Organizations, members, and keys

Every piece of data in thefaqapp lives under exactly one organization. An organization has one or more members (humans who sign in to the dashboard) and one or more API keys (credentials for machines).

Organizations

An organization is the top-level tenant. It has:

• A unique slug — used in API URLs (/api/v1/{slug}/questions)
• A plan tier (free / starter / pro / enterprise)
• A set of members
• A set of API keys
• All content (questions, categories, translations)

You can belong to multiple organizations. A common pattern is one organization per product, or one per customer if you’re building an agency.

Members

A member is a user with dashboard access to an organization. Each member has a role (owner, admin, or member) that controls what they can do in the UI.

Roles map to API-key creation: members can create keys scoped to what their role allows. API requests authenticated with a key never carry a member identity; the key carries its own scopes.

API keys

Keys are the machine credential. Each key:

• Belongs to exactly one organization
• Has a scope: read, write, or admin
• Has a rate-limit budget derived from the org’s plan tier
• Is shown once on creation — copy it then

Rotate keys by creating a new one and revoking the old. We won’t auto-expire them; you decide the lifecycle.

// Server side only — never in client code
const faq = createFAQClient({
  apiKey: process.env.FAQAPP_API_KEY!,
  organizationSlug: "acme"
});

Why not just OAuth?

For end-user-facing apps, you can pair a dashboard-token JWT with the SDK — the dashboard mints a short-lived token per user session. See Recipes: per-user tokens. For server-to-server integration, an API key is the right tool.