Organizations & Members
Organizations are sub-groups within a workspace. Each workspace can contain multiple organizations — for example, separate brands, teams, or clients. Members belong to a specific organization and their access is scoped to it.
All endpoints on this page require a valid JWT token. For server-to-server access, use API keys instead — see Authentication.
Base URL: https://pharlo.io
Auth: Authorization: Bearer <jwt_token>
Roles
| Role | Can manage members | Can change roles | Can remove members | Can invite |
|---|---|---|---|---|
owner | Yes | Yes | Yes | Yes |
admin | Yes | Members only | Yes | Yes |
member | No | No | No | No |
The owner role is assigned to the organization creator and cannot be transferred via API — only one owner per organization is allowed.
To invite a new user, see Invitations.
Endpoints
| Method | Path | Role required | Description | Status |
|---|---|---|---|---|
| GET | /api/v1/auth/organizations | Any | List user's organizations | 200 |
| GET | /api/v1/auth/organizations/{id} | Any | Organization detail | 200 |
| GET | /api/v1/auth/organizations/{id}/members | Any | List members | 200 |
| PATCH | /api/v1/auth/organizations/{orgId}/members/{memberId}/role | owner / admin | Change member role | 200 |
| DELETE | /api/v1/auth/organizations/{orgId}/members/{memberId} | owner / admin | Remove member | 204 |
GET /api/v1/auth/organizations
Returns all organizations the authenticated user belongs to, along with the user's role in each.
Example request
curl https://pharlo.io/api/v1/auth/organizations \
-H "Authorization: Bearer $JWT_TOKEN"Response 200 OK
| Field | Type | Description |
|---|---|---|
items | array | List of organizations the user belongs to |
items[].id | UUID | Organization identifier |
items[].name | string | Display name of the organization |
items[].slug | string | URL-friendly identifier |
items[].role | string | The current user's role in this organization: owner, admin, or member |
items[].memberCount | integer | Total number of members |
{
"items": [
{
"id": "018e1f3a-7c2b-7000-8f4d-1a2b3c4d5e6f",
"name": "Acme Corp",
"slug": "acme-corp",
"role": "owner",
"memberCount": 4
}
]
}GET /api/v1/auth/organizations/{id}
Returns full details of a specific organization. The authenticated user must be a member of it.
Path parameters
| Parameter | Type | Description |
|---|---|---|
id | UUID | Organization identifier |
Example request
curl https://pharlo.io/api/v1/auth/organizations/018e1f3a-7c2b-7000-8f4d-1a2b3c4d5e6f \
-H "Authorization: Bearer $JWT_TOKEN"Response 200 OK
| Field | Type | Description |
|---|---|---|
id | UUID | Organization identifier |
name | string | Display name |
slug | string | URL-friendly identifier |
owner | object | User object of the organization owner |
owner.id | UUID | Owner's user ID |
owner.name | string | Owner's display name |
owner.email | string | Owner's email address |
createdAt | ISO 8601 | When the organization was created |
{
"id": "018e1f3a-7c2b-7000-8f4d-1a2b3c4d5e6f",
"name": "Acme Corp",
"slug": "acme-corp",
"owner": {
"id": "018e1f3a-9d3c-7000-af5e-2b3c4d5e6f7a",
"name": "Alice",
"email": "alice@example.com"
},
"createdAt": "2026-01-01T00:00:00Z"
}GET /api/v1/auth/organizations/{id}/members
Returns a list of all members in the organization. Available to any organization member.
Path parameters
| Parameter | Type | Description |
|---|---|---|
id | UUID | Organization identifier |
Example request
curl https://pharlo.io/api/v1/auth/organizations/018e1f3a-7c2b-7000-8f4d-1a2b3c4d5e6f/members \
-H "Authorization: Bearer $JWT_TOKEN"Response 200 OK
| Field | Type | Description |
|---|---|---|
items | array | List of members |
items[].id | UUID | Member record identifier (distinct from the user's ID) |
items[].user | object | User details |
items[].user.id | UUID | User identifier |
items[].user.name | string | Display name |
items[].user.email | string | Email address |
items[].role | string | Organization role: owner, admin, or member |
items[].joinedAt | ISO 8601 | When the user joined the organization |
{
"items": [
{
"id": "018e2a4b-1c3d-7000-9e5f-3c4d5e6f7a8b",
"user": {
"id": "018e1f3a-9d3c-7000-af5e-2b3c4d5e6f7a",
"name": "Alice",
"email": "alice@example.com"
},
"role": "owner",
"joinedAt": "2026-01-01T00:00:00Z"
},
{
"id": "018e3b5c-2d4e-7000-af6a-4d5e6f7a8b9c",
"user": {
"id": "018e3b5c-8e4f-7000-bf7b-5e6f7a8b9c0d",
"name": "Bob",
"email": "bob@example.com"
},
"role": "member",
"joinedAt": "2026-02-15T00:00:00Z"
}
]
}PATCH /api/v1/auth/organizations/{orgId}/members/{memberId}/role
Changes a member's role within the organization. Requires owner or admin role.
An admin can only promote or demote member-level users. Only the owner can change an admin's role. The owner role itself cannot be reassigned via API.
Path parameters
| Parameter | Type | Description |
|---|---|---|
orgId | UUID | Organization identifier |
memberId | UUID | Member record identifier (from the members list, not the user's ID) |
Request body
| Field | Type | Required | Description |
|---|---|---|---|
role | string | Yes | New role to assign: admin or member |
Example request
curl -X PATCH \
https://pharlo.io/api/v1/auth/organizations/018e1f3a-7c2b-7000-8f4d-1a2b3c4d5e6f/members/018e3b5c-2d4e-7000-af6a-4d5e6f7a8b9c/role \
-H "Authorization: Bearer $JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{"role": "admin"}'Response 200 OK
{
"id": "018e3b5c-2d4e-7000-af6a-4d5e6f7a8b9c",
"role": "admin"
}DELETE /api/v1/auth/organizations/{orgId}/members/{memberId}
Removes a member from the organization. Requires owner or admin role.
The owner cannot be removed. Removing a member revokes their access immediately — they will no longer see the organization or its resources.
Path parameters
| Parameter | Type | Description |
|---|---|---|
orgId | UUID | Organization identifier |
memberId | UUID | Member record identifier (from the members list, not the user's ID) |
Example request
curl -X DELETE \
https://pharlo.io/api/v1/auth/organizations/018e1f3a-7c2b-7000-8f4d-1a2b3c4d5e6f/members/018e3b5c-2d4e-7000-af6a-4d5e6f7a8b9c \
-H "Authorization: Bearer $JWT_TOKEN"Response 204 No Content
No response body. A 204 confirms the member was removed successfully.
Error responses
| Status | Reason |
|---|---|
401 | Missing or expired JWT token |
403 | Insufficient role — admin or owner required for this action |
404 | Organization or member not found, or the authenticated user is not a member |
409 | Cannot remove the owner, or cannot change the owner role |
{
"error": "Access denied",
"details": {}
}See Error Handling for the full list of error codes.
See also
- Invitations — invite users to join an organization by email
- User Auth — register, log in, and manage user profiles
- Authentication guide — overview of JWT and API key auth
- Core Concepts — domain model: workspaces, organizations, connections, assignments