> ## Documentation Index
> Fetch the complete documentation index at: https://docs.varo.cloud/llms.txt
> Use this file to discover all available pages before exploring further.

# Users API — Manage Team Members and Their Invitations

> REST API endpoints for listing organization members, sending invitations, updating roles, and removing users from your Varo Cloud organization.

The Users API lets you manage the people who have access to your Varo Cloud organization. You can list current members, invite new teammates by email, update someone's role as their responsibilities change, and remove users when they leave your team. Role changes and removals take effect immediately, so you can use this API to automate onboarding and offboarding workflows from your identity provider or HR systems.

Base URL: `https://inference.varo.cloud/v1`

All requests require an `Authorization: Bearer YOUR_API_KEY` header.

***

## GET /users

Returns a list of all members currently active in your organization.

<CodeGroup>
  ```bash Request theme={null}
  curl -X GET "https://inference.varo.cloud/v1/users" \
    -H "Authorization: Bearer YOUR_API_KEY"
  ```

  ```json Response theme={null}
  {
    "data": [
      {
        "id": "usr_aaa111",
        "name": "Alex Rivera",
        "email": "alex@acme-corp.com",
        "role": "owner",
        "status": "active",
        "joined_at": "2023-06-01T09:00:00Z"
      },
      {
        "id": "usr_bbb222",
        "name": "Jordan Lee",
        "email": "jordan@acme-corp.com",
        "role": "developer",
        "status": "active",
        "joined_at": "2023-09-15T14:30:00Z"
      },
      {
        "id": "usr_ccc333",
        "name": "Sam Patel",
        "email": "sam@acme-corp.com",
        "role": "viewer",
        "status": "active",
        "joined_at": "2024-01-10T10:00:00Z"
      }
    ]
  }
  ```
</CodeGroup>

<ResponseField name="data[].id" type="string">
  Unique identifier for the user, prefixed with `usr_`.
</ResponseField>

<ResponseField name="data[].name" type="string">
  The user's display name.
</ResponseField>

<ResponseField name="data[].email" type="string">
  The user's email address.
</ResponseField>

<ResponseField name="data[].role" type="string">
  The user's current role in the organization. One of `owner`, `admin`, `developer`, or `viewer`.
</ResponseField>

<ResponseField name="data[].status" type="string">
  The user's account status within the organization. One of `active` or `suspended`.
</ResponseField>

<ResponseField name="data[].joined_at" type="string">
  ISO 8601 datetime string for when the user accepted their invitation and joined the organization.
</ResponseField>

***

## POST /users/invite

Sends an email invitation to a new team member. The invitation includes a link to accept access to your organization under the specified role.

<ParamField body="email" type="string" required>
  The email address of the person you want to invite.
</ParamField>

<ParamField body="role" type="string" required>
  The role to grant the invited user upon acceptance. One of `owner`, `admin`, `developer`, or `viewer`.
</ParamField>

<Note>
  Invitations expire after **7 days**. If the invitee does not accept within that window, you will need to resend the invitation. Pending invitations are not included in the `GET /users` response until accepted.
</Note>

<CodeGroup>
  ```bash Request theme={null}
  curl -X POST "https://inference.varo.cloud/v1/users/invite" \
    -H "Authorization: Bearer YOUR_API_KEY" \
    -H "Content-Type: application/json" \
    -d '{
      "email": "casey@acme-corp.com",
      "role": "developer"
    }'
  ```

  ```json Response theme={null}
  {
    "id": "inv_ddd444",
    "email": "casey@acme-corp.com",
    "role": "developer",
    "invited_at": "2024-01-15T12:00:00Z",
    "expires_at": "2024-01-22T12:00:00Z"
  }
  ```
</CodeGroup>

<ResponseField name="id" type="string">
  Unique identifier for the invitation, prefixed with `inv_`.
</ResponseField>

<ResponseField name="email" type="string">
  The email address the invitation was sent to.
</ResponseField>

<ResponseField name="role" type="string">
  The role the invitee will receive upon acceptance.
</ResponseField>

<ResponseField name="invited_at" type="string">
  ISO 8601 datetime string for when the invitation was sent.
</ResponseField>

<ResponseField name="expires_at" type="string">
  ISO 8601 datetime string for when the invitation expires (7 days after creation).
</ResponseField>

***

## GET /users/{id}

Retrieves the full profile of a single organization member.

<ParamField path="id" type="string" required>
  The unique identifier of the user to retrieve.
</ParamField>

<CodeGroup>
  ```bash Request theme={null}
  curl -X GET "https://inference.varo.cloud/v1/users/usr_bbb222" \
    -H "Authorization: Bearer YOUR_API_KEY"
  ```

  ```json Response theme={null}
  {
    "id": "usr_bbb222",
    "name": "Jordan Lee",
    "email": "jordan@acme-corp.com",
    "role": "developer",
    "status": "active",
    "joined_at": "2023-09-15T14:30:00Z"
  }
  ```
</CodeGroup>

***

## PUT /users/{id}

Updates a team member's role within the organization.

<ParamField path="id" type="string" required>
  The unique identifier of the user whose role you want to update.
</ParamField>

<ParamField body="role" type="string" required>
  The new role to assign to the user. One of `owner`, `admin`, `developer`, or `viewer`.
</ParamField>

<Warning>
  You **cannot change the Owner's role**. Each organization must have at least one Owner at all times. To transfer ownership, first promote another user to `owner`, then update the original Owner's role.
</Warning>

<CodeGroup>
  ```bash Request theme={null}
  curl -X PUT "https://inference.varo.cloud/v1/users/usr_bbb222" \
    -H "Authorization: Bearer YOUR_API_KEY" \
    -H "Content-Type: application/json" \
    -d '{
      "role": "admin"
    }'
  ```

  ```json Response theme={null}
  {
    "id": "usr_bbb222",
    "name": "Jordan Lee",
    "email": "jordan@acme-corp.com",
    "role": "admin",
    "status": "active",
    "joined_at": "2023-09-15T14:30:00Z"
  }
  ```
</CodeGroup>

***

## DELETE /users/{id}

Removes a user from the organization immediately.

<ParamField path="id" type="string" required>
  The unique identifier of the user to remove.
</ParamField>

<Warning>
  Removing a user **immediately revokes all of their API keys** and ends their active sessions. Any automated processes or integrations using their credentials will stop working at once. Rotate or reassign those credentials before removing the user.
</Warning>

<CodeGroup>
  ```bash Request theme={null}
  curl -X DELETE "https://inference.varo.cloud/v1/users/usr_ccc333" \
    -H "Authorization: Bearer YOUR_API_KEY"
  ```
</CodeGroup>

A successful deletion returns `204 No Content` with an empty response body.

***

## User Object

<ResponseField name="id" type="string">
  Unique identifier for the user, prefixed with `usr_`.
</ResponseField>

<ResponseField name="name" type="string">
  The user's full display name.
</ResponseField>

<ResponseField name="email" type="string">
  The user's email address.
</ResponseField>

<ResponseField name="role" type="string">
  The user's role in the organization. One of `owner`, `admin`, `developer`, or `viewer`. See the Roles table below for a breakdown of permissions.
</ResponseField>

<ResponseField name="status" type="string">
  The user's current account status. One of `active` or `suspended`.
</ResponseField>

<ResponseField name="joined_at" type="string">
  ISO 8601 datetime string for when the user joined the organization.
</ResponseField>

***

## Roles

The following table summarizes what each role can do within your Varo Cloud organization.

| Capability                      | Owner | Admin | Developer | Viewer |
| ------------------------------- | :---: | :---: | :-------: | :----: |
| Manage billing and subscription |   ✅   |   ❌   |     ❌     |    ❌   |
| Invite and remove users         |   ✅   |   ✅   |     ❌     |    ❌   |
| Update user roles               |   ✅   |   ✅   |     ❌     |    ❌   |
| Create and delete projects      |   ✅   |   ✅   |     ❌     |    ❌   |
| Create and manage deployments   |   ✅   |   ✅   |     ✅     |    ❌   |
| Create and manage integrations  |   ✅   |   ✅   |     ✅     |    ❌   |
| View projects and deployments   |   ✅   |   ✅   |     ✅     |    ✅   |
| View logs and metrics           |   ✅   |   ✅   |     ✅     |    ✅   |
