GET /api/v1/admin/invites/by-token/:token
This page is auto-generated from
src/admin/routes.ts. Do not edit by hand — seedocs/dev/docs-auto-sync.md.
:warning: Heuristic extraction — not a contract. Response shapes below are mined from
c.json(...)literals in the handler via an AST walker. Computed fields, ternaries, and non-literal returns are shown as placeholders. Refer to the linked source file for the authoritative behaviour.
GET /api/v1/admin/invites/by-token/:token
Section titled “GET /api/v1/admin/invites/by-token/:token”Authentication
Section titled “Authentication”No requireCapability middleware detected on this route. Surface-level auth (admin token, dashboard session, org API key, anonymous proxy) is enforced by the parent router — see Source below.
Description
Section titled “Description”GET /api/v1/admin/invites/by-token/:token — look up an invite by its opaque token. NOT gated on a tenant slug because the accept handler runs before the invitee is bound to any org context — the token IS the lookup key. Gated on the admin-token middleware that wraps every /api/v1/admin/* route (the dashboard sends ADMIN_API_TOKEN on every call regardless of the invitee’s login state). No requireCapability — we don’t even know the target tenant yet; the response carries the (tenant_id, slug) so the dashboard can route the invitee correctly.
Responses
Section titled “Responses”HTTP 400
Section titled “HTTP 400”{ "error": "token is required"}HTTP 404
Section titled “HTTP 404”{ "error": "Invite not found"}HTTP 200 (default)
Section titled “HTTP 200 (default)”{ "id": <member-expr>, "tenant_id": <member-expr>, "tenant_slug": <member-expr>, "email": <member-expr>, "role": <member-expr>, "expires_at": <call>, "invited_by": <member-expr>}Source
Section titled “Source”- File:
src/admin/routes.ts - Line: 2286