Team Management
The Team Management endpoints allow customer account owners and admins to manage team members with role-based access control.
Role Hierarchy
| Role | API Value | Description |
|---|---|---|
| Owner | owner | Full account control, can delete customer, transfer ownership, and manage billing |
| Admin | admin | Can manage team members and view customer info, limits, quotas, and usage |
| User | user | Read-only access to customer info, limits, quotas, usage, and can leave account |
Note: A user can belong to at most one customer. The API enforces a single membership per user at the database level.
Add Member
Add a new team member to the customer account.
Endpoint: https://apis.threatwinds.com/api/billing/v1/customer/member
Method: POST
Parameters
Headers
| Header | Type | Required | Description |
|---|---|---|---|
| Authorization | string | Optional* | Bearer token for session authentication |
| api-key | string | Optional* | API key for key-based authentication |
| api-secret | string | Optional* | API secret for key-based authentication |
Note: You must use either Authorization header OR API key/secret combination.
Request Body
{
"userID": "660e8400-e29b-41d4-a716-446655440000",
"role": "user"
}
| Parameter | Type | Required | Description |
|---|---|---|---|
| userID | string (UUID) | Yes | User unique identifier |
| role | string | Yes | Role name: “owner” | “admin” | “user” |
Role format: The API accepts role as a string (preferred):
"owner","admin", or"user". For backwards compatibility, the legacy integer values0,1,2are also accepted on input. All responses use the canonical string names.
Required Roles
Required role: owner or admin
Request
To add a team member, use a POST request:
curl -X 'POST' \
'https://apis.threatwinds.com/api/billing/v1/customer/member' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"userID": "660e8400-e29b-41d4-a716-446655440000",
"role": "user"
}'
Or using API key and secret:
curl -X 'POST' \
'https://apis.threatwinds.com/api/billing/v1/customer/member' \
-H 'accept: application/json' \
-H 'api-key: your-api-key' \
-H 'api-secret: your-api-secret' \
-H 'Content-Type: application/json' \
-d '{
"userID": "660e8400-e29b-41d4-a716-446655440000",
"role": "user"
}'
Response
Success Response (201 Created)
{
"message": "acknowledged"
}
Error Codes
| Status Code | Description | Possible Cause |
|---|---|---|
| 201 | Created | Member added successfully |
| 400 | Bad Request | Invalid JSON, user already member, cannot assign owner role |
| 401 | Unauthorized | Missing or invalid authentication |
| 402 | Payment Required | Subscription tier member limit exceeded |
| 403 | Forbidden | Not authorized, trying to assign higher role than caller has |
Update Member
Update a team member’s role.
Endpoint: https://apis.threatwinds.com/api/billing/v1/customer/member
Method: PUT
Parameters
Headers
| Header | Type | Required | Description |
|---|---|---|---|
| Authorization | string | Optional* | Bearer token for session authentication |
| api-key | string | Optional* | API key for key-based authentication |
| api-secret | string | Optional* | API secret for key-based authentication |
Note: You must use either Authorization header OR API key/secret combination.
Request Body
{
"userID": "660e8400-e29b-41d4-a716-446655440000",
"role": "admin"
}
| Parameter | Type | Required | Description |
|---|---|---|---|
| userID | string (UUID) | Yes | User unique identifier |
| role | string | Yes | New role name: “owner” | “admin” | “user” |
Role format: The API accepts role as a string (preferred):
"owner","admin", or"user". For backwards compatibility, the legacy integer values0,1,2are also accepted on input. All responses use the canonical string names.
Required Roles
Required role: owner or admin
Request
To update a member’s role, use a PUT request:
curl -X 'PUT' \
'https://apis.threatwinds.com/api/billing/v1/customer/member' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"userID": "660e8400-e29b-41d4-a716-446655440000",
"role": "admin"
}'
Or using API key and secret:
curl -X 'PUT' \
'https://apis.threatwinds.com/api/billing/v1/customer/member' \
-H 'accept: application/json' \
-H 'api-key: your-api-key' \
-H 'api-secret: your-api-secret' \
-H 'Content-Type: application/json' \
-d '{
"userID": "660e8400-e29b-41d4-a716-446655440000",
"role": "admin"
}'
Response
Success Response (204 No Content)
No response body is returned.
Error Codes
| Status Code | Description | Possible Cause |
|---|---|---|
| 204 | No Content | Member role updated successfully |
| 400 | Bad Request | Invalid JSON, trying to update own role, user not member, cannot demote last owner |
| 401 | Unauthorized | Missing or invalid authentication |
| 403 | Forbidden | Not authorized, trying to assign higher role than caller has |
Delete Member
Remove a team member from the customer account.
Endpoint: https://apis.threatwinds.com/api/billing/v1/customer/member/{userID}
Method: DELETE
Parameters
Headers
| Header | Type | Required | Description |
|---|---|---|---|
| Authorization | string | Optional* | Bearer token for session authentication |
| api-key | string | Optional* | API key for key-based authentication |
| api-secret | string | Optional* | API secret for key-based authentication |
Note: You must use either Authorization header OR API key/secret combination.
Path Parameters
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
| userID | string (UUID) | Yes | User unique identifier | 660e8400-e29b-41d4-a716-446655440000 |
Required Roles
Required role: owner or admin
Request
To remove a team member, use a DELETE request:
curl -X 'DELETE' \
'https://apis.threatwinds.com/api/billing/v1/customer/member/660e8400-e29b-41d4-a716-446655440000' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
Or using API key and secret:
curl -X 'DELETE' \
'https://apis.threatwinds.com/api/billing/v1/customer/member/660e8400-e29b-41d4-a716-446655440000' \
-H 'accept: application/json' \
-H 'api-key: your-api-key' \
-H 'api-secret: your-api-secret'
Response
Success Response (204 No Content)
No response body is returned.
Error Codes
| Status Code | Description | Possible Cause |
|---|---|---|
| 204 | No Content | Member removed successfully |
| 400 | Bad Request | Invalid UUID path parameter, user not member, cannot delete last owner |
| 401 | Unauthorized | Missing or invalid authentication |
| 403 | Forbidden | Not authorized, trying to delete member with higher role |
Get Members
List all team members for the customer account with pagination.
Endpoint: https://apis.threatwinds.com/api/billing/v1/customer/members
Method: GET
Parameters
Headers
| Header | Type | Required | Description |
|---|---|---|---|
| Authorization | string | Optional* | Bearer token for session authentication |
| api-key | string | Optional* | API key for key-based authentication |
| api-secret | string | Optional* | API secret for key-based authentication |
Note: You must use either Authorization header OR API key/secret combination.
Query Parameters
| Parameter | Type | Required | Description | Default | Constraints |
|---|---|---|---|---|---|
| page | integer | No | Page number | 1 | Minimum: 1 |
| limit | integer | No | Items per page | 10 | Maximum: 100 |
Required Roles
Required role: owner or admin
Request
To list team members, use a GET request:
curl -X 'GET' \
'https://apis.threatwinds.com/api/billing/v1/customer/members?page=1&limit=10' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
Or using API key and secret:
curl -X 'GET' \
'https://apis.threatwinds.com/api/billing/v1/customer/members?page=1&limit=10' \
-H 'accept: application/json' \
-H 'api-key: your-api-key' \
-H 'api-secret: your-api-secret'
Response
Success Response (200 OK)
{
"members": [
{
"roleID": "770e8400-e29b-41d4-a716-446655440000",
"userID": "660e8400-e29b-41d4-a716-446655440000",
"role": "owner"
},
{
"roleID": "880e8400-e29b-41d4-a716-446655440000",
"userID": "990e8400-e29b-41d4-a716-446655440000",
"role": "admin"
}
],
"items": 2,
"pages": 1
}
Response Schema
| Field | Type | Description |
|---|---|---|
| members | array | List of team members |
| members[].roleID | string (UUID) | Role assignment unique identifier |
| members[].userID | string (UUID) | User unique identifier |
| members[].role | string | Role name: “owner” | “admin” | “user” |
| items | integer | Total number of items matching the query |
| pages | integer | Total number of pages available |
Role format: The API accepts role as a string (preferred):
"owner","admin", or"user". For backwards compatibility, the legacy integer values0,1,2are also accepted on input. All responses use the canonical string names.
Error Codes
| Status Code | Description | Possible Cause |
|---|---|---|
| 200 | OK | Request successful |
| 400 | Bad Request | Invalid query parameters |
| 401 | Unauthorized | Missing or invalid authentication |
| 403 | Forbidden | Not authorized (requires owner or admin role) |
| 404 | Not Found | Customer not found |
Transfer Ownership
Transfer account ownership to another existing team member. The current owner is demoted to admin.
Endpoint: https://apis.threatwinds.com/api/billing/v1/customer/transfer-ownership
Method: POST
Parameters
Headers
| Header | Type | Required | Description |
|---|---|---|---|
| Authorization | string | Optional* | Bearer token for session authentication |
| api-key | string | Optional* | API key for key-based authentication |
| api-secret | string | Optional* | API secret for key-based authentication |
Note: You must use either Authorization header OR API key/secret combination.
Request Body
{
"newOwnerUserID": "660e8400-e29b-41d4-a716-446655440000"
}
| Parameter | Type | Required | Description |
|---|---|---|---|
| newOwnerUserID | string (UUID) | Yes | User ID of new owner |
Required Roles
Required role: owner
This endpoint can only be used by the current account owner.
Request
To transfer ownership, use a POST request:
curl -X 'POST' \
'https://apis.threatwinds.com/api/billing/v1/customer/transfer-ownership' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>' \
-H 'Content-Type: application/json' \
-d '{
"newOwnerUserID": "660e8400-e29b-41d4-a716-446655440000"
}'
Or using API key and secret:
curl -X 'POST' \
'https://apis.threatwinds.com/api/billing/v1/customer/transfer-ownership' \
-H 'accept: application/json' \
-H 'api-key: your-api-key' \
-H 'api-secret: your-api-secret' \
-H 'Content-Type: application/json' \
-d '{
"newOwnerUserID": "660e8400-e29b-41d4-a716-446655440000"
}'
Response
Success Response (200 OK)
{
"message": "acknowledged"
}
Error Codes
| Status Code | Description | Possible Cause |
|---|---|---|
| 200 | OK | Ownership transferred successfully |
| 400 | Bad Request | Invalid JSON, trying to transfer to self |
| 401 | Unauthorized | Missing or invalid authentication |
| 403 | Forbidden | Not authorized, caller not owner |
| 404 | Not Found | Customer not found, new owner not a member |
| 500 | Internal Server Error | Server error |