Manage DataStax Langflow tenants

This release contains access to DataStax Langflow as a Tech Preview. The Tech Preview is intended for you to view the capabilities of DataStax Langflow, and to provide your feedback to the product team. You are permitted to use the information only for evaluation purposes and not for use in a production environment. IBM provides the information without obligation of support and "as is" without warranty of any kind.

Langflow tenants are individual Langflow instances within an Astra organization. Each tenant represents a separate Langflow deployment with its own URL, flows, and configuration.

Specific permissions are required to manage Langflow tenants.

DataStax Langflow roles

There are three built-in Astra roles that grant permissions on DataStax Langflow resources:

Organization Administrator role

The Organization Administrator role grants administrative permissions on all Astra resources, including all Langflow permissions.

Langflow Administrator role

This role has access to DataStax Langflow-related functionality only. It is intended for use with the DevOps API DataStax Langflow endpoints.

When granted to a human user, the role must be granted with another role that has the View DB permission to allow access to the Astra Portal.

Langflow Administrator role permissions

Build Langflow IDE
Run Langflow IDE
Delete Langflow IDE
Terminate Langflow Organization
Run Langflow Flow
Delete Langflow Flow

Langflow Run Flow role

The only permission granted to this role is the Run Langflow Flow permission. It is intended for use with the /run and /webhook endpoints for the DataStax Langflow API.

Typically, an administrator generates an application token with this role, and then that token is used for programmatic flow execution.

When granted to a human user, the role must be granted with another role that has the View DB permission to allow access to the Astra Portal. However, because this role has the Run Langflow Flow permission only, the user will have no other access to DataStax Langflow resources in the Astra Portal. If a human user needs access to DataStax Langflow resources in the Astra Portal, consider assigning them the Langflow Administrator role instead. Alternatively, use the DevOps API to create a custom role with the specific permissions that you need.

DataStax Langflow permissions

The following permissions grant access to DataStax Langflow resources in Astra. For more information about Astra RBAC, see Manage roles and permissions.

  • Write Langflow IDE: Create and edit DataStax Langflow tenants.

  • Read Langflow IDE: View DataStax Langflow tenants.

  • Build Langflow IDE: Generate DataStax Langflow tenants.

  • Run Langflow IDE: Start DataStax Langflow tenants.

  • Delete Langflow IDE: Remove DataStax Langflow tenants.

  • Write Langflow Organization: Create and edit Langflow organizations.

  • Read Langflow Organization: View Langflow organizations.

  • Terminate Langflow Organization: Remove Langflow organizations.

  • Write Langflow Flow: Create and edit flows in DataStax Langflow.

  • Read Langflow Flow: View flows in DataStax Langflow.

  • Run Langflow Flow: Trigger flows using the /run and /webhook endpoints for the DataStax Langflow API.

  • Delete Langflow Flow: Remove flows in DataStax Langflow.

Custom DataStax Langflow roles

You cannot assign DataStax Langflow permissions to custom roles in the Astra Portal. Instead, you can use the DevOps API to create a custom role with DataStax Langflow permissions.

If you plan to grant a custom role to a human user, the role must have the View DB permission to allow access to the Astra Portal. Roles without this permission can be used for programmatic access only.

DevOps API endpoints for tenant management

You can use the Astra DevOps API to manage your Langflow tenants programmatically.

These endpoint require an application token with the Organization Administrator role or the Langflow Administrator role.

Get tenant details

Endpoint

GET /api/v1/orgs/{org_id}/tenant/{tenant_id}

Description

Retrieve a tenant by its ID for a specified organization.

Headers

  • Authorization: Bearer APPLICATION_TOKEN (required)

  • X-DataStax-Current-Org: ORG_ID (required)

Path parameters

  • org_id (required): DataStax organization ID

  • tenant_id (required): Langflow tenant ID

Request example
curl -X GET "https://api.astra.datastax.com/v1/orgs/ORG_ID/tenant/TENANT_ID" \
     -H "Authorization: Bearer APPLICATION_TOKEN" \
     -H "X-DataStax-Current-Org: ORG_ID"

List all tenants

Endpoint

GET /api/v1/orgs/{org_id}/tenants

Description

Retrieve all tenants for a specified organization.

Headers

  • Authorization: Bearer APPLICATION_TOKEN (required)

  • X-DataStax-Current-Org: ORG_ID (required)

Path parameters

  • org_id (required): DataStax organization ID

Request example
curl -X GET "https://api.astra.datastax.com/v1/orgs/ORG_ID/tenants" \
     -H "Authorization: Bearer APPLICATION_TOKEN" \
     -H "X-DataStax-Current-Org: ORG_ID"

Create tenant

Endpoint

POST /api/v1/tenant

Description

Create a new tenant for a specified organization.

Headers

  • Content-Type: application/json (required)

  • Authorization: Bearer APPLICATION_TOKEN (required)

  • X-DataStax-Current-Org: ORG_ID (required)

Request body

  • cloud_provider (required): Cloud provider for the tenant

  • org_id (required): DataStax organization ID

  • region (required): Deployment region

Request example
curl -X POST "https://api.astra.datastax.com/v1/tenant" \
     -H "Content-Type: application/json" \
     -H "Authorization: Bearer APPLICATION_TOKEN" \
     -H "X-DataStax-Current-Org: ORG_ID" \
     -d '{
       "cloud_provider": "aws",
       "org_id": "ORG_ID",
       "region": "us-west-2"
     }'

Reactivate tenant

Endpoint

PATCH /api/v1/orgs/{org_id}/tenant/{tenant_id}/reactivate

Description

Reactivate a previously deactivated tenant for a specified organization.

Headers

  • Authorization: Bearer APPLICATION_TOKEN (required)

  • X-DataStax-Current-Org: ORG_ID (required)

Path parameters

  • org_id (required): DataStax organization ID

  • tenant_id (required): Langflow tenant ID

Request example
curl -X PATCH "https://api.astra.datastax.com/v1/orgs/ORG_ID/tenant/TENANT_ID/reactivate" \
     -H "Authorization: Bearer APPLICATION_TOKEN" \
     -H "X-DataStax-Current-Org: ORG_ID"

Was this helpful?

Give Feedback

How can we improve the documentation?

© Copyright IBM Corporation 2025 | Privacy policy | Terms of use Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: Contact IBM