Team Members & Seats
Team membership lets you invite colleagues to your Wrapd workspace. Each member gets their own login, scoped API keys, and role-based permissions. The account owner controls who has access and what they can do.
How it works
Section titled “How it works”- The account owner (or an admin) sends an invite by email
- The invitee receives a link to join the workspace
- They click the link and either sign in or create a Wrapd account
- Once accepted, they appear in the team members list with their assigned role
Owner → POST /team/invite (email, role) → Email sent ↓ Invitee clicks link ↓ /join/:token → Account linkedRoles and permissions
Section titled “Roles and permissions”There are three roles in a Wrapd workspace:
| Permission | Owner | Admin | Member |
|---|---|---|---|
| View endpoints & pipelines | Yes | Yes | Yes |
| Execute endpoints | Yes | Yes | Yes |
| Create/edit endpoints | Yes | Yes | No |
| Create/edit pipelines | Yes | Yes | No |
| Manage API keys | Yes | Yes | Own only |
| Manage secrets | Yes | Yes | No |
| Manage agents | Yes | Yes | No |
| Invite members | Yes | Yes | No |
| Remove members | Yes | Yes | No |
| Change member roles | Yes | Yes | No |
| Manage billing | Yes | No | No |
| Delete workspace | Yes | No | No |
The owner is the account creator and is implicit — they do not appear in the team_members table. There is exactly one owner per workspace.
Admins have full operational control but cannot manage billing or delete the workspace.
Members have read and execute access. They can create their own API keys but cannot modify endpoints, pipelines, secrets, or agents.
Inviting members
Section titled “Inviting members”From the dashboard at /dashboard/team, enter the invitee’s email and select a role:
curl -X POST https://api.wrapd.sh/team/invite \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{"email": "colleague@example.com", "role": "member"}'The invitee receives an email with a one-click invite link pointing to /join/:token. If they don’t have a Wrapd account, they’ll be prompted to create one before joining.
You can resend an invite if it was missed:
curl -X POST https://api.wrapd.sh/team/invite/:id/resend \ -H "Authorization: Bearer $TOKEN"Accepting an invite
Section titled “Accepting an invite”When an invitee clicks the invite link, they land on the /join/:token page. This page shows who invited them and which workspace they’re joining. After confirming, they’re added to the team.
The invite token is single-use — once accepted, the link is invalidated.
Seat limits
Section titled “Seat limits”The Team tier includes 3 seats by default. This count includes the owner. Attempting to invite beyond the seat limit will return an error.
Removing members
Section titled “Removing members”Owners and admins can remove any member from the team page or via the API:
curl -X DELETE https://api.wrapd.sh/team/members/:id \ -H "Authorization: Bearer $TOKEN"When a member is removed:
- Their session is invalidated
- API keys they created (tracked via
api_keys.created_by) are revoked - They lose access to the workspace immediately
Changing roles
Section titled “Changing roles”Update a member’s role at any time:
curl -X PATCH https://api.wrapd.sh/team/members/:id \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{"role": "admin"}'Dashboard
Section titled “Dashboard”The team management page is available at /dashboard/team and includes:
- Member list — shows each member’s email, role, and join date
- Invite form — email input and role selector
- Pending invites — invites that haven’t been accepted yet, with resend option
- Role management — change roles or remove members inline
Combining with other features
Section titled “Combining with other features”- Scoped API keys — each member can create their own API keys, scoped to specific endpoints
- Execution approvals — team members can be approvers for approval-gated endpoints
- Alert rules — alerts can notify the whole team via shared Slack channels or webhooks