Skip to main content

Workspace Session API

These endpoints are under /api (session cookie auth), not /api/v1 (API token auth).
Use these routes from authenticated dashboard clients with credentials: "include".

Create Workspace (Session)

Creates a workspace for the logged-in user with server-side plan enforcement.

Request Body

Notes

  • include_in_organization is optional (default false).
  • If include_in_organization=true, caller must have Organizations feature access and at least one organization.
  • Owner membership is created automatically.

List Workspace Members

Returns current members and profile info.

Response (200)

invitations is kept as an empty array for backward compatibility.

Add/Update Member Immediately

Adds a member directly (no pending invitation, no email flow).

Request Body

Behavior

  • Requires workspace permission to manage members.
  • Email must match an existing profile account.
  • If user is already a member, role is updated.
  • Plan limits are enforced on add.

Responses

  • 201 member added
  • 200 role updated
  • 404 user email not found
  • 403 permission or plan limit blocked
Legacy invitation-link endpoints are deprecated and return 410 Gone:
  • POST /api/workspaces/invitations/accept
  • GET /api/workspaces/invitations/verify
  • DELETE /api/workspaces/invitations/{id}

Deprecated Response

Downgrade Status (Session)

Returns post-downgrade overage state used by the global warning banner.

Response (200)