> ## Documentation Index
> Fetch the complete documentation index at: https://docs.promptguard.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Organizations & Teams

> Collaborate with your team using shared projects and role-based access

# Organizations & Teams

Organizations let you collaborate with teammates under a single billing account. Every PromptGuard user starts with a **personal organization**. You can create additional team organizations, invite members, and control access with role-based permissions.

## Concepts

| Concept          | Description                                                  |
| ---------------- | ------------------------------------------------------------ |
| **Organization** | A shared workspace that owns projects, API keys, and billing |
| **Member**       | A user who belongs to the organization                       |
| **Role**         | Permission level assigned to each member                     |
| **Invitation**   | A pending invite sent via email                              |

## Roles & Permissions

| Capability                   | Owner | Admin | Member | Viewer |
| ---------------------------- | ----- | ----- | ------ | ------ |
| View projects and analytics  | Yes   | Yes   | Yes    | Yes    |
| Create and manage API keys   | Yes   | Yes   | Yes    | No     |
| Manage security policies     | Yes   | Yes   | Yes    | No     |
| Invite and remove members    | Yes   | Yes   | No     | No     |
| Update organization settings | Yes   | Yes   | No     | No     |
| Promote members to admin     | Yes   | No    | No     | No     |
| Transfer ownership           | Yes   | No    | No     | No     |
| Delete organization          | Yes   | No    | No     | No     |

## Getting Started

### Create a Team

1. Go to **Dashboard > Settings > Team**
2. Click **"Create Team"**
3. Enter a team name
4. Your new organization appears alongside your personal workspace

### Invite Members

1. Navigate to **Dashboard > Settings > Team**
2. Under **Invitations**, enter the email address and select a role
3. Click **"Send Invite"**
4. The invitee receives an email with a link to accept

<Note>
  Invitations expire after 7 days. You can cancel a pending invitation and resend if needed.
</Note>

### Switch Organizations

Use the organization selector at the top of the dashboard sidebar to switch between your personal workspace and team organizations.

## Managing Members

### Change a Member's Role

1. Go to **Dashboard > Settings > Team**
2. Find the member in the **Members** table
3. Select the new role from the dropdown
4. Confirm the change

### Remove a Member

1. Go to **Dashboard > Settings > Team**
2. Click the remove button next to the member
3. Confirm removal

<Warning>
  Removing a member revokes their access immediately. Their individual API keys remain valid for projects they created, but they lose access to the organization's shared projects.
</Warning>

## Project-level access

Organization roles apply across **all** projects. For finer-grained control, you can grant a user a role on a **single project** — useful when a contractor or a partner team should see one project without access to the rest of your organization.

<Note>
  Per-project roles are an **Enterprise** feature.
</Note>

### Project roles

| Project role | Can do                                                             |
| ------------ | ------------------------------------------------------------------ |
| **Admin**    | Manage the project's policies, webhooks, settings, and its members |
| **Member**   | View the project and use its API keys and policies                 |
| **Viewer**   | Read-only access to the project and its analytics                  |

### How access is resolved

A user's effective access to a project is the **highest** of:

1. **Project ownership** — the user who created the project is its owner.
2. **Their organization role** — organization **Owners** and **Admins** are automatically **Admins** on every project; organization Members and Viewers carry that role into each project.
3. **Any explicit project role** granted below.

Because PromptGuard takes the highest of these, an explicit project role can only **raise** someone's access — it never reduces what their organization role already grants. To give someone access to *only* one project, add them to the organization as a **Viewer** (minimal org-wide access), then grant them a higher role on the specific project.

### Grant a project role

1. Open the project, then go to its **Settings → Access** tab
2. Enter the teammate's email and choose a project role
3. Click **Add** — the change takes effect immediately

To revoke, remove the user from the project's access list. They retain whatever access their organization role still grants.

### Project Members API

These endpoints live under `/dashboard/projects/{project_id}` and use the session token.

```bash theme={"system"}
# List explicit project members (requires Viewer+ on the project)
curl https://api.promptguard.co/dashboard/projects/proj_abc123/members \
  -H "Authorization: Bearer YOUR_SESSION_TOKEN"

# Grant a user a role on this project, by email (requires Admin on the project)
curl -X POST https://api.promptguard.co/dashboard/projects/proj_abc123/members \
  -H "Authorization: Bearer YOUR_SESSION_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"email": "contractor@partner.com", "role": "viewer"}'

# Revoke a user's explicit role on this project (requires Admin on the project)
curl -X DELETE https://api.promptguard.co/dashboard/projects/proj_abc123/members/usr_ghi789 \
  -H "Authorization: Bearer YOUR_SESSION_TOKEN"
```

## Ownership

### Transfer Ownership

1. Go to **Dashboard > Settings > Team > Danger Zone**
2. Click **"Transfer Ownership"**
3. Select the new owner from existing members
4. Confirm the transfer

After transfer, the previous owner is demoted to admin.

### Delete an Organization

1. Go to **Dashboard > Settings > Team > Danger Zone**
2. Click **"Delete Organization"**
3. Type the organization name to confirm

<Warning>
  Deleting an organization permanently removes all projects, API keys, scan history, and member associations. This cannot be undone. Personal organizations cannot be deleted.
</Warning>

## API Reference

The Organizations API is session-authenticated (Dashboard API). All endpoints live under `/dashboard/organizations`.

### List Organizations

```bash theme={"system"}
curl https://api.promptguard.co/dashboard/organizations \
  -H "Authorization: Bearer YOUR_SESSION_TOKEN"
```

### Create Organization

```bash theme={"system"}
curl -X POST https://api.promptguard.co/dashboard/organizations \
  -H "Authorization: Bearer YOUR_SESSION_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "Acme Security Team"}'
```

**Response**

```json theme={"system"}
{
  "id": "org_abc123",
  "name": "Acme Security Team",
  "slug": "acme-security-team",
  "type": "team",
  "owner_id": "usr_def456",
  "settings": {},
  "created_at": "2026-02-15T10:30:00Z",
  "updated_at": "2026-02-15T10:30:00Z"
}
```

### Invite a Member

```bash theme={"system"}
curl -X POST https://api.promptguard.co/dashboard/organizations/org_abc123/invitations \
  -H "Authorization: Bearer YOUR_SESSION_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"email": "teammate@company.com", "role": "member"}'
```

### Update Member Role

```bash theme={"system"}
curl -X PATCH https://api.promptguard.co/dashboard/organizations/org_abc123/members/usr_ghi789 \
  -H "Authorization: Bearer YOUR_SESSION_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"role": "admin"}'
```

### Remove a Member

```bash theme={"system"}
curl -X DELETE https://api.promptguard.co/dashboard/organizations/org_abc123/members/usr_ghi789 \
  -H "Authorization: Bearer YOUR_SESSION_TOKEN"
```

### Transfer Ownership

```bash theme={"system"}
curl -X POST https://api.promptguard.co/dashboard/organizations/org_abc123/transfer-ownership \
  -H "Authorization: Bearer YOUR_SESSION_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"new_owner_id": "usr_ghi789"}'
```

### Delete Organization

```bash theme={"system"}
curl -X DELETE https://api.promptguard.co/dashboard/organizations/org_abc123 \
  -H "Authorization: Bearer YOUR_SESSION_TOKEN"
```

## Best Practices

1. **Use the least privilege role** -- assign Viewer to stakeholders who only need read access
2. **One organization per team** -- avoid mixing production and personal projects
3. **Rotate ownership proactively** -- transfer ownership before an owner leaves the company
4. **Audit members regularly** -- remove inactive members to reduce your attack surface
