": {
"code": "unauthorized",
"message": "Authentication required"
}
}{
"error": {
"code": "rate_limited",
"message": "Rate limit exceeded",
"details": {
"retry_after_seconds": 30
}
}
}Update a user's profile
Updates whitelisted profile fields. The endpoint intentionally does not accept identity-bound fields — `email`, `clerkUserID`, and the canonical `id` are owned by Clerk and cannot be changed through the API. Unknown fields in the body are silently ignored.
Update the caller's organization
Updates the whitelisted fields on the caller's organization. Only `name`, `defaultTimezone`, and `defaultCurrency` are writable. **`plan` is billing-bound** — an attempt to update it is rejected with `400 invalid_argument` rather than silently ignored, so a partner misreading the spec gets a clear error rather than a false sense of success. **`slug` is stable** for the same reason — changing it breaks dashboard deep links and other external references. Both return 400 when present in the body. Other unknown fields are silently ignored.