{ New } - Company Management

Company Management API

You can now manage your companies (and their domains, APKs, and external domains) directly through the API in addition to the UI.

POST /json/v3/companies — add a new company. Body: { name, domains?, apks?, external_domains? }. name must be alphanumeric only (no spaces or special characters), 1-100 characters. At least one of domains, apks, or external_domains must contain at least one value.
DELETE /json/v3/companies/{companyId} — remove a company by id.
POST /json/v3/companies/{companyId}/assets — add domains, apks, and/or external_domains to a company (deduplicated via $addToSet).
DELETE /json/v3/companies/{companyId}/assets — remove domains, apks, and/or external_domains from a company.
All endpoints require the api-key header and the existing search-by-company permission, and return the updated companies array.

A user can only modify companies that belong to their own account.
For organizations with synced data (organization.synced_data: true), only the organization owner can add, remove, or modify companies. Non-owner members receive 403 Forbidden with a message explaining that only the owner may perform these actions. Changes made by the owner are visible to all members through the existing organization sync.
The GET /json/v3/my-account response now includes an organization object (name, role, synced_data, synced_archive, date) when the user is part of an organization. Use it to determine in advance whether the new company management endpoints will be allowed for the calling user: if organization.synced_data is true and organization.role is not "owner", mutation calls will be rejected with 403 Forbidden.

CORS now accepts DELETE in addition to GET/POST to support the new endpoints from browser clients.
OpenAPI spec updated with a new Company Management tag, a reusable Company schema, and the four new operations.