Skip to content

Clients API

Clients in Runnit are organisations linked to yours through a client relationship. The clients endpoints manage those relationships, the team of staff allowed to work on each client, and client data deletion.

All endpoints on this page live under /api/v1/organizations/:orgId/clients..., where orgId is your organisation’s id.

Authentication: every request needs a per-user API key bound to the organisation in the path. See API Keys & Authentication.

Reading client information needs any active membership in your organisation. Creating, updating, or removing clients and editing team assignments needs client-management access, which managers, admins, and owners have by default. Organisations that use custom roles may grant this differently.

Two different ids appear in these paths, so watch which one an endpoint wants:

  • clientId is the id of the client relationship record.
  • clientOrgId is the id of the client organisation itself. Each relationship record carries it as clientOrganizationId.

Lists all of the organisation’s clients with the client organisation’s details. Any active member can call it.

Example request

Terminal window
curl https://api.runnit.io/api/v1/organizations/<org-id>/clients \
-H 'Authorization: Bearer rnk_your_key'

Response

{
"success": true,
"clients": [
{
"id": "<client-relationship-uuid>",
"organizationId": "<org-uuid>",
"clientOrganizationId": "<client-org-uuid>",
"relationshipStatus": "active",
"settings": {},
"createdById": "<user-uuid>",
"createdAt": "2026-01-05T00:00:00.000Z",
"updatedAt": "2026-01-05T00:00:00.000Z",
"organization": {
"id": "<client-org-uuid>",
"name": "Harbour Retail Group",
"slug": "harbour-retail",
"email": "contact@harbour.example.com"
},
"isEditable": true,
"userCount": 0
}
]
}

isEditable is true when you can edit the client organisation’s details through this API: the client organisation has no registered users and was not created by one of its own members. userCount is the number of active users in the client organisation.

POST /api/v1/organizations/:orgId/clients/link

Section titled “POST /api/v1/organizations/:orgId/clients/link”

Links an existing Runnit organisation as a client, using its organisation code. Requires client-management access (managers, admins, and owners by default). Linking also ensures the client has a set of default asset collections.

Request body

NameTypeRequiredDescription
clientOrgCodestringYesThe client organisation’s code (its slug): lowercase letters, numbers, and dashes only.
settingsobjectNoRelationship settings. Defaults to {}.

Example request

Terminal window
curl -X POST https://api.runnit.io/api/v1/organizations/<org-id>/clients/link \
-H 'Authorization: Bearer rnk_your_key' \
-H 'Content-Type: application/json' \
-d '{ "clientOrgCode": "harbour-retail" }'

Response is 201 with the new relationship, the client organisation, and its default collections:

{
"success": true,
"client": {
"id": "<client-relationship-uuid>",
"organizationId": "<org-uuid>",
"clientOrganizationId": "<client-org-uuid>",
"relationshipStatus": "active",
"organization": { "id": "<client-org-uuid>", "name": "Harbour Retail Group", "slug": "harbour-retail" },
"defaultCollections": [{ "id": "<collection-uuid>", "name": "Brand", "...": "..." }]
}
}

Errors

StatusWhen
400The code contains invalid characters, or the relationship already exists.
404No organisation exists with that code.

POST /api/v1/organizations/:orgId/clients/create

Section titled “POST /api/v1/organizations/:orgId/clients/create”

Creates a brand-new organisation for the client and links it in one step. Requires client-management access. Default asset collections are created for the new client automatically.

Request body

NameTypeRequiredDescription
namestringYesThe client organisation’s name.
orgCodestringYesOrganisation code for the new client: lowercase letters, numbers, and dashes only. Must not be taken.
addressLine1stringNoStreet address.
citystringNoCity.
countrystringNoCountry.
emailstringNoContact email; must be a valid address when supplied.
phonestringNoContact phone number.
urlstringNoWebsite address.
settingsobjectNoRelationship settings. Defaults to {}.

Example request

Terminal window
curl -X POST https://api.runnit.io/api/v1/organizations/<org-id>/clients/create \
-H 'Authorization: Bearer rnk_your_key' \
-H 'Content-Type: application/json' \
-d '{
"name": "Harbour Retail Group",
"orgCode": "harbour-retail",
"city": "Sydney",
"country": "Australia",
"email": "contact@harbour.example.com"
}'

Response is 201, in the same shape as the link endpoint.

Errors

StatusWhen
400A required field is missing, orgCode has invalid characters or is already taken, or email is invalid.

GET /api/v1/organizations/:orgId/clients/:clientId

Section titled “GET /api/v1/organizations/:orgId/clients/:clientId”

Returns one client relationship with the client organisation’s details. Any active member can call it. clientId is the relationship id.

Terminal window
curl https://api.runnit.io/api/v1/organizations/<org-id>/clients/<client-id> \
-H 'Authorization: Bearer rnk_your_key'

Response is { "success": true, "client": { ... } } with the same client shape as the list endpoint (without isEditable and userCount). Returns 404 when the relationship does not exist or belongs to another organisation.

PUT /api/v1/organizations/:orgId/clients/:clientId

Section titled “PUT /api/v1/organizations/:orgId/clients/:clientId”

Updates the client relationship. Requires client-management access.

Request body

NameTypeRequiredDescription
relationshipStatusstringNoOne of active, inactive, or pending.
settingsobjectNoReplacement relationship settings.

Example request

Terminal window
curl -X PUT https://api.runnit.io/api/v1/organizations/<org-id>/clients/<client-id> \
-H 'Authorization: Bearer rnk_your_key' \
-H 'Content-Type: application/json' \
-d '{ "relationshipStatus": "inactive" }'

Response is { "success": true, "client": { ... } } with the updated relationship and the client organisation.

Errors

StatusWhen
400relationshipStatus is not active, inactive, or pending.
404The relationship does not exist in the organisation.

PATCH /api/v1/organizations/:orgId/clients/:clientId/organization

Section titled “PATCH /api/v1/organizations/:orgId/clients/:clientId/organization”

Updates the client organisation’s own details (name, contact, and address). Requires client-management access. This only works while the client organisation is still a shell you manage: it must have no registered users, and it must not have been created by one of its own members.

Request body (all optional)

NameTypeRequiredDescription
namestringNoOrganisation name; cannot be empty when supplied.
emailstringNoContact email; must be valid when supplied.
phonestringNoContact phone number.
urlstringNoWebsite address.
addressLine1stringNoStreet address.
citystringNoCity.
countrystringNoCountry.

Example request

Terminal window
curl -X PATCH https://api.runnit.io/api/v1/organizations/<org-id>/clients/<client-id>/organization \
-H 'Authorization: Bearer rnk_your_key' \
-H 'Content-Type: application/json' \
-d '{ "phone": "+61 2 8000 0000" }'

Response is { "success": true, "organization": { ... } } with the updated client organisation.

Errors

StatusWhen
400A supplied field fails validation.
403The client organisation has registered users, or it belongs to its own members.
404The relationship does not exist in the organisation.

DELETE /api/v1/organizations/:orgId/clients/:clientId

Section titled “DELETE /api/v1/organizations/:orgId/clients/:clientId”

Removes the client relationship. Requires client-management access. This unlinks the client; it does not delete the client organisation or any project data. Use the data-deletion endpoint below for that.

Terminal window
curl -X DELETE https://api.runnit.io/api/v1/organizations/<org-id>/clients/<client-id> \
-H 'Authorization: Bearer rnk_your_key'

Response

{ "success": true, "message": "Client relationship removed" }

Returns 404 when the relationship does not exist in the organisation.

DELETE /api/v1/organizations/:orgId/clients/:clientId/data

Section titled “DELETE /api/v1/organizations/:orgId/clients/:clientId/data”

Deletes the data associated with a client relationship. Requires client-management access.

Query parameters

NameTypeRequiredDescription
scopestringNoengagement (default) or full. Any other value is treated as engagement.

Example request

Terminal window
curl -X DELETE 'https://api.runnit.io/api/v1/organizations/<org-id>/clients/<client-id>/data?scope=full' \
-H 'Authorization: Bearer rnk_your_key'

Response

{
"success": true,
"message": "Client data deleted successfully",
"scope": "full",
"summary": { "...": "counts of the records that were removed" }
}

Errors

StatusWhen
404The relationship does not exist in the organisation.

GET /api/v1/organizations/:orgId/clients/:clientOrgId/team

Section titled “GET /api/v1/organizations/:orgId/clients/:clientOrgId/team”

Returns the team that can work on a client. Any active member can call it. Note this endpoint takes the client organisation id, not the relationship id.

If the client has no assignment restrictions, the team is every active member of your organisation. If anyone has been explicitly assigned, the team is only those assigned people.

Terminal window
curl https://api.runnit.io/api/v1/organizations/<org-id>/clients/<client-org-id>/team \
-H 'Authorization: Bearer rnk_your_key'

Response

{
"success": true,
"hasRestrictions": true,
"team": [
{
"id": "<user-uuid>",
"email": "priya@example.com",
"firstName": "Priya",
"lastName": "Shah",
"displayName": "Priya Shah",
"avatarUrl": null,
"currentTitle": "Senior Producer",
"role": "manager",
"isFreelancer": false
}
]
}

Errors

StatusWhen
404There is no client relationship with that client organisation.

GET /api/v1/organizations/:orgId/clients/:clientOrgId/assignments

Section titled “GET /api/v1/organizations/:orgId/clients/:clientOrgId/assignments”

Returns only the explicit assignments for a client, excluding members who can work on it because it has no restrictions. Any active member can call it.

Terminal window
curl https://api.runnit.io/api/v1/organizations/<org-id>/clients/<client-org-id>/assignments \
-H 'Authorization: Bearer rnk_your_key'

Response

{
"success": true,
"assignments": [
{
"id": "<assignment-uuid>",
"userId": "<user-uuid>",
"organizationId": "<org-uuid>",
"clientOrganizationId": "<client-org-uuid>",
"user": {
"id": "<user-uuid>",
"email": "priya@example.com",
"firstName": "Priya",
"lastName": "Shah",
"displayName": "Priya Shah",
"currentTitle": "Senior Producer"
}
}
]
}

Returns 404 when there is no client relationship with that client organisation.

PUT /api/v1/organizations/:orgId/clients/:clientOrgId/assignments

Section titled “PUT /api/v1/organizations/:orgId/clients/:clientOrgId/assignments”

Replaces the client’s team assignments. Requires client-management access.

Passing specific user ids restricts the client to those people: anyone not in the list loses access to the client unless they have all-client access. Passing an empty array removes all restrictions, so every member can work on the client again.

Request body

NameTypeRequiredDescription
userIdsarray of UUIDsYesThe complete set of users assigned to this client. An empty array removes all restrictions.

Example request

Terminal window
curl -X PUT https://api.runnit.io/api/v1/organizations/<org-id>/clients/<client-org-id>/assignments \
-H 'Authorization: Bearer rnk_your_key' \
-H 'Content-Type: application/json' \
-d '{ "userIds": ["<user-id-1>", "<user-id-2>"] }'

Response

{
"success": true,
"message": "Client team updated",
"hasRestrictions": true,
"team": [{ "...": "same member shape as the team endpoint" }]
}

Errors

StatusWhen
400userIds is missing, not an array, or contains a value that is not a UUID.
404There is no client relationship with that client organisation.

The API also mounts the client portal’s job endpoints under /api/v1/client/jobs. They serve the client side of a relationship: they only return data when the key belongs to a user in the client organisation itself, with visibility filtering applied. Keys created in the delivering organisation cannot use them, so they are not documented further here.

Set client-specific billing with the Rate Cards API, or manage per-person client access from the other direction with the Staff Profiles & Work History API.