Obexal Docs

Docs/Get started/Create your organization

Create your organization

A self-service sign-up: name your organization, verify your email with a one-time code, and land in the admin console as its owner.

Creating an organization on Obexal is fully self-service: no sales contact, no manual provisioning. The person who creates it becomes its owner, with every administrative permission, and is signed in immediately.

Create your organization from the browser

  1. Open https://accounts.obexal.com/create-organization.
  2. Enter the organization name (2 to 60 characters), your email address and a password (12 characters minimum under the default policy).
  3. Obexal sends a 6-digit code to that address. Enter it to prove you control the mailbox.
  4. The organization is created, your account receives the owner role, and a session is opened automatically: you land directly in the admin console with a verified email.
Note

Nothing is created until the code is validated: submitting the form only sends the code. It stays valid for 10 minutes, with 5 attempts, and the same screen lets you request a new one.

An email address can own only one organization: if yours already does, the sign-up is refused with org_email_exists and you are pointed to sign-in instead.

Your organization address

Every organization has a unique, permanent identifier: its slug. In the browser flow it is generated automatically (in the form org-xxxxxxxx). Through the API you can choose it: 3 to 32 characters, lowercase letters, digits and hyphens, with neither a leading nor a trailing hyphen. Infrastructure words (admin, api, login, www and others) are reserved.

Check availability before submitting:

curl "https://accounts.obexal.com/v1/auth/org/slug-available?slug=acme"
# {"available":true}
# or {"available":false,"reason":"taken"} with reason: invalid | reserved | taken

The slug cannot be changed afterwards. For a branded sign-in URL, connect a custom domain rather than relying on the slug.

Create an organization through the API

The same steps, over JSON. Start the sign-up (this sends the code, nothing else happens yet):

curl -sS -X POST https://accounts.obexal.com/v1/auth/org/signup \
  -H 'Content-Type: application/json' \
  -d '{"organizationName":"Acme","slug":"acme","email":"owner@example.eu","password":"'"$OWNER_PASSWORD"'"}'
# 200 -> {"otpRequired":true,"token":"<challenge>","email":"owner@example.eu","codeLength":6}

Then confirm the code, which actually creates the organization:

curl -sS -X POST https://accounts.obexal.com/v1/auth/org/signup/verify \
  -H 'Content-Type: application/json' \
  -d '{"token":"<challenge>","code":"123456"}'
# 201 -> {"tenant":{"name":"Acme","slug":"acme","dataRegion":"eu"},"autoLogin":true}
# The response also sets the session cookie of the new owner (auto-login).

POST /v1/auth/org/signup/resend with the current token returns a fresh challenge (new token, new code); the previous one stops working. All three endpoints are public and rate limited per IP: expect 429 rate_limited under repeated calls. Other errors: 409 org_email_exists, 409 slug_taken, 400 slug_invalid, 400 invalid_request.

How sign-in finds your organization

Users always sign in at https://accounts.obexal.com (or your custom domain, which replaces it everywhere). The organization is resolved in this order:

  1. Custom domain: a request arriving on a verified custom domain is scoped to your organization.
  2. Explicit slug: the hosted sign-in page accepts ?tenant=<slug>; API clients send the same information in the X-Obexal-Tenant header.
  3. Email address: without explicit context, if the address belongs to exactly one organization, sign-in is routed there. The "one email owns one organization" rule keeps this resolution unambiguous.

Where your organization lives

Every organization is created with dataRegion: "eu": hosted in France, in a datacenter in the Paris region, with data residency in the European Union. It is the only region available today. See Data residency and sovereignty.

Next steps

  1. Connect your first app: OIDC with PKCE, end to end.
  2. Invite your team: the directory works on an invitation model.