# Invitations

> GET /api/v1/invites — the pending organization invitations addressed to the signed-in user, matched by user id or email. Requires the invites:read scope.

The invitations endpoint lists the **pending organization invitations addressed to the signed-in user** — for example, an org inviting them to join as a member. It is user-delegated: authenticate with an [OAuth access token](/docs/oauth/token/) carrying the `invites:read` [scope](/docs/oauth/scopes/).

**Base:** `https://entrybit.net` · **Auth:** `Authorization: Bearer <access_token>` · see [Conventions](/docs/api-reference/conventions/).

## List invitations

```http
GET /api/v1/invites
```

**Scope:** `invites:read`. Returns invitations matched to the user by their user id or email (via a blind index), with `pending` status.

```bash
curl https://entrybit.net/api/v1/invites \
  -H "Authorization: Bearer $ACCESS_TOKEN"
```

### Response

```json
{
  "success": true,
  "invites": [
    {
      "id": 4210,
      "role": "member",
      "status": "pending",
      "created_at": "2026-07-08T09:15:00Z",
      "organization": "Acme Properties"
    }
  ]
}
```

### The Invite object

| Field | Type | Notes |
|---|---|---|
| `id` | integer | Invitation id. |
| `role` | string \| null | The role being offered. |
| `status` | string | Always `pending` here. |
| `created_at` | string \| null | ISO 8601 timestamp. |
| `organization` | string \| null | The inviting organization's display name. |

### Errors

| Status | `error` | Meaning |
|---|---|---|
| `401` | `invalid_token` | Missing or invalid access token — [refresh](/docs/oauth/token/) or re-login. |
| `403` | `insufficient_scope` | The token lacks `invites:read`. |

See [Errors](/docs/api-reference/errors/) for the full catalog. Accepting or declining an invitation happens in the EntryBit product UI — this endpoint is read-only.