Accounts and Members
The accounts and members feature defines how accounts are organized and how roles are assigned for protected Inbox Manager operations. It gives you direct control over who can use each account and which account is active for each request.
Why This Matters
This feature sets the account boundary for credentials, tasks, jobs, emails, and logs. It keeps account switching explicit and role assignment in memberships, which reduces mistakes when teams work across parent and child accounts.
Core Flow
A client first lists accessible accounts, selects the active account, and saves that choice through account-view switching. From there it loads account and membership data, then performs account or member changes under that account.
Operations
| Operation | Endpoint | Purpose |
|---|---|---|
| List accounts | GET /api/accounts | Fetch accessible account list |
| Search accounts | POST /api/accounts/search | Query account set by filter |
| Get account | GET /api/accounts/:account_id | Retrieve account details |
| Switch active account | POST /api/account-views/switch | Save active account selection |
| Create account | POST /api/accounts | Create root or child account |
| Update account | PATCH /api/accounts/:account_id | Modify account fields |
| Delete account | DELETE /api/accounts/:account_id | Remove account |
| List members | GET /api/accounts/:account_id/members | Fetch account memberships |
| Add member | POST /api/accounts/:account_id/members | Create membership |
| Update member | PATCH /api/accounts/:account_id/members/:member_id | Change role or membership metadata |
| Remove member | DELETE /api/accounts/:account_id/members/:member_id | Revoke account access |
Key Data and State
{
account_id: "acc_...",
parent_account_id: "acc_parent_...", // optional for hierarchy
membership: {
user_id: "uid_...",
role: "owner" | "member" | "viewer"
}
}Failure Modes and Controls
Requests for accounts outside the caller membership set are rejected, and member changes require the right role. Account switching must target an account the caller can access, and account lifecycle changes only happen through explicit account endpoints.