Skip to main content
PATCH
/
api
/
members
/
[email]
Update Member
curl --request PATCH \
  --url 'https://api.example.com/api/members/[email]' \
  --header 'Content-Type: application/json' \
  --data '
{
  "permission": "<string>"
}
'
{
  "member": {
    "email": "<string>",
    "permission": "<string>",
    "createdAt": "<string>"
  },
  "error": {}
}

Authentication

This endpoint requires admin authentication. Include your session cookie in the request.

Path Parameters

email
string
required
Email address of the member to update. Will be URL-decoded and normalized (trimmed, lowercased).Example: /api/members/user%40company.com or /api/members/[email protected]

Request Body

permission
string
required
New permission level to assign. Must be one of:
  • admin - Full workspace access, can manage members and settings
  • send - Can view, edit, and send emails
  • edit - Can view and edit drafts, but cannot send
  • view - Read-only access to threads and emails

Response

Returns the updated member object from the database.
member
object

Error Responses

error
object

Examples

curl -X PATCH https://your-domain.com/api/members/user%40company.com \
  -H "Cookie: your-session-cookie" \
  -H "Content-Type: application/json" \
  -d '{
    "permission": "edit"
  }'

Example Response

{
  "email": "[email protected]",
  "permission": "edit",
  "createdAt": "2026-02-15T14:20:00.000Z"
}

Implementation Details

  • Email addresses are automatically normalized (URL-decoded, trimmed, lowercased)
  • Environment-based admins (from ADMIN_EMAILS) cannot be downgraded to non-admin roles
  • Returns 404 if the member doesn’t exist (unlike POST which creates or updates)
  • Email in URL path should be URL-encoded to handle special characters
  • Source: src/app/api/members/[email]/route.ts:10

Permission Hierarchy

Permissions follow a hierarchy where higher levels include all lower level capabilities: 
admin (3) > send (2) > edit (1) > view (0)
  • view: Read-only access to all threads and emails
  • edit: View + ability to edit drafts and categorize threads
  • send: Edit + ability to send emails and manage thread status
  • admin: Send + ability to manage workspace members, services, and settings

Protected Members

Members whose email appears in the ADMIN_EMAILS environment variable are protected:
  • Cannot be downgraded from admin to any other permission level
  • Cannot be deleted
  • Always have admin permission regardless of database state

Build docs developers (and LLMs) love

Get started for freeTalk to us