Invite a user to the organization
POST
/api/organizations/{organizationId}/invitations
Creates a pending invitation for the given email address and role and emails the invitee a link to accept it. The email is lowercased and trimmed before storage. Rejected with 422 when a pending invitation for the same email already exists in this organization, when the invitee is already a member, or when a non-OWNER attempts to grant the OWNER role. The expiry (expiresAt) is derived from the INVITATION_TTL_DAYS configuration and the status starts as "pending".
Authorizations
ApiToken
Long-lived API token created via POST /api/api-tokens (returned once in plaintext).
Type
API Key (header: X-API-TOKEN)
or
JWT
JWT access token obtained via POST /api/auth/login. Send as: Authorization: Bearer
Type
HTTP (bearer)
Parameters
Path Parameters
organizationId*
Organization identifier
Type
Requiredstring
Request Body
JSON "email": "alice@example.com", "role": "MANAGER"
{
}
Responses
invitation resource created
JSON "@context": "string", "@id": "string", "@type": "string", "id": "9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d", "organization": "/api/organizations/1", "email": "alice@example.com", "role": "MANAGER", "status": "pending", "createdAt": "2026-07-01T10:15:30+00:00", "expiresAt": "2026-07-08T10:15:30+00:00", "acceptedAt": "2026-07-02T09:00:00+00:00", "invitedBy": "https://example.com/"
{
}
