Endpoints for managing organizations, team members, invitations, and ownership transfer.
Organizations & Teams Endpoints
All organization endpoints require authentication. Access is controlled by member roles:
| Role | Permissions |
|---|
| owner | Full access. Delete org, transfer ownership, manage billing. |
| admin | Invite/remove members, update roles, manage settings. |
| member | Read access to org data, repos, and scans. |
POST /orgs
Create a new organization. Subject to the maxOrgs plan limit.
Request
curl -X POST https://api.radar.dev/v1/orgs \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Acme Engineering",
"slug": "acme-eng"
}'
const response = await fetch("https://api.radar.dev/v1/orgs", {
method: "POST",
headers: {
Authorization: `Bearer ${accessToken}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
name: "Acme Engineering",
slug: "acme-eng",
}),
});
const org = await response.json();
Request Body
| Field | Type | Required | Description |
|---|
name | string | Yes | Display name for the organization |
slug | string | No | URL-safe identifier. Auto-generated from name if omitted. |
Response 201 Created
{
"id": "org_x1y2z3",
"name": "Acme Engineering",
"slug": "acme-eng",
"ownerId": "usr_a1b2c3d4e5",
"planId": "free",
"createdAt": "2026-03-18T10:30:00.000Z"
}
Errors
| Status | Description |
|---|
400 | Invalid slug format |
403 | Plan limit reached (maxOrgs) |
409 | Slug already taken |
GET /orgs
List all organizations the current user belongs to.
Request
curl https://api.radar.dev/v1/orgs \
-H "Authorization: Bearer $TOKEN"
Response 200 OK
[
{
"id": "org_x1y2z3",
"name": "Acme Engineering",
"slug": "acme-eng",
"role": "owner",
"planId": "pro",
"memberCount": 5,
"repoCount": 12
},
{
"id": "org_a4b5c6",
"name": "Side Project Co",
"slug": "side-project",
"role": "member",
"planId": "solo",
"memberCount": 1,
"repoCount": 2
}
]
GET /orgs/:id
Get details for a specific organization.
Request
curl https://api.radar.dev/v1/orgs/org_x1y2z3 \
-H "Authorization: Bearer $TOKEN"
Response 200 OK
{
"id": "org_x1y2z3",
"name": "Acme Engineering",
"slug": "acme-eng",
"ownerId": "usr_a1b2c3d4e5",
"planId": "pro",
"memberCount": 5,
"repoCount": 12,
"createdAt": "2026-03-18T10:30:00.000Z",
"updatedAt": "2026-03-18T10:30:00.000Z"
}
PUT /orgs/:id
Update organization settings. Requires admin or owner role.
Request
curl -X PUT https://api.radar.dev/v1/orgs/org_x1y2z3 \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Acme Engineering Team"
}'
Request Body
| Field | Type | Required | Description |
|---|
name | string | No | New display name |
slug | string | No | New URL slug |
Response 200 OK
Returns the updated organization object.
DELETE /orgs/:id
Permanently delete an organization and all associated data. Requires owner role.
Request
curl -X DELETE https://api.radar.dev/v1/orgs/org_x1y2z3 \
-H "Authorization: Bearer $TOKEN"
Response 204 No Content
No response body.
Errors
| Status | Description |
|---|
403 | Not the organization owner |
GET /orgs/:id/members
List all members of an organization.
Request
curl https://api.radar.dev/v1/orgs/org_x1y2z3/members \
-H "Authorization: Bearer $TOKEN"
Response 200 OK
[
{
"userId": "usr_a1b2c3d4e5",
"name": "Jane Developer",
"email": "jane@acme.dev",
"role": "owner",
"joinedAt": "2026-03-01T00:00:00.000Z"
},
{
"userId": "usr_f6g7h8i9j0",
"name": "Bob Backend",
"email": "bob@acme.dev",
"role": "admin",
"joinedAt": "2026-03-05T00:00:00.000Z"
},
{
"userId": "usr_k1l2m3n4o5",
"name": "Alice Intern",
"email": "alice@acme.dev",
"role": "member",
"joinedAt": "2026-03-10T00:00:00.000Z"
}
]
PUT /orgs/:id/members/:userId
Update a member's role. Requires admin or owner role. Cannot change the owner's role.
Request
curl -X PUT https://api.radar.dev/v1/orgs/org_x1y2z3/members/usr_k1l2m3n4o5 \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"role": "admin"
}'
Request Body
| Field | Type | Required | Description |
|---|
role | string | Yes | admin or member |
Response 200 OK
Returns the updated member object.
Errors
| Status | Description |
|---|
403 | Insufficient permissions or trying to change owner role |
404 | Member not found in organization |
DELETE /orgs/:id/members/:userId
Remove a member from the organization. Requires admin or owner role. Cannot remove the owner.
Request
curl -X DELETE https://api.radar.dev/v1/orgs/org_x1y2z3/members/usr_k1l2m3n4o5 \
-H "Authorization: Bearer $TOKEN"
Response 204 No Content
POST /orgs/:id/invitations
Invite a new member by email. Subject to the maxMembers plan limit.
Request
curl -X POST https://api.radar.dev/v1/orgs/org_x1y2z3/invitations \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"email": "newdev@acme.dev",
"role": "member"
}'
const response = await fetch(
"https://api.radar.dev/v1/orgs/org_x1y2z3/invitations",
{
method: "POST",
headers: {
Authorization: `Bearer ${accessToken}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
email: "newdev@acme.dev",
role: "member",
}),
}
);
const invitation = await response.json();
Request Body
| Field | Type | Required | Description |
|---|
email | string | Yes | Email address to invite |
role | string | No | admin or member (default: member) |
Response 201 Created
{
"id": "inv_p1q2r3s4",
"email": "newdev@acme.dev",
"role": "member",
"status": "pending",
"expiresAt": "2026-03-25T10:30:00.000Z",
"createdAt": "2026-03-18T10:30:00.000Z"
}
Errors
| Status | Description |
|---|
400 | Email already a member |
403 | Plan limit reached (maxMembers) |
409 | Invitation already pending for this email |
GET /orgs/:id/invitations
List pending invitations for the organization. Requires admin or owner role.
Request
curl https://api.radar.dev/v1/orgs/org_x1y2z3/invitations \
-H "Authorization: Bearer $TOKEN"
Response 200 OK
[
{
"id": "inv_p1q2r3s4",
"email": "newdev@acme.dev",
"role": "member",
"status": "pending",
"expiresAt": "2026-03-25T10:30:00.000Z",
"createdAt": "2026-03-18T10:30:00.000Z"
}
]
DELETE /orgs/:id/invitations/:invitationId
Cancel a pending invitation.
Request
curl -X DELETE https://api.radar.dev/v1/orgs/org_x1y2z3/invitations/inv_p1q2r3s4 \
-H "Authorization: Bearer $TOKEN"
Response 204 No Content
POST /orgs/invitations/:token/accept
Accept an invitation using the token from the invitation email. The authenticated user will be added to the organization.
Request
curl -X POST https://api.radar.dev/v1/orgs/invitations/tok_abc123def/accept \
-H "Authorization: Bearer $TOKEN"
Response 200 OK
{
"orgId": "org_x1y2z3",
"orgName": "Acme Engineering",
"role": "member"
}
Errors
| Status | Description |
|---|
400 | Token expired or already used |
404 | Invalid invitation token |
POST /orgs/:id/transfer-ownership
Transfer organization ownership to another member. Requires owner role. The current owner is demoted to admin.
Request
curl -X POST https://api.radar.dev/v1/orgs/org_x1y2z3/transfer-ownership \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"newOwnerId": "usr_f6g7h8i9j0"
}'
Request Body
| Field | Type | Required | Description |
|---|
newOwnerId | string | Yes | User ID of the new owner (must be a current member) |
Response 200 OK
{
"success": true
}
Errors
| Status | Description |
|---|
403 | Not the current owner |
404 | Target user is not a member of the organization |
POST /orgs/:id/leave
Leave an organization. The owner cannot leave without first transferring ownership.
Request
curl -X POST https://api.radar.dev/v1/orgs/org_x1y2z3/leave \
-H "Authorization: Bearer $TOKEN"
Response 200 OK
{
"success": true
}
Errors
| Status | Description |
|---|
403 | Owner cannot leave. Transfer ownership first. |