#Orgs

---

#POST /orgs

Create an organization

Auth: Bearer token required

Request body (application/json)

Field	Type	Description
name	string	(required)
slug	string	(required)

Responses

Status	Description	Schema
201	Created organization	Organization

---

#GET /orgs/{id}

Get an organization by id or slug

Auth: Bearer token required

Path parameters

Name	Type	Description
id	string

Responses

Status	Description	Schema
200	The organization	Organization
404	Organization not found	Error

---

#DELETE /orgs/{id}

Delete an organization

Owner only.

Auth: Bearer token required

Path parameters

Name	Type	Description
id	string

Responses

Status	Description	Schema
200	Deleted organization	object
401	Unauthorized	Error
403	Forbidden (not owner)	Error
404	Organization not found	Error

---

#GET /orgs/{id}/users

List organization members

Auth: Bearer token required

Path parameters

Name	Type	Description
id	string

Responses

Status	Description	Schema
200	Org members	OrgUserList
404	Organization not found	Error

---

#POST /orgs/{id}/users

Provision and add a member

Owner/admin only. Provisions (or upserts) a user and adds them to the org with the given role.

Auth: Bearer token required

Path parameters

Name	Type	Description
id	string

Request body (application/json)

Field	Type	Description
email	string(email)	(required)
name	string	(required)
role	owner | admin | member

Responses

Status	Description	Schema
201	Added member	object
401	Unauthorized	Error
403	Forbidden (member role)	Error
404	Organization not found	Error

---

#PATCH /orgs/{id}/users/{userId}

Change a member's role

Owner/admin only. Cannot demote the last owner.

Auth: Bearer token required

Path parameters

Name	Type	Description
id	string
userId	string

Request body (application/json)

Field	Type	Description
role	owner | admin | member	(required)

Responses

Status	Description	Schema
200	Updated member	object
400	Cannot demote the last owner	Error
401	Unauthorized	Error
403	Forbidden (member role)	Error
404	Member not found	Error

---

#DELETE /orgs/{id}/users/{userId}

Remove a member

Owner/admin only. Cascades project memberships and personal tokens scoped to the org. Cannot remove the last owner.

Auth: Bearer token required

Path parameters

Name	Type	Description
id	string
userId	string

Responses

Status	Description	Schema
200	Member removed	object
400	Cannot remove the last owner	Error
401	Unauthorized	Error
403	Forbidden (member role)	Error
404	Member not found	Error

---

#POST /orgs/{id}/leave

Leave an organization

The current user removes themselves. The last owner cannot leave.

Auth: Bearer token required

Path parameters

Name	Type	Description
id	string

Responses

Status	Description	Schema
200	Left the org	object
400	Last owner cannot leave	Error
401	Unauthorized	Error
404	Not a member	Error

---

#GET /orgs/{id}/sso-extras

List org SSO extras

Owner/admin only. Per-provider settings (e.g. forceSso) not covered by the better-auth SSO plumbing.

Auth: Bearer token required

Path parameters

Name	Type	Description
id	string

Responses

Status	Description	Schema
200	SSO extras	OrgSsoExtraList
401	Unauthorized	Error
403	Forbidden (member role)	Error

---

#PATCH /orgs/{id}/sso-extras/{providerId}

Toggle force-SSO for an org SSO provider

Owner/admin only.

Auth: Bearer token required

Path parameters

Name	Type	Description
id	string
providerId	string

Request body (application/json)

Field	Type	Description
forceSso	boolean	(required)

Responses

Status	Description	Schema
200	Updated SSO extra	object
401	Unauthorized	Error
403	Forbidden (member role)	Error
404	Provider not found	Error

#Schemas

#Error

Field	Type	Description
error	string	(required)
code	string

#OrgSsoExtraList

Type: object[]

#OrgUserList

Type: object[]

#Organization

Field	Type	Description
id	string	(required)
name	string	(required)
slug	string	(required)
createdAt	string | string	(required)