Skip to content

POST /api/v1/admin/orgs/:slug/members/:id/initiate-recovery

This page is auto-generated from src/admin/routes.ts. Do not edit by hand — see docs/dev/docs-auto-sync.md.

:warning: Heuristic extraction — not a contract. Response shapes below are mined from c.json(...) literals in the handler via an AST walker. Computed fields, ternaries, and non-literal returns are shown as placeholders. Refer to the linked source file for the authoritative behaviour.

POST /api/v1/admin/orgs/:slug/members/:id/initiate-recovery

Section titled “POST /api/v1/admin/orgs/:slug/members/:id/initiate-recovery”

Requires the following capability(ies):

  • members:w

Other middleware observed on this route (heuristic):

  • requireCapability
  • adminBodyLimit

POST /api/v1/admin/orgs/:slug/members/:id/initiate-recovery — #403.

Sends a Stytch magic-link sign-in to the member’s primary email so an operator can re-establish access for a member who lost both their device AND their backup codes. Today the targeting parameters are:

  • :slug → tenant slug, used to resolve tenants.stytch_org_id
  • :id → Stytch member id (raw, without the stytch: prefix) Once member CRUD lands (#421) the :id can also accept the Upwarden-side member identifier; until then operators pass the Stytch member_id directly (visible via Stytch dashboard / the per-org member list returned by GET /api/v1/admin/orgs/:slug/members).

Capability: members:w — same as bind-stytch-org and role-overrides. This is an identity-management write surface; admin-token bearers always pass.

Audit envelope: member_recovery_initiated carrying stytch_org_id, target_member_id, target_email_domain (NOT the local-part, per the same redaction posture as the login redactEmail helper), and by_user_id of the initiating admin.

{
"error": "Org not found"
}
{
"error": "Tenant has no Stytch organization binding — bind one via POST /api/v1/admin/orgs/:slug/bind-stytch-org first."
}
{
"error": "Invalid JSON body"
}
{
"error": "email is required (member's primary email address)"
}
{
"error": "email is not a valid address"
}
{
"error": "login_redirect_url must be a valid URL"
}
{
"error": "Stytch is not configured on this deployment, or the SDK client is unavailable."
}
{
"error": "Stytch refused the send — verify the email belongs to a member of the bound organization."
}
{
"ok": true
}
  • File: src/admin/routes.ts
  • Line: 3208