class StytchB2B::Organizations::Members
def create(
== Method Options:
The type of this field is +Integer+.
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
status_code::
The type of this field is +Organization+ (+object+).
The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
organization::
The type of this field is +Member+ (+object+).
The [Member object](https://stytch.com/docs/b2b/api/member-object)
member::
The type of this field is +String+.
Globally unique UUID that identifies a specific Member.
member_id::
The type of this field is +String+.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
request_id::
An object with the following fields:
== Returns:
The type of this field is nilable list of +String+.
for more information about role assignment.
Roles to explicitly assign to this Member. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
roles::
The type of this field is nilable +Boolean+.
Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to `REQUIRED_FOR_ALL`.
mfa_enrolled::
The type of this field is nilable +String+.
The Member's phone number. A Member may only have one phone number.
mfa_phone_number::
The type of this field is nilable +Boolean+.
Identifies the Member as a break glass user - someone who has permissions to authenticate into an Organization by bypassing the Organization's settings. A break glass account is typically used for emergency purposes to gain access outside of normal authentication procedures. Refer to the [Organization object](organization-object) and its `auth_methods` and `allowed_auth_methods` fields for more details.
is_breakglass::
The type of this field is nilable +Boolean+.
Flag for whether or not to save a Member as `pending` or `active` in Stytch. It defaults to false. If true, new Members will be created with status `pending` in Stytch's backend. Their status will remain `pending` and they will continue to receive signup email templates for every Email Magic Link until that Member authenticates and becomes `active`. If false, new Members will be created with status `active`.
create_member_as_pending::
The type of this field is nilable +object+.
for complete field behavior details.
frontend SDK, and should not be used to store critical information. See the [Metadata resource](https://stytch.com/docs/b2b/api/metadata)
An arbitrary JSON object of application-specific data. These fields can be edited directly by the
untrusted_metadata::
The type of this field is nilable +object+.
An arbitrary JSON object for storing application-specific data or identity-provider-specific data.
trusted_metadata::
The type of this field is nilable +String+.
The name of the Member.
name::
The type of this field is +String+.
The email address of the Member.
email_address::
The type of this field is +String+.
Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
organization_id::
== Parameters:
Creates a Member. An `organization_id` and `email_address` are required. /%}
def create( organization_id:, email_address:, name: nil, trusted_metadata: nil, untrusted_metadata: nil, create_member_as_pending: nil, is_breakglass: nil, mfa_phone_number: nil, mfa_enrolled: nil, roles: nil, method_options: nil ) headers = {} headers = headers.merge(method_options.to_headers) unless method_options.nil? request = { email_address: email_address } request[:name] = name unless name.nil? request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil? request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil? request[:create_member_as_pending] = create_member_as_pending unless create_member_as_pending.nil? request[:is_breakglass] = is_breakglass unless is_breakglass.nil? request[:mfa_phone_number] = mfa_phone_number unless mfa_phone_number.nil? request[:mfa_enrolled] = mfa_enrolled unless mfa_enrolled.nil? request[:roles] = roles unless roles.nil? post_request("/v1/b2b/organizations/#{organization_id}/members", request, headers) end
def dangerously_get(
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
status_code::
The type of this field is +Organization+ (+object+).
The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
organization::
The type of this field is +Member+ (+object+).
The [Member object](https://stytch.com/docs/b2b/api/member-object)
member::
The type of this field is +String+.
Globally unique UUID that identifies a specific Member.
member_id::
The type of this field is +String+.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
request_id::
An object with the following fields:
== Returns:
The type of this field is +String+.
Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
member_id::
== Parameters:
Get a Member by `member_id`. This endpoint does not require an `organization_id`, enabling you to get members across organizations. This is a dangerous operation. Incorrect use may open you up to indirect object reference (IDOR) attacks. We recommend using the [Get Member](https://stytch.com/docs/b2b/api/get-member) API instead.
def dangerously_get( member_id: ) headers = {} query_params = {} request = request_with_query_params("/v1/b2b/organizations/members/dangerously_get/#{member_id}", query_params) get_request(request, headers) end
def delete(
== Method Options:
The type of this field is +Integer+.
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
status_code::
The type of this field is +String+.
Globally unique UUID that identifies a specific Member.
member_id::
The type of this field is +String+.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
request_id::
An object with the following fields:
== Returns:
The type of this field is +String+.
Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
member_id::
The type of this field is +String+.
Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
organization_id::
== Parameters:
Deletes a Member specified by `organization_id` and `member_id`. /%}
def delete( organization_id:, member_id:, method_options: nil ) headers = {} headers = headers.merge(method_options.to_headers) unless method_options.nil? delete_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}", headers) end
def delete_mfa_phone_number(
== Method Options:
The type of this field is +Integer+.
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
status_code::
The type of this field is +Organization+ (+object+).
The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
organization::
The type of this field is +Member+ (+object+).
The [Member object](https://stytch.com/docs/b2b/api/member-object)
member::
The type of this field is +String+.
Globally unique UUID that identifies a specific Member.
member_id::
The type of this field is +String+.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
request_id::
An object with the following fields:
== Returns:
The type of this field is +String+.
Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
member_id::
The type of this field is +String+.
Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
organization_id::
== Parameters:
/%}
and calling the [OTP SMS send](https://stytch.com/docs/b2b/api/otp-sms-send) endpoint, then calling the [OTP SMS Authenticate](https://stytch.com/docs/b2b/api/authenticate-otp-sms) endpoint.
If you wish to enforce MFA immediately after a phone number is deleted, you can do so by prompting the Member to enter a new phone number
Existing Member Sessions that include a phone number authentication factor will not be revoked if the phone number is deleted, and MFA will not be enforced until the Member logs in again.
To change a Member's phone number, you must first call this endpoint to delete the existing phone number.
Delete a Member's MFA phone number.
def delete_mfa_phone_number( organization_id:, member_id:, method_options: nil ) headers = {} headers = headers.merge(method_options.to_headers) unless method_options.nil? delete_request("/v1/b2b/organizations/#{organization_id}/members/mfa_phone_numbers/#{member_id}", headers) end
def delete_password(
== Method Options:
The type of this field is +Integer+.
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
status_code::
The type of this field is +Organization+ (+object+).
The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
organization::
The type of this field is +Member+ (+object+).
The [Member object](https://stytch.com/docs/b2b/api/member-object)
member::
The type of this field is +String+.
Globally unique UUID that identifies a specific Member.
member_id::
The type of this field is +String+.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
request_id::
An object with the following fields:
== Returns:
The type of this field is +String+.
Globally unique UUID that identifies a Member's password.
member_password_id::
The type of this field is +String+.
Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
organization_id::
== Parameters:
Delete a Member's password. /%}
def delete_password( organization_id:, member_password_id:, method_options: nil ) headers = {} headers = headers.merge(method_options.to_headers) unless method_options.nil? delete_request("/v1/b2b/organizations/#{organization_id}/members/passwords/#{member_password_id}", headers) end
def delete_totp(
def delete_totp( organization_id:, member_id:, method_options: nil ) headers = {} headers = headers.merge(method_options.to_headers) unless method_options.nil? delete_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/totp", headers) end
def get(
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
status_code::
The type of this field is +Organization+ (+object+).
The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
organization::
The type of this field is +Member+ (+object+).
The [Member object](https://stytch.com/docs/b2b/api/member-object)
member::
The type of this field is +String+.
Globally unique UUID that identifies a specific Member.
member_id::
The type of this field is +String+.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
request_id::
An object with the following fields:
== Returns:
The type of this field is nilable +String+.
The email address of the Member.
email_address::
The type of this field is nilable +String+.
Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
member_id::
The type of this field is +String+.
Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
organization_id::
== Parameters:
Get a Member by `member_id` or `email_address`.
def get( organization_id:, member_id: nil, email_address: nil ) headers = {} query_params = { member_id: member_id, email_address: email_address } request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/member", query_params) get_request(request, headers) end
def initialize(connection)
def initialize(connection) @connection = connection @oauth_providers = StytchB2B::Organizations::Members::OAuthProviders.new(@connection) end
def reactivate(
== Method Options:
The type of this field is +Integer+.
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
status_code::
The type of this field is +Organization+ (+object+).
The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
organization::
The type of this field is +Member+ (+object+).
The [Member object](https://stytch.com/docs/b2b/api/member-object)
member::
The type of this field is +String+.
Globally unique UUID that identifies a specific Member.
member_id::
The type of this field is +String+.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
request_id::
An object with the following fields:
== Returns:
The type of this field is +String+.
Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
member_id::
The type of this field is +String+.
Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
organization_id::
== Parameters:
Reactivates a deleted Member's status and its associated email status (if applicable) to active, specified by `organization_id` and `member_id`. /%}
def reactivate( organization_id:, member_id:, method_options: nil ) headers = {} headers = headers.merge(method_options.to_headers) unless method_options.nil? request = {} put_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}/reactivate", request, headers) end
def search(
== Method Options:
The type of this field is +Integer+.
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
status_code::
The type of this field is map of +String+ to +Organization+ (+object+).
A map from `organization_id` to [Organization object](https://stytch.com/docs/b2b/api/organization-object). The map only contains the Organizations that the Members belongs to.
organizations::
The type of this field is +ResultsMetadata+ (+object+).
The search `results_metadata` object contains metadata relevant to your specific query like `total` and `next_cursor`.
results_metadata::
The type of this field is list of +Member+ (+object+).
An array of [Member objects](member-object).
members::
The type of this field is +String+.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
request_id::
An object with the following fields:
== Returns:
The type of this field is nilable +SearchQuery+ (+object+).
The optional query object contains the operator, i.e. `AND` or `OR`, and the operands that will filter your results. Only an operator is required. If you include no operands, no filtering will be applied. If you include no query object, it will return all Members with no filtering applied.
query::
The type of this field is nilable +Integer+.
The number of search results to return per page. The default limit is 100. A maximum of 1000 results can be returned by a single search request. If the total size of your result set is greater than one page size, you must paginate the response. See the `cursor` field.
limit::
The type of this field is nilable +String+.
The `cursor` field allows you to paginate through your results. Each result array is limited to 1000 results. If your query returns more than 1000 results, you will need to paginate the responses using the `cursor`. If you receive a response that includes a non-null `next_cursor` in the `results_metadata` object, repeat the search call with the `next_cursor` value set to the `cursor` field to retrieve the next page of results. Continue to make search calls until the `next_cursor` in the response is null.
cursor::
The type of this field is list of +String+.
An array of organization_ids. At least one value is required.
organization_ids::
== Parameters:
To learn more about our RBAC implementation, see our [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/overview).
Otherwise, the request will proceed as normal.
argument contains an `organization_id` that the Member Session does not belong to, a 403 error will be thrown.
If the Member Session does not contain a Role that satisfies the requested permission, or if the `organization_ids`
`organization_ids` argument may only contain the `organization_id` of the Member Session passed in the header.
RBAC on this endpoint means that you may only search for Members within the calling Member's Organization, so the
Member Session has permission to perform the `search` action on the `stytch.member` Resource. In addition, enforcing
a header containing a `session_token` or a `session_jwt` for an unexpired Member Session, we will check that the
Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in
*All fuzzy search filters require a minimum of three characters.
Search for Members within specified Organizations. An array with at least one `organization_id` is required. Submitting an empty `query` returns all non-deleted Members within the specified Organizations.
def search( organization_ids:, cursor: nil, limit: nil, query: nil, method_options: nil ) headers = {} headers = headers.merge(method_options.to_headers) unless method_options.nil? request = { organization_ids: organization_ids } request[:cursor] = cursor unless cursor.nil? request[:limit] = limit unless limit.nil? request[:query] = query unless query.nil? post_request('/v1/b2b/organizations/members/search', request, headers) end
def update(
== Method Options:
The type of this field is +Integer+.
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
status_code::
The type of this field is +Organization+ (+object+).
The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
organization::
The type of this field is +Member+ (+object+).
The [Member object](https://stytch.com/docs/b2b/api/member-object)
member::
The type of this field is +String+.
Globally unique UUID that identifies a specific Member.
member_id::
The type of this field is +String+.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
request_id::
An object with the following fields:
== Returns:
The type of this field is nilable +String+.
Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.settings.default-mfa-method` action on the `stytch.self` Resource.
If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.default-mfa-method` action on the `stytch.member` Resource.
Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to `REQUIRED_FOR_ALL`.
default_mfa_method::
The type of this field is nilable +Boolean+.
authentication factors with the affected SSO connection IDs will be revoked.
by SSO connection or SSO group. Defaults to `false` - that is, existing Member Sessions that contain SSO
Whether to preserve existing sessions when explicit Roles that are revoked are also implicitly assigned
preserve_existing_sessions::
The type of this field is nilable list of +String+.
If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.roles` action on the `stytch.member` Resource.
`preserve_existing_sessions` parameter with a value of `true`.
authentication factors with the affected connection ID. You can preserve these sessions by passing in the
or an SSO group, we will by default revoke any existing sessions for the Member that contain any SSO
If a Role is removed from a Member, and the Member is also implicitly assigned this Role from an SSO connection
[RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.
Will completely replace any existing explicitly assigned roles. See the
Roles to explicitly assign to this Member.
roles::
The type of this field is nilable +Boolean+.
Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.settings.mfa-enrolled` action on the `stytch.self` Resource.
If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.mfa-enrolled` action on the `stytch.member` Resource.
Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to `REQUIRED_FOR_ALL`.
mfa_enrolled::
The type of this field is nilable +String+.
Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.info.mfa-phone` action on the `stytch.self` Resource.
If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.mfa-phone` action on the `stytch.member` Resource.
Sets the Member's phone number. Throws an error if the Member already has a phone number. To change the Member's phone number, use the [Delete member phone number endpoint](https://stytch.com/docs/b2b/api/delete-member-mfa-phone-number) to delete the Member's existing phone number first.
mfa_phone_number::
The type of this field is nilable +Boolean+.
If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.is-breakglass` action on the `stytch.member` Resource.
Identifies the Member as a break glass user - someone who has permissions to authenticate into an Organization by bypassing the Organization's settings. A break glass account is typically used for emergency purposes to gain access outside of normal authentication procedures. Refer to the [Organization object](organization-object) and its `auth_methods` and `allowed_auth_methods` fields for more details.
is_breakglass::
The type of this field is nilable +object+.
Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.info.untrusted-metadata` action on the `stytch.self` Resource.
If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.untrusted-metadata` action on the `stytch.member` Resource.
for complete field behavior details.
frontend SDK, and should not be used to store critical information. See the [Metadata resource](https://stytch.com/docs/b2b/api/metadata)
An arbitrary JSON object of application-specific data. These fields can be edited directly by the
untrusted_metadata::
The type of this field is nilable +object+.
update trusted metadata when acting as a Member.
If a session header is passed into the request, this field may **not** be passed into the request. You cannot
An arbitrary JSON object for storing application-specific data or identity-provider-specific data.
trusted_metadata::
The type of this field is nilable +String+.
Alternatively, if the Member Session matches the Member associated with the `member_id` passed in the request, the authorization check will also allow a Member Session that has permission to perform the `update.info.name` action on the `stytch.self` Resource.
If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.name` action on the `stytch.member` Resource.
The name of the Member.
name::
The type of this field is +String+.
Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value.
member_id::
The type of this field is +String+.
Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
organization_id::
== Parameters:
To learn more about our RBAC implementation, see our [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/overview).
proceed as normal.
does not match the `organization_id` passed in the request, a 403 error will be thrown. Otherwise, the request will
If the Member Session does not contain a Role that satisfies the requested permissions, or if the Member's Organization
permission to perform the `update.info.name` action on the `stytch.organization` Resource.
are passed in the request. For example, if the `organization_name` argument is provided, the Member Session must have
Member Session has the necessary permissions. The specific permissions needed depend on which of the optional fields
a header containing a `session_token` or a `session_jwt` for an unexpired Member Session, we will check that the
Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in
Updates a Member specified by `organization_id` and `member_id`.
def update( organization_id:, member_id:, name: nil, trusted_metadata: nil, untrusted_metadata: nil, is_breakglass: nil, mfa_phone_number: nil, mfa_enrolled: nil, roles: nil, preserve_existing_sessions: nil, default_mfa_method: nil, method_options: nil ) headers = {} headers = headers.merge(method_options.to_headers) unless method_options.nil? request = {} request[:name] = name unless name.nil? request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil? request[:untrusted_metadata] = untrusted_metadata unless untrusted_metadata.nil? request[:is_breakglass] = is_breakglass unless is_breakglass.nil? request[:mfa_phone_number] = mfa_phone_number unless mfa_phone_number.nil? request[:mfa_enrolled] = mfa_enrolled unless mfa_enrolled.nil? request[:roles] = roles unless roles.nil? request[:preserve_existing_sessions] = preserve_existing_sessions unless preserve_existing_sessions.nil? request[:default_mfa_method] = default_mfa_method unless default_mfa_method.nil? put_request("/v1/b2b/organizations/#{organization_id}/members/#{member_id}", request, headers) end