Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.dokstamp.com/llms.txt

Use this file to discover all available pages before exploring further.

Multi-tenancy & Headers

DokStamp is a multi-tenant platform. Every resource — institutions, courses, students, certificates — is fully isolated within a tenant. There is no cross-tenant data access.

Required headers

All resource endpoints (everything except /oauth/token and /auth/*) require these headers:
HeaderRequiredDescription
AuthorizationYesBearer {access_token}
AcceptYesapplication/json
X-TenantYesYour tenant identifier (provided by DokStamp)

Example

GET /certificates HTTP/1.1
Host: api.dokstamp.com
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9...
Accept: application/json
X-Tenant: universidade-federal-example

Finding your tenant identifier

Your tenant identifier is provided when your account is created. You can also retrieve it from the response body of GET /auth/me: 
{
  "data": {
    "uuid": "550e8400-e29b-41d4-a716-446655440000",
    "name": "João Silva",
    "email": "joao@universidade.edu.br",
    "tenant": {
      "uuid": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
      "name": "Universidade Federal Example",
      "domain": "universidade-federal-example"
    }
  }
}
Use the tenant.domain value as your X-Tenant header.

Tenant isolation rules

  • Data created under one tenant is never visible to another tenant.
  • UUIDs are globally unique, but all read/write operations are filtered by tenant.
  • Attempting to access a resource that belongs to a different tenant returns 404 Not Found (not 403) — this prevents enumeration attacks.