Organizations

B2B multi-tenancy for your end users. Every organization is a collection of users with roles, invitations, and a shared active-org context baked into the session JWT.

Create an organization

curl -X POST $KL_API/v1/orgs \
  -H 'content-type: application/json' \
  --cookie cookies.txt \
  -d '{"name":"Acme","slug":"acme"}'

Invite a member

curl -X POST $KL_API/v1/orgs/$ORG_ID/invitations \
  -H 'content-type: application/json' \
  --cookie cookies.txt \
  -d '{"email":"new@example.com","role":"member"}'

KolayLogin emails the invitee a one-time link. The invite counts against the workspace plan's membersPerOrg cap (Hobby 20, Pro 100, Business / Enterprise unlimited) along with already-accepted members.

Accept an invitation

curl -X POST $KL_API/v1/orgs/invitations/accept \
  -H 'content-type: application/json' \
  --cookie cookies.txt \
  -d '{"token":"<one-time-token>"}'

Switch active organization

curl -X PATCH $KL_API/v1/orgs/current \
  -H 'content-type: application/json' \
  --cookie cookies.txt \
  -d '{"orgId":"<uuid>"}'

The API refreshes the hot session context in Redis so the next__session JWT embeds org and org_role.

React hook

const { isLoaded, organization } = useOrganization();
if (isLoaded && organization) {
  return <p>Active org: {organization.name}</p>;
}

Custom RBAC roles (Pro+)

Beyond the built-in owner / admin / member triple, Pro plans can define custom roles with per-permission granularity. Manage them from the app → settings → org roles. Creating a custom role on Hobby returns 403 customRbacRoles.