Organizations

An organization is a billing tenant. It owns its own wallet, its own API keys, and its own usage ledger. Members of the org can call the gateway and have those calls attributed to the org's wallet rather than their personal one.

Creating an org

Dashboard → Organizations → Create. Pick a unique slug (it lives in the URL). The creator becomes the owner by default.

Attribution

There are two ways a call gets attributed to an org:

1. Org-owned API key — keys created inside the org auto-attribute every call. No header required.
2. Personal key + X-DeepToken-Org header — pass the org slug. The caller must be a member.

Authorization: Bearer dtk_...
X-DeepToken-Org: my-org-slug

Wallet modes

Each org chooses one of two modes:

• Strict — Calls return 402 org_wallet_empty when the org wallet hits zero. Personal wallet is never charged.
• Fallback — When the org wallet is empty, the caller's personal wallet picks up the bill. Useful for trial flows where you want to absorb overage from a runaway member.

The mode flips in real time from the org settings page; new calls land on the new mode immediately.

Members & roles

• Owner — Full control, including org deletion and ownership transfer.
• Admin — Manage org settings, members, API keys, billing, and custom roles. Cannot delete the org.
• Billing — View the org and usage, and manage billing. Cannot manage members or API keys.
• Member — View org metadata and usage. Cannot change org, member, billing, or API-key settings.

Custom roles can be defined from the same permission set. Membership and role changes write audit rows.