Team Management
Manage team members with role-based access control (RBAC). Invite users, assign roles, and track activity via audit logs.
Roles
| Role | Permissions |
|---|---|
| Owner | Full access including billing and account deletion |
| Admin | Manage recipients, payments, and team members (except Owner) |
| Manager | Recipient and payment management only |
| Viewer | Read-only access to dashboard and reports |
List Team Members
GET /api/portal/users
bash
curl -X GET https://api.paystream.fi/api/portal/users \
-H "Authorization: Bearer <session_token>"Invite Team Member
POST /api/portal/users/invite
Sends a magic-link invitation email to join the team.
bash
curl -X POST https://api.paystream.fi/api/portal/users/invite \
-H "Authorization: Bearer <session_token>" \
-H "Content-Type: application/json" \
-d '{
"email": "newmember@acme.com",
"role": "manager"
}'Request Body
| Field | Type | Required | Description |
|---|---|---|---|
email | string | Yes | Email address |
role | string | Yes | admin, manager, or viewer |
Update Team Member
PATCH /api/portal/users/:id
Change a member's role or suspend their access.
bash
curl -X PATCH https://api.paystream.fi/api/portal/users/usr_123 \
-H "Authorization: Bearer <session_token>" \
-H "Content-Type: application/json" \
-d '{
"role": "admin"
}'Remove Team Member
DELETE /api/portal/users/:id
Get Current Permissions
GET /api/portal/users/me/permissions
Returns the current user's role and allowed actions.
Audit Log
GET /api/portal/users/audit-log
View a chronological log of team actions (role changes, invitations, suspensions).
bash
curl -X GET https://api.paystream.fi/api/portal/users/audit-log \
-H "Authorization: Bearer <session_token>"Portal Authentication
Team management endpoints use portal session tokens (from magic-link login), not API keys.