Skip to main content
GET
/
api
/
adm
/
invitations
/
isEntryBelongsToCompany
Validate Invitation Company
curl --request GET \
  --url https://localhost:44371/api/adm/invitations/isEntryBelongsToCompany \
  --header 'Authorization: Bearer <token>'
{
  "success": true,
  "code": 200,
  "errorMessage": null
}

Description

Security validation endpoint that confirms an invitation belongs to the specified company. This is critical for preventing cross-company data access and ensuring proper security boundaries when managing invitations across multiple companies.

Input

  • Query Parameters: model (IsUserInvitationBelongsToCompanyQueryRequest, required) — Validation request including:
    • invitationId (guid, required) — Invitation identifier to validate.
    • companyId (guid, required) — Company identifier to verify against.

Output

Returns a IsUserInvitationBelongsToCompanyQueryResponse containing the validation result (true if invitation belongs to company).

Example Request

GET /api/admin/userInvitations/validate-company?invitationId=9ef15c43-a955-6f4h-c7g3-1h6d4f0e3g9c&companyId=3fa85f64-5717-4562-b3fc-2c963f66afa6
Authorization: Bearer {token}

Example Response

{
  "success": true,
  "code": 200,
  "errorMessage": null,
  "result": true
}

Errors

  • 400 Bad Request — Missing required parameters.
  • 404 Not Found — Invitation or company does not exist.

Notes

  • A successful response with result=false means the invitation does NOT belong to the company.
  • Always call this endpoint before performing sensitive operations on invitations.
  • This provides defense-in-depth security in multi-tenant scenarios.

Authorizations

Authorization
string
header
required

The access token received from the authorization server in the OAuth 2.0 flow.

Query Parameters

CompanyId
string<guid>

The identifier of the company to validate against.

UserInvitationId
string<guid>

The identifier of the invitation being evaluated.

Response

Always returned with validation result. Note that success: true with result: false means the validation completed but the invitation does not belong to the company.

Standard response structure containing operation status and error information. Represents the response indicating whether an invitation belongs to a company.

success
boolean

True if the operation completed successfully; false if an error occurred.

Example:

true

code
enum<string>

Result code indicating the outcome of the operation.

Available options:
Unknown,
Success,
BadRequest,
Unauthorized,
NotFound,
Error
Example:

200

errorMessage
string | null

Human-readable error message when an error occurs.

Example:

null

result
boolean

Indicates whether the invitation belongs to the company.