Skip to main content
Every API endpoint is gated by a specific permission assigned to the calling service user’s role. The required permission for each endpoint is documented on its individual API reference page. This page provides a summary of all permissions by scope. Base URLs:
  • https://api.devin.ai/v3/organizations/* — endpoints scoped to a single organization
  • https://api.devin.ai/v3/enterprise/* — endpoints that require enterprise-level permissions
Devin Enterprise customers with a dedicated deployment should replace api.devin.ai with their custom API domain (e.g., api.your-company.devinenterprise.com). See the Enterprise quick start for setup details.
Find your organization ID on the Settings → Service Users page.
Some enterprise endpoints operate on specific organizations using paths like /v3/enterprise/organizations/{org_id}/... (for example, audit logs and tags). Even though they include an org_id parameter, they require enterprise-level permissions.

Enterprise permissions

Organization permissions

Permission inheritance

Enterprise service users authenticate with /v3/enterprise/* endpoints and can operate across all organizations. They are assigned enterprise-level roles and automatically inherit the corresponding org-level permissions in every organization (for example, ViewAccountSessions grants ViewOrgSessions in all orgs). Organization service users are scoped to a single organization and authenticate with /v3/organizations/{org_id}/* endpoints only. They are assigned org-level roles.

Creating service users

Service users are created through the Devin UI:
  1. Enterprise service users: Enterprise settings → Service Users
  2. Organization service users: Organization settings → Service Users
For setup instructions, see the Teams quick start or Enterprise quick start.