Team Management

Creating invites requires admin or owner role.

How the invite flow works

When you invite someone, Olyx checks whether an account already exists for that email:

• If the person already has an Olyx account, they just need to accept — no password step.
• If they don’t have an account, needs_signup: true is returned and you must show a password field on the accept screen.

1. Admin sends invite → POST /api/v1/invites/customer
2. Invitee receives email with a token link
3. Your accept page calls GET /api/v1/invites/lookup?token=...
   → if needs_signup: true   → show signup form + accept button
   → if needs_signup: false  → show "You're joining X org" + accept button
4. User submits → POST /api/v1/invites/accept
   → session is created, user is redirected to dashboard

Invite an org member

POST /api/v1/invites/customer
Content-Type: application/json

{ "email": "colleague@example.com", "first_name": "Jane", "last_name": "Smith", "role": "member" }

role accepts member or owner. Invites expire after 7 days.

Invite to a specific project

POST /api/v1/invites/project
Content-Type: application/json

{ "email": "colleague@example.com", "project_id": 12, "role": "member" }

Look up an invite (public)

GET /api/v1/invites/lookup?token=<token>&type=customer

{ "email": "colleague@example.com", "expires_at": "...", "needs_signup": true }

needs_signup: true means no account exists yet — show a password field on the accept screen.

Accept an invite (public)

POST /api/v1/invites/accept
Content-Type: application/json

{ "token": "<token>", "type": "customer", "password": "newpassword" }

password is required only when needs_signup was true. A session is established on success.

Decline an invite (public)

POST /api/v1/invites/decline
Content-Type: application/json

{ "token": "<token>", "type": "customer" }

Returns 204 No Content.