Skip to main content
These endpoints manage organizations (accounts), their members and roles, and the subscribers who receive incident alerts.

Accounts

Account creation and deletion are platform-admin operations (Cognito Admins group).
POST /accounts
Creates an account and links users. Body { "account": "Acme", "users": ["a@acme.com"] }. The first user becomes owner; additional users become admin.
GET /accounts
Returns accounts: { "accounts": [{ "id", "name", "active" }] }.
DELETE /accounts
Deletes accounts by account_id or account_ids.

Users & membership

GET /users
With no account-id, returns the caller’s organizations and their role in each. With ?account-id={uuid}, returns that org’s members: { email, name, id, role }.
POST /users?account-id={uuid}
Adds members. Body { "users": [{ "email": "b@acme.com", "role": "member" }] }. Default role is member. Owners may assign any role; admins may not assign owner.
PATCH /users?account-id={uuid}
Changes roles. Body { "users": [{ "email": "b@acme.com", "role": "admin" }] }. Only an owner may set owner; the last owner can’t be demoted.
DELETE /users?account-id={uuid}
Removes members. The last owner can’t be removed.
Adding a member or changing a role sends an email notification to the affected person.

Subscribers (alert recipients)

GET /subscribers?account-id={uuid}&vendor-list={listId}
Lists subscribers for a vendor list, with per-list verification state.
POST /subscribers?account-id={uuid}&vendor-list={listId}
Adds subscribers. Body { "subscriber-email": "alerts@acme.com" }. A verified org member is confirmed immediately; anyone else gets a confirmation email first.
DELETE /subscribers?account-id={uuid}&vendor-list={listId}
Removes a subscriber from the list.
Recipients can unsubscribe from any alert email via a one-click link, which respects their choice across future sends.