Media Governance Configuration API
The Media Governance Configuration API allows you to check feature availability, retrieve the current media governance settings, and update per-tenant configuration. These endpoints are served by the Orchestrator on port 8081 and are commonly reached through the Agent proxy.
For background on media governance concepts such as analyzers, system policies, and multimodal governance, see Media Governance.
Authentication
When you call these endpoints through the Agent proxy (port 8080), authenticate with Basic auth using your client ID and client secret. The Agent validates the credentials and injects the tenant-scoping headers before forwarding to the Orchestrator:
curl http://localhost:8080/api/v1/media-governance/status \
-H "Authorization: Basic $(echo -n 'your-client-id:your-client-secret' | base64)"
Header compatibility: the config handlers resolve the tenant from the
X-Tenant-IDheader first, falling back toX-Org-ID(backward-compatible). Through the Agent proxy both are set automatically from the authenticated client, and any client-supplied values are overwritten. Only callers hitting the Orchestrator directly need to set the header themselves. See the Auth And Header Matrix for the full header model.
All three routes also accept OPTIONS for CORS preflight.
Tier Restrictions
The update handler checks for a paid self-hosted tier in code (Professional, Enterprise, or Plus). In practice that means community and evaluation can read status and config, while paid deployments get per-tenant write control.
| Capability | Community | Evaluation | Paid tiers |
|---|---|---|---|
| Get feature status | Yes | Yes | Yes |
| Get media governance config | Yes | Yes | Yes |
| Enable or disable media governance per tenant | No | No | Yes |
| Restrict allowed analyzers per tenant | No | No | Yes |
Community and evaluation still have meaningful value here because they can confirm feature availability and understand the operational model before enabling more granular per-tenant controls in enterprise deployments. On non-paid tiers, media governance can still be switched on platform-wide with the MEDIA_GOVERNANCE_ENABLED environment variable (true or 1) — the env var is the community opt-in, while the API is the paid per-tenant control.
Endpoints
GET /api/v1/media-governance/status
Returns the media governance feature availability for the deployment's tier. This endpoint does not require a tenant header.
Response (200):
{
"available": true,
"enabled_by_default": true,
"per_tenant_control": true,
"tier": "Enterprise"
}
| Field | Type | Description |
|---|---|---|
available | bool | true when media governance is active — either the tier enables it by default or the MEDIA_GOVERNANCE_ENABLED env var override is set |
enabled_by_default | bool | Whether the deployment's tier enables media governance by default |
per_tenant_control | bool | true on paid tiers (Professional, Enterprise, Plus), where PUT /config is available |
tier | string | The deployment's license tier |
GET /api/v1/media-governance/config
Returns the current media governance configuration for the tenant identified by X-Tenant-ID (or X-Org-ID). When no per-tenant row exists yet, the handler returns a default config whose enabled value follows the tier default (or the MEDIA_GOVERNANCE_ENABLED env override).
Response (200):
{
"tenant_id": "tenant-123",
"enabled": true,
"allowed_analyzers": ["pii", "content-moderation"],
"updated_at": "2026-07-01T12:00:00Z",
"updated_by": "[email protected]"
}
| Field | Type | Description |
|---|---|---|
tenant_id | string | Tenant the config applies to |
enabled | bool | Whether media governance is enabled for this tenant |
allowed_analyzers | []string | Analyzer allowlist; omitted when unrestricted |
updated_at | timestamp | Last update time |
updated_by | string | User that last updated the config (from X-User-ID); omitted when never updated |
Error Responses:
| HTTP Status | Code | Description |
|---|---|---|
| 400 | MISSING_TENANT_ID | No X-Tenant-ID (or X-Org-ID) header on the request |
| 500 | INTERNAL_ERROR | Config lookup failed |
PUT /api/v1/media-governance/config
Updates the media governance configuration for the tenant identified by X-Tenant-ID (or X-Org-ID). Paid-tier only. The request body is capped at 1 MB. Fields you omit are left unchanged; the handler merges the update into the existing config (or the tier-default config when none exists) and returns the updated config with HTTP 200. updated_by is stamped from the X-User-ID header (system when absent).
Request Body:
| Field | Type | Required | Description |
|---|---|---|---|
enabled | bool | No | Enable or disable media governance for this tenant |
allowed_analyzers | []string | No | Restrict which analyzers the tenant can use |
Error Responses:
| HTTP Status | Code | Description |
|---|---|---|
| 400 | MISSING_TENANT_ID | No X-Tenant-ID (or X-Org-ID) header on the request |
| 400 | INVALID_REQUEST | Request body is not valid JSON (or exceeds the 1 MB cap) |
| 403 | TIER_RESTRICTED | Configuration updates are not available on your tier |
| 500 | INTERNAL_ERROR | Config lookup or save failed |
Requests that fail authentication at the Agent proxy are rejected there with 401 before reaching these handlers.
Example:
{
"error": {
"code": "TIER_RESTRICTED",
"message": "Per-tenant media governance configuration requires an Enterprise license. Use the MEDIA_GOVERNANCE_ENABLED environment variable for platform-wide control."
}
}
Related Docs
Operational Readiness Checklist
Before relying on this page in a production rollout, pair it with the core operations docs:
- Deployment Mode Matrix for self-hosted, Evaluation, Enterprise, SaaS, and In-VPC fit
- Failure Modes And Recovery for degraded-provider, connector, approval, and runtime behavior
- Capacity Planning for sizing and growth signals
- Community vs Evaluation vs Enterprise for limits, support surfaces, and upgrade triggers
