Skip to main content

Invite a teammate to your team

What you'll build: a shareable invite link that grants a chosen set of roles, and a second person joining your team by opening that link — the same flow you'd use to bring a colleague onto a real Acrux Core team.

Every account gets a personal team the moment it's created, and every prompt, key, and trace is scoped to a team. Adding a teammate means giving another person access to that same team, with only the roles they need.

1. Open the Team page

Click Team in the sidebar. You'll see two panels: Members (who already has access) and Invites (pending links you've created). On a brand-new team, you're the only member and there are no invites yet.

Team page showing the Members and Invites panels

Only an owner or admin can create invites — the Invites panel itself is hidden for editor and viewer accounts, since they aren't allowed to manage team access.

Click New invite. Choose the roles the invited person should receive — you can grant more than one. viewer gives read-only access, editor can commit and promote prompt versions, and admin can additionally manage members, invites, and API keys. The owner role can't be granted through an invite; it only exists for whoever created the team.

New invite dialog with role checkboxes for admin, editor, and viewer

Click Create link. Acrux Core generates a random, single-use token and lists the invite with the roles it grants and its expiry:

Invites panel showing the newly created invite link, valid 7 days

Invite links are single-use and expire after 7 days. Nothing is emailed — click Copy link and send it however you'd normally reach that person (Slack, chat, whatever). If you change your mind before it's used, Revoke removes it immediately.

3. What the invited teammate sees

When they open the link while signed out, they land on a simple "you've been invited" screen — no team details are leaked to someone who doesn't already have the link, just a prompt to sign in or create an account:

Invite landing page prompting the signed-out visitor to sign in or create an account

If they already have an Acrux Core account, Sign in to accept logs them in and joins them to the team immediately. If they're new, Create an account takes them through signup first — the invite token travels along with them, so finishing signup accepts it automatically with no extra step.

4. The teammate joins the team

The moment signup (or sign-in) completes, Acrux Core accepts the invite in the background and redirects straight to the Team page — now showing the teammate as a member with exactly the roles the invite granted:

Team page from the new teammate's perspective, now a member with viewer and editor roles

5. Confirm from your side

Back on your own Team page (refresh, or just navigate there again), the new teammate shows up in Members with their roles, and the invite is gone from the Invites list — it was single-use, so it can't be shared again by accident:

Team page now showing two members and the consumed invite no longer listed

From here you (or another owner/admin) can Edit roles at any time, or Remove the member if they should lose access.

Doing this over the API

Creating and listing invites accepts your personal $ACRUXCORE_API_KEY like any other endpoint — only a team-scoped key is blocked here (TEAM_KEY_NOT_PERMITTED), since inviting people is a user action, not something a team-wide integration key should do.

curl -X POST "$ACRUXCORE_BASE_URL/teams/YOUR_TEAM_ID/invites" \
-H "Authorization: Bearer $ACRUXCORE_API_KEY" \
-H "Content-Type: application/json" \
-d '{"roles":["editor"]}'
{
"id": "08fe21ef-346b-40db-9469-8ddde3b271c4",
"token": "03b2c9194f8c8d82f710c5d21e093b317357ca1d59f8ab9b84e3d135ef8780c3",
"roles": ["editor"],
"expiresAt": "2026-07-03T23:30:48.462Z",
"createdAt": "2026-06-26T23:30:48.462Z"
}

The link you'd share is {your app URL}/invite/{token}. Accepting an invite is the one part of this flow that's dashboard-session-only, not Bearer-capable — the invited person accepts it by signing in or signing up, and the web app calls POST /teams/invites/:token/accept on their behalf automatically. There's no practical reason to script that step yourself.

What's next