Skip to content

GET /api/v1/admin/invites/by-token/:token

This page is auto-generated from src/admin/routes.ts. Do not edit by hand — see docs/dev/docs-auto-sync.md.

:warning: Heuristic extraction — not a contract. Response shapes below are mined from c.json(...) literals in the handler via an AST walker. Computed fields, ternaries, and non-literal returns are shown as placeholders. Refer to the linked source file for the authoritative behaviour.

No requireCapability middleware detected on this route. Surface-level auth (admin token, dashboard session, org API key, anonymous proxy) is enforced by the parent router — see Source below.

GET /api/v1/admin/invites/by-token/:token — look up an invite by its opaque token. NOT gated on a tenant slug because the accept handler runs before the invitee is bound to any org context — the token IS the lookup key. Gated on the admin-token middleware that wraps every /api/v1/admin/* route (the dashboard sends ADMIN_API_TOKEN on every call regardless of the invitee’s login state). No requireCapability — we don’t even know the target tenant yet; the response carries the (tenant_id, slug) so the dashboard can route the invitee correctly.

{
"error": "token is required"
}
{
"error": "Invite not found"
}
{
"id": <member-expr>,
"tenant_id": <member-expr>,
"tenant_slug": <member-expr>,
"email": <member-expr>,
"role": <member-expr>,
"expires_at": <call>,
"invited_by": <member-expr>
}
  • File: src/admin/routes.ts
  • Line: 2286