Team Management
Invite members, manage roles, and transfer organization ownership.
All endpoints require a Bearer token. Base URL: https://api.airaproof.com/api/v1
Roles
| Role | Permissions |
|---|---|
| Owner | Full access. Billing, team management, delete org, transfer ownership. One per org. |
| Admin | Everything except billing and ownership transfer. Can invite members, manage API keys, view audit logs. |
| Member | Read-only dashboard. Can run cases and notarize actions via API key. Cannot manage team or billing. |
List Members
GET /api/v1/team/members
Authorization: Bearer <token>Requires admin role.
Response
[
{
"user_uuid": "uuid",
"email": "alice@acme.com",
"full_name": "Alice Chen",
"avatar_url": null,
"role": "owner",
"joined_at": "2026-01-15T10:00:00Z"
}
]Invite Member
POST /api/v1/team/invites
Authorization: Bearer <token>Requires admin role. Sends an invitation email.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
email | string | Yes | Email address to invite |
role | string | No | Role to assign: admin or member (default: member) |
Response
{
"id": "uuid",
"email": "bob@acme.com",
"role": "member",
"invited_by": "uuid",
"expires_at": "2026-04-02T10:00:00Z",
"created_at": "2026-03-26T10:00:00Z"
}Invitations expire after 7 days. The recipient registers via a special invite link and is automatically added to the organization.
List Pending Invites
GET /api/v1/team/invites
Authorization: Bearer <token>Requires admin role. Returns all pending (non-expired, non-accepted) invitations.
Cancel Invite
DELETE /api/v1/team/invites/{invite_uuid}
Authorization: Bearer <token>Requires admin role.
Update Member Role
PUT /api/v1/team/members/{user_uuid}/role
Authorization: Bearer <token>Requires owner role. Cannot change your own role.
Request Body
{
"role": "admin"
}Remove Member
DELETE /api/v1/team/members/{user_uuid}
Authorization: Bearer <token>Requires owner role. Cannot remove yourself (use transfer ownership instead).
Transfer Ownership
POST /api/v1/team/transfer-ownership
Authorization: Bearer <token>Requires owner role. Transfers ownership to another team member. You become an admin.
Request Body
{
"new_owner_id": "uuid"
}Leave Organization
POST /api/v1/auth/leave-org
Authorization: Bearer <token>Remove yourself from the organization. Owners cannot leave — transfer ownership first.