IAM API

Manage members of an organization workspace. Uses an iam key bound to the workspace; the key's owner must be a workspace admin or owner. IAM applies only to organization workspaces (not personal ones).

Base   https://dev.bodek.us/v1/iam
Auth   Authorization: Bearer bf_live_…

List members

GET /v1/iam/members

Scope iam:read. Returns each member's user_id, email, name, role and status.

curl https://dev.bodek.us/v1/iam/members \
  -H "Authorization: Bearer bf_live_XXXX"

Invite a member

POST /v1/iam/members

Scope iam:write. Sends an invite email; the user joins on accept.

curl -X POST https://dev.bodek.us/v1/iam/members \
  -H "Authorization: Bearer bf_live_XXXX" -H "Content-Type: application/json" \
  -d '{ "email": "teammate@example.com", "role": "member" }'

Roles are member or admin.

Change a role

PATCH /v1/iam/members/{user_id}

curl -X PATCH https://dev.bodek.us/v1/iam/members/42 \
  -H "Authorization: Bearer bf_live_XXXX" -H "Content-Type: application/json" \
  -d '{ "role": "admin" }'

Remove a member

DELETE /v1/iam/members/{user_id}

Returns 204 No Content. You cannot remove the user who owns the key.

Scopes

Scope	Grants
`iam:read`	List members and roles.
`iam:write`	Invite, change roles, remove members.