Docs
Update Invitation Permissions
PUT /crew/{crewId}/invitation/permissions
PUT
/crew/{crewId}/invitation/permissionsRequired Tokens
| Field | Type | Required | Description |
|---|---|---|---|
| Bearer | Authorization: Bearer <api-key> | Optional | Your API key. Pass it as the Bearer token on every request. |
| Organization token | x-Organization-Token | Optional | Run **Authorize Organization** in the Authorization folder. |
Edits the permission payload of an outstanding invitation — for a crew member who has been invited
but has not signed up yet (no user identity exists to attach real permission rows to). The update is
silent: it overwrites the invitation's stored permissions and does not re-send the invite
email. Once the invitee signs up, edit their real permissions via the permissions endpoint instead.
The org scope is derived from the token.
Requires Organization admin (*) permission.
Path Parameters
| Field | Type | Required | Description |
|---|---|---|---|
| crewId | Guid | Required | The crew member whose outstanding invitation to edit. |
Body
| Field | Type | Required | Description |
|---|---|---|---|
| permissions | string[] | Required | `Organization.*` permission strings; each validated against the catalog. |
Responses
200 OK— payload updated silently.400 Bad Request— an unknown permission string, or the invitation has already been consumed (edit the real permissions instead; this API has no 409 mapping).403 Forbidden— caller is not an organization admin.404 Not Found— the crew member or an outstanding invitation for it does not exist.