Organizations & Teams
Organizations let you collaborate with teammates under a single billing account. Every PromptGuard user starts with a personal organization. You can create additional team organizations, invite members, and control access with role-based permissions.
Concepts
| Concept | Description |
|---|
| Organization | A shared workspace that owns projects, API keys, and billing |
| Member | A user who belongs to the organization |
| Role | Permission level assigned to each member |
| Invitation | A pending invite sent via email |
Roles & Permissions
| Capability | Owner | Admin | Member | Viewer |
|---|
| View projects and analytics | Yes | Yes | Yes | Yes |
| Create and manage API keys | Yes | Yes | Yes | No |
| Manage security policies | Yes | Yes | Yes | No |
| Invite and remove members | Yes | Yes | No | No |
| Update organization settings | Yes | Yes | No | No |
| Promote members to admin | Yes | No | No | No |
| Transfer ownership | Yes | No | No | No |
| Delete organization | Yes | No | No | No |
Getting Started
Create a Team
- Go to Dashboard > Settings > Team
- Click “Create Team”
- Enter a team name
- Your new organization appears alongside your personal workspace
Invite Members
- Navigate to Dashboard > Settings > Team
- Under Invitations, enter the email address and select a role
- Click “Send Invite”
- The invitee receives an email with a link to accept
Invitations expire after 7 days. You can cancel a pending invitation and resend if needed.
Switch Organizations
Use the organization selector at the top of the dashboard sidebar to switch between your personal workspace and team organizations.
Managing Members
Change a Member’s Role
- Go to Dashboard > Settings > Team
- Find the member in the Members table
- Select the new role from the dropdown
- Confirm the change
Remove a Member
- Go to Dashboard > Settings > Team
- Click the remove button next to the member
- Confirm removal
Removing a member revokes their access immediately. Their individual API keys remain valid for projects they created, but they lose access to the organization’s shared projects.
Project-level access
Organization roles apply across all projects. For finer-grained control, you can grant a user a role on a single project — useful when a contractor or a partner team should see one project without access to the rest of your organization.
Per-project roles are an Enterprise feature.
Project roles
| Project role | Can do |
|---|
| Admin | Manage the project’s policies, webhooks, settings, and its members |
| Member | View the project and use its API keys and policies |
| Viewer | Read-only access to the project and its analytics |
How access is resolved
A user’s effective access to a project is the highest of:
- Project ownership — the user who created the project is its owner.
- Their organization role — organization Owners and Admins are automatically Admins on every project; organization Members and Viewers carry that role into each project.
- Any explicit project role granted below.
Because PromptGuard takes the highest of these, an explicit project role can only raise someone’s access — it never reduces what their organization role already grants. To give someone access to only one project, add them to the organization as a Viewer (minimal org-wide access), then grant them a higher role on the specific project.
Grant a project role
- Open the project, then go to its Settings → Access tab
- Enter the teammate’s email and choose a project role
- Click Add — the change takes effect immediately
To revoke, remove the user from the project’s access list. They retain whatever access their organization role still grants.
Project Members API
These endpoints live under /dashboard/projects/{project_id} and use the session token.
# List explicit project members (requires Viewer+ on the project)
curl https://api.promptguard.co/dashboard/projects/proj_abc123/members \
-H "Authorization: Bearer YOUR_SESSION_TOKEN"
# Grant a user a role on this project, by email (requires Admin on the project)
curl -X POST https://api.promptguard.co/dashboard/projects/proj_abc123/members \
-H "Authorization: Bearer YOUR_SESSION_TOKEN" \
-H "Content-Type: application/json" \
-d '{"email": "contractor@partner.com", "role": "viewer"}'
# Revoke a user's explicit role on this project (requires Admin on the project)
curl -X DELETE https://api.promptguard.co/dashboard/projects/proj_abc123/members/usr_ghi789 \
-H "Authorization: Bearer YOUR_SESSION_TOKEN"
Ownership
Transfer Ownership
- Go to Dashboard > Settings > Team > Danger Zone
- Click “Transfer Ownership”
- Select the new owner from existing members
- Confirm the transfer
After transfer, the previous owner is demoted to admin.
Delete an Organization
- Go to Dashboard > Settings > Team > Danger Zone
- Click “Delete Organization”
- Type the organization name to confirm
Deleting an organization permanently removes all projects, API keys, scan history, and member associations. This cannot be undone. Personal organizations cannot be deleted.
API Reference
The Organizations API is session-authenticated (Dashboard API). All endpoints live under /dashboard/organizations.
List Organizations
curl https://api.promptguard.co/dashboard/organizations \
-H "Authorization: Bearer YOUR_SESSION_TOKEN"
Create Organization
curl -X POST https://api.promptguard.co/dashboard/organizations \
-H "Authorization: Bearer YOUR_SESSION_TOKEN" \
-H "Content-Type: application/json" \
-d '{"name": "Acme Security Team"}'
{
"id": "org_abc123",
"name": "Acme Security Team",
"slug": "acme-security-team",
"type": "team",
"owner_id": "usr_def456",
"settings": {},
"created_at": "2026-02-15T10:30:00Z",
"updated_at": "2026-02-15T10:30:00Z"
}
Invite a Member
curl -X POST https://api.promptguard.co/dashboard/organizations/org_abc123/invitations \
-H "Authorization: Bearer YOUR_SESSION_TOKEN" \
-H "Content-Type: application/json" \
-d '{"email": "teammate@company.com", "role": "member"}'
Update Member Role
curl -X PATCH https://api.promptguard.co/dashboard/organizations/org_abc123/members/usr_ghi789 \
-H "Authorization: Bearer YOUR_SESSION_TOKEN" \
-H "Content-Type: application/json" \
-d '{"role": "admin"}'
Remove a Member
curl -X DELETE https://api.promptguard.co/dashboard/organizations/org_abc123/members/usr_ghi789 \
-H "Authorization: Bearer YOUR_SESSION_TOKEN"
Transfer Ownership
curl -X POST https://api.promptguard.co/dashboard/organizations/org_abc123/transfer-ownership \
-H "Authorization: Bearer YOUR_SESSION_TOKEN" \
-H "Content-Type: application/json" \
-d '{"new_owner_id": "usr_ghi789"}'
Delete Organization
curl -X DELETE https://api.promptguard.co/dashboard/organizations/org_abc123 \
-H "Authorization: Bearer YOUR_SESSION_TOKEN"
Best Practices
- Use the least privilege role — assign Viewer to stakeholders who only need read access
- One organization per team — avoid mixing production and personal projects
- Rotate ownership proactively — transfer ownership before an owner leaves the company
- Audit members regularly — remove inactive members to reduce your attack surface
