Organizations
Tenancy — organizations, members, roles, invitations, join codes, org-owned tokens.
Create an organization. The acting user becomes its first owner.
create(input: { name: string; }): Promise<{ organization: Organization; }>;Get one organization (requires org:view).
get(input: { organizationId: string; }): Promise<{ organization: Organization; }>;Accept an invitation with its token — the acting user BECOMES a member. The user's email must match the invited address. No prior membership needed.
accept(input: { token: string; }): Promise<{ organizationId: string; role: OrgRole; }>;Create an invitation for an email (requires members:manage). Returns the one-time `token` (the invite link) — email delivery lands with the mail App.
create(input: { organizationId: string; email: string; role?: OrgRole; }): Promise<OrgInvitationCreated>;List pending invitations (requires members:manage).
list(input: { organizationId: string; }): Promise<{ invitations: OrgInvitation[]; }>;Revoke a pending invitation (requires members:manage).
revoke(input: { organizationId: string; id: string; }): Promise<{ ok: true; }>;Create a shareable join code (requires members:manage). `maxUses` null = unlimited.
create(input: { organizationId: string; role?: OrgRole; maxUses?: number; }): Promise<OrgJoinCodeCreated>;Join an organization with a code — the acting user BECOMES a member. No prior membership needed. `alreadyMember` true if they were already in the org.
join(input: { code: string; }): Promise<{ organizationId: string; role: OrgRole; alreadyMember: boolean; }>;List join codes (requires members:manage).
list(input: { organizationId: string; }): Promise<{ joinCodes: OrgJoinCode[]; }>;Revoke a join code (requires members:manage).
revoke(input: { organizationId: string; id: string; }): Promise<{ ok: true; }>;List the organizations the acting user belongs to (with their role).
list(): Promise<{ organizations: OrgMembership[]; }>;List an organization's members (requires members:view).
list(input: { organizationId: string; }): Promise<{ members: OrgMember[]; }>;Remove a member (idempotent; requires members:manage). 409 `last_owner` if it would leave the org with zero owners.
remove(input: { organizationId: string; userId: string; }): Promise<{ ok: true; }>;Change a member's role (requires members:manage). 409 `last_owner` if it would leave the org with zero owners.
setRole(input: { organizationId: string; userId: string; role: OrgRole; }): Promise<{ ok: true; }>;The role→permission matrix (no org scope needed).
roles(): Promise<OrgRoleMatrix>;Mint an organization-owned api-token (requires org:manage). The secret + `bearer` (`<key>:<secret>`) are returned ONCE.
create(input: { organizationId: string; name?: string; env?: "live" | "test"; }): Promise<{ apiToken: { key: string; secret: string; lastFour: string; bearer: string; }; }>;Rename an organization (requires org:manage).
update(input: { organizationId: string; name: string; }): Promise<{ ok: true; }>;Embeddable React components for this App. Click one to preview its UI. Previews render the component only — live data calls are disabled here (wire the Provider's basePath to a connector, as the Console does, to make them functional).