https://api.devin.ai/v3/organizations/*— endpoints scoped to a single organizationhttps://api.devin.ai/v3/enterprise/*— endpoints that require enterprise-level permissions
Devin Enterprise customers with a dedicated deployment should replace
api.devin.ai with their custom API domain (e.g., api.your-company.devinenterprise.com). See the Enterprise quick start for setup details.Some enterprise endpoints operate on specific organizations using paths like
/v3/enterprise/organizations/{org_id}/... (for example, audit logs and tags).
Even though they include an org_id parameter, they require enterprise-level permissions.Enterprise permissions
| Permission | Controls |
|---|---|
ReadAccountMeta | Self (granted to all service users by default) |
ManageEnterpriseSettings | Audit logs, Organization tags |
ManageOrganizations | Organizations CRUD, Organization group limits |
ManageAccountMembership | Roles, Enterprise users, Enterprise IdP groups, Enterprise service user membership, Enterprise IdP group registration |
ManageAccountServiceUsers | Service user provisioning (enterprise) |
ManageAccountKnowledge | Knowledge notes (enterprise) |
ManageAccountPlaybooks | Playbooks (enterprise) |
ManageGitIntegrations | Git connections, Git permissions |
ManageBilling | Consumption cycles, Daily consumption breakdowns |
ViewAccountMetrics | Usage metrics (DAU/WAU/MAU, PRs, sessions, searches, active users), Queue status |
ViewEnterpriseInfraDetails | Hypervisors |
ViewAccountSessions | Sessions list and detail (enterprise, read-only) |
ManageAccountSessions | Send messages to sessions (enterprise) |
Organization permissions
| Permission | Controls |
|---|---|
ManageOrgSecrets | Secrets CRUD |
ManageOrgKnowledge | Knowledge notes (organization) |
ManageOrgPlaybooks | Playbooks (organization) |
ManageOrgServiceUsers | Service user provisioning (organization) |
ManageOrgSchedules | Scheduled sessions |
ViewOrgSessions | Sessions list and detail (organization, read-only) |
ManageOrgSessions | Send messages, terminate, archive sessions |
UseDevinSessions | Create sessions |
ImpersonateOrgSessions | Create sessions on behalf of other users (create_as_user_id) |
Permission inheritance
Enterprise service users authenticate with/v3/enterprise/* endpoints and can operate across all organizations. They are assigned enterprise-level roles and automatically inherit the corresponding org-level permissions in every organization (for example, ViewAccountSessions grants ViewOrgSessions in all orgs).
Organization service users are scoped to a single organization and authenticate with /v3/organizations/{org_id}/* endpoints only. They are assigned org-level roles.
Creating service users
Service users are created through the Devin UI:- Enterprise service users: Enterprise settings → Service Users
- Organization service users: Organization settings → Service Users