Skip to content

Inviting teammates

Invite someone by email so they can join your workspace and work alongside you.

Why it matters

When you invite a teammate, they get their own login and can help create and manage your content. You decide what they are allowed to do when you send the invite.

Step by step

Open your members list

Go to your workspace settings and find the people or members area. This is where everyone on your team is listed.

Send the invite

Click the button to invite someone. Type the person's email address, pick what they are allowed to do, then send it. They get an email with a link to join.

They click the link

The person opens the email and clicks the link. If they do not have an account yet, they sign up first. Then they accept, and they are added to your workspace.

TIP

Sent an invite by mistake or to the wrong address? You can cancel a pending invite from the same members list. Once you cancel it, the old link stops working.

Good to know

  • The invite link is private. Only share it with the person it is meant for.
  • An invite waits until the person accepts it. You can see who has not accepted yet in the members list.
  • If you cancel an invite, the link in that email no longer works.
  • The person joins with the permission level you chose when inviting them. You can change it later.
For developers
POST /api/v1/workspace/members/invite             send (auth, admin, gated, quota-enforced)
GET  /api/v1/workspace/invitations                list pending (auth, admin)
POST /api/v1/workspace/invitations/:id/revoke     revoke (auth, admin)

GET  /api/v1/invitations/:token                   public lookup (no auth — token is secret)
POST /api/v1/invitations/:token/accept            accept (auth)

Invitation fields:

typescript
{
  workspace_id: ObjectId,
  email: string,                                  // lowercase, indexed
  role: "owner" | "admin" | "editor" | "author" | "viewer",  // default "author"
  token: string,                                  // base64url-encoded 32-byte secret
  status: "pending" | "accepted" | "revoked" | "expired",
  invited_by: ObjectId,
  expires_at: Date,
  accepted_at: Date | null,
  accepted_by: ObjectId | null,
  revoked_at: Date | null,
}

Flow: an admin sends POST /workspace/members/invite { email, role }; Sosyabot mints a 32-byte token and emails an acceptance link. The recipient clicks the link, lands on /invitation-accept, which calls GET /invitations/:token to display details. Once logged in (or after signing up), the page calls POST /invitations/:token/accept, which moves status to accepted, joins the user to the workspace, and sets accepted_by. The token is the only auth needed for the public lookup — treat it as a secret. Revoking (/revoke) flips status to revoked and the token stops working.