> ## Documentation Index
> Fetch the complete documentation index at: https://docs.spacemedia.uk/llms.txt
> Use this file to discover all available pages before exploring further.

# Get started with SpaceMedia Enterprise setup

> Follow this step-by-step checklist to configure your SpaceMedia organization, set up branding, connect payment gateways, and generate API credentials.

# Getting Started

Use this checklist to move an organization from setup to production without leaking platform-only functionality into customer workflows.

## Access model

| Role                     | Typical access                                                                                                                                   |
| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------ |
| End user                 | Own artists, releases, tracks, splits, and available upgrade/payment flows.                                                                      |
| Organization admin       | Organization settings, users, plans, add-ons, payment configuration, API credentials, support/legal pages, and dashboard quality-control queues. |
| Permissioned team member | Only the dashboard modules granted by the organization role and Laravel policy checks.                                                           |
| API client               | Organization-scoped automation using API key and secret exchange, then bearer token requests.                                                    |

## Organization launch checklist

1. Set the organization name, logo, colors, default label name, registration settings, social links, and upgrade CTA behavior.
2. Configure the branded subdomain or a custom domain and wait until DNS status reports the expected target.
3. Configure Brevo sender email and DNS TXT records before sending branded email.
4. Add support email, support phone, contact form URL, and help center URL.
5. Publish terms of service and privacy policy content for customer-facing legal pages.
6. Configure Stripe, PayPal, or Airwallex only where the gateway credentials and subscription or Pay-Per-Release settings are complete.
7. Generate the API key and secret from organization settings and store the secret securely. The secret is returned once.
8. Test `POST /api/v1/token`, then call a safe read endpoint such as `GET /api/v1/countries`.

## Demo request pattern

```bash theme={"theme":{"light":"github-light","dark":"github-dark"}}
curl --request POST 'https://enterprise.spacemedia.uk/api/v1/token' \
  --header 'X-Api-Key: <YOUR_API_KEY>' \
  --header 'X-Api-Secret: <YOUR_API_SECRET>'
```

Then pass the returned token as a bearer token:

```bash theme={"theme":{"light":"github-light","dark":"github-dark"}}
curl 'https://enterprise.spacemedia.uk/api/v1/countries' \
  --header 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \
  --header 'Accept: application/json'
```

## Production rules

* Do not use production secrets in examples, support tickets, screenshots, or shared playground sessions.
* Do not add organization selectors to public API requests. Organization context is resolved from the API client and authenticated user.
* Use `X-User-Id` only when acting for a user in the same organization and only where the dashboard permission model allows it.
* Treat 403 responses as policy failures, not as missing endpoints.
