Skip to main content
GET
/
api
/
adm
/
companyUserEntries
/
isEntryBelongsToCompany
Verify User Belongs to Company
curl --request GET \
  --url https://localhost:44371/api/adm/companyUserEntries/isEntryBelongsToCompany \
  --header 'Authorization: Bearer <token>'
{
  "success": true,
  "code": 200,
  "errorMessage": null
}

Description

Security validation endpoint that confirms user-company relationship. Critical for preventing cross-company data access in multi-tenant scenarios. Always use before sensitive operations to ensure proper access boundaries.

Input

  • Query Parameters: model (IsCompanyUserBelongsToCompanyQueryRequest) — Validation parameters including:
    • userId (guid, required) — Unique identifier of the company user.
    • companyId (guid, required) — Company identifier to verify against.

Output

Returns a IsCompanyUserBelongsToCompanyQueryResponse containing validation result (true if user belongs to company, false otherwise).

Example Request

GET /api/admin/company-users/is-entry-belongs-to-company?userId=7c9e6679-7425-40de-944b-e07fc1f90ae7&companyId=3fa85f64-5717-4562-b3fc-2c963f66afa6
Authorization: Bearer {token}

Example Response (User Belongs)

{
  "success": true,
  "code": 200,
  "errorMessage": null,
  "result": true
}

Example Response (User Does NOT Belong)

{
  "success": true,
  "code": 200,
  "errorMessage": null,
  "result": false
}

Errors

  • 400 Bad Request — Missing required parameters or invalid GUIDs.
  • 404 Not Found — User or company does not exist.

Notes

  • A successful response with result=false means user does NOT belong to company.
  • Always call before sensitive operations to ensure proper access boundaries.
  • Critical for multi-tenant security and preventing unauthorized access.
  • Returns true only if user is an active member of the specified company.

Authorizations

Authorization
string
header
required

The access token received from the authorization server in the OAuth 2.0 flow.

Query Parameters

CompanyId
string<guid>

The identifier of the company to verify against.

CompanyUserId
string<guid>

The identifier of the company user being checked.

Response

Always returned with validation result. Note that success: true with result: false means validation completed but user does not belong to company.

Standard response structure containing operation status and error information. Represents the response returned when verifying whether a user belongs to a company.

success
boolean

True if the operation completed successfully; false if an error occurred.

Example:

true

code
enum<string>

Result code indicating the outcome of the operation.

Available options:
Unknown,
Success,
BadRequest,
Unauthorized,
NotFound,
Error
Example:

200

errorMessage
string | null

Human-readable error message when an error occurs.

Example:

null

result
boolean

Indicates whether the user belongs to the provided company.