Endpoint Reference
These routes are implemented by MapPrimusMembershipEndpoints() in PrimusSaaS.Memberships.AspNetCore.
Self routes
| Route | Method | Purpose | Default auth scope |
|---|---|---|---|
/primus/memberships/me/tenants | GET | List memberships for the current user | Authenticated user |
/primus/memberships/me/active-tenant | GET | Read the current active-tenant selection | Authenticated user |
/primus/memberships/me/active-tenant | POST | Set the current active-tenant selection | Authenticated user |
/primus/invitations/{invitationId}/accept | POST | Accept an invitation using the protected token | Authenticated user |
Admin routes
| Route | Method | Purpose | Default auth scope |
|---|---|---|---|
/primus/tenants/{tenantId}/memberships | GET | List memberships for a tenant | Authenticated user, plus AdminPolicyName if configured |
/primus/tenants/{tenantId}/memberships/{userId} | GET | Get one membership | Authenticated user, plus AdminPolicyName if configured |
/primus/tenants/{tenantId}/memberships/{userId} | DELETE | Revoke one membership | Authenticated user, plus AdminPolicyName if configured |
/primus/tenants/{tenantId}/memberships/{userId}/suspend | POST | Suspend one membership | Authenticated user, plus AdminPolicyName if configured |
/primus/tenants/{tenantId}/memberships/{userId}/activate | POST | Reactivate one membership | Authenticated user, plus AdminPolicyName if configured |
/primus/tenants/{tenantId}/invitations | GET | List invitations for a tenant | Authenticated user, plus AdminPolicyName if configured |
/primus/tenants/{tenantId}/invitations | POST | Create an invitation | Authenticated user, plus AdminPolicyName if configured |
/primus/invitations/{invitationId}/resend | POST | Resend an invitation | Authenticated user, plus AdminPolicyName if configured |
/primus/invitations/{invitationId}/revoke | POST | Revoke an invitation | Authenticated user, plus AdminPolicyName if configured |
/primus/tenants/{tenantId}/bootstrap-admin | POST | Create the first active tenant admin | Authenticated user, plus AdminPolicyName if configured |
Response behavior to account for
- Authentication is required by default unless
RequireAuthenticatedUseris disabled inMembershipsEndpointOptions. - Missing membership, invitation, or active-tenant records return
404 Not Found. - The package does not translate service exceptions into problem-details responses for you.
- An authenticated principal without
NameIdentifiercauses anInvalidOperationExceptionin the current implementation.
Current run evidence
sdk/dotnet/tests/PrimusSaaS.Memberships.Tests/Integration/MembershipEndpointsTests.csCurrent run covers create/accept, suspend/reactivate, bootstrap admin, resend/revoke, delete, and auth-by-default.sdk/dotnet/tests/PrimusSaaS.Memberships.Tests/Integration/MembershipEndpointEdgeCaseTests.csCurrent run covers404cases, policy metadata application, and the missing-NameIdentifierfailure path.