Seller Orchestra Internal API Mapping

Staff & Invites

Create and manage staff users with role assignments and invitation workflows

9 APIs

3-Layer Architecture

API Gateway → Seller Admin (Orchestra) → User Service (Core)

1 Staff Invitations

Create Staff Invite

Send invitation to a new staff member with role assignments

POST

Gateway POST /seller/api/v1/domains/:domain_id/invite

Body: { email, roles[], store_ids[], send_invite }

↓

Orchestra POST /merchant/api/v1/domains/:domain_id/invite

↓

User Service

POST /api/invitationsCreate invite record POST /api/notifications/sendSend invite email

Invite Statuses

pending accepted expired cancelled

Get Invite Details

Public

Retrieve invitation details by invite ID (no auth required)

GET

Gateway GET /staff/api/v1/invite/:invite_id (No Auth)

↓

Orchestra GET /staff/api/v1/invite/:invite_id

↓

User Service

GET /api/invitations/:invite_id GET /api/domains/:domain_idGet domain info

Response Includes

invite_id email domain_name roles[] status expires_at inviter_name created_at

Accept Invite

Public

Accept invitation and create staff account with password

PUT

Gateway PUT /staff/api/v1/invite/:invite_id (No Auth)

Body: { first_name, last_name, password, confirm_password }

↓

Orchestra PUT /staff/api/v1/invite/:invite_id

↓

User Service

GET /api/invitations/:invite_idVerify invite valid POST /api/usersCreate user account POST /api/staffCreate staff record PUT /api/invitations/:invite_idMark as accepted POST /api/auth/token/generateCreate session

Response

Returns auth tokens (access_token, refresh_token) and user profile on success

Cancel Invite

Cancel a pending staff invitation

DELETE

Gateway DELETE /seller/api/v1/domains/:domain_id/invite/:invite_id

↓

Orchestra DELETE /merchant/api/v1/domains/:domain_id/invite/:invite_id

↓

User Service

DELETE /api/invitations/:invite_id

2 Staff Management

Create Staff

Directly create staff user (for existing users)

POST

Gateway POST /seller/api/v1/domains/:domain_id/staff

Body: { user_id, roles[], store_ids[] }

↓

Orchestra POST /merchant/api/v1/domains/:domain_id/staff

↓

User Service

POST /api/staff

List Staff

Retrieve all staff members for the domain

GET

Gateway GET /seller/api/v1/domains/:domain_id/staff

↓

Orchestra GET /merchant/api/v1/domains/:domain_id/staff

↓

User Service

GET /api/staff?domain_id=:domain_id

Get Staff

Retrieve single staff member details

GET

Gateway GET /seller/api/v1/domains/:domain_id/staff/:staff_id

↓

Orchestra GET /merchant/api/v1/domains/:domain_id/staff/:staff_id

↓

User Service

GET /api/staff/:staff_id

Update Staff

Update staff member roles and permissions

PUT

Gateway PUT /seller/api/v1/domains/:domain_id/staff/:staff_id

Body: { roles[], store_ids[], status }

↓

Orchestra PUT /merchant/api/v1/domains/:domain_id/staff/:staff_id

↓

User Service

PUT /api/staff/:staff_id POST /api/sessions/refresh-permissionsUpdate active sessions

Delete Staff

Remove staff member from the domain

DELETE

Gateway DELETE /seller/api/v1/domains/:domain_id/staff/:staff_id

↓

Orchestra DELETE /merchant/api/v1/domains/:domain_id/staff/:staff_id

↓

User Service

DELETE /api/staff/:staff_id DELETE /api/sessions/user/:user_idRevoke sessions

Staff Roles & Permissions

Common Roles

store_manager inventory_manager order_manager pos_cashier marketing

Invite Expiry

Default: 7 days from creation

Can be resent to generate new token

Expired invites can be cancelled