ShellYard

Inviting members

Branded ZeptoMail invite with single-use, time-limited token. Accept link mints membership; survives OAuth round-trip. Federated-Google email-mismatch handled.

On a Team plan, an admin can invite a new member by email.

Flow

  1. Admin enters an email in Manage team → Invite.
  2. ShellYard generates a single-use, time-limited invite token.
  3. ZeptoMail delivers a branded invite email with the accept link.
  4. Recipient clicks the link, lands on /account?invite=<token>.
  5. If signed in, the accept call fires immediately. If not, the invite token is pre-stashed in localStorage and survives the OAuth round-trip.
  6. Backend mints membership, sets custom:org_id and custom:org_role=member on the recipient’s Cognito user.

Edge cases handled

  • Email mismatch — the recipient signs in with a different email than the invite. Returns email_mismatch; the UI explains.
  • Expired — invite tokens have a TTL. Expired returns invite_expired; admin can re-issue.
  • Already a member — the API short-circuits.

Internal name is Org (post-rename); user-visible copy says Team.