Organizations

Manage organizations, members, roles, and invitations.

Organizations

Organizations (workspaces) are the top-level container for agents, policies, API keys, and team members. Every user's first organization is auto-created at signup; additional ones can be created from the dashboard.

List Organizations

GET /v1/orgs

Auth: JWT (viewer+)

Returns all organizations the authenticated user belongs to.

bash

curl https://api.checkrd.io/v1/orgs \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Response 200 OK

json

{
  "organizations": [
    {
      "id": "01916a3e-...",
      "name": "Acme Corp",
      "slug": "acme-corp",
      "plan_tier": "team"
    }
  ],
  "active_org_id": "01916a3e-..."
}

Create an Organization

POST /v1/orgs

Auth: JWT (any authenticated user)

Parameter	Type	Required	Description
`name`	string	Yes	Workspace name.

The creating user becomes the owner. New workspaces start on the free plan and can be upgraded independently. Free users may own up to 5 free workspaces (paid workspaces do not count); additional workspaces are rate-limited to 10 per hour per user. Returns org_count_exceeded or 429 when limits are reached.

List Members

GET /v1/orgs/:org_id/members

Auth: JWT (member+)

bash

curl https://api.checkrd.io/v1/orgs/01916a3e-.../members \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Response 200 OK

json

{
  "members": [
    {
      "id": "...",
      "user_id": "...",
      "role": "admin",
      "email": "alice@company.com",
      "user_name": "Alice",
      "accepted_at": "2026-04-10T14:30:00Z"
    }
  ]
}

Invite a Member

POST /v1/orgs/:org_id/invitations

Auth: JWT (admin+)

Parameter	Type	Required	Description
`email`	string	Yes	Email address.
`role`	string	Yes	`owner`, `admin`, `member`, or `viewer`.

Subject to plan tier member limits (Free: 1, Team: 20, Enterprise: unlimited).

Update Member Role

PUT /v1/orgs/:org_id/members/:member_id/role

Auth: JWT (admin+)

Parameter	Type	Required	Description
`role`	string	Yes	New role.

Remove a Member

DELETE /v1/orgs/:org_id/members/:member_id

Auth: JWT (admin+)

Returns { "success": true }.

List Pending Invitations

GET /v1/orgs/:org_id/invitations

Auth: JWT (admin+)

Returns the workspace's pending invitations: who, what role, when they were sent, and when they expire.

Revoke an Invitation

POST /v1/orgs/:org_id/invitations/:invitation_id/revoke

Auth: JWT (admin+)

Cancels a pending invitation. The invitee's email link stops working immediately.

Response 200 OK: returns the revoked invitation.

Resend an Invitation

POST /v1/orgs/:org_id/invitations/:invitation_id/resend

Auth: JWT (admin+)

Re-sends the invitation email and refreshes the expiration window. Useful when the original email was missed or expired.

Response 200 OK: returns the refreshed invitation.

Get Deletion Status

GET /v1/orgs/:org_id/deletion-status

Auth: JWT (member+)

Workspace deletion uses a 30-day soft-delete grace window before permanent purge (GDPR Article 17 lifecycle). This endpoint returns when the workspace was soft-deleted and when the purge job will execute.

json

{
  "deleted_at": "2026-04-12T09:15:00Z",
  "purge_at": "2026-05-12T09:15:00Z",
  "purged_at": null
}

For an active workspace, deleted_at and purge_at are both null.

Expedite Purge

POST /v1/orgs/:org_id/purge

Auth: JWT (owner only)

Sets purge_at = now() so the next scheduled purge run permanently deletes the workspace and all of its data. Used when a legal compliance request can't wait the full 30-day grace window.

Response 200 OK: returns the updated deletion status.

Control Billing