Skip to main content
The workspace membership endpoints give you read access to everything your authenticated user belongs to: which organizations you are a member of, which one is currently active, a full bundle of a single org’s data, and your own user profile. These are the endpoints that power the Safeclose navigation shell — you can call them directly to bootstrap your integration or to validate membership state before executing org-scoped actions. All endpoints require a valid Bearer token. See Authenticate requests for details.

List memberships

GET /v1/workspace/memberships
Returns every organization the authenticated user is an active member of. Each item in the array combines the membership record, the organization it belongs to (including billing account and counts), and the role assigned to you.

Request headers

Authorization
string
required
Bearer token from your Clerk session. Example: Bearer eyJhbGc...

Response

Returns a JSON array. Each element has the following shape:
[].id
string
required
Membership record ID.
[].userId
string
required
The authenticated user’s ID.
[].status
string
required
Always "ACTIVE" for records returned by this endpoint.
[].organizationId
string
required
ID of the organization this membership belongs to.
[].createdAt
string
required
ISO 8601 timestamp when the membership was created.
[].organization
object
required
The organization record.
[].role
object
required
The role assigned to you in this organization.

Example

curl --request GET \
  --url https://your-api.example.com/v1/workspace/memberships \
  --header 'Authorization: Bearer <your-session-token>'

Get active organization ID

GET /v1/workspace/active-org-id
Returns the ID of the organization currently marked active for your session. Safeclose resolves this by looking up the activeOrganizationId stored in your user profile and confirming that you are still an active member. If the stored value is stale (e.g., you were removed), the API clears it and falls back to the first organization in your membership list, alphabetically. Returns null if you have no active memberships.

Request headers

Authorization
string
required
Bearer token from your Clerk session.

Response

activeOrganizationId
string or null
required
ID of the currently active organization, or null if none is set or you have no memberships.

Example

curl --request GET \
  --url https://your-api.example.com/v1/workspace/active-org-id \
  --header 'Authorization: Bearer <your-session-token>'

Get active organization summary

GET /v1/workspace/active-org-summary
Returns the ID and display name of the currently active organization. Convenient when you only need to show the org name in a header or breadcrumb without loading full membership data.

Request headers

Authorization
string
required
Bearer token from your Clerk session.

Response

activeOrganizationId
string or null
required
ID of the currently active organization, or null if none is resolved.
organizationName
string or null
required
Display name of the active organization, or null if none is resolved.

Example

curl --request GET \
  --url https://your-api.example.com/v1/workspace/active-org-summary \
  --header 'Authorization: Bearer <your-session-token>'

Get organization bundle

GET /v1/workspace/org-bundle/:orgId
Returns the complete data bundle for a single organization: the full org record (including billing and branding), all locations ordered by sortOrder, all roles ordered by slug, and all members ordered by createdAt. Also includes your own membership and role within the org. Use this endpoint to populate organization settings screens or to inspect the full permission set for a given org before performing actions.
This endpoint returns 404 if you are not an active member of the requested organization. You cannot use it to inspect orgs you have not joined.

Path parameters

orgId
string
required
ID of the organization to retrieve.

Request headers

Authorization
string
required
Bearer token from your Clerk session.

Response

The response is an OrgMember record for your own membership, with the full organization and its nested collections included.
id
string
required
Your membership record ID.
userId
string
required
Your user ID.
status
string
required
Always "ACTIVE".
role
object
required
Your assigned role in this organization. Same shape as the role object in list memberships.
organization
object
required
The full organization record.

Error responses

StatusBodyCause
404{ "error": "Not found." }You are not an active member of the requested organization.

Get user profile

GET /v1/workspace/profile
Returns your user profile record, or null if no profile has been created yet. A profile is automatically provisioned the first time you create or join an organization, or when you call the upsertUserProfile action.

Request headers

Authorization
string
required
Bearer token from your Clerk session.

Response

profile
object or null
required
Your user profile, or null if no profile record exists.

Example

curl --request GET \
  --url https://your-api.example.com/v1/workspace/profile \
  --header 'Authorization: Bearer <your-session-token>'

Get menu core

GET /v1/workspace/menu-core
Returns your user profile, the full memberships array, and the active organization ID in a single request. This is the same data that powers the Safeclose navigation shell, fetched in parallel from the three underlying sources. Use this endpoint to bootstrap a client application or to hydrate server-side rendering in a single round trip.

Request headers

Authorization
string
required
Bearer token from your Clerk session.

Response

profile
object or null
required
Your user profile. Same shape as the profile field in get user profile.
memberships
object[]
required
Your organization memberships. Same shape as the array returned by list memberships.
activeOrganizationId
string or null
required
The currently active organization ID. Same value as get active organization ID.
Prefer this endpoint over calling the three individual endpoints separately when your use case requires all three values at startup.

Error cases

StatusError messageCause
401Missing Authorization Bearer token.No Authorization header was sent.
401Invalid or expired token.The Bearer token is malformed or has expired.
404{ "error": "Not found." }Org bundle requested for an org you are not a member of.