[mnutt]

In some cases there might be a next stage of complexity where you have users with access to multiple tenants who are browsing them in different tabs. Then putting the organization as the top level in _every_ URL helps signal intent; otherwise you have to take other precautions that someone isn't on a tab with Organization A, clicks "Post new article" button (-> POST /articles) and happens to have their session logged into Organization B and so creates the new article ere.

[8organicbits]

(edit, see mnutt's reply)

I'd really recommend putting the organization name in the content of the page in that example. Users don't really look at URLs, browsers de-prioritize them and often only display part of the URL.

Also, depending on front-end implementation the REST API URL may not be displayed in the URL bar. A single page app may use example.com/#create-article for posting an article. A mobile app wouldn't even have a URL bar.

[mnutt]

In the above example the user saw they were on an Org A page and clicked Create intending to create an article in Org A, but sometime after they loaded their Org A page their “current tenant” session variable had been switched out from under them by a different tab.

One solution is to always pass the intended org along in the POST, but requires something disciplined and nesting POST /org/A/articles is one way to do that.