Skip to content
Evershell Docs

Change a member's role

PATCH
/orgs/{id}/memberships/{user_id}
 
curl --request PATCH \
  --url https://your-org.evershell.ai/v1/orgs/example/memberships/example \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{ "role": "owner" }'

Permissions: members:write and the caller’s identity role must be Owner.

Pending invitations can’t be re-roled — revoke and re-invite instead (WorkOS limitation; the handler returns 409 pending_invitation).

Authorizations

Section titled “Authorizations ”

Parameters

Section titled “ Parameters ”

Path Parameters

Section titled “Path Parameters ”
id
required
string
user_id
required
string

The membership row’s WorkOS user id (or invitation id for pending invites).

Request Body required

Section titled “Request Body required ”
Media type application/json
object
role
required
string
Allowed values: owner operator member

Responses

Section titled “ Responses ”

200

Section titled “200 ”

OK

Media type application/json
object
id
required
string
org_id
required
string
workos_user_id
required

Empty until the invitee accepts and the WorkOS webhook stamps the real id. Use accepted_at to distinguish pending invitations from active members.

string
email
required
string format: email
role
required
string
Allowed values: owner operator member
invited_by
string
invited_at
required
string format: date-time
accepted_at

Null while the invite is still pending.

string format: date-time
Example 
{
  "role": "owner"
}

400

Section titled “400 ”

Validation failure

Media type application/json
object
error
required
object
code
required

Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)

string
message
required

Human-readable summary

string
request_id
required

Server-generated request id for correlating logs

string
details

Optional structured context. Validation errors land at details.fields as a per-field map.

object
key
additional properties
any
Example 
{
  "error": {
    "code": "permission_denied",
    "message": "caller lacks required scope",
    "request_id": "7f3a9c2e"
  }
}

403

Section titled “403 ”

Caller lacks the required scope, or cross-org access attempted

Media type application/json
object
error
required
object
code
required

Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)

string
message
required

Human-readable summary

string
request_id
required

Server-generated request id for correlating logs

string
details

Optional structured context. Validation errors land at details.fields as a per-field map.

object
key
additional properties
any
Example 
{
  "error": {
    "code": "permission_denied",
    "message": "caller lacks required scope",
    "request_id": "7f3a9c2e"
  }
}

404

Section titled “404 ”

Resource not found in the caller’s org

Media type application/json
object
error
required
object
code
required

Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)

string
message
required

Human-readable summary

string
request_id
required

Server-generated request id for correlating logs

string
details

Optional structured context. Validation errors land at details.fields as a per-field map.

object
key
additional properties
any
Example 
{
  "error": {
    "code": "permission_denied",
    "message": "caller lacks required scope",
    "request_id": "7f3a9c2e"
  }
}

409

Section titled “409 ”

pending_invitation — the target row is still pending, or last_owner — the change would leave the org without an Owner.

Media type application/json
object
error
required
object
code
required

Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)

string
message
required

Human-readable summary

string
request_id
required

Server-generated request id for correlating logs

string
details

Optional structured context. Validation errors land at details.fields as a per-field map.

object
key
additional properties
any
Example 
{
  "error": {
    "code": "permission_denied",
    "message": "caller lacks required scope",
    "request_id": "7f3a9c2e"
  }
}

423

Section titled “423 ”

Tenant is past_due, decommissioning, or trial-expired

Media type application/json
object
error
required
object
code
required

Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)

string
message
required

Human-readable summary

string
request_id
required

Server-generated request id for correlating logs

string
details

Optional structured context. Validation errors land at details.fields as a per-field map.

object
key
additional properties
any
Example 
{
  "error": {
    "code": "permission_denied",
    "message": "caller lacks required scope",
    "request_id": "7f3a9c2e"
  }
}