Team & Org Admin
Skip this page if you're not building org-admin tooling. Most license-management integrations don't need any of these endpoints.
These are the dashboard endpoints behind the "Team", "Settings", and "Analytics" pages of the GeckoGuard UI. They live under /v1/dashboard/* and require a JWT access token (Bearer). API keys are not accepted. Role required is shown per endpoint.
Members
| Method | Endpoint | Min role | Description |
|---|---|---|---|
GET | /v1/dashboard/orgs/:orgId/members | VIEWER | List org members (id, email, name, role) |
PATCH | /v1/dashboard/orgs/:orgId/members/:memberId | ADMIN (or OWNER to assign OWNER) | Update a member's role |
DELETE | /v1/dashboard/orgs/:orgId/members/:memberId | ADMIN (or OWNER to remove an OWNER) | Remove a member from the org |
Roles, in increasing privilege: VIEWER < DEV < ADMIN < OWNER. The last OWNER cannot be demoted or removed (409 CONFLICT).
Invites
| Method | Endpoint | Min role | Description |
|---|---|---|---|
POST | /v1/dashboard/orgs/:orgId/invites | ADMIN (or OWNER to invite OWNER) | Create an invite (email + role). Sends an email. |
GET | /v1/dashboard/orgs/:orgId/invites | VIEWER | List pending invites |
POST | /v1/dashboard/orgs/:orgId/invites/:inviteId/revoke | ADMIN | Revoke a pending invite |
POST | /v1/dashboard/orgs/:orgId/invites/:inviteId/resend | ADMIN | Resend the invite email |
The invitee accepts via the dashboard — there's a separate public endpoint for invite preview (/v1/dashboard/invites/preview) that doesn't require auth.
Ownership
| Method | Endpoint | Min role | Description |
|---|---|---|---|
POST | /v1/dashboard/orgs/:orgId/transfer-ownership | OWNER | Transfer the OWNER role to another member. The current owner is demoted to ADMIN. |
Body: { newOwnerId: <userId> }. The target must already be a member of the org.
Analytics
| Method | Endpoint | Min role | Description |
|---|---|---|---|
GET | /v1/dashboard/orgs/:orgId/analytics | VIEWER | Time-series + totals for license activity, authorizations, denials, and API call volume |
GET | /v1/dashboard/orgs/:orgId/licenses/analytics | VIEWER | License counts grouped by status (ACTIVE / EXPIRED / REVOKED / FROZEN) and product |
Sample response from licenses/analytics:
{
"ok": true,
"data": {
"total": 1500,
"byStatus": { "ACTIVE": 1200, "EXPIRED": 250, "REVOKED": 30, "FROZEN": 20 },
"byProduct": [
{ "productId": "abc", "productName": "My App", "count": 800 },
{ "productId": "def", "productName": "My Tool", "count": 700 }
]
}
}
Audit log
Every state-changing call on this page (and on license management) writes an audit row. Read it with:
GET /v1/dashboard/audit?orgId=:orgId&page=1&pageSize=50
Filter by action (e.g. LICENSE.CREATE, ORG.RENAME, MEMBER.ROLE_CHANGE) or targetType (license, org, member). Useful when reconstructing what changed and who did it.