API reference
Team
The Team resource manages who has partner-admin access to a brand workspace. Invite teammates by email, see their last sign-in and two-step status, and revoke access in a single call.
List team members
Returns every user assigned the partner_admin role for the authenticated brand.
GET
/v1/partner/settings/teamAuth:
Authorization: Bearer … · Scopes: readExample request
curl
curl https://api.repurch.com/v1/partner/settings/team \
-H "Authorization: Bearer re_pk_..."Example response
json
{
"brand_id": "furniture-co",
"caller_id": 42,
"members": [
{
"id": 42,
"email": "owner@furnitureco.example",
"display_name": "Sam Patel",
"roles": [
"partner_admin"
],
"totp_enrolled": true,
"registered_at": "2026-02-14 10:22:08",
"last_login_at": "2026-06-10 08:14:01"
},
{
"id": 87,
"email": "ops@furnitureco.example",
"display_name": "Alex Morgan",
"roles": [
"partner_admin"
],
"totp_enrolled": false,
"registered_at": "2026-05-22 16:04:11",
"last_login_at": ""
}
]
}Response fields
caller_id integer | The id of the authenticated user. Use it to grey out the revoke button on the caller's own row. |
members[].id integer | User identifier. Pass as {user_id} on DELETE. |
members[].totp_enrolled boolean | Whether the member has completed two-step authentication enrolment. |
members[].registered_at string | Account creation timestamp (UTC). |
members[].last_login_at string | Most recent successful sign-in. Empty string if the member has not yet completed onboarding. |
Errors
| Status | Code | Message |
|---|---|---|
| 401 | missing_bearer_token | No Authorization: Bearer header provided. |
| 401 | invalid_token | Token is malformed, expired, or signed with the wrong key. |
| 403 | forbidden | Partner admin role required. |
Invite a team member
Invites a teammate by email. Creates a user account if the email is new, then attaches the partner_admin role and returns a single-use reset key. The caller is expected to email the invitee a set-password link built from reset_key and user_login.
POST
/v1/partner/settings/teamAuth:
Authorization: Bearer … · Scopes: writeRequest body
email stringrequired | Email address of the teammate to invite. |
Example request
curl
curl https://api.repurch.com/v1/partner/settings/team \
-H "Authorization: Bearer re_pk_..." \
-H "Content-Type: application/json" \
-d '{ "email": "newhire@furnitureco.example" }'Example response
json
{
"user": {
"id": 91,
"email": "newhire@furnitureco.example",
"display_name": "Jordan Lee",
"roles": [
"partner_admin"
],
"totp_enrolled": false,
"registered_at": "2026-06-10 09:30:14",
"last_login_at": ""
},
"reset_key": "Wk9zUkF2Vk5jR3Q5SmVRWg",
"user_login": "jordan.lee"
}Response fields
user object | The created or attached user record. Same shape as members[] above. |
reset_key string | Single-use key for /v1/partner/auth/set-password. Treat as Bearer-equivalent: do not log, do not return to the inviting partner's browser. |
user_login string | Username paired with reset_key on the set-password call. |
Errors
| Status | Code | Message |
|---|---|---|
| 401 | missing_bearer_token | No Authorization: Bearer header provided. |
| 401 | invalid_token | Token is malformed, expired, or signed with the wrong key. |
| 403 | forbidden | Partner admin role required. |
| 400 | invalid_body | Body must be a JSON object. |
| 400 | invite_failed | Validation rejected the email, or the email is already on another workspace. |
Revoke a team member
Removes the partner_admin role and brand assignment from a teammate. The user account itself is preserved; the user simply loses access to this brand's workspace.
DELETE
/v1/partner/settings/team/{user_id}Auth:
Authorization: Bearer … · Scopes: writePath parameters
user_id integerrequired | User identifier of the teammate to revoke. |
Example request
curl
curl -X DELETE https://api.repurch.com/v1/partner/settings/team/91 \
-H "Authorization: Bearer re_pk_..."Example response
json
{
"revoked": true
}Errors
| Status | Code | Message |
|---|---|---|
| 401 | missing_bearer_token | No Authorization: Bearer header provided. |
| 401 | invalid_token | Token is malformed, expired, or signed with the wrong key. |
| 403 | forbidden | Partner admin role required. |
| 400 | revoke_failed | You can't revoke your own access, the user doesn't exist, or the user is not a member of this workspace. |