GroupInvitations - BevvyTech/BrewskiDocs GitHub Wiki

Group Invitations

Overview

  • Endpoint Group: Groups / Invitations
  • Purpose: Manage membership invitations for brewery groups, including issuing and revoking pending requests.
  • Availability: Requires team membership (only active owner/admin members can manage invites).

Endpoint Summary

Method Path Description
POST /groups/:groupId/invitations/internal Invite an existing brewery team into the group.
POST /groups/:groupId/invitations/external Send an email invite to a brewery that has not joined yet.
DELETE /groups/:groupId/invitations/:inviteId Revoke a pending invite so it no longer appears for the recipient.

Authentication

  • Requires a valid bearer token (Authorization: Bearer <token>).
  • The caller must belong to an active team that is a member of the target group.
  • Only owner/admin roles can issue or revoke invitations; member roles receive 403 Forbidden.

Request — DELETE /groups/:groupId/invitations/:inviteId

URL Parameters

  • :groupId (uuid, required) — Brewery group that owns the invite.
  • :inviteId (uuid, required) — Invitation to revoke. Must currently belong to the group and remain in pending status.

Headers

  • Authorization: Bearer <token> — Required session token for the acting user.
  • Content-Type: application/json

Body

  • None.

Response

Success 200 OK 

{
  "invite": {
    "id": "f25e0f49-06c2-4a62-b91e-3d28a0ed4b8d",
    "status": "expired",
    "inviteeEmail": "[email protected]",
    "inviteeName": "Example Brewery",
    "inviteeTeam": null,
    "invitedBy": {
      "id": "0dc3c9df-e5ea-4e3a-a28b-1ef0c7df0216",
      "name": "Alex Brewer",
      "email": "[email protected]"
    },
    "expiresAt": "2025-11-12T16:50:55.423Z",
    "createdAt": "2025-10-29T16:50:55.423Z",
    "memberId": null,
    "notes": null
  }
}
  • status is set to expired once the invite is revoked. Any previous pending notifications should be cleared client-side.
  • inviteeTeam is populated only for internal invitations where the target brewery already has a team record.

Error Codes

Status Body Example When It Happens
401 Unauthorized { "message": "unauthorized" } Missing or invalid bearer token.
403 Forbidden { "message": "Only active owner/admin members can revoke invites" } Caller lacks sufficient role or active membership.
404 Not Found { "message": "Invite not found" } Invite ID does not belong to the group or the group is retired.
409 Conflict { "message": "Cannot revoke invite with status accepted" } Invite has already been accepted/declined/expired.

Side Effects & Events

  • Updates brewery_group_invite.status to expired and stamps updated_at.
  • Touches the parent brewery_group.updated_at timestamp so dashboards notice recent activity.
  • No background jobs or notifications are emitted today.

Rate Limiting & Idempotency

  • Standard application rate limits apply.
  • Endpoint is idempotent for a given invite: subsequent calls after revocation return 409 Conflict once the status is no longer pending.

Examples

curl -X DELETE \
  -H "Authorization: Bearer $TOKEN" \
  https://api.brewskiapp.com/groups/f2354625-d0fc-473d-b52b-72df54d850b3/invitations/43ad4bb5-b45c-4d49-8943-cc54d397d1d7

Changelog

Date Author Change
2025-10-29 Codex Agent Documented invite revocation endpoint.
⚠️ **GitHub.com Fallback** ⚠️