The organizations module manages organization entities post-onboarding: organization listing (MORIA only), reference data (sizes and industries), per-organization detail, and organization profile updates. The reference endpoints (sizes, industries) are public (no auth); the rest require Bearer + the read-organization / update-organization permissions.
Property Value Base URL {HOST}/v1Auth Bearer JWT (header Authorization) or cookie access_token Content-Type application/jsonError envelope { "message": string | string[], "statusCode": number, "error": string }Validation Global ValidationPipe · whitelist: true, forbidNonWhitelisted: true · unknown field → 400 Related modules onboarding, users, acl, accounts Document version v1 · 2026-05-20 Audience Internal FE devs (mobile + web)
The full organization list is visible only to the MORIA role. Reference endpoints (sizes, industries) are public — no token required — so the FE can populate dropdown pickers on the signup/onboarding form before a user is authenticated. Per-organization detail is accessible to anyone with read-organization, while update is only allowed for one’s own organization (unless the user is moria_super_admin).
Method Path Auth Summary GET /v1/organizationsbearer List organizations (MORIA only) GET /v1/organizations/sizespublic Reference data for organization sizes (public) GET /v1/organizations/industriespublic Reference data for industry sectors (public) GET /v1/organizations/:organization_idbearer Detail of one organization PATCH /v1/organizations/:organization_idbearer Update organization profile
GET /organizations is only for UserType.MORIA. Other roles → 403.For PATCH /:organization_id, non-moria_super_admin users can only edit their own organization — if organization_id differs, the server returns 401.
The organization signup endpoint (POST /organizations/signup) is documented in the Onboarding module.
Fetch the organization list (paginated). For UserType.MORIA only, with the read-organization permission.
bearer
MORIA
read-organization
RESOURCE_FETCHED
Param Type Default Notes pagenumber 1Page number limitnumber 10Records per page order'asc' | 'desc'descOrder by created_at
"message" : " Organizations retrieved successfully " ,
"id" : " 660e8400-e29b-41d4-a716-446655440111 " ,
"phone_number" : " +628123456788 " ,
"official_registration_number" : " 0123456789 " ,
"created_at" : " 2026-05-20T08:30:00.000Z " ,
"updated_at" : " 2026-05-20T08:30:00.000Z "
Status When it occurs 401 UnauthorizedInvalid Bearer/cookie 403 ForbiddenNot MORIA or missing read-organization permission
Reference data for organization sizes (Micro, Small, Medium, Large, with employee range + IDR revenue bands). Used to populate the FE size dropdown on the organization signup form. The chosen id is sent back as size_id to POST /v1/organizations/signup.
public — no auth required.
Param Type Default Notes pagenumber 1Page number limitnumber 10Records per page order'asc' | 'desc'descOrder by created_at
"message" : " Organization sizes retrieved successfully " ,
"id" : " 03be5259-f281-478e-a8d0-e7e825e525f2 " ,
"min_revenue" : " IDR 300,000,001 " ,
"max_revenue" : " IDR 2,500,000,000 "
Status When it occurs 400 Bad RequestInvalid query params (e.g. non-numeric page/limit)
No auth — this endpoint is public, so there is no 401/403.
Reference data for industry sectors, each with its Indonesian KBLI classification (kbli_code, kbli_description). Used to populate the FE industry dropdown on the organization signup form. The chosen id is sent back as industry_id to POST /v1/organizations/signup.
public — no auth required.
Param Type Default Notes pagenumber 1Page number limitnumber 10Records per page order'asc' | 'desc'descOrder by created_at
"message" : " Organization industries retrieved successfully " ,
"organizationIndustries" : [
"id" : " 1d3a7c2e-4b5f-4c8a-9e2d-7f6a1b2c3d4e " ,
"kbli_description" : " Financial service activities "
Status When it occurs 400 Bad RequestInvalid query params (e.g. non-numeric page/limit)
No auth — this endpoint is public, so there is no 401/403.
Detail of one organization by UUID. The server validates read permission + the caller’s organization scope.
bearer
read-organization
Param Type Notes organization_idUUID Organization ID (must be UUID, validated via ParseUUIDPipe)
"message" : " organization fetched successfully " ,
"id" : " 660e8400-e29b-41d4-a716-446655440111 " ,
"phone_number" : " +628123456788 " ,
"official_registration_number" : " 0123456789 " ,
"created_at" : " 2026-05-20T08:30:00.000Z " ,
"updated_at" : " 2026-05-20T08:30:00.000Z "
Status When it occurs 400 Bad Requestorganization_id is not a UUID401 UnauthorizedInvalid Bearer/cookie 403 ForbiddenPermission mismatch 404 Not FoundOrganization not found
Update an organization profile. Only moria_super_admin may edit other organizations; other organization users may only edit their own organization.
bearer
update-organization
Param Type Notes organization_idUUID Target organization ID
Field Type Required Notes namestring optional Organization name logo_idstring optional Logo file UUID (see file-manager module) emailstring optional Organization contact email phone_numberstring optional Contact phone official_registration_numberstring optional Official registration number statusenum ORGANIZATION_STATUS optional pending, active, inactive, suspended
"name" : " Moria Fund Pro " ,
"message" : " Organization updated successfully " ,
"id" : " 660e8400-e29b-41d4-a716-446655440111 " ,
"name" : " Moria Fund Pro " ,
"phone_number" : " +628123456788 " ,
"updated_at" : " 2026-05-20T09:00:00.000Z "
Status When it occurs 400 Bad RequestValidation failed (invalid enum, unknown field) 401 UnauthorizedNon-moria_super_admin user attempts to edit another organization 403 ForbiddenMissing update-organization permission 404 Not FoundOrganization not found
pending — just signed up, awaiting KYB verificationactive — fully operationalinactive — temporarily deactivatedsuspended — suspended by Moria
finance, health, agriculture, educationtechnnology (typo retained) manufacturing, marine, aviation, securitygovernment, ngo
tens, hundreds, thousands, millions
"message" : " you can't edit another organization " ,
message can be a string or an array of strings (multi-field validation errors).
400 body/param validation401 no cross-org access403 role/permission mismatch404 organization not found500 internal — show a generic toast in FE 