Steve API
API Reference

Invitation API Overview

Public onboarding endpoints for invited admin and customer users.

The invitation API supports account activation for pre-created users.

Flow

  1. Validate the invitation token.
  2. Ask the user for a password.
  3. Complete the invitation and consume the token.

Live endpoints

EndpointPurpose
GET /api/invitation/validate?token=...Inspect invitation state before showing the password form
POST /api/invitation/completeSet the password and consume the token

Contract details

  • Tokens are single-use.
  • Tokens expire after 72 hours.
  • Successful validation returns userType as either admin or customer.
  • Completion requires a password with a minimum length of 8 characters.
  • Reusing a consumed token returns a deterministic failure.

CORS behavior

This API is browser-facing and uses the ALLOWED_ORIGINS allowlist rather than wildcard CORS.

Previous

Test webhook reachability

Next

Complete an invitation and set the password

On this page