Documentation
Powered by

# Invite Client Admin Function

Creates and invites new client administrator users to the system.

# Endpoint 

POST /functions/v1/invite-client-admin

# Description

This function:

  1. Validates the requesting user has permission (super admin or client admin)
  2. Creates or updates a user record with client admin role
  3. Sends an invitation email via Supabase Auth
  4. Grants automatic access to all client buildings

# Request 

POST /functions/v1/invite-client-admin
Authorization: Bearer YOUR_ACCESS_TOKEN
Content-Type: application/json

{
  "email": "newadmin@example.com",
  "fullName": "John Admin",
  "clientId": "123",
  "phone": "+1234567890" // optional
}

# Parameters

Parameter Type Required Description
email string Yes Email address of the new admin
fullName string Yes Full name of the user
clientId string Yes Client organization ID
phone string No Phone number (optional)

# Response

Success Response:

{
  "success": true,
  "user": {
    "id": "uuid",
    "email": "newadmin@example.com",
    "fullName": "John Admin",
    "role": "client_admin",
    "clientId": "123",
    "created": true
  },
  "buildingAssignment": {
    "assigned_count": 0
  },
  "invitation": {
    "sent": true,
    "email": "newadmin@example.com"
  }
}

Error Responses:

401 Unauthorized:

{
  "success": false,
  "error": "Unauthorized"
}

403 Forbidden:

{
  "success": false,
  "error": "Unauthorized - insufficient permissions"
}

400 Bad Request:

{
  "success": false,
  "error": "Missing required fields: email, fullName, clientId"
}

# Authorization

The function checks:

  1. User must be authenticated
  2. User must be either:
    • Super admin (can invite admins for any client)
    • Client admin (can only invite admins for their own client)

# Workflow

# 1. Authentication Check

  • Validates Authorization header
  • Gets authenticated user from Supabase Auth

# 2. Permission Check

  • Loads user record from database
  • Verifies user role and client assignment
  • For client admins, ensures they're inviting to their own client

# 3. User Management

  • Checks if user already exists by email
  • If exists: Updates their information and role
  • If new: Creates user record

# 4. Send Invitation

  • Uses Supabase Auth Admin API
  • Sends invitation email with magic link
  • Redirect URL: https://dashboard.exitmoldny.com/

# 5. Access Assignment

  • Client admins automatically get access to all buildings in their client
  • No manual building assignment needed (handled by RLS policies)

# Database Operations

Creates/updates in users table:

{
  email: 'newadmin@example.com',
  full_name: 'John Admin',
  phone: '+1234567890',
  client: '123',
  role: 'client_admin',
  assigned_by: 'current-user-id'
}

# Environment Variables

Required:

  • SUPABASE_URL - Supabase project URL
  • SUPABASE_SERVICE_ROLE_KEY - Service role key (admin operations)
  • SUPABASE_ANON_KEY - Anonymous key (user authentication)

# Usage Example 

const response = await fetch(
  'https://edknwrcztqwhskjpoxta.supabase.co/functions/v1/invite-client-admin',
  {
    method: 'POST',
    headers: {
      'Authorization': `Bearer ${userToken}`,
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      email: 'newadmin@example.com',
      fullName: 'John Admin',
      clientId: '123',
      phone: '+1234567890'
    })
  }
);

const result = await response.json();
if (result.success) {
  console.log('Admin invited successfully');
}

# Notes

  • Client admins automatically have access to all buildings in their client
  • Existing users can be "re-invited" to update their role
  • The invitation email contains a magic link for passwordless login
  • Users must accept the invitation to activate their account

© 2025 Exit Inc. All rights reserved.