Skip to main content
LangSmith’s API supports programmatic access via API key to all of the actions available in the UI, with only a few exceptions that are noted in User-only endpoints.
Prefer infrastructure-as-code? Use the LangSmith Terraform provider to manage workspaces, roles, members, evaluators, and alerts declaratively.
Before diving into this content, it might be helpful to read the following:
There are a few limitations that will be lifted soon:
  • The LangSmith SDKs do not support these organization management actions yet.
  • Organization-scoped service keys with Organization Admin permission may be used for these actions.
Use the X-Tenant-Id header to specify which workspace to target. If the header is not present, operations will default to the workspace the key was initially created in if it is not organization-scoped.If X-Tenant-Id is not specified when accessing workspace-scoped resources with an organization-scoped service key, the request will fail with 403 Forbidden.
Some commonly-used endpoints and use cases are listed below. For a complete list of available endpoints, see the API docs. The X-Organization-Id header should be present on all requests, and X-Tenant-Id header should be present on requests that are scoped to a particular workspace.

Workspaces

User management

RBAC

Membership management

List roles under RBAC should be used for retrieving role IDs of these operations. List [organization|workspace] members endpoints (below) response "id"s should be used as identity_id in these operations. Organization level: Workspace level:
These params should be omitted: read_only (deprecated), password and full_name (basic auth only)

API keys

Security settings

Organization Admin permissions are required to make these changes.
“Shared resources” in this context refer to public prompts, shared runs, and shared datasets.
Updating these settings affects all resources in the organization.
You can update these settings under the Settings > Shared tab for a workspace, or via API:
  • Update organization sharing settings
    • use unshare_all to unshare ALL shared resources for the selected workspace - use disable_public_sharing to prevent future sharing of resources
These settings are only editable via API:
  • Disable/enable PAT creation (for self-hosted, available in Helm chart version 0.11.25+)
    • Use pat_creation_disabled to disable PAT creation for the entire organization.
    • See the admin guide for information about the Organization Viewer role, which cannot create PATs.
    • For self-hosted deployments, you can also globally disable PAT creation across all organizations using an environment variable.

User-only endpoints

These endpoints are user-scoped and require a logged-in user’s JWT, so they should only be executed through the UI.
  • /api-key/current endpoints: these are related a user’s PATs
  • /sso/email-verification/send (Cloud-only): this endpoint is related to SAML SSO

Sample code

The sample code below goes through a few common workflows related to organization management. Make sure to make necessary replacements wherever <replace_me> is in the code.