# Create workspace invitation Create an invitation by email with an optional bundle of project grants. Idempotent: returns 200 OK if a pending invitation for the same recipient already exists. Endpoint: POST /workspaces/{workspace_id}/invitations Version: 0.23.9 Security: Auth ## Path parameters: - `workspace_id` (string, required) Unique identifier (UUID) of the workspace. Example: "550e8400-e29b-41d4-a716-446655440000" ## Request fields (application/json): - `email` (string, required) Email address of the invited user. Example: "user@example.com" - `workspace_role` (string, required) Role assigned to a user within a workspace. Enum: "admin", "member" - `project_grants` (array) Optional project grants to apply when the invitation is accepted. Example: [{"project_id":"0193d4a1-7e02-7d29-8d8a-3b0e5a7c8f12","role":"viewer"}] - `project_grants.project_id` (string, required) Project the grant is for. - `project_grants.role` (string, required) Project-level role for a workspace member. Enum: "editor", "viewer" ## Response 200 fields (application/json): - `item` (object, required) A pending offer to join a workspace. An invitation can optionally bundle project grants. The invitee is identified by email because they may not have a Kratos account yet at the time the invitation is created. - `item.id` (string, required) Unique invitation identifier. - `item.workspace` (object, required) Workspace the invitee is being added to. - `item.workspace.id` (string, required) Unique workspace identifier. - `item.workspace.name` (string, required) Human-readable workspace name. - `item.workspace.created_at` (string, required) Timestamp when the resource was created. RFC 3339 / ISO 8601, UTC. - `item.email` (string, required) Recipient email address. - `item.workspace_role` (string, required) Role assigned to a user within a workspace. Enum: "admin", "member" - `item.status` (string, required) Current invitation lifecycle status. Enum: "pending", "accepted", "declined", "revoked", "expired" - `item.expires_at` (string, required) Timestamp when the resource expires. RFC 3339 / ISO 8601, UTC. Absent if the resource never expires. - `item.created_at` (string, required) Timestamp when the resource was created. RFC 3339 / ISO 8601, UTC. - `item.project_grants` (array, required) Project grants to apply when the invitation is accepted. Empty for admins, who receive implicit access to every project. Example: [{"project":{"id":"0193d4a1-7e02-7d29-8d8a-3b0e5a7c8f12","name":"Production","created_at":"2024-01-15T10:30:00Z"},"role":"viewer"}] - `item.project_grants.project` (object, required) Project the grant applies to. Example: {"id":"0193d4a1-7e02-7d29-8d8a-3b0e5a7c8f12","name":"Production","created_at":"2024-01-15T10:30:00Z"} - `item.project_grants.project.id` (string, required) Unique project identifier. Example: "0193d4a1-7e02-7d29-8d8a-3b0e5a7c8f12" - `item.project_grants.project.name` (string, required) Human-readable project name. Example: "Production" - `item.project_grants.project.created_at` (string, required) Timestamp when the resource was created. RFC 3339 / ISO 8601, UTC. Example: "2024-01-15T10:30:00Z" - `item.project_grants.role` (string, required) Project-level role for a workspace member. Enum: "editor", "viewer" ## Response 400 fields (application/problem+json): - `type` (string, required) A URI that identifies the error type. Open it in a browser to read about this category of error. Example: "https://docs.vilna.io/apis/problems/invalid-request" - `title` (string, required) A short summary of the error type. Use detail for information specific to this occurrence. Example: "Invalid Request" - `status` (integer, required) The HTTP status code for this error. Matches the status code of the HTTP response. Example: 400 - `detail` (string) A human-readable explanation of what went wrong in this specific case. May be localized. Example: "Validation error" - `instance` (string) A URI that identifies this specific error occurrence. Include this value when contacting support. - `code` (string, required) Stable machine-readable error code ({domain}.{reason}) for programmatic error handling. Unlike the HTTP status or free-form detail, this code is guaranteed not to change between versions for a given error condition, so it is safe to branch on in client code. Defaults to unspecified when the server has not assigned a specific code. Example: "blockchain.name_too_long" - `fields` (array) List of invalid fields in the request - `fields.name` (string, required) The name of the invalid field Example: "meta" - `fields.reason` (string, required) Why this field is invalid Example: "Exceeded maximum data size — must not exceed 1000 characters" ## Response 401 fields (application/problem+json): - `type` (string, required) A URI that identifies the error type. Open it in a browser to read about this category of error. Example: "https://docs.vilna.io/apis/problems/unauthorized" - `title` (string, required) A short summary of the error type. Use detail for information specific to this occurrence. Example: "Unauthorized" - `status` (integer, required) The HTTP status code for this error. Matches the status code of the HTTP response. Example: 401 - `detail` (string) A human-readable explanation of what went wrong in this specific case. May be localized. Example: "Missing or invalid authentication credentials" - `instance` (string) A URI that identifies this specific error occurrence. Include this value when contacting support. - `code` (string, required) Stable machine-readable error code ({domain}.{reason}) for programmatic error handling. Unlike the HTTP status or free-form detail, this code is guaranteed not to change between versions for a given error condition, so it is safe to branch on in client code. Defaults to unspecified when the server has not assigned a specific code. Example: "auth.unauthorized" ## Response 403 fields (application/problem+json): - `type` (string, required) A URI that identifies the error type. Open it in a browser to read about this category of error. Example: "https://docs.vilna.io/apis/problems/forbidden" - `title` (string, required) A short summary of the error type. Use detail for information specific to this occurrence. Example: "Forbidden" - `status` (integer, required) The HTTP status code for this error. Matches the status code of the HTTP response. Example: 403 - `detail` (string) A human-readable explanation of what went wrong in this specific case. May be localized. Example: "You do not have permission to perform this action" - `instance` (string) A URI that identifies this specific error occurrence. Include this value when contacting support. - `code` (string, required) Stable machine-readable error code ({domain}.{reason}) for programmatic error handling. Unlike the HTTP status or free-form detail, this code is guaranteed not to change between versions for a given error condition, so it is safe to branch on in client code. Defaults to unspecified when the server has not assigned a specific code. Example: "chain.not_allowed" ## Response 404 fields (application/problem+json): - `type` (string, required) A URI that identifies the error type. Open it in a browser to read about this category of error. Example: "https://docs.vilna.io/apis/problems/not-found" - `title` (string, required) A short summary of the error type. Use detail for information specific to this occurrence. Example: "Not Found" - `status` (integer, required) The HTTP status code for this error. Matches the status code of the HTTP response. Example: 404 - `detail` (string) A human-readable explanation of what went wrong in this specific case. May be localized. Example: "The requested resource was not found" - `instance` (string) A URI that identifies this specific error occurrence. Include this value when contacting support. - `code` (string, required) Stable machine-readable error code ({domain}.{reason}) for programmatic error handling. Unlike the HTTP status or free-form detail, this code is guaranteed not to change between versions for a given error condition, so it is safe to branch on in client code. Defaults to unspecified when the server has not assigned a specific code. Example: "blockchain.not_found" ## Response 409 fields (application/problem+json): - `type` (string, required) A URI that identifies the error type. Open it in a browser to read about this category of error. Example: "https://docs.vilna.io/apis/problems/conflict" - `title` (string, required) A short summary of the error type. Use detail for information specific to this occurrence. Example: "Conflict" - `status` (integer, required) The HTTP status code for this error. Matches the status code of the HTTP response. Example: 409 - `detail` (string) A human-readable explanation of what went wrong in this specific case. May be localized. Example: "Resource already exists with the same identifier" - `instance` (string) A URI that identifies this specific error occurrence. Include this value when contacting support. - `code` (string, required) Stable machine-readable error code ({domain}.{reason}) for programmatic error handling. Unlike the HTTP status or free-form detail, this code is guaranteed not to change between versions for a given error condition, so it is safe to branch on in client code. Defaults to unspecified when the server has not assigned a specific code. Example: "invoice.address_occupied" ## Response default fields (application/problem+json): - `type` (string, required) A URI that identifies the error type. Open it in a browser to read about this category of error. - `title` (string, required) A short summary of the error type. Use detail for information specific to this occurrence. - `status` (integer, required) The HTTP status code for this error. Matches the status code of the HTTP response. - `detail` (string) A human-readable explanation of what went wrong in this specific case. May be localized. - `instance` (string) A URI that identifies this specific error occurrence. Include this value when contacting support. - `code` (string, required) Stable machine-readable error code ({domain}.{reason}) for programmatic error handling. Unlike the HTTP status or free-form detail, this code is guaranteed not to change between versions for a given error condition, so it is safe to branch on in client code. Defaults to unspecified when the server has not assigned a specific code.