Skip to main content
The Team API exposes the people behind your organization. Every Awardee customer has an organization that owns its data; the people who can sign in and act on that data are its members. A pending invite becomes a member when the recipient accepts.
Membership is org-scoped. Adding someone to one organization never grants them access to any other. API keys are also org-scoped — see Authentication.

Resources

Members

The active humans in your organization. Includes role, profile, and join timestamp.

Invitations

Pending invites that haven’t been accepted yet. Create, list, cancel.

Roles

Each member holds one role inside an organization. Roles are seeded per-org with the same five names; their role_id is unique to the org and what you pass when changing a role or creating an invitation.
RoleTypical permissions
ownerFull control. The API cannot assign this role (a PATCH to the owner role returns 409 conflict) — transfer ownership in the dashboard instead.
adminManage members, billing, settings, and every resource.
managerManage every operational resource (chatbots, articles, conversations, products, QR codes). No member or billing changes.
agentRespond to conversations, edit assigned articles, view operational data.
memberView-only across the org.
The exact permission keys behind each role can be customised by the org owner in the dashboard. Treat role names as display-only — branch on role_id for stable identity.

Lifecycle

1

Invite

POST /team/invitations with email + role_id. The response includes a one-time token — embed it in your accept URL (/invite/accept?token=…) and send it to the invitee.
2

Accept

The recipient signs in and accepts. Their organization_members row flips from invited to active and member.joined fires.
3

Operate

Change roles with PATCH /team/members/{id} and { "role_id": "…" }. The role_id must belong to your org. Each change fires member.role_changed. The API will not assign the owner role — ownership is not transferable via the API and the attempt returns 409 conflict; transfer ownership in the dashboard instead.
4

Remove

DELETE /team/members/{id} soft-removes the membership. The user’s profile survives — only their access to this org is revoked. member.removed fires.

Webhook events

Subscribe to these to keep external systems in lockstep with org membership:
member.invited
event
Fired when a pending invitation is created.
member.joined
event
Fired when an invitation is accepted and the user becomes an active member.
member.role_changed
event
Fired when a member’s role_id changes.
member.removed
event
Fired when a member is removed (status set to removed).
invitation.revoked
event
Fired when a pending invitation is cancelled before acceptance.
See Webhooks overview for the envelope and signing rules.

Permissions

Endpoints under /team require these permission keys when called with an OAuth access token. Personal API keys are unscoped — they bypass these checks.
EndpointRequired scope
GET /team/membersmembers.role_change
GET /team/members/{id}members.role_change
PATCH /team/members/{id}members.role_change
DELETE /team/members/{id}members.remove
GET /team/invitationsmembers.invite
POST /team/invitationsmembers.invite
GET /team/invitations/{id}members.invite
DELETE /team/invitations/{id}members.invite