E010: Accept invitation
POST /api/invitations/accept
Adds the accepting user to the inviting org with the role from the invitation. Triggered from the public Accept Invite page; the route is unauthenticated but the caller must submit a verified Firebase ID token in the body so the workflow can match the invitation's email.
Authentication
User-scoped route. Requires Authorization: Bearer <firebase-id-token>; X-Org-Id is not required — the user identity alone is sufficient. Access: Member.
Request
{
"token": "opaque-string"
}
| Field | Type | Required | Notes |
|---|---|---|---|
token | string | yes | The invitation token from the email link. |
The Firebase ID token in Authorization must belong to the same email as the invitation.
Response — 200 OK
{
"membership": {
"userId": "uuid",
"orgId": "uuid",
"role": "member",
"createdAt": "2026-05-18T22:00:00Z"
},
"organization": { "id": "uuid", "name": "Acme Co", "slug": "acme-co" }
}
Errors
| HTTP | code | Condition |
|---|---|---|
| 404 | not_found | Unknown token. |
| 422 | validation_failed | Firebase token email does not match the invitation email. |
| 409 | invalid_transition | Invitation is expired, accepted, or revoked; or the caller is already a member. |
Workflow
Calls W010 Accept invitation.