Accounts and settingsInvited users

Invited users management

You can manage users in your Brevo profile. This guide helps the profile owner to manage their users, edit the invited users access permission and delete users through the API endpoints. The endpoints are mentioned below.

Get all invited users

This API endpoint allows you to retrieve your invited users. To send a request to this endpoint, you need to use the GET method and use the url https://api.brevo.com/v3/organization/invited/users . You can use the cURL request below:

1curl --request GET \
2     --url https://api.brevo.com/v3/organization/invited/users \
3     --header 'accept: application/json' \
4     --header 'api-key: '

There are no parameters for this endpoint as it is a GET request so you just need your API-key to run the endpoint and it will send you the response as a string in JSON mentioning the users that are already invited to your user account. The response codes are mentioned below in a table.

Response codeMessageDescription
200List of all usersDisplays list of invited users, their status and the features they are using and other details.
400Bad requestBad request due to invalid_parameters or missing_parameters

A sample JSON response is shown below which consists of all the users and their details in the accounts including the owners and invited users.

1{
2  "users": [
3    {
4      "email": "owner@company.com",
5      "is_owner": true,
6      "status": "active",
7      "feature_access": {
8        "marketing": "owner",
9        "conversations": "owner",
10        "crm": "owner"
11      }
12    },
13    {
14      "email": "pendingInvitedUser@company.com",
15      "is_owner": false,
16      "status": "pending",
17      "feature_access": {
18        "marketing": "custom",
19        "conversations": "none",
20        "crm": "full"
21      }
22    },
23    {
24      "email": "connectedInvitedUser@company.com",
25      "is_owner": false,
26      "status": "active",
27      "feature_access": {
28        "marketing": "none",
29        "conversations": "full",
30        "crm": "none"
31      }
32    }
33  ]
34}

Get users permissions

This API endpoint https://api.brevo.com/v3/organization/user/{email}/permissions allows to get the permissions for the invited user. You can implement the GET method to send a request to this endpoint and you can use the cURL request below:

1curl --request GET \
2     --url https://api.brevo.com/v3/organization/user/example%40brevo.com/permissions \
3     --header 'accept: application/json' \
4     --header 'api-key: '

You only have to send one parameter email in the request which is mentioned below along with its details.

AttributeDatatypeDescriptionValue
emailStringEmail for the invited userexample@email.com

After the successful request, you get a response which consists of the features that the invited user uses and its permissions. The schema with the 200 response code for the response would look something like this:

1{
2  "email": "invitedUser@company.com",
3  "status": "active",
4  "privileges": [
5    {
6      "feature": "Email campaign",
7      "permissions": [
8        "Create / edit / delete",
9        "Send / schedule / suspend"
10      ]
11    },
12    {
13      "feature": "Templates",
14      "permissions": [
15        "Create / edit / delete",
16        "Activate / deactivate"
17      ]
18    },
19    {
20      "feature": "SMS campaign",
21      "permissions": [
22        "Create / edit / delete",
23        "Send / schedule / suspend"
24      ]
25    },
26    {
27      "feature": "Facebook Ads",
28      "permissions": [
29        "Schedule / pause"
30      ]
31    },
32    {
33      "feature": "Landing pages",
34      "permissions": [
35        "All"
36      ]
37    },
38    {
39      "feature": "Workflows",
40      "permissions": [
41        "Create / edit / delete",
42        "Activate / deactivate / Pause"
43      ]
44    },
45    {
46      "feature": "Contacts",
47      "permissions": [
48        "View",
49        "Contact forms"
50      ]
51    },
52    {
53      "feature": "API keys",
54      "permissions": [
55        "All"
56      ]
57    },
58    {
59      "feature": "User management",
60      "permissions": [
61        "None"
62      ]
63    },
64    {
65      "feature": "Sales Platform",
66      "permissions": [
67        "All"
68      ]
69    },
70    {
71      "feature": "Conversations",
72      "permissions": [
73        "None"
74      ]
75    }
76  ]
77}

For the 400 bad request, the schema would look something like this:

1{
2  "code": "method_not_allowed",
3  "message": "POST Method is not allowed on this path"
4}

The response codes are mentioned below in a table.

Response codeMessageDescription
200SuccessAll the details like users status in the account and his privileges are displayed in the JSON response along with the users email.
400Bad requestBad request due to incorrect parameters like the email format could be wrong or you account does not support inviting users.

Resend / Cancel Invitation

The endpoint https://api.brevo.com/v3/organization/user/invitation/{action}/{email} uses the HTTP PUT method to run the request. This endpoint performs actions on the invited users access to the account. This API endpoint resends, cancels or revokes the users access to the account. It has two parameters mentioned below in the table.

AttributeDatatypeDescriptionValue
actionStringThe action to be performed on the invited userresend, cancel
emailStringEmail of the invited userexample@brevo.com

The response shows an OK status if the request runs successfully. An example 200 successful response would look like:

1{
2  "status": "OK",
3  "credit_notes": [
4    "TEST-123"
5  ]
6}

On the other hand, you may not have access to change the users rights of access. So, a sample error response with code 403 would look something like:

1{
2  "message": "string",
3  "developer_message": "string"
4}

A table below mentions the response codes.

Response codesMessageDescription
200SuccessThe PUT request is successful and the access rights are updated for the invited user.
403Unauthorized accessYou do not have access to resend or cancel an invitation

Revoke a users permission

You can revoke or stop giving access to an invited user through this endpoint. You can use the endpoint https://api.brevo.com/v3/organization/user/invitation/revoke/{email} with the HTTP method PUT as you are updating the rights for an invited user. A cURL request is depicted below to send a request.

1curl --request PUT \
2     --url https://api.brevo.com/v3/organization/user/invitation/revoke/revokeduser%40email.com \
3     --header 'accept: application/json' \
4     --header 'api-key: '

There is only one attribute for this mentioned and defined below in a table.

AttributeDatatypeDescriptionValue
exampleStringEmail of the user whose access is to be revokedrevokeduser@email.com

After the request is successful, a JSON response is shown with two response codes 200 and 403. We will define them below in a table.

Response codeMessageDescription
200Credit note existsUsers access to the account is revoked
403Unauthorized accessYou are not authorized to revoke an access for any user

A JSON response is also shown below.

1{
2  "status": "OK",
3  "credit_notes": [
4    "TEST-123"
5  ]
6}

Send an invitation to the user

You can invite a user by using this endpoint. You can send an invitation to them and they will receive an email to join your account to access certain features. You can use the endpoint https://api.brevo.com/v3/organization/user/invitation/send with the HTTP method POST to run the request. A cURL request for inviting the user would look something like this.

1curl --request POST \
2     --url https://api.brevo.com/v3/organization/user/invitation/send \
3     --header 'accept: application/json' \
4     --header 'api-key: ' \
5     --header 'content-type: application/json' \
6     --data '
7{
8  "all_features_access": false,
9  "email": "inviteuser@example.com",
10  "privileges": [
11    {
12      "feature": "sms_campaigns",
13      "permissions": [
14        "view",
15        "create_edit_delete"
16      ]
17    },
18    {
19      "feature": "transactional_emails",
20      "permissions": [
21        "activate_deactivate",
22        "settings"
23      ]
24    }
25  ]
26}

You can navigate to the API reference and you can find more details on the parameters for this endpoint. You can find the parameters below to invite the user to the platform.

AttributeDatatypeDescriptionValue
emailStringEmail of the invited userexample@brevo.com
all_features_accessBooleanDescribes if all the features can be accessed by the user or nottrue or false
privilegesObjectObject showing the features for the user and its permissionsfeature, permissions

There are some pre-defined values for features and permissions and the user has to choose from them. For the privileges object, we will define its attributes below:

AttributeDatatypeDescriptionValue
featuresStringThe features offered from BrevoSome of the features are landing_pages, api-keys, sales_platform, user_management and phone
permissionsStringPermissions for the featuresSome of the permissions areall or send_schedule_suspend or create_edit_delete

For the JSON response, there are some error codes which are defined below in a table.

Response codeMessageDescription
200{ "status": "ok" }The invitation is sent successfully.
400invalid_invitation_requestThe invitation request is not valid due to errors like invalid plan for inviting users or user limit is reached.
403access_deniedAccess is denied to invite users

A JSON response is displayed below.

1{
2  "status": "OK",
3  "credit_notes": [
4    "TEST-123"
5  ],
6  "invoice_id": "string"
7}

Update users permissions

This endpoint allows to update the permissions for the invited users. You can use the endpoint https://api.brevo.com/v3/organization/user/update/permissions with the calling method POST to send the payload for the request. A cURL request is shown below.

1curl --request POST \
2     --url https://api.brevo.com/v3/organization/user/update/permissions \
3     --header 'accept: application/json' \
4     --header 'api-key: ' \
5     --header 'content-type: application/json' \
6     --data '
7{
8  "all_features_access": true,
9  "email": "inviteuser@example.com"
10}
11'

You can navigate to the API reference and you can find more details on the parameters for this endpoint. The parameters used are almost similar to sending an invitation to the user. They are mentioned below in a table

AttributeDatatypeDescriptionValue
emailStringEmail of the invited userexample@brevo.com
all_features_accessBooleanDescribes if all the features can be accessed by the user or nottrue or false
privilegesObjectObject showing the features for the user and its permissionsfeature, permissions

For the privileges object, we will define its attributes below:

AttributeDatatypeDescriptionValue
featuresStringThe features offered from BrevoSome of the features are landing_pages, api-keys, sales_platform, user_management and phone
permissionsStringPermissions for the featuresall or none

For the JSON response, there are some error codes which are defined below in a table.

Response codeMessageDescription
200{ "status": "ok" }The invitation is sent successfully.
400invalid_invitation_requestThe invitation request is not valid due to errors like invalid plan for inviting users or user limit is reached.
403access_deniedAccess is denied to invite users

For the 200 success response code the response format would look something like depicted below.

1{
2  "status": "OK",
3  "credit_notes": [
4    "TEST-123"
5  ],
6  "invoice_id": "string"
7}