Skip to main content

Organization Onboarding

An organization is the registered business entity on the Genesis X-1 network. Every organization has an actor — the identity unit that authenticates requests and signs events. The organization provides the business continuity anchor. The actor provides the cryptographic identity.

Onboarding an organization creates two things simultaneously:

  • an organization_id — the stable network identifier for the business entity
  • an frl_ledger_id — the Facility Root Ledger, the immutable sovereignty root for that organization

Both are permanent. Neither can be deleted.

Prerequisites

Before onboarding an organization, the actor must exist and have an enrolled signing key.

Step 1 — Create an Actor

curl -sS "$BASE_URL/actors" \
-X POST \
-H "Content-Type: application/json" \
-d '{
"role": "PARTICIPANT",
"public_key": "'"$PUBLIC_KEY_B64"'",
"algorithm": "Ed25519"
}'

Response:

{
"actor_id": "c0fc5897-98ea-4ea1-8df6-00d7f9486703",
"iaex_id": "iaex:actor:c0fc5897-98ea-4ea1-8df6-00d7f9486703",
"role": "PARTICIPANT",
"key": {
"kid": "iaex:actor:c0fc5897-98ea-4ea1-8df6-00d7f9486703#key-1",
"algorithm": "Ed25519",
"status": "ACTIVE",
"preferred_signing": true
}
}

Save the actor_id.

Step 2 — Retrieve an API Key

API keys are issued during network onboarding. Each actor has exactly one API key. The API key authenticates all requests made by that actor.

Set it as:

export API_KEY="iaex_sk_live_..."

Step 3 — Onboard the Organization

curl -sS "$BASE_URL/onboarding/organization" \
-X POST \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-d '{
"legal_name": "Acme Components Private Limited",
"country": "IN",
"region": "TN",
"city": "Chennai",
"registered_address": "45 Foundry Road, Chennai",
"vat_tax_number": "33ABCDE1234F1Z5",
"primary_email": "ops@acmecomponents.com",
"terms_version": "2026-04-21",
"declaration_hash": "acme-onboarding-declaration-v1"
}'

Response:

{
"request_id": "f5b3cf83-1bb7-4ab6-9efd-2790c510b89a",
"organization_id": "a9acfd14-cf2c-4171-b399-4af8e3b5f839",
"frl_ledger_id": "819a736e-3e8b-4e4a-b22f-d0e6f1a2c3b4",
"status": "APPROVED"
}

Save organization_id and frl_ledger_id.

What Gets Written

Organization onboarding appends two authority-signed events to the FRL:

  • GENESIS — opens the Facility Root Ledger
  • ORGANIZATION_REGISTERED — anchors the organization identity

These events are signed by the IAEX authority (notarial seal). No X-Actor-Sig header is required from the caller.

Step 4 — Read the Organization

curl -sS "$BASE_URL/organizations/$ORG_ID" \
-H "Authorization: Bearer $API_KEY"

Response:

{
"organization_id": "a9acfd14-cf2c-4171-b399-4af8e3b5f839",
"actor_id": "c0fc5897-98ea-4ea1-8df6-00d7f9486703",
"legal_name": "Acme Components Private Limited",
"country": "IN",
"status": "APPROVED"
}

Step 5 — Lookup by Actor ID

curl -sS "$BASE_URL/organizations/?actor_id=$ACTOR_ID" \
-H "Authorization: Bearer $API_KEY"

Response:

{
"actor_id": "c0fc5897-98ea-4ea1-8df6-00d7f9486703",
"count": 1,
"organizations": [
{
"organization_id": "a9acfd14-cf2c-4171-b399-4af8e3b5f839",
"legal_name": "Acme Components Private Limited"
}
]
}

Step 6 — Optional Enrichment

Non-identity fields can be updated after onboarding:

curl -sS "$BASE_URL/organizations/$ORG_ID/enrich" \
-X PATCH \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-d '{
"trade_name": "Acme Precision Components",
"postal_code": "600001"
}'

Identity fields (legal_name, vat_tax_number, country) are immutable after onboarding.

Two-Organization Network

Most Genesis X-1 flows require two organizations. The API uses buyer_* and supplier_* as positional labels — these are not fixed business roles. Any organization type (manufacturer, logistics, bank, regulator) can occupy either side.

Onboard both organizations independently, each under their own actor and API key:

# Organization A
curl -sS "$BASE_URL/onboarding/organization" \
-X POST \
-H "Authorization: Bearer $ORG_A_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"legal_name": "Northwind Buyer Operations Private Limited",
"country": "IN",
"region": "KA",
"city": "Bengaluru",
"vat_tax_number": "29ABCDE1234F1Z5",
"primary_email": "ops@northwind.com",
"terms_version": "2026-04-21",
"declaration_hash": "northwind-declaration-v1"
}'

# Organization B
curl -sS "$BASE_URL/onboarding/organization" \
-X POST \
-H "Authorization: Bearer $ORG_B_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"legal_name": "Acme Components Private Limited",
"country": "IN",
"region": "TN",
"city": "Chennai",
"vat_tax_number": "33ABCDE1234F1Z5",
"primary_email": "ops@acmecomponents.com",
"terms_version": "2026-04-21",
"declaration_hash": "acme-declaration-v1"
}'

Once both are onboarded, open an order ledger referencing both organization_id and actor_id values. See Quickstart for the full flow.

Compatibility Alias

POST /onboarding/supplier is an alias for POST /onboarding/organization. Both endpoints are identical. Use either.

Organization vs Actor

ActorOrganization
What it isCryptographic identity unitRegistered business entity
Created byPOST /actorsPOST /onboarding/organization
Used forAuthentication, signing, attributionBusiness relationships, FRL, delegation
PermanentYesYes
Has signing keyYesNo (uses actor's key)

Every organization has exactly one actor. The actor is the signing identity for all operations performed on behalf of that organization.

Delegation After Onboarding

After onboarding, the organization owner can grant delegation to additional actors — operations staff, ERP systems, automated agents. See Delegation and Access Control for grant and revocation flows.