Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

JSON-RPC Interface

Mycelium exposes all administrative operations through a JSON-RPC 2.0 interface at POST /_adm/rpc. This endpoint accepts both single requests and batched arrays of requests.

The JSON-RPC interface mirrors the REST admin API — every operation available through the REST routes is also available as a JSON-RPC method. Prefer JSON-RPC when building programmatic clients, automation scripts, or AI agent integrations.

Transport

POST /_adm/rpc
Authorization: Bearer <jwt>          # or x-mycelium-connection-string
Content-Type: application/json

Single request:

{
  "jsonrpc": "2.0",
  "method": "beginners.profile.get",
  "params": {},
  "id": 1
}

Batch request (array):

[
  { "jsonrpc": "2.0", "method": "beginners.profile.get", "params": {}, "id": 1 },
  { "jsonrpc": "2.0", "method": "gatewayManager.routes.list", "params": {}, "id": 2 }
]

Discovery

rpc.discover

Returns the OpenRPC specification for this server — the full list of methods, their parameter schemas, and result schemas.

{ "jsonrpc": "2.0", "method": "rpc.discover", "params": {}, "id": 1 }

Method Reference

Methods are organized by namespace. The namespace corresponds to the role required to call them (see Account Types and Roles).

managers — Platform-wide operations

Requires: staff or manager role.

MethodDescription
managers.accounts.createSystemAccountCreate a system-level account
managers.guestRoles.createSystemRolesCreate platform-wide guest roles
managers.tenants.createCreate a new tenant
managers.tenants.listList all tenants
managers.tenants.deleteDelete a tenant
managers.tenants.includeTenantOwnerAssign a tenant owner to a tenant
managers.tenants.excludeTenantOwnerRemove a tenant owner from a tenant

accountManager — Account manager operations

Requires: accounts-manager role.

MethodDescription
accountManager.guests.guestToChildrenAccountInvite a user as a guest to a child account
accountManager.guestRoles.listGuestRolesList available guest roles
accountManager.guestRoles.fetchGuestRoleDetailsGet details of a specific guest role

gatewayManager — Gateway inspection

Requires: gateway-manager role.

MethodDescription
gatewayManager.routes.listList all registered routes
gatewayManager.services.listList all registered downstream services
gatewayManager.tools.listList all discoverable tools exposed to AI agents

beginners — Self-service / user operations

Requires: authenticated (any logged-in user). No admin role needed.

Accounts

MethodDescription
beginners.accounts.createCreate a personal account
beginners.accounts.getGet own account details
beginners.accounts.updateNameUpdate own display name
beginners.accounts.deleteDelete own account

Profile

MethodDescription
beginners.profile.getGet own resolved profile (tenants, roles, access scopes)

Tenants

MethodDescription
beginners.tenants.getPublicInfoGet public metadata for a tenant

Guests

MethodDescription
beginners.guests.acceptInvitationAccept a guest invitation to a tenant

Tokens

MethodDescription
beginners.tokens.createCreate a connection string token
beginners.tokens.listList own active tokens
beginners.tokens.revokeRevoke a specific token
beginners.tokens.deleteDelete a token

Metadata

MethodDescription
beginners.meta.createCreate account metadata entry
beginners.meta.updateUpdate account metadata entry
beginners.meta.deleteDelete account metadata entry

Users and authentication

MethodDescription
beginners.users.createRegister a new user credential
beginners.users.checkTokenAndActivateUserActivate user via email token
beginners.users.startPasswordRedefinitionStart password reset flow
beginners.users.checkTokenAndResetPasswordComplete password reset
beginners.users.checkEmailPasswordValidityValidate credentials
beginners.users.totpStartActivationBegin TOTP 2FA setup
beginners.users.totpFinishActivationComplete TOTP 2FA setup
beginners.users.totpCheckTokenVerify a TOTP code
beginners.users.totpDisableDisable TOTP 2FA

guestManager — Guest role management

Requires: guests-manager role.

MethodDescription
guestManager.guestRoles.createCreate a guest role
guestManager.guestRoles.listList guest roles
guestManager.guestRoles.deleteDelete a guest role
guestManager.guestRoles.updateNameAndDescriptionUpdate role name and description
guestManager.guestRoles.updatePermissionUpdate role permission level
guestManager.guestRoles.insertRoleChildAdd a child role to a parent
guestManager.guestRoles.removeRoleChildRemove a child role

systemManager — System-level management

Requires: system-manager role.

Error codes

MethodDescription
systemManager.errorCodes.createCreate a custom error code
systemManager.errorCodes.listList all error codes
systemManager.errorCodes.getGet a specific error code
systemManager.errorCodes.updateMessageAndDetailsUpdate error code message and details
systemManager.errorCodes.deleteDelete an error code

Webhooks

MethodDescription
systemManager.webhooks.createRegister an outbound webhook
systemManager.webhooks.listList registered webhooks
systemManager.webhooks.updateUpdate a webhook
systemManager.webhooks.deleteDelete a webhook

subscriptionsManager — Subscription account management

Requires: subscriptions-manager role.

Accounts

MethodDescription
subscriptionsManager.accounts.createSubscriptionAccountCreate a subscription account
subscriptionsManager.accounts.createRoleAssociatedAccountCreate a role-associated account
subscriptionsManager.accounts.listList subscription accounts
subscriptionsManager.accounts.getGet a specific subscription account
subscriptionsManager.accounts.updateNameAndFlagsUpdate account name and flags
subscriptionsManager.accounts.propagateSubscriptionAccountPropagate account across tenants

Guests

MethodDescription
subscriptionsManager.guests.listLicensedAccountsOfEmailList licensed accounts for an email
subscriptionsManager.guests.guestUserToSubscriptionAccountInvite a user to a subscription account
subscriptionsManager.guests.updateFlagsFromSubscriptionAccountUpdate guest flags
subscriptionsManager.guests.revokeUserGuestToSubscriptionAccountRevoke a guest invitation
subscriptionsManager.guests.listGuestOnSubscriptionAccountList guests on a subscription account

Guest roles

MethodDescription
subscriptionsManager.guestRoles.listList guest roles for a subscription
subscriptionsManager.guestRoles.getGet a specific guest role

Tags

MethodDescription
subscriptionsManager.tags.createCreate a tag
subscriptionsManager.tags.updateUpdate a tag
subscriptionsManager.tags.deleteDelete a tag

tenantManager — Tenant internal management

Requires: tenant-manager role.

Accounts

MethodDescription
tenantManager.accounts.createSubscriptionManagerAccountCreate a subscription manager account within the tenant
tenantManager.accounts.deleteSubscriptionAccountDelete a subscription account

Guests

MethodDescription
tenantManager.guests.guestUserToSubscriptionManagerAccountInvite a user as subscription manager
tenantManager.guests.revokeUserGuestToSubscriptionManagerAccountRevoke subscription manager invitation

Tags

MethodDescription
tenantManager.tags.createCreate a tenant tag
tenantManager.tags.updateUpdate a tenant tag
tenantManager.tags.deleteDelete a tenant tag

Tenant

MethodDescription
tenantManager.tenant.getGet tenant details

tenantOwner — Tenant ownership operations

Requires: tenant-owner role.

Accounts

MethodDescription
tenantOwner.accounts.createManagementAccountCreate a management account for the tenant
tenantOwner.accounts.deleteTenantManagerAccountDelete a tenant manager account

Metadata

MethodDescription
tenantOwner.meta.createCreate tenant metadata
tenantOwner.meta.deleteDelete tenant metadata

Ownership

MethodDescription
tenantOwner.owner.guestAdd a co-owner to the tenant
tenantOwner.owner.revokeRemove a co-owner from the tenant

Tenant

MethodDescription
tenantOwner.tenant.updateNameAndDescriptionUpdate tenant name and description
tenantOwner.tenant.updateArchivingStatusArchive or unarchive the tenant
tenantOwner.tenant.updateTrashingStatusTrash or restore the tenant
tenantOwner.tenant.updateVerifyingStatusMark the tenant as verified or unverified

userManager — User account lifecycle (platform admins)

Requires: users-manager role.

MethodDescription
userManager.account.approveApprove a user account registration
userManager.account.disapproveDisapprove a user account registration
userManager.account.activateRe-activate a suspended user account
userManager.account.deactivateSuspend a user account
userManager.account.archiveArchive a user account
userManager.account.unarchiveRestore an archived user account

service — Service discovery

Requires: authenticated.

MethodDescription
service.listDiscoverableServicesList all services marked as discoverable for AI agent use

staff — Privilege escalation

Requires: staff role.

MethodDescription
staff.accounts.upgradePrivilegesUpgrade an account to staff privileges
staff.accounts.downgradePrivilegesDowngrade a staff account to standard privileges

Error responses

JSON-RPC errors follow the standard format:

{
  "jsonrpc": "2.0",
  "error": {
    "code": -32600,
    "message": "Invalid request"
  },
  "id": null
}

Standard error codes:

CodeMeaning
-32700Parse error — invalid JSON
-32600Invalid request — not a valid JSON-RPC 2.0 object
-32601Method not found
-32602Invalid params
-32603Internal error

Authentication failures return HTTP 401 before the JSON-RPC layer is reached. Authorization failures (wrong role) return a JSON-RPC error with code -32603 and a domain-specific message.