Users API
Members
Section titled “Members”GET /api/users
Section titled “GET /api/users”List all members of the organization.
[ { "id": "uuid", "email": "user@example.com", "name": "John Doe", "avatar_url": "https://...", "role": "admin", "joined_at": "2024-01-15T10:00:00Z" }]GET /api/users/{user_id}
Section titled “GET /api/users/{user_id}”Get member details.
{ "id": "uuid", "email": "user@example.com", "name": "John Doe", "avatar_url": "https://...", "role": "admin", "joined_at": "2024-01-15T10:00:00Z"}PUT /api/users/{user_id}/role
Section titled “PUT /api/users/{user_id}/role”Update a member’s role. Requires users:manage_roles permission.
{ "role": "member"}{ "id": "uuid", "email": "user@example.com", "name": "John Doe", "role": "member", "joined_at": "2024-01-15T10:00:00Z"}Rules:
- Cannot assign
ownerrole (use ownership transfer instead) - Admin cannot change other admin’s roles
- Cannot change the owner’s role
DELETE /api/users/{user_id}
Section titled “DELETE /api/users/{user_id}”Remove a member from the organization. Requires users:manage_roles permission.
Returns 204 No Content.
Rules:
- Cannot remove the owner
- Admin cannot remove other admins
Invitations
Section titled “Invitations”POST /api/users/invite
Section titled “POST /api/users/invite”Invite a user to the organization. Requires users:invite permission.
{ "email": "newuser@example.com", "role": "member"}{ "id": "uuid", "email": "newuser@example.com", "role": "member", "invite_url": "http://localhost:5173/invite?token=xxx", "invited_by_name": "John Doe", "expires_at": "2024-01-22T10:00:00Z", "created_at": "2024-01-15T10:00:00Z"}Rules:
- Cannot invite as
owner - Cannot invite existing members
- Cannot resend to pending invitation
GET /api/users/invitations
Section titled “GET /api/users/invitations”List pending invitations. Requires users:invite permission.
[ { "id": "uuid", "email": "newuser@example.com", "role": "member", "invited_by_name": "John Doe", "expires_at": "2024-01-22T10:00:00Z", "created_at": "2024-01-15T10:00:00Z" }]GET /api/users/invitations/preview
Section titled “GET /api/users/invitations/preview”Preview invitation details by token. Public endpoint.
Query Parameters:
| Parameter | Type | Description |
|---|---|---|
token | string | Invitation token |
{ "email": "newuser@example.com", "role": "member", "organization_name": "My Company", "invited_by_name": "John Doe", "expires_at": "2024-01-22T10:00:00Z", "is_expired": false}POST /api/users/invitations/accept
Section titled “POST /api/users/invitations/accept”Accept an invitation. Requires authentication.
{ "token": "invitation-token-xxx"}Response includes new tokens with the organization context:
{ "message": "Successfully joined organization", "organization_name": "My Company", "role": "member", "access_token": "eyJ...", "refresh_token": "eyJ..."}DELETE /api/users/invitations/{invitation_id}
Section titled “DELETE /api/users/invitations/{invitation_id}”Cancel a pending invitation. Requires users:invite permission.
Returns 204 No Content.
Domain Role Overrides
Section titled “Domain Role Overrides”Allow users to have elevated permissions within specific domains.
GET /api/users/{user_id}/domain-roles
Section titled “GET /api/users/{user_id}/domain-roles”List domain role overrides for a user.
[ { "id": "uuid", "user_id": "uuid", "domain_id": "uuid", "domain_name": "Marketing", "role": "admin", "created_at": "2024-01-15T10:00:00Z" }]POST /api/users/{user_id}/domain-roles
Section titled “POST /api/users/{user_id}/domain-roles”Add a domain role override. Requires users:manage_roles permission.
{ "domain_id": "uuid", "role": "admin"}{ "id": "uuid", "user_id": "uuid", "domain_id": "uuid", "domain_name": "Marketing", "role": "admin", "created_at": "2024-01-15T10:00:00Z"}Rules:
- Role must be
adminormember - Admin cannot grant
admin(only owner can) - Cannot create duplicate overrides
DELETE /api/users/{user_id}/domain-roles/{domain_id}
Section titled “DELETE /api/users/{user_id}/domain-roles/{domain_id}”Remove a domain role override. Requires users:manage_roles permission.
Returns 204 No Content.