Skip to content

Organization Invitations API

Invite users to join an organization via email. Organization invitations are separate from workspace invitations — accepting an org invitation grants membership to the organization (and cascading access to its workspaces based on role).

List Invitations

Requires admin role in the organization.

http
GET /api/v1/organizations/{org_id}/invitations
Authorization: Bearer <token>

Response 200 OK

json
[
  {
    "id": "uuid",
    "organization_id": "uuid",
    "email": "carol@example.com",
    "role": "member",
    "invited_by": "uuid",
    "message": "Welcome to the team!",
    "status": "pending",
    "expires_at": "2026-05-23T00:00:00Z",
    "accepted_at": null,
    "created_at": "2026-05-16T00:00:00Z",
    "last_email_sent_at": "2026-05-16T00:01:00Z",
    "last_email_status": "sent",
    "last_email_error": null,
    "send_attempt_count": 1,
    "invite_url": "https://app.forgexa.net/accept-org-invitation?token=..."
  }
]

Send Invitation

Requires admin role. Sends an invitation email with a unique link. Invitations expire after 7 days.

http
POST /api/v1/organizations/{org_id}/invitations
Authorization: Bearer <token>
Content-Type: application/json

{
  "email": "carol@example.com",
  "role": "member",
  "message": "Welcome to the team!"
}

Response 201 Created

FieldTypeRequiredDescription
emailstringYesInvitee email address
rolestringYesadmin or member
messagestringNoPersonal message included in the email

TIP

If SMTP is configured at the organization level, the invitation email is sent automatically. Otherwise, share the invite_url from the response manually.

Resend Invitation

Resends the invitation email and refreshes the expiration date.

http
POST /api/v1/organizations/{org_id}/invitations/{invitation_id}/resend
Authorization: Bearer <token>

Response 200 OK — Returns updated invitation with refreshed expires_at.

Revoke Invitation

Cancel a pending invitation. The invitation link becomes invalid.

http
POST /api/v1/organizations/{org_id}/invitations/{invitation_id}/revoke
Authorization: Bearer <token>

Response 200 OK — Returns invitation with status: "revoked".

Get Invitation Info (Public)

No authentication required. Used by the accept-invitation page to display invitation details before the user logs in or registers.

http
GET /api/v1/organization-invitations/info?token=<invitation_token>

Response 200 OK

json
{
  "organization_name": "Acme Corp",
  "email": "carol@example.com",
  "role": "member",
  "inviter_name": "Alice Chen",
  "message": "Welcome to the team!",
  "status": "pending",
  "expires_at": "2026-05-23T00:00:00Z"
}

Accept Invitation

Authenticated user accepts the invitation and joins the organization. The invitation email must match the authenticated user's email.

http
POST /api/v1/organization-invitations/{token}/accept
Authorization: Bearer <token>

Response 200 OK

json
{
  "detail": "Invitation accepted. You are now a member of Acme Corp."
}

INFO

If the invitee doesn't have an account, they can register first (the token remains valid for 7 days). Upon registration with the matching email, they are automatically added to the organization.

Invitation Statuses

StatusDescription
pendingSent and awaiting acceptance
acceptedUser accepted and joined the organization
expiredPast the 7-day expiration window
revokedManually cancelled by an admin

Forgexa — AI Software Factory