Documentation Index
Fetch the complete documentation index at: https://docs.corsair.dev/llms.txt
Use this file to discover all available pages before exploring further.
Tenants isolate customer credentials and MCP access inside an instance. A tenant usually maps to a user, team, organization, workspace, or customer account in your product.
const inst = corsair.instance(process.env.CORSAIR_INSTANCE_ID!);
const tenant = await inst.tenants.create("team_abc");
const t = inst.tenant(tenant.id);
Create tenants
Use your own stable ID when you already have a user or workspace identifier:
const tenant = await inst.tenants.create("workspace_123");
const tenant = await inst.tenants.create();
const { tenants } = await inst.tenants.list();
for (const tenant of tenants) {
console.log(tenant.id, tenant.createdAt);
}
const t = inst.tenant("workspace_123");
const summary = await t.get();
API-key credentials
For plugins that use API keys or bot tokens, store the credential directly on the tenant.
await t.plugins.credentials.set("slack", "api_key", "xoxb-...");
await t.plugins.credentials.set("linear", "api_key", "lin_api_...");
await t.plugins.credentials.clear("slack", "api_key");
const { fields } = await inst.plugins.credentials.list("slack", "workspace_123");
for (const field of fields) {
console.log(field.field, field.scope, field.set);
}
Per-tenant credential fields autocomplete by plugin. t.plugins.credentials.set("slack", ...) accepts Slack account fields, while "jira" includes Jira-specific fields such as cloud_url.
OAuth credentials
For OAuth plugins, generate an authorize URL for the tenant and redirect the user to it.
const { authorizeUrl, state } = await t.plugins.oauth.authorizeUrl(
"github",
"https://app.example.com/settings/integrations/github",
);
console.log(state);
// Redirect the user to authorizeUrl.
returnTo URL.
If you configure useManaged: true while installing a plugin, Corsair can use platform-managed OAuth credentials for supported providers. Otherwise, set root OAuth credentials on the instance first.
Full OAuth setup
const inst = corsair.instance(process.env.CORSAIR_INSTANCE_ID!);
await inst.plugins.upsert("github", {
authType: "oauth_2",
mode: "cautious",
});
await inst.plugins.credentials.setRoot("github", "client_id", "Iv1...");
await inst.plugins.credentials.setRoot("github", "client_secret", "...");
await inst.plugins.credentials.setRoot(
"github",
"redirect_url",
"https://api.corsair.dev/oauth/callback",
);
const tenant = await inst.tenants.create("user_123");
const { authorizeUrl } = await inst
.tenant(tenant.id)
.plugins.oauth.authorizeUrl(
"github",
"https://app.example.com/integrations/github/connected",
);
Full API-key setup
const inst = corsair.instance(process.env.CORSAIR_INSTANCE_ID!);
await inst.plugins.upsert("linear", {
authType: "api_key",
mode: "strict",
});
const tenant = await inst.tenants.create("team_abc");
const t = inst.tenant(tenant.id);
await t.plugins.credentials.set("linear", "api_key", process.env.LINEAR_API_KEY!);
Deleting tenants
Deleting a tenant removes that tenant’s credentials, MCP keys, and stored account records.
t.delete() is permanent. Use it when a customer disconnects entirely, closes an account, or requests deletion.
Tenant lifecycle pattern
Most products treat Corsair tenants as a projection of their own account model.
export async function ensureCorsairTenant(workspaceId: string) {
const inst = corsair.instance(process.env.CORSAIR_INSTANCE_ID!);
try {
return await inst.tenant(workspaceId).get();
} catch {
return inst.tenants.create(workspaceId);
}
}
const tenant = inst.tenant(workspace.id);
await tenant.plugins.credentials.set("slack", "api_key", slackToken);
const key = await tenant.mcpKeys.create("web-agent");