Invite a member
Creates the member’s console account in Keycloak with the chosen role and sends
them a password-setup (onboarding) email. Restricted to PARTNER_ADMIN —
required scope: team:manage.
Authorizations
API key authentication. Issued by the Safariat admin or via the partner portal. The secret is shown only once at generation.
Production sk_live_* keys must additionally sign every write request
(POST/PUT/DELETE) with the X-Timestamp and X-Signature headers.
Sandbox sk_test_* keys are exempt from request signing: X-Signature and
X-Timestamp are not required for writes in the sandbox (so the developer-portal
"Try it" playground works end to end). The Idempotency-Key header remains
required on writes in both environments.
Headers
Opaque, client-generated string unique per logical operation (a UUID v4 is
recommended but any non-blank value up to 255 chars is accepted). Same key +
same body = the cached response is returned with the Idempotent-Replayed: true
header. Same key + different body = 409 Conflict. Retained for 24 h.
255Unix timestamp in seconds at the time the request is issued. Validity window
±5 minutes — beyond that the request is rejected. Required for production
sk_live_* keys only; not required for sandbox sk_test_* keys.
hex(HMAC_SHA256(secret, "{X-Timestamp}\n{METHOD}\n{path}\n{body}")).
The path includes the query string. The body is the exact JSON representation
sent — any reformatting invalidates the signature. Required for production
sk_live_* keys only; not required for sandbox sk_test_* keys.
^[a-f0-9]{64}$Body
2005050Console role (an actual Keycloak realm role). PARTNER_ADMIN = full
access (manages team + API keys); FINANCE = settlements + bookings;
DEVELOPER = catalog/quotes/bookings/webhooks/audit;
VIEWER = read-only.
PARTNER_ADMIN, FINANCE, DEVELOPER, VIEWER Response
Member invited
Keycloak user identifier.
Console role (an actual Keycloak realm role). PARTNER_ADMIN = full
access (manages team + API keys); FINANCE = settlements + bookings;
DEVELOPER = catalog/quotes/bookings/webhooks/audit;
VIEWER = read-only.
PARTNER_ADMIN, FINANCE, DEVELOPER, VIEWER Active account (false = disabled).
true if this is the member authenticated on the current request.