Skip to main content

Workspace Session API

These endpoints are under /api (session cookie auth), not /api/v1 (API token auth).
Use these routes from authenticated dashboard clients with credentials: "include".

Create Workspace (Session)

POST /api/workspaces
Creates a workspace for the logged-in user with server-side plan enforcement.

Request Body

{
  "name": "Design System",
  "description": "Main product workspace",
  "include_in_organization": true
}

Notes

  • include_in_organization is optional (default false).
  • If include_in_organization=true, caller must have Organizations feature access and at least one organization.
  • Owner membership is created automatically.

List Workspace Members

GET /api/workspaces/{workspaceId}/members
Returns current members and profile info.

Response (200)

{
  "members": [
    {
      "id": "membership-id",
      "workspace_id": "workspace-id",
      "user_id": "user-id",
      "role": "owner",
      "user_email": "owner@company.com",
      "user_name": "Owner Name"
    }
  ],
  "invitations": []
}
invitations is kept as an empty array for backward compatibility.

Add/Update Member Immediately

POST /api/workspaces/{workspaceId}/members
Adds a member directly (no pending invitation, no email flow).

Request Body

{
  "email": "member@company.com",
  "role": "editor"
}

Behavior

  • Requires workspace permission to manage members.
  • Email must match an existing profile account.
  • If user is already a member, role is updated.
  • Plan limits are enforced on add.

Responses

  • 201 member added
  • 200 role updated
  • 404 user email not found
  • 403 permission or plan limit blocked
Legacy invitation-link endpoints are deprecated and return 410 Gone:
  • POST /api/workspaces/invitations/accept
  • GET /api/workspaces/invitations/verify
  • DELETE /api/workspaces/invitations/{id}

Deprecated Response

{
  "error": "Workspace invitation links are deprecated. Members are now added instantly from workspace settings."
}

Downgrade Status (Session)

GET /api/subscription/downgrade-status
Returns post-downgrade overage state used by the global warning banner.

Response (200)

{
  "plan_type": "PRO",
  "has_overages": true,
  "overages": [
    { "type": "workspaces", "current": 4, "limit": 3 }
  ],
  "enforcement": {
    "can_create_workspace": false,
    "can_invite_members": true,
    "can_access_organizations": false
  }
}