For the complete documentation index, see llms.txt.

POST /v1/invitations/accept/{token}

Accept Invitation

Accept an invitation via token. Requires an authenticated user session whose email address matches the invitation's `invitee_email` (case-insensitive). API keys (`vennio_sk_*`, `vennio_pk_*`) are not accepted on this route — acceptance is a human consent action and must be performed from a JWT-backed user session.

Auth required: Yes

Parameters

• token (path, string) (required)
• Idempotency-Key (header, string) — Unique key for idempotent POST requests (1-256 chars: alphanumeric, `_`, `-`, `:`, `.`). Same key + same body within 24h replays the cached response.

Responses

• 200: Invitation accepted
• 400: Bad request
• 401: Authentication required or invalid
• 403: Forbidden. The response body distinguishes the two failure modes: * `detail: auth_method_invalid` — caller authenticated with an API key. Acceptance requires a JWT user session. * `detail: auth_email_mismatch` — caller's signed-in email does not match the invitation's `invitee_email`. The body includes both `invitee_email` and `signed_in_email` for the frontend to render specific guidance.
• 404: Resource not found
• 409: A request with this Idempotency-Key is currently being processed
• 422: Idempotency-Key was already used with a different request body

Authentication

Requires authentication. Pass a Bearer token (Supabase JWT) or an API key (`Authorization: Bearer vennio_sk_live_*`) in the request headers.

Base URL: https://api.vennio.app