Skip to main content
Each Raptor Comply account belongs to an organization tenant. Learn how organizations work and how multi-organization access works.
Every Raptor Comply account is scoped to an organization: a private tenant that holds all of your compliance data, users, and configuration. Each API key is generated inside one organization and binds to that organization for its entire lifetime, so the key itself identifies the tenant on every request. Understanding how organizations work is essential before you write your first integration.

Organization scope

All data in Raptor Comply (facilities, control centers, cyber systems, cyber assets, users, policy documents, tasks, evidence, and training records) belongs to a specific organization. An API key issued by one organization cannot read or modify data in any other organization. Even if the same person has accounts in two tenants, the key resolves to exactly one organization, and the API will only return data from that tenant. This means your integration cannot accidentally leak or merge data across NERC entities. Each organization is a fully isolated data boundary.

Multiple organizations

If your company operates multiple NERC-registered entities, or manages compliance for more than one registered entity in separate tenants, you may have access to more than one Raptor Comply organization. Each organization requires its own API key:
  • Generate a separate API key inside each tenant
  • Store and use each key with its own configuration
You cannot use a single API key across multiple tenants. Structure your integration to accept the API key as a configurable parameter so you can run separate instances or jobs for each organization you manage.

Vendor access

If you are an integration vendor or systems integrator building a connection on behalf of a utility customer, you need an API key scoped to the customer’s organization, not your own. Your customer’s Organization Admin must generate an API key inside their tenant and share it with you through a secure channel. Raptor Comply does not email keys, so use your standard secrets-sharing process. Once you have the customer’s key, treat it like any other organization credential: store it securely, never commit it to source code, and rotate it if it is exposed.