POST /api/v1/admin/orgs/:slug/members/:id/initiate-recovery
This page is auto-generated from
src/admin/routes.ts. Do not edit by hand — seedocs/dev/docs-auto-sync.md.
:warning: Heuristic extraction — not a contract. Response shapes below are mined from
c.json(...)literals in the handler via an AST walker. Computed fields, ternaries, and non-literal returns are shown as placeholders. Refer to the linked source file for the authoritative behaviour.
POST /api/v1/admin/orgs/:slug/members/:id/initiate-recovery
Section titled “POST /api/v1/admin/orgs/:slug/members/:id/initiate-recovery”Authentication
Section titled “Authentication”Requires the following capability(ies):
members:w
Middleware
Section titled “Middleware”Other middleware observed on this route (heuristic):
requireCapabilityadminBodyLimit
Description
Section titled “Description”POST /api/v1/admin/orgs/:slug/members/:id/initiate-recovery — #403.
Sends a Stytch magic-link sign-in to the member’s primary email so an operator can re-establish access for a member who lost both their device AND their backup codes. Today the targeting parameters are:
- :slug → tenant slug, used to resolve
tenants.stytch_org_id - :id → Stytch member id (raw, without the
stytch:prefix) Once member CRUD lands (#421) the :id can also accept the Upwarden-side member identifier; until then operators pass the Stytch member_id directly (visible via Stytch dashboard / the per-org member list returned by GET /api/v1/admin/orgs/:slug/members).
Capability: members:w — same as bind-stytch-org and role-overrides. This is an identity-management write surface; admin-token bearers always pass.
Audit envelope: member_recovery_initiated carrying stytch_org_id,
target_member_id, target_email_domain (NOT the local-part, per the
same redaction posture as the login redactEmail helper), and
by_user_id of the initiating admin.
Responses
Section titled “Responses”HTTP 404
Section titled “HTTP 404”{ "error": "Org not found"}HTTP 400
Section titled “HTTP 400”{ "error": "Tenant has no Stytch organization binding — bind one via POST /api/v1/admin/orgs/:slug/bind-stytch-org first."}HTTP 400
Section titled “HTTP 400”{ "error": "Invalid JSON body"}HTTP 400
Section titled “HTTP 400”{ "error": "email is required (member's primary email address)"}HTTP 400
Section titled “HTTP 400”{ "error": "email is not a valid address"}HTTP 400
Section titled “HTTP 400”{ "error": "login_redirect_url must be a valid URL"}HTTP 503
Section titled “HTTP 503”{ "error": "Stytch is not configured on this deployment, or the SDK client is unavailable."}HTTP 400
Section titled “HTTP 400”{ "error": "Stytch refused the send — verify the email belongs to a member of the bound organization."}HTTP 200 (default)
Section titled “HTTP 200 (default)”{ "ok": true}Source
Section titled “Source”- File:
src/admin/routes.ts - Line: 3208