Skip to content

Validate an invitation token.

GET
/api/v1/invitations/validate
Code sample: Shell / cURL
curl --request GET \
--url 'https://auth.example.com/api/v1/invitations/validate?token=example'

Validates a public invitation token and returns tenant and invited-email metadata used by the invitation landing page.

token
required
string
>= 32 characters

Invitation validation response.

Media type application/json
object
valid
required
boolean
invitation_id
required
string
tenant_id
required
string
tenant_name
required
string
invited_email
string | null format: email
expires_at
required
integer
Example
{
"valid": true,
"invitation_id": "inv_123",
"tenant_id": "tenant_123",
"tenant_name": "Example Tenant",
"invited_email": "[email protected]",
"expires_at": 1770000000
}

Error response.

Media type application/json
object
error
string
error_description
string
message
string
webauthn_signal

Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.

object
unknown_credential
boolean
key
additional properties
Example generated
{
"error": "example",
"error_description": "example",
"message": "example",
"webauthn_signal": {
"unknown_credential": true
}
}

Error response.

Media type application/json
object
error
string
error_description
string
message
string
webauthn_signal

Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.

object
unknown_credential
boolean
key
additional properties
Example generated
{
"error": "example",
"error_description": "example",
"message": "example",
"webauthn_signal": {
"unknown_credential": true
}
}

Error response.

Media type application/json
object
error
string
error_description
string
message
string
webauthn_signal

Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.

object
unknown_credential
boolean
key
additional properties
Example generated
{
"error": "example",
"error_description": "example",
"message": "example",
"webauthn_signal": {
"unknown_credential": true
}
}