Skip to main content

Platform Block

The machine that builds machines — multi-tenant infrastructure for SaaS companies

The Platform Block is the orchestration layer that provisions and manages every 23blocks platform, account, app, and block. It provides a complete API for building multi-tenant SaaS products, white-label platforms, developer ecosystems, and marketplace infrastructure.

Key Features

  • Multi-Tenant Provisioning - Create platforms, accounts, apps, and API keys with a single API call
  • Account & App Management - Full CRUD with deployment models, domain verification, branding, and storage
  • Block Licensing - License any of the 17 ecosystem blocks to accounts and provision them to individual apps
  • API Key Infrastructure - Environment-aware keys (test/live), scoped permissions, rate limiting, IP/origin restrictions
  • User Access Control - Grant, revoke, suspend, and reactivate user access across apps and accounts
  • Subscription Management - Billing cycles, Stripe integration, trial periods, auto-renewal
  • Investor Data Room - Built-in reporting: MRR, ARR, ARPA, churn, growth, engagement, platform breakdowns
  • Data Transfer Portal - Secure data export with agreement acceptance and audit trail
  • Domain Verification - SPF, DKIM validation for custom email domains
  • Slack Notifications - Webhook integration for account events

API Endpoint

ServiceURL
Platformhttps://platform.api.us.23blocks.com

Authentication

All endpoints (except Health and Data Transfers) require:

Authorization: Bearer <jwt_token>
X-Platform: <platform_code>

Scopes: platform:admin, platform:manage, platform:read

Platform Hierarchy

Platform (your SaaS product)
└── Account (your customer)
└── App (a product within the account)
├── API Keys (test/live, scoped, rate-limited)
└── Block Instances (Auth, CRM, Files, AI, etc.)

Quick Start

1. Create an Account

curl -X POST https://platform.api.us.23blocks.com/accounts \
-H "Authorization: Bearer $TOKEN" \
-H "X-Platform: your-platform" \
-H "Content-Type: application/json" \
-d '{
"name": "Acme Corp",
"code": "acme",
"deployment_model": "shared_cloud",
"preferred_domain": "acme.yourplatform.com"
}'

2. Create an App

curl -X POST https://platform.api.us.23blocks.com/accounts/acme/apps \
-H "Authorization: Bearer $TOKEN" \
-H "X-Platform: your-platform" \
-H "Content-Type: application/json" \
-d '{
"name": "Main App",
"description": "Primary application",
"app_type": "web",
"purpose": "production"
}'

3. Generate API Keys

curl -X POST https://platform.api.us.23blocks.com/accounts/acme/apps/$APP_ID/api_keys \
-H "Authorization: Bearer $TOKEN" \
-H "X-Platform: your-platform" \
-H "Content-Type: application/json" \
-d '{
"name": "Production Key",
"key_type": "publishable",
"environment": "live",
"scopes": ["read", "write"]
}'

4. Provision Blocks

curl -X POST https://platform.api.us.23blocks.com/accounts/acme/apps/$APP_ID/blocks \
-H "Authorization: Bearer $TOKEN" \
-H "X-Platform: your-platform" \
-H "Content-Type: application/json" \
-d '{
"block_unique_id": "auth-block-id"
}'

Health Checks

No authentication required.

EndpointDescription
GET /healthBasic service health
GET /health/readyDatabase connectivity check
GET /health/detailedExtended health with component statuses

Platforms

EndpointMethodDescription
/platformsGETList all platforms
/platforms/:unique_idGETShow single platform
/platformsPOSTCreate a new platform
/platforms/:unique_idPUTUpdate a platform
/platforms/:unique_idDELETEDelete a platform

Platform Attributes

FieldTypeDescription
unique_idstringUnique identifier
url_idstringURL-safe identifier
codestringPlatform code
namestringPlatform name
descriptionstringPlatform description
emailstringContact email
websitestringWebsite URL
statusstringPlatform status
enabledbooleanWhether platform is active
schema_namestringDatabase schema name
settingsobjectPlatform configuration
metadataobjectCustom metadata

Accounts

EndpointMethodDescription
/platforms/:pid/accountsGETList accounts in a platform
/platforms/:pid/accounts/:idGETShow single account
/platforms/:pid/accountsPOSTCreate account in platform
/platforms/:pid/accounts/:idPUTUpdate account
/platforms/:pid/accounts/:idDELETEDelete account
/accountsGETList accounts in current platform context
/accounts/:url_idGETShow single account
/accountsPOSTCreate account
/accounts/:url_idPUTUpdate account
/accounts/:url_idDELETEDelete account (soft delete)
/global/accountsGETAggregates accounts across ALL platforms

Account Attributes

FieldTypeDescription
unique_idstringUnique identifier
namestringAccount name
codestringAccount code
url_idstringURL-safe identifier
statusstringAccount status
preferred_domainstringCustom domain
preferred_languagestringPreferred language
deployment_modelstringDeployment type
capabilitiesobjectComputed capabilities from deployment model

Deployment Models

ModelDescription
shared_cloudInstant provisioning on shared infrastructure
dedicated_cloudIsolated infrastructure with SLA guarantees
self_hostedRun on your own AWS account
partner_cloudManaged by a 23blocks partner

Capabilities (computed from deployment_model)

{
"capabilities": {
"can_export_data": true,
"can_export_terraform": false,
"can_view_monitoring": true,
"can_instant_provision": true,
"has_dedicated_support": false,
"has_sla_guarantee": false,
"can_customize_infra": false,
"requires_vpn": false,
"data_residency_configurable": false
}
}

Apps

EndpointMethodDescription
/accounts/:url_id/appsGETList apps for an account
/accounts/:url_id/appsPOSTCreate app
/accounts/:url_id/apps/:idPUTUpdate app
/accounts/:url_id/apps/:idDELETEDelete app
/accounts/:url_id/apps/:id/verify_domainPOSTVerify domain ownership
/accounts/:url_id/apps/:id/check_domainGETCheck domain verification status

App Attributes

FieldTypeDescription
unique_idstringUnique identifier
namestringApp name
app_typestringApplication type
purposestringApp purpose
statusstringApp status
oauth_enabledbooleanOAuth support enabled
rate_limit_per_minuteintegerRate limit
webhook_urlstringWebhook endpoint
allowed_originsarrayCORS origins
preferred_domainstringCustom domain
domain_verifiedbooleanDomain verification status

API Keys

EndpointMethodDescription
/accounts/:url_id/apps/:app_id/api_keysGETList API keys
/accounts/:url_id/apps/:app_id/api_keysPOSTCreate API key
/accounts/:url_id/apps/:app_id/api_keys/:id/regeneratePOSTRegenerate key
/accounts/:url_id/apps/:app_id/api_keys/:id/rotate_secretPOSTRotate secret

Key Format

pk_live_sh_xxxx  (publishable key)
sk_live_sh_xxxx (secret key)

Tier codes embedded in key: sh (shared), ent (dedicated/self-hosted), byok (partner).

API Key Attributes

FieldTypeDescription
key_idstringThe API key value
namestringKey name
key_typestringpublishable or secret
environmentstringtest or live
scopesarrayPermission scopes
rate_limit_per_minuteintegerRate limit
allowed_ipsarrayIP whitelist
allowed_originsarrayOrigin whitelist
expires_atdatetimeExpiration date
usage_countintegerTotal usage

Block Licensing

Account Blocks (licensing)

EndpointMethodDescription
/accounts/:url_id/blocksGETList licensed blocks
/accounts/:url_id/blocksPOSTLicense a block
/accounts/:url_id/blocks/:idDELETERemove block license

App Blocks (provisioning)

EndpointMethodDescription
/accounts/:url_id/apps/:app_id/blocksGETList provisioned blocks
/accounts/:url_id/apps/:app_id/blocksPOSTProvision block to app
/accounts/:url_id/apps/:app_id/blocks/:block_idDELETEDeprovision block

Available Blocks (17)

Auth, CRM, Content, Files, Forms, Geolocation, Jarvis (AI), Messaging, Notifications, Onboarding, Products, Rewards, Sales, Search, Social, University, Wallet

Subscriptions

EndpointMethodDescription
/accounts/:url_id/subscriptionsGETList subscriptions
/accounts/:url_id/subscriptionsPOSTCreate subscription
/accounts/:url_id/subscriptions/:id/cancelPOSTCancel subscription
/accounts/:url_id/subscriptions/:id/reactivatePOSTReactivate
/accounts/:url_id/subscriptions/:id/suspendPOSTSuspend
/subscription_modelsGETList subscription model catalog

User Access Control

EndpointMethodDescription
/users/:user_id/appsGETList apps a user can access
/users/:user_id/accountsGETList accounts a user belongs to
/users/:user_id/accessesGETList all access records
/user_accessesPOSTGrant user access
/user_accesses/:id/revokePOSTRevoke access
/user_accesses/:id/suspendPOSTSuspend access
/user_accesses/:id/reactivatePOSTReactivate access

Account Services

EndpointMethodDescription
/accounts/:url_id/keysCRUDAWS/third-party credentials
/accounts/:url_id/exchangeCRUDRabbitMQ configuration
/accounts/:url_id/detailsGET/POST/PUTAddress, contact, branding
/accounts/:url_id/storagePOSTProvision S3 storage
/accounts/:url_id/domain/verifyPOSTInitiate domain verification
/accounts/:url_id/domain/checkGETCheck domain verification (SPF, DKIM)
/accounts/:url_id/logo/presignPOSTGet presigned URL for logo upload
/accounts/:url_id/logo/publishPOSTPublish uploaded logo
/accounts/:url_id/settings/notificationsPATCHSlack webhook settings

Data Transfers

Public endpoints — no JWT authentication required.

EndpointMethodDescription
/data_transfers/:codeGETShow transfer details
/data_transfers/:code/request_accessPOSTRequest access
/data_transfers/:code/verify_accessPOSTVerify access credentials
/data_transfers/:code/acceptPOSTAccept transfer agreement
/data_transfers/:code/declinePOSTDecline transfer
/data_transfers/:code/eventsPOSTRecord transfer event

Reporting (Investor Data Room)

Scope: platform:admin

EndpointMethodDescription
/reporting/dashboardGETDashboard overview across all platforms
/reporting/revenueGETMRR, ARR, ARPA, by tier/block/platform
/reporting/customersGETCustomer metrics, trials, churn, health
/reporting/growthGETNew accounts, MRR movement, expansion
/reporting/engagementGETAPI usage, active accounts, block adoption
/reporting/platformsGETPlatform breakdown
/reporting/platforms/:codeGETSingle platform detail

Query parameters: period (7d, 30d, 90d, all_time), platform (code), force_refresh (true/false)

Response Format

All responses follow JSON:API format:

{
"data": {
"id": "<unique_id>",
"type": "<resource_type>",
"attributes": { }
},
"meta": { }
}

Error responses:

{
"error": "<error_type>",
"message": "<human-readable message>",
"status": 422
}