Skip to main content

Revoke Team Invitation

Revokes a pending team invitation, preventing it from being accepted by the recipient.

Authentication required (User JWT).

POST/api/merchants/:merchantId/invitations/:invitationId/revoke

Authentication

This endpoint requires a valid user JWT token to be passed in the Authorization header:

Authorization: Bearer <your-jwt-token>

The user making the request must have appropriate permissions (Admin or Owner) for the merchant account.

Path Parameters

ParameterTypeDescription
merchantIdStringThe ID of the merchant.
invitationIdStringThe ID of the invitation to revoke.

Response 200 OK

Returns the details of the revoked invitation.

{
  "message": "Invitation has been successfully revoked",
  "invitation": {
    "id": "inv_123456789",
    "email": "invited@example.com",
    "role": "MEMBER",
    "status": "REVOKED",
    "merchantId": "merch_987654321",
    "invitedByUserId": "user_abcdef123",
    "expiresAt": "2023-12-31T23:59:59.999Z",
    "createdAt": "2023-10-25T15:30:00.000Z",
    "updatedAt": "2023-10-26T09:45:00.000Z"
  }
}

Errors

  • 400 Bad Request: Invalid invitation ID or the invitation is not in a PENDING state.
  • 401 Unauthorized: Invalid or missing JWT, or the user lacks sufficient permissions.
  • 404 Not Found: Invitation or merchant not found.
  • 500 Internal Server Error: Server encountered an unexpected error.

Notes

  • Only pending invitations can be revoked. Accepted, expired, or already revoked invitations cannot be revoked again.
  • When an invitation is revoked, any token associated with it becomes invalid.
  • The invitation recipient will not be automatically notified when an invitation is revoked.

Example Requests

cURL

curl -X POST \
  "https://api.skypay.com/api/merchants/merch_987654321/invitations/inv_123456789/revoke" \
  -H "Authorization: Bearer <your-jwt-token>"

JavaScript (Fetch API)

fetch('https://api.skypay.com/api/merchants/merch_987654321/invitations/inv_123456789/revoke', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer <your-jwt-token>'
  }
})
.then(response => response.json())
.then(data => console.log('Invitation revoked:', data))
.catch(error => console.error('Error:', error));