Skip to main content
GET
/
api
/
adm
/
invitations
/
isEntryBelongsToCompany
Validate Invitation Company
curl --request GET \
  --url https://localhost:44371/api/adm/invitations/isEntryBelongsToCompany \
  --header 'Authorization: Bearer <token>'
{
  "success": true,
  "code": 200,
  "errorMessage": null
}

Description

Security validation endpoint that confirms an invitation belongs to the specified company. This is critical for preventing cross-company data access and ensuring proper security boundaries when managing invitations across multiple companies.

Input

  • Query Parameters: model (IsUserInvitationBelongsToCompanyQueryRequest, required) — Validation request including:
    • invitationId (guid, required) — Invitation identifier to validate.
    • companyId (guid, required) — Company identifier to verify against.

Output

Returns a IsUserInvitationBelongsToCompanyQueryResponse containing the validation result (true if invitation belongs to company).

Example Request

GET /api/admin/userInvitations/validate-company?invitationId=9ef15c43-a955-6f4h-c7g3-1h6d4f0e3g9c&companyId=3fa85f64-5717-4562-b3fc-2c963f66afa6
Authorization: Bearer {token}

Example Response

{
  "success": true,
  "code": 200,
  "errorMessage": null,
  "result": true
}

Errors

  • 400 Bad Request — Missing required parameters.
  • 404 Not Found — Invitation or company does not exist.

Notes

  • A successful response with result=false means the invitation does NOT belong to the company.
  • Always call this endpoint before performing sensitive operations on invitations.
  • This provides defense-in-depth security in multi-tenant scenarios.

Authorizations

Authorization
string
header
required

The access token received from the authorization server in the OAuth 2.0 flow.

Query Parameters

CompanyId
string<guid>

The identifier of the company to validate against.

UserInvitationId
string<guid>

The identifier of the invitation being evaluated.

Response

Always returned with validation result. Note that success: true with result: false means the validation completed but the invitation does not belong to the company.

Represents the response indicating whether an invitation belongs to a company.

success
boolean

True if the operation completed successfully; false if an error occurred.

Example:

true

code
enum<string>

Result code indicating the outcome of the operation.

Available options:
Unknown,
Success,
BadRequest,
Unauthorized,
NotFound,
Error
Example:

200

errorMessage
string | null

Human-readable error message when an error occurs.

Example:

null

result
boolean

Indicates whether the invitation belongs to the company.