Team ID (tea_...). The authenticated user must be a member of this team.
Successful response
Create a team
Creates a new team and returns the created team object. The authenticated
user becomes the team's owner.
When app is supplied, the request is scoped to that app and the caller
must hold the corresponding app scope. Omit org unless you want the team
pinned to a specific organization. A default chat thread is provisioned for
the team automatically after creation.
Request body.
Optionalacl?: {Access control configuration for the team. Controls who can discover and join the team.
Optionaldescription?: stringOptional human-readable description of the team's purpose.
Optionalmetadata?: Record<string, unknown>Arbitrary key-value pairs you can attach to the team for your own use. Values must be strings.
Display name for the team.
Optionalorg?: stringOrganization ID (org_...) to associate the team with. Omit to create the team without an org affiliation.
The newly created team.
Delete a team
Permanently deletes the team identified by team. This action is
irreversible — all team memberships, settings, and associated data are
removed.
The caller must be the team owner or an org admin. When app is present,
the caller must also hold the corresponding app scope.
Team ID (team_...) of the team to delete.
Empty response — the team has been deleted.
Retrieve a team
Returns the full team object for the given team ID, including its current
member list and all associated threads.
The authenticated user must be a member of the team or hold a role that
grants visibility (org admin, app scope). When app is supplied, the
caller must hold the corresponding app scope.
Team ID (team_...) of the team to retrieve.
The requested team, including its members and threads.
Create a team invite
Generates a new invite code for the specified team. The authenticated user
must be a member of the team with the owner or admin role.
The returned code is a short alphanumeric string that other users can
present to join the team. Each call produces a new code; previously issued
codes are not invalidated by this request.
Team ID (tm_...) identifying the team for which to generate the invite code.
The newly created team invite containing the join code.
Create a team invite (server-to-server) Generates a new invite code for the specified team using server-to-server authentication. Unlike the user-facing create endpoint, this variant does not require the caller to be a team member — it is intended for privileged back-end services acting on behalf of your platform. The returned code is a short alphanumeric string that users can present to join the team. Each call produces a new code; previously issued codes are not invalidated by this request.
Team ID (tm_...) identifying the team for which to generate the invite code.
Successful response
Join a team
Adds a principal to a team that is visible to the authenticated user.
By default, the currently authenticated user joins the team. Provide agent
to add an agent to the team instead — the caller must already be a member of
the team to do so. Provide user (by ID) or email to add another user from
your organization — the caller must be a team owner, team admin, or org admin.
Only one of agent, user, or email may be supplied per request.
If the target principal is already a member of the team, the request succeeds
without creating a duplicate membership. Server-to-server callers are not
permitted to use this endpoint; use the invite-code endpoint instead.
Team ID (team_...) to join.
Request body.
Optionalagent?: stringAgent ID (agent_...) to add to the team. The caller must already be a member of the team.
Optionalemail?: stringEmail address of a member of the caller's organization to add to the team. Requires team-owner, team-admin, or org-admin role.
Optionaluser?: stringUser ID (user_...) of a member of the caller's organization to add to the team. Requires team-owner, team-admin, or org-admin role.
Empty response — the principal is now a member of the team.
Join a team with an invite code
Adds a principal to a team using a 12-character invite code. The invite
code can be supplied as either join_code or invite_code; both are
accepted for backwards compatibility.
For user-authenticated requests, the currently authenticated user is added
to the team. For server-to-server requests, you must supply either agent
(to add an agent) or user (to add a specific user by ID). If the user
is already a member of the team, the request succeeds without creating a
duplicate membership.
This endpoint is rate-limited to 10 requests per minute per IP address to
prevent invite-code enumeration.
Request body.
Optionalagent?: stringAgent ID (agent_...) to add to the team. When provided, the agent is joined instead of the authenticated user. Requires a server-to-server session.
Optionalinvite_code?: string12-character invite code — alias for join_code accepted for backwards compatibility.
Optionaljoin_code?: string12-character invite code that identifies the team. Mutually usable with invite_code.
Optionaluser?: stringUser ID (user_...) to add to the team. Required for server-to-server requests when agent is not supplied.
The team the principal has joined.
Leave a team
Removes a principal from a team. By default, the authenticated user removes
themselves from the team. Provide agent to remove an agent instead — the
caller must be a member of the team to do so.
Team owners cannot leave their own team. To transfer ownership first, use
the update-membership endpoint, then call this endpoint.
For server-to-server requests, user is required to identify which user
should be removed.
Team ID (team_...) to leave.
Empty response — the principal has been removed from the team.
List teams
Returns a paginated list of teams visible to the authenticated user, ordered
by creation time descending. Use membership to narrow results to teams the
caller has joined or teams they are eligible to join based on their ACL
visibility.
Supports full-text search across team name and description via search, and
structured metadata filtering via metadata. When app is present, results
are scoped to that app and the caller must hold the corresponding app scope.
Optionalparams: {Query parameters.
Optionalmembership?: stringFilter teams by membership status. "joined" returns only teams the caller is a member of. "joinable" returns ACL-visible teams the caller has not yet joined. Omit to return all visible teams.
Optionalmetadata?: {Structured metadata filter expression. Only teams whose metadata satisfies the expression are returned.
Optionalpage?: numberPage number to retrieve, starting at 1. Defaults to 1.
OptionalpageSize?: numberNumber of teams to return per page. Defaults to 25.
Optionalsearch?: stringFull-text search string matched against team name and description.
Successful response
Update a team
Updates one or more attributes of the team identified by team. Only the
fields you provide are changed; omitted fields are left as-is.
To replace the team's profile picture, supply the profile_picture object
with base64-encoded image data. The previous picture is deleted after the
new one is successfully uploaded. When app is present, the caller must hold
the corresponding app scope. The caller must be a team owner or org admin.
Team ID (team_...) of the team to update.
Request body.
Optionalacl?: {New access control configuration for the team. Replaces the existing ACL.
Optionaldescription?: stringNew human-readable description of the team's purpose.
Optionalmetadata?: Record<string, unknown>Arbitrary key-value pairs to set on the team. Replaces the existing metadata map entirely.
Optionalname?: stringNew display name for the team.
Optionalprofile_picture?: { data?: string; filename?: string; mime_type?: string }New profile picture for the team. Provide this object to upload and replace the current picture.
The updated team with all changes applied.
List a team's artifacts Returns all artifacts owned by the specified team. Artifacts represent AI-generated or user-uploaded files associated with agent sessions, threads, or sandboxes — such as images, documents, and code outputs. The authenticated user must be a member of the team. Attempting to list artifacts for a team the caller does not have access to returns 404 rather than 403 to avoid leaking team existence. Results are returned in a single page without cursor pagination. Each artifact in the response reflects the state of its current version, including a short-lived signed
file_urlfor direct download.