Users

Org membership, role management, invitations, and notifications.

27 endpoints·Scopes: users:read, users:write

GET/api/api-keys#

List API keys

scope · users:readSESSION-only

Lists API keys the caller can see. Results are filtered by the caller's accessible organizations; many routes paginate via page and limit.

Scope: users:read
Auth sources: SESSION only
Endpoint: GET /api/api-keys

Example request

curl "https://guliel.com/api/api-keys" \
  -H "Authorization: Bearer $GULIEL_API_KEY"

Response (200/201)

keysreq
array<object>
- idreq
  string
- namereq
  string
- prefixreq
  string
- scopesreq
  array<string>
- allOrgsreq
  boolean
- organizationIdsreq
  array<string>
- expiresAtreq
  string | null
- lastUsedAtreq
  string | null
- revokedAtreq
  string | null
- createdAtreq
  string

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`500`	Internal

POST/api/api-keys#

Create an API key

scope · users:writeSESSION-only

Creates a new API key in the target organization. Returns the created record on success.

Scope: users:write
Auth sources: SESSION only
Endpoint: POST /api/api-keys

Example request

curl -X POST "https://guliel.com/api/api-keys" \
  -H "Authorization: Bearer $GULIEL_API_KEY" \
  -H "Content-Type: application/json" \
  --data '{
  "name": "Sample",
  "scopes": [
    "string"
  ],
  "allOrgs": false
}'

Request body

namereq
string
scopesreq
array<string>
allOrgsreq
boolean
organizationIds
array<string>
expiresAt
string | null

Response (200/201)

keyreq
object
- idreq
  string
- namereq
  string
- prefixreq
  string
- scopesreq
  array<string>
- allOrgsreq
  boolean
- organizationIdsreq
  array<string>
- expiresAtreq
  string | null
- lastUsedAtreq
  string | null
- revokedAtreq
  string | null
- createdAtreq
  string
secretreq
string

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`429`	RateLimit
`500`	Internal

DELETE/api/api-keys/{id}#

Delete an API key

scope · users:writeSESSION-only

Deletes the API key. Some endpoints hard-delete the row, others soft-revoke (set revokedAt). Check the response shape.

Scope: users:write
Auth sources: SESSION only
Endpoint: DELETE /api/api-keys/{id}

Example request

curl -X DELETE "https://guliel.com/api/api-keys/abc123?id=value" \
  -H "Authorization: Bearer $GULIEL_API_KEY"

Query parameters

idreq
string

Response (200/201)

revokedAtreq
string

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`429`	RateLimit
`500`	Internal

GET/api/api-keys/{id}#

Get an API key

scope · users:readSESSION-only

Fetches a single API key by id. Returns 404 if the API key isn't in the caller's accessible organizations.

Scope: users:read
Auth sources: SESSION only
Endpoint: GET /api/api-keys/{id}

Example request

curl "https://guliel.com/api/api-keys/abc123?id=value" \
  -H "Authorization: Bearer $GULIEL_API_KEY"

Query parameters

idreq
string

Response (200/201)

keyreq
object
- idreq
  string
- namereq
  string
- prefixreq
  string
- scopesreq
  array<string>
- allOrgsreq
  boolean
- organizationIdsreq
  array<string>
- expiresAtreq
  string | null
- lastUsedAtreq
  string | null
- revokedAtreq
  string | null
- createdAtreq
  string

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`500`	Internal

PATCH/api/api-keys/{id}#

Update an API key

scope · users:writeSESSION-only

Updates an existing API key. Only the fields present in the request body are changed; omitted fields stay as-is.

Scope: users:write
Auth sources: SESSION only
Endpoint: PATCH /api/api-keys/{id}

Example request

curl -X PATCH "https://guliel.com/api/api-keys/abc123" \
  -H "Authorization: Bearer $GULIEL_API_KEY" \
  -H "Content-Type: application/json" \
  --data '{
  "id": "abc123"
}'

Request body

idreq
string
name
string
expiresAt
string | null

Response (200/201)

keyreq
object
- idreq
  string
- namereq
  string
- prefixreq
  string
- scopesreq
  array<string>
- allOrgsreq
  boolean
- organizationIdsreq
  array<string>
- expiresAtreq
  string | null
- lastUsedAtreq
  string | null
- revokedAtreq
  string | null
- createdAtreq
  string

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`429`	RateLimit
`500`	Internal

GET/api/api-keys/{id}/usage#

API key usage history

scope · users:readSESSION-only

Returns the caller's recent request log for the API key (last 7 days by default).

Scope: users:read
Auth sources: SESSION only
Endpoint: GET /api/api-keys/{id}/usage

Example request

curl "https://guliel.com/api/api-keys/abc123/usage?id=value" \
  -H "Authorization: Bearer $GULIEL_API_KEY"

Query parameters

idreq
string
limitreq
integer
sinceDaysreq
integer

Response (200/201)

totalsreq
object
- callCountreq
  number
- errorCountreq
  number
- avgDurationMsreq
  number | null
byFeaturereq
array<object>
- featurereq
  string | null
- callsreq
  number
- errorsreq
  number
recentreq
array<object>
- idreq
  string
- methodreq
  string
- pathreq
  string
- featurereq
  string | null
- verbreq
  string | null
- statusCodereq
  number
- errorCodereq
  string | null
- durationMsreq
  number
- organizationIdreq
  string | null
- createdAtreq
  string

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`500`	Internal

GET/api/invitations#

List invitations

scope · users:readrole · MANAGER+

Lists invitations the caller can see. Results are filtered by the caller's accessible organizations; many routes paginate via page and limit.

Scope: users:read
Min role: MANAGER or higher
Endpoint: GET /api/invitations

Example request

curl "https://guliel.com/api/invitations?organizationId=value" \
  -H "Authorization: Bearer $GULIEL_API_KEY"

Query parameters

organizationIdreq
string

Response (200/201)

invitationsreq
array<object>
- idreq
  string
- organizationIdreq
  string
- emailreq
  string
- namereq
  string | null
- rolereq
  string
- tokenreq
  stringPre-signed acceptance token — never expose to the invitee in the UI directly; deliver via email link only.
- statusreq
  stringPENDING | ACCEPTED | DECLINED | EXPIRED
- invitedByIdreq
  string
- acceptedByIdreq
  string | null
- expiresAtreq
  string
- createdAtreq
  string
- updatedAtreq
  string
- invitedBy
  object | null
- acceptedBy
  object | null
- organization
  object | null

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`500`	Internal

POST/api/invitations#

Create an invitation

scope · users:writerole · MANAGER+

Creates a new invitation in the target organization. Returns the created record on success.

Scope: users:write
Min role: MANAGER or higher
Endpoint: POST /api/invitations

Example request

curl -X POST "https://guliel.com/api/invitations" \
  -H "Authorization: Bearer $GULIEL_API_KEY" \
  -H "Content-Type: application/json" \
  --data '{
  "email": "you@example.com",
  "role": "MANAGER",
  "organizationId": "abc123"
}'

Request body

emailreq
string <email>
name
string
rolereq
enum<3>
MANAGER · CONTRIBUTOR · VIEWER
organizationIdreq
string

Response (200/201)

idreq
string
organizationIdreq
string
emailreq
string
namereq
string | null
rolereq
string
tokenreq
stringPre-signed acceptance token — never expose to the invitee in the UI directly; deliver via email link only.
statusreq
stringPENDING | ACCEPTED | DECLINED | EXPIRED
invitedByIdreq
string
acceptedByIdreq
string | null
expiresAtreq
string
createdAtreq
string
updatedAtreq
string
invitedBy
object | null
acceptedBy
object | null
organization
object | null

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`429`	RateLimit
`500`	Internal

DELETE/api/invitations/{id}#

Delete an invitation

scope · users:write

Deletes the invitation. Some endpoints hard-delete the row, others soft-revoke (set revokedAt). Check the response shape.

Scope: users:write
Endpoint: DELETE /api/invitations/{id}

Example request

curl -X DELETE "https://guliel.com/api/invitations/abc123?id=value" \
  -H "Authorization: Bearer $GULIEL_API_KEY"

Query parameters

idreq
string

Response (200/201)

successreq
boolean

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`429`	RateLimit
`500`	Internal

POST/api/invitations/{id}/resend#

Attach resend to an invitation

scope · users:write

Creates a new resend attached to the given invitation.

Scope: users:write
Endpoint: POST /api/invitations/{id}/resend

Example request

curl -X POST "https://guliel.com/api/invitations/abc123/resend" \
  -H "Authorization: Bearer $GULIEL_API_KEY" \
  -H "Content-Type: application/json" \
  --data '{
  "id": "abc123"
}'

Request body

idreq
string

Response (200/201)

JSON object. The exact response shape is being progressively documented — call the endpoint with a real access token to see the live structure, or check the type definitions exposed by the official client libraries.

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`429`	RateLimit
`500`	Internal

GET/api/notifications#

List notifications

scope · users:read

Lists notifications the caller can see. Results are filtered by the caller's accessible organizations; many routes paginate via page and limit.

Scope: users:read
Endpoint: GET /api/notifications

Example request

curl "https://guliel.com/api/notifications?status=value" \
  -H "Authorization: Bearer $GULIEL_API_KEY"

Query parameters

status
enum<3>
UNREAD · READ · ARCHIVED
type
string
organizationId
string
limitreq
integer

Response (200/201)

notificationsreq
array<object>
- idreq
  string
- userIdreq
  string
- organizationIdreq
  string | null
- typereq
  string
- titlereq
  string
- messagereq
  string
- statusreq
  stringUNREAD | READ | ARCHIVED
- actionUrlreq
  string | null
- relatedTypereq
  string | null
- relatedIdreq
  string | null
- createdAtreq
  string
- readAtreq
  string | null
unreadCountreq
integer
unreadCountsByOrgreq
objectPer-org unread counts. The key `_null` holds notifications without an org (global).

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`500`	Internal

PATCH/api/notifications/{id}#

Update a notification

scope · users:write

Updates an existing notification. Only the fields present in the request body are changed; omitted fields stay as-is.

Scope: users:write
Endpoint: PATCH /api/notifications/{id}

Example request

curl -X PATCH "https://guliel.com/api/notifications/abc123" \
  -H "Authorization: Bearer $GULIEL_API_KEY" \
  -H "Content-Type: application/json" \
  --data '{
  "id": "abc123",
  "status": "READ"
}'

Request body

idreq
string
statusreq
enum<2>
READ · ARCHIVED

Response (200/201)

idreq
string
userIdreq
string
organizationIdreq
string | null
typereq
string
titlereq
string
messagereq
string
statusreq
string
actionUrlreq
string | null
relatedTypereq
string | null
relatedIdreq
string | null
createdAtreq
string
readAtreq
string | null

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`429`	RateLimit
`500`	Internal

POST/api/notifications/mark-all-read#

Attach mark all read to a notification

scope · users:write

Creates a new mark-all-read attached to the given notification.

Scope: users:write
Endpoint: POST /api/notifications/mark-all-read

Example request

curl -X POST "https://guliel.com/api/notifications/mark-all-read" \
  -H "Authorization: Bearer $GULIEL_API_KEY"

Request body

Response (200/201)

successreq
boolean

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`429`	RateLimit
`500`	Internal

GET/api/oauth-authorizations#

List OAuth authorizations

scope · users:readSESSION-only

Lists OAuth authorizations the caller can see. Results are filtered by the caller's accessible organizations; many routes paginate via page and limit.

Scope: users:read
Auth sources: SESSION only
Endpoint: GET /api/oauth-authorizations

Example request

curl "https://guliel.com/api/oauth-authorizations" \
  -H "Authorization: Bearer $GULIEL_API_KEY"

Response (200/201)

authorizationsreq
array<object>
- idreq
  string
- clientIdreq
  string
- clientNamereq
  string
- clientLogoUrlreq
  string | null
- clientHomepageUrlreq
  string | null
- isFirstPartyreq
  boolean
- scopesreq
  array<string>
- allOrgsreq
  boolean
- organizationIdsreq
  array<string>
- lastUsedAtreq
  string | null
- activeTokenCountreq
  number
- createdAtreq
  string
- updatedAtreq
  string

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`500`	Internal

DELETE/api/oauth-authorizations/{id}#

Delete an OAuth authorization

scope · users:writeSESSION-only

Deletes the OAuth authorization. Some endpoints hard-delete the row, others soft-revoke (set revokedAt). Check the response shape.

Scope: users:write
Auth sources: SESSION only
Endpoint: DELETE /api/oauth-authorizations/{id}

Example request

curl -X DELETE "https://guliel.com/api/oauth-authorizations/abc123?id=value" \
  -H "Authorization: Bearer $GULIEL_API_KEY"

Query parameters

idreq
string

Response (200/201)

revokedAtreq
string
revokedTokenCountreq
number

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`429`	RateLimit
`500`	Internal

GET/api/oauth-authorizations/{id}#

Get an OAuth authorization

scope · users:readSESSION-only

Fetches a single OAuth authorization by id. Returns 404 if the OAuth authorization isn't in the caller's accessible organizations.

Scope: users:read
Auth sources: SESSION only
Endpoint: GET /api/oauth-authorizations/{id}

Example request

curl "https://guliel.com/api/oauth-authorizations/abc123?id=value" \
  -H "Authorization: Bearer $GULIEL_API_KEY"

Query parameters

idreq
string

Response (200/201)

authorizationreq
object
- idreq
  string
- clientIdreq
  string
- clientNamereq
  string
- clientLogoUrlreq
  string | null
- clientHomepageUrlreq
  string | null
- clientDescriptionreq
  string | null
- isFirstPartyreq
  boolean
- scopesreq
  array<string>
- allOrgsreq
  boolean
- organizationIdsreq
  array<string>
- tokensreq
  array<object>
  - idreq
    string
  - prefixreq
    string
  - expiresAtreq
    string
  - lastUsedAtreq
    string | null
  - createdAtreq
    string
- createdAtreq
  string
- updatedAtreq
  string

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`500`	Internal

DELETE/api/organizations/{id}/members#

Detach members from an organization

scope · users:write

Removes the association without deleting the underlying record.

Scope: users:write
Endpoint: DELETE /api/organizations/{id}/members

Example request

curl -X DELETE "https://guliel.com/api/organizations/abc123/members?id=value" \
  -H "Authorization: Bearer $GULIEL_API_KEY"

Query parameters

idreq
string
userIdreq
string

Response (200/201)

successreq
boolean

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`429`	RateLimit
`500`	Internal

GET/api/organizations/{id}/members#

List members for an organization

scope · users:read

Returns every members row associated with the given organization.

Scope: users:read
Endpoint: GET /api/organizations/{id}/members

Example request

curl "https://guliel.com/api/organizations/abc123/members?id=value" \
  -H "Authorization: Bearer $GULIEL_API_KEY"

Query parameters

idreq
string

Response (200/201)

membersreq
array<object>
- idreq
  string
- userIdreq
  string
- organizationIdreq
  string
- rolereq
  stringMANAGER | CONTRIBUTOR | VIEWER
- userreq
  object
  - idreq
    string
  - namereq
    string | null
  - emailreq
    string
  - systemRolereq
    string
- createdAtreq
  string
- updatedAtreq
  string

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`500`	Internal

PATCH/api/organizations/{id}/members#

Update members on an organization

scope · users:write

Mutates the members attached to the given organization.

Scope: users:write
Endpoint: PATCH /api/organizations/{id}/members

Example request

curl -X PATCH "https://guliel.com/api/organizations/abc123/members" \
  -H "Authorization: Bearer $GULIEL_API_KEY" \
  -H "Content-Type: application/json" \
  --data '{
  "id": "abc123",
  "userId": "abc123",
  "role": "MANAGER"
}'

Request body

idreq
string
userIdreq
string
rolereq
enum<3>
MANAGER · CONTRIBUTOR · VIEWER

Response (200/201)

idreq
string
userIdreq
string
organizationIdreq
string
rolereq
stringMANAGER | CONTRIBUTOR | VIEWER
userreq
object
- idreq
  string
- namereq
  string | null
- emailreq
  string
- systemRolereq
  string
createdAtreq
string
updatedAtreq
string

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`429`	RateLimit
`500`	Internal

POST/api/organizations/{id}/members#

Attach members to an organization

scope · users:write

Creates a new members attached to the given organization.

Scope: users:write
Endpoint: POST /api/organizations/{id}/members

Example request

curl -X POST "https://guliel.com/api/organizations/abc123/members" \
  -H "Authorization: Bearer $GULIEL_API_KEY" \
  -H "Content-Type: application/json" \
  --data '{
  "id": "abc123",
  "email": "you@example.com",
  "role": "MANAGER"
}'

Request body

idreq
string
emailreq
string <email>
rolereq
enum<3>
MANAGER · CONTRIBUTOR · VIEWER

Response (200/201)

idreq
string
userIdreq
string
organizationIdreq
string
rolereq
stringMANAGER | CONTRIBUTOR | VIEWER
userreq
object
- idreq
  string
- namereq
  string | null
- emailreq
  string
- systemRolereq
  string
createdAtreq
string
updatedAtreq
string

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`429`	RateLimit
`500`	Internal

GET/api/users#

List users

scope · users:readrole · MANAGER+

Lists users the caller can see. Results are filtered by the caller's accessible organizations; many routes paginate via page and limit.

Scope: users:read
Min role: MANAGER or higher
Endpoint: GET /api/users

Example request

curl "https://guliel.com/api/users?organizationId=value" \
  -H "Authorization: Bearer $GULIEL_API_KEY"

Query parameters

organizationIdreq
string
pagereq
integer
limitreq
integer
searchreq
string

Response (200/201)

usersreq
array<object>
- idreq
  string
- emailreq
  string
- namereq
  string | null
- systemRolereq
  string
- orgRolereq
  string
- organizationsreq
  array<object>
  - rolereq
    string
  - organizationreq
    object
    idreq
    string
    namereq
    string
- createdAtreq
  string
paginationreq
object
- pagereq
  integer
- limitreq
  integer
- totalreq
  integer
- totalPagesreq
  integer

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`500`	Internal

POST/api/users#

Create an user

scope · users:writerole · MANAGER+

Creates a new user in the target organization. Returns the created record on success.

Scope: users:write
Min role: MANAGER or higher
Endpoint: POST /api/users

Example request

curl -X POST "https://guliel.com/api/users" \
  -H "Authorization: Bearer $GULIEL_API_KEY" \
  -H "Content-Type: application/json" \
  --data '{
  "email": "you@example.com",
  "name": "Sample",
  "password": "string",
  "systemRole": "USER",
  "organizationId": "abc123"
}'

Request body

emailreq
string <email>
namereq
string
passwordreq
string
systemRolereq
enum<2>
ADMIN · USER
organizationIdreq
string
orgRole
enum<3>
MANAGER · CONTRIBUTOR · VIEWER

Response (200/201)

idreq
string
emailreq
string
namereq
string | null
systemRolereq
string
createdAtreq
string

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`429`	RateLimit
`500`	Internal

DELETE/api/users/{id}#

Delete an user

scope · users:write

Deletes the user. Some endpoints hard-delete the row, others soft-revoke (set revokedAt). Check the response shape.

Scope: users:write
Endpoint: DELETE /api/users/{id}

Example request

curl -X DELETE "https://guliel.com/api/users/abc123?id=value" \
  -H "Authorization: Bearer $GULIEL_API_KEY"

Query parameters

idreq
string

Response (200/201)

successreq
boolean

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`429`	RateLimit
`500`	Internal

GET/api/users/{id}#

Get an user

scope · users:read

Fetches a single user by id. Returns 404 if the user isn't in the caller's accessible organizations.

Scope: users:read
Endpoint: GET /api/users/{id}

Example request

curl "https://guliel.com/api/users/abc123?id=value" \
  -H "Authorization: Bearer $GULIEL_API_KEY"

Query parameters

idreq
string

Response (200/201)

idreq
string
emailreq
string
namereq
string | null
systemRolereq
string
createdAtreq
string
organizations
array<object>
- rolereq
  string
- organizationreq
  object
  - idreq
    string
  - namereq
    string

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`500`	Internal

PATCH/api/users/{id}#

Update an user

scope · users:write

Updates an existing user. Only the fields present in the request body are changed; omitted fields stay as-is.

Scope: users:write
Endpoint: PATCH /api/users/{id}

Example request

curl -X PATCH "https://guliel.com/api/users/abc123" \
  -H "Authorization: Bearer $GULIEL_API_KEY" \
  -H "Content-Type: application/json" \
  --data '{
  "id": "abc123",
  "organizationId": "abc123",
  "role": "MANAGER"
}'

Request body

idreq
string
organizationIdreq
string
rolereq
enum<3>
MANAGER · CONTRIBUTOR · VIEWER

Response (200/201)

successreq
boolean

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`429`	RateLimit
`500`	Internal

PUT/api/users/{id}#

Update an user

scope · users:write

Replaces an existing user. All required fields must be supplied — omitted fields revert to their schema defaults.

Scope: users:write
Endpoint: PUT /api/users/{id}

Example request

curl -X PUT "https://guliel.com/api/users/abc123" \
  -H "Authorization: Bearer $GULIEL_API_KEY" \
  -H "Content-Type: application/json" \
  --data '{
  "id": "abc123"
}'

Request body

idreq
string
name
string
password
string
systemRole
enum<2>
ADMIN · USER

Response (200/201)

idreq
string
emailreq
string
namereq
string | null
systemRolereq
string
createdAtreq
string

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`429`	RateLimit
`500`	Internal

GET/api/users/search#

List search for an user

scope · users:read

Returns every search row associated with the given user.

Scope: users:read
Endpoint: GET /api/users/search

Example request

curl "https://guliel.com/api/users/search?q=value" \
  -H "Authorization: Bearer $GULIEL_API_KEY"

Query parameters

qreq
string
excludeOrgIdreq
string
limitreq
integer

Response (200/201)

usersreq
array<object>
- idreq
  string
- emailreq
  string
- namereq
  string | null
- systemRolereq
  string

Error responses

`400`	Validation
`401`	Unauthenticated
`403`	Forbidden
`500`	Internal