shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
25a803221e072393e8ffe0d60464a836122d2c11
coder/docs/reference/api/members.md
T
Yevhenii Shcherbina 4124d1137d feat: add ai_model_prices table (#24932) 
# Summary

Implements
https://linear.app/codercom/issue/AIGOV-282/add-ai-model-price-table-and-seed-generator

This PR lays the groundwork for AI Bridge cost controls (per the AI
Governance RFC). It adds the foundation needed for future cost tracking:
a place to store per-model token prices, a way to keep those prices in
sync with upstream pricing data, and a startup mechanism that ensures
every deployment has prices loaded before AI Bridge starts processing
requests.

The price data comes from [models.dev](https://models.dev/), a
community-maintained catalogue of AI provider pricing. A generator
script fetches the latest prices, filters to Anthropic and OpenAI for
now, and produces a seed file checked into the repository.

On every server startup the seed is applied to the database, so new
releases automatically pick up any price corrections that landed since
the previous one. Existing rows are overwritten with the latest prices;
rows for models no longer in the seed are left untouched.

# Batching the AI model price seed: three approaches

Context: at server startup we seed the `ai_model_prices` table from an
embedded JSON price book (~70 rows today, will grow as we add providers,
potentially 4000+).

Each row is:

```text
(provider, model, input_price, output_price, cache_read_price, cache_write_price)
```

Any of the four price columns can be:

- `NULL` → “price unknown for this dimension”
- explicit `0` → “free”

The batch must be an UPSERT so re-running is idempotent and existing
rows pick up new prices.

We considered three implementations.

---

## Approach 1 — Per-row UPSERT in a Go loop

```go
for _, row := range rows {
    if err := db.UpsertAIModelPrice(ctx, database.UpsertAIModelPriceParams{
        Provider:   row.Provider,
        Model:      row.Model,
        InputPrice: nullInt64(row.InputPrice),
        // ...
    }); err != nil {
        return err
    }
}
```

### Pros

- Trivial.
- NULL handling falls out naturally from `sql.NullInt64`.

### Cons

- `N` round-trips per seed.
- With ~70 rows that means ~70 statement executions on every startup,
even inside a transaction.
- Doesn't scale gracefully as the price book grows, potentially 4000+.

---

## Approach 2 — `UNNEST` with parallel arrays

Pass each column as a separate Go slice. Postgres unnests them in
parallel into a virtual table, then `INSERT ... SELECT`.

```sql
INSERT INTO ai_model_prices (
    provider,
    model,
    input_price,
    output_price,
    cache_read_price,
    cache_write_price
)
SELECT
    UNNEST(@providers::text[]),
    UNNEST(@models::text[]),
    NULLIF(UNNEST(@input_prices::bigint[]), -1),
    NULLIF(UNNEST(@output_prices::bigint[]), -1),
    NULLIF(UNNEST(@cache_read_prices::bigint[]), -1),
    NULLIF(UNNEST(@cache_write_prices::bigint[]), -1)
ON CONFLICT (provider, model) DO UPDATE SET
    input_price       = EXCLUDED.input_price,
    output_price      = EXCLUDED.output_price,
    cache_read_price  = EXCLUDED.cache_read_price,
    cache_write_price = EXCLUDED.cache_write_price,
    updated_at        = NOW();
```

Go side: flatten rows into six parallel slices.

Use a sentinel (`-1`) for “missing”, since `lib/pq` can't encode `NULL`
into a `bigint[]` element.

```go
providers := make([]string, len(rows))
models    := make([]string, len(rows))
inputs    := make([]int64,  len(rows))
outputs   := make([]int64,  len(rows))
cacheR    := make([]int64,  len(rows))
cacheW    := make([]int64,  len(rows))

for i, r := range rows {
    providers[i] = r.Provider
    models[i]    = r.Model

    inputs[i] = -1
    if r.InputPrice != nil {
        inputs[i] = *r.InputPrice
    }

    outputs[i] = -1
    if r.OutputPrice != nil {
        outputs[i] = *r.OutputPrice
    }

    cacheR[i] = -1
    if r.CacheReadPrice != nil {
        cacheR[i] = *r.CacheReadPrice
    }

    cacheW[i] = -1
    if r.CacheWritePrice != nil {
        cacheW[i] = *r.CacheWritePrice
    }
}

return db.UpsertAIModelPrices(ctx, database.UpsertAIModelPricesParams{
    Providers:        providers,
    Models:           models,
    InputPrices:      inputs,
    OutputPrices:     outputs,
    CacheReadPrices:  cacheR,
    CacheWritePrices: cacheW,
})
```

### Pros

- Single round-trip.

### Cons

- The generated `sqlc` params become plain `[]int64`, which can't
represent `NULL`.

---

## Approach 3 — `jsonb_array_elements` over a single `@seed::jsonb`
(chosen)

Pass the raw seed JSON as one parameter; let Postgres expand and parse
it.

```sql
INSERT INTO ai_model_prices (
    provider,
    model,
    input_price,
    output_price,
    cache_read_price,
    cache_write_price
)
SELECT
    elem->>'provider',
    elem->>'model',
    (elem->>'input_price')::bigint,
    (elem->>'output_price')::bigint,
    (elem->>'cache_read_price')::bigint,
    (elem->>'cache_write_price')::bigint
FROM jsonb_array_elements(@seed::jsonb) AS elem
ON CONFLICT (provider, model) DO UPDATE SET
    input_price       = EXCLUDED.input_price,
    output_price      = EXCLUDED.output_price,
    cache_read_price  = EXCLUDED.cache_read_price,
    cache_write_price = EXCLUDED.cache_write_price,
    updated_at        = NOW();
```

Go side reduces to:

```go
return db.UpsertAIModelPrices(ctx, seedJSON)
```

### Pros

- Single round-trip.
- NULLs fall out naturally:
  - `(elem->>'cache_write_price')::bigint` becomes `NULL`
  - no sentinels
- The seed is already JSON:
- Existing precedent:
  - `jsonb_array_elements` is already used elsewhere in the codebase

### Cons

- Less type-safe at the SQL boundary than `UNNEST`
- Slightly less standard than `UNNEST`
- Readers need familiarity with:
  - `jsonb_array_elements`
  - `->>` extraction syntax
- Postgres pays JSON parse cost
  - negligible at our scale

---

---

# Decision

We picked Approach 3.

It collapses the round-trips like `UNNEST` does, but without:

- nullable-array workarounds
- sentinel values
2026-05-08 16:45:14 -04:00

65 KiB
Generated
Raw Blame History

Members

List organization members

Code samples

# Example request using curl
curl -X GET http://coder-server:8080/api/v2/organizations/{organization}/members \
  -H 'Accept: application/json' \
  -H 'Coder-Session-Token: API_KEY'

GET /api/v2/organizations/{organization}/members

Parameters

Name In Type Required Description
organization path string true Organization ID

Example responses

200 Response

[
  {
    "avatar_url": "string",
    "created_at": "2019-08-24T14:15:22Z",
    "email": "string",
    "global_roles": [
      {
        "display_name": "string",
        "name": "string",
        "organization_id": "string"
      }
    ],
    "has_ai_seat": true,
    "is_service_account": true,
    "last_seen_at": "2019-08-24T14:15:22Z",
    "login_type": "",
    "name": "string",
    "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
    "roles": [
      {
        "display_name": "string",
        "name": "string",
        "organization_id": "string"
      }
    ],
    "status": "active",
    "updated_at": "2019-08-24T14:15:22Z",
    "user_created_at": "2019-08-24T14:15:22Z",
    "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
    "user_updated_at": "2019-08-24T14:15:22Z",
    "username": "string"
  }
]

Responses

Status Meaning Description Schema
200 OK OK array of codersdk.OrganizationMemberWithUserData

Response Schema

Status Code 200

Name Type Required Restrictions Description
[array item] array false
» avatar_url string false
» created_at string(date-time) false
» email string false
» global_roles array false
»» display_name string false
»» name string false
»» organization_id string false
» has_ai_seat boolean false Has ai seat intentionally omits omitempty so the API always includes the field, even when false.
» is_service_account boolean false
» last_seen_at string(date-time) false
» login_type codersdk.LoginType false
» name string false
» organization_id string(uuid) false
» roles array false
» status codersdk.UserStatus false
» updated_at string(date-time) false
» user_created_at string(date-time) false
» user_id string(uuid) false
» user_updated_at string(date-time) false
» username string false

Enumerated Values

Property Value(s)
login_type ``, github, none, oidc, password, token
status active, suspended

To perform this operation, you must be authenticated. Learn more.

Get member roles by organization

Code samples

# Example request using curl
curl -X GET http://coder-server:8080/api/v2/organizations/{organization}/members/roles \
  -H 'Accept: application/json' \
  -H 'Coder-Session-Token: API_KEY'

GET /api/v2/organizations/{organization}/members/roles

Parameters

Name In Type Required Description
organization path string(uuid) true Organization ID

Example responses

200 Response

[
  {
    "assignable": true,
    "built_in": true,
    "display_name": "string",
    "name": "string",
    "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
    "organization_member_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "organization_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "site_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "user_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ]
  }
]

Responses

Status Meaning Description Schema
200 OK OK array of codersdk.AssignableRoles

Response Schema

Status Code 200

Name Type Required Restrictions Description
[array item] array false
» assignable boolean false
» built_in boolean false Built in roles are immutable
» display_name string false
» name string false
» organization_id string(uuid) false
» organization_member_permissions array false Organization member permissions are specific for the organization in the field 'OrganizationID' above.
»» action codersdk.RBACAction false
»» negate boolean false Negate makes this a negative permission
»» resource_type codersdk.RBACResource false
» organization_permissions array false Organization permissions are specific for the organization in the field 'OrganizationID' above.
» site_permissions array false
» user_permissions array false

Enumerated Values

Property Value(s)
action application_connect, assign, create, create_agent, delete, delete_agent, read, read_personal, share, ssh, start, stop, unassign, update, update_agent, update_personal, use, view_insights
resource_type *, ai_model_price, ai_seat, aibridge_interception, api_key, assign_org_role, assign_role, audit_log, boundary_usage, chat, connection_log, crypto_key, debug_info, deployment_config, deployment_stats, file, group, group_member, idpsync_settings, inbox_notification, license, notification_message, notification_preference, notification_template, oauth2_app, oauth2_app_code_token, oauth2_app_secret, organization, organization_member, prebuilt_workspace, provisioner_daemon, provisioner_jobs, replicas, system, tailnet_coordinator, task, template, usage_event, user, user_secret, webpush_subscription, workspace, workspace_agent_devcontainers, workspace_agent_resource_monitor, workspace_dormant, workspace_proxy

To perform this operation, you must be authenticated. Learn more.

Update a custom organization role

Code samples

# Example request using curl
curl -X PUT http://coder-server:8080/api/v2/organizations/{organization}/members/roles \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Coder-Session-Token: API_KEY'

PUT /api/v2/organizations/{organization}/members/roles

Body parameter

{
  "display_name": "string",
  "name": "string",
  "organization_member_permissions": [
    {
      "action": "application_connect",
      "negate": true,
      "resource_type": "*"
    }
  ],
  "organization_permissions": [
    {
      "action": "application_connect",
      "negate": true,
      "resource_type": "*"
    }
  ],
  "site_permissions": [
    {
      "action": "application_connect",
      "negate": true,
      "resource_type": "*"
    }
  ],
  "user_permissions": [
    {
      "action": "application_connect",
      "negate": true,
      "resource_type": "*"
    }
  ]
}

Parameters

Name In Type Required Description
organization path string(uuid) true Organization ID
body body codersdk.CustomRoleRequest true Update role request

Example responses

200 Response

[
  {
    "display_name": "string",
    "name": "string",
    "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
    "organization_member_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "organization_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "site_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "user_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ]
  }
]

Responses

Status Meaning Description Schema
200 OK OK array of codersdk.Role

Response Schema

Status Code 200

Name Type Required Restrictions Description
[array item] array false
» display_name string false
» name string false
» organization_id string(uuid) false
» organization_member_permissions array false Organization member permissions are specific for the organization in the field 'OrganizationID' above.
»» action codersdk.RBACAction false
»» negate boolean false Negate makes this a negative permission
»» resource_type codersdk.RBACResource false
» organization_permissions array false Organization permissions are specific for the organization in the field 'OrganizationID' above.
» site_permissions array false
» user_permissions array false

Enumerated Values

Property Value(s)
action application_connect, assign, create, create_agent, delete, delete_agent, read, read_personal, share, ssh, start, stop, unassign, update, update_agent, update_personal, use, view_insights
resource_type *, ai_model_price, ai_seat, aibridge_interception, api_key, assign_org_role, assign_role, audit_log, boundary_usage, chat, connection_log, crypto_key, debug_info, deployment_config, deployment_stats, file, group, group_member, idpsync_settings, inbox_notification, license, notification_message, notification_preference, notification_template, oauth2_app, oauth2_app_code_token, oauth2_app_secret, organization, organization_member, prebuilt_workspace, provisioner_daemon, provisioner_jobs, replicas, system, tailnet_coordinator, task, template, usage_event, user, user_secret, webpush_subscription, workspace, workspace_agent_devcontainers, workspace_agent_resource_monitor, workspace_dormant, workspace_proxy

To perform this operation, you must be authenticated. Learn more.

Insert a custom organization role

Code samples

# Example request using curl
curl -X POST http://coder-server:8080/api/v2/organizations/{organization}/members/roles \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Coder-Session-Token: API_KEY'

POST /api/v2/organizations/{organization}/members/roles

Body parameter

{
  "display_name": "string",
  "name": "string",
  "organization_member_permissions": [
    {
      "action": "application_connect",
      "negate": true,
      "resource_type": "*"
    }
  ],
  "organization_permissions": [
    {
      "action": "application_connect",
      "negate": true,
      "resource_type": "*"
    }
  ],
  "site_permissions": [
    {
      "action": "application_connect",
      "negate": true,
      "resource_type": "*"
    }
  ],
  "user_permissions": [
    {
      "action": "application_connect",
      "negate": true,
      "resource_type": "*"
    }
  ]
}

Parameters

Name In Type Required Description
organization path string(uuid) true Organization ID
body body codersdk.CustomRoleRequest true Insert role request

Example responses

200 Response

[
  {
    "display_name": "string",
    "name": "string",
    "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
    "organization_member_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "organization_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "site_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "user_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ]
  }
]

Responses

Status Meaning Description Schema
200 OK OK array of codersdk.Role

Response Schema

Status Code 200

Name Type Required Restrictions Description
[array item] array false
» display_name string false
» name string false
» organization_id string(uuid) false
» organization_member_permissions array false Organization member permissions are specific for the organization in the field 'OrganizationID' above.
»» action codersdk.RBACAction false
»» negate boolean false Negate makes this a negative permission
»» resource_type codersdk.RBACResource false
» organization_permissions array false Organization permissions are specific for the organization in the field 'OrganizationID' above.
» site_permissions array false
» user_permissions array false

Enumerated Values

Property Value(s)
action application_connect, assign, create, create_agent, delete, delete_agent, read, read_personal, share, ssh, start, stop, unassign, update, update_agent, update_personal, use, view_insights
resource_type *, ai_model_price, ai_seat, aibridge_interception, api_key, assign_org_role, assign_role, audit_log, boundary_usage, chat, connection_log, crypto_key, debug_info, deployment_config, deployment_stats, file, group, group_member, idpsync_settings, inbox_notification, license, notification_message, notification_preference, notification_template, oauth2_app, oauth2_app_code_token, oauth2_app_secret, organization, organization_member, prebuilt_workspace, provisioner_daemon, provisioner_jobs, replicas, system, tailnet_coordinator, task, template, usage_event, user, user_secret, webpush_subscription, workspace, workspace_agent_devcontainers, workspace_agent_resource_monitor, workspace_dormant, workspace_proxy

To perform this operation, you must be authenticated. Learn more.

Delete a custom organization role

Code samples

# Example request using curl
curl -X DELETE http://coder-server:8080/api/v2/organizations/{organization}/members/roles/{roleName} \
  -H 'Accept: application/json' \
  -H 'Coder-Session-Token: API_KEY'

DELETE /api/v2/organizations/{organization}/members/roles/{roleName}

Parameters

Name In Type Required Description
organization path string(uuid) true Organization ID
roleName path string true Role name

Example responses

200 Response

[
  {
    "display_name": "string",
    "name": "string",
    "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
    "organization_member_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "organization_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "site_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "user_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ]
  }
]

Responses

Status Meaning Description Schema
200 OK OK array of codersdk.Role

Response Schema

Status Code 200

Name Type Required Restrictions Description
[array item] array false
» display_name string false
» name string false
» organization_id string(uuid) false
» organization_member_permissions array false Organization member permissions are specific for the organization in the field 'OrganizationID' above.
»» action codersdk.RBACAction false
»» negate boolean false Negate makes this a negative permission
»» resource_type codersdk.RBACResource false
» organization_permissions array false Organization permissions are specific for the organization in the field 'OrganizationID' above.
» site_permissions array false
» user_permissions array false

Enumerated Values

Property Value(s)
action application_connect, assign, create, create_agent, delete, delete_agent, read, read_personal, share, ssh, start, stop, unassign, update, update_agent, update_personal, use, view_insights
resource_type *, ai_model_price, ai_seat, aibridge_interception, api_key, assign_org_role, assign_role, audit_log, boundary_usage, chat, connection_log, crypto_key, debug_info, deployment_config, deployment_stats, file, group, group_member, idpsync_settings, inbox_notification, license, notification_message, notification_preference, notification_template, oauth2_app, oauth2_app_code_token, oauth2_app_secret, organization, organization_member, prebuilt_workspace, provisioner_daemon, provisioner_jobs, replicas, system, tailnet_coordinator, task, template, usage_event, user, user_secret, webpush_subscription, workspace, workspace_agent_devcontainers, workspace_agent_resource_monitor, workspace_dormant, workspace_proxy

To perform this operation, you must be authenticated. Learn more.

Get organization member

Code samples

# Example request using curl
curl -X GET http://coder-server:8080/api/v2/organizations/{organization}/members/{user} \
  -H 'Accept: application/json' \
  -H 'Coder-Session-Token: API_KEY'

GET /api/v2/organizations/{organization}/members/{user}

Parameters

Name In Type Required Description
organization path string true Organization ID
user path string true User ID, name, or me

Example responses

200 Response

{
  "avatar_url": "string",
  "created_at": "2019-08-24T14:15:22Z",
  "email": "string",
  "global_roles": [
    {
      "display_name": "string",
      "name": "string",
      "organization_id": "string"
    }
  ],
  "has_ai_seat": true,
  "is_service_account": true,
  "last_seen_at": "2019-08-24T14:15:22Z",
  "login_type": "",
  "name": "string",
  "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
  "roles": [
    {
      "display_name": "string",
      "name": "string",
      "organization_id": "string"
    }
  ],
  "status": "active",
  "updated_at": "2019-08-24T14:15:22Z",
  "user_created_at": "2019-08-24T14:15:22Z",
  "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
  "user_updated_at": "2019-08-24T14:15:22Z",
  "username": "string"
}

Responses

Status Meaning Description Schema
200 OK OK codersdk.OrganizationMemberWithUserData

To perform this operation, you must be authenticated. Learn more.

Add organization member

Code samples

# Example request using curl
curl -X POST http://coder-server:8080/api/v2/organizations/{organization}/members/{user} \
  -H 'Accept: application/json' \
  -H 'Coder-Session-Token: API_KEY'

POST /api/v2/organizations/{organization}/members/{user}

Parameters

Name In Type Required Description
organization path string true Organization ID
user path string true User ID, name, or me

Example responses

200 Response

{
  "created_at": "2019-08-24T14:15:22Z",
  "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
  "roles": [
    {
      "display_name": "string",
      "name": "string",
      "organization_id": "string"
    }
  ],
  "updated_at": "2019-08-24T14:15:22Z",
  "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5"
}

Responses

Status Meaning Description Schema
200 OK OK codersdk.OrganizationMember

To perform this operation, you must be authenticated. Learn more.

Remove organization member

Code samples

# Example request using curl
curl -X DELETE http://coder-server:8080/api/v2/organizations/{organization}/members/{user} \
  -H 'Coder-Session-Token: API_KEY'

DELETE /api/v2/organizations/{organization}/members/{user}

Parameters

Name In Type Required Description
organization path string true Organization ID
user path string true User ID, name, or me

Responses

Status Meaning Description Schema
204 No Content No Content

To perform this operation, you must be authenticated. Learn more.

Assign role to organization member

Code samples

# Example request using curl
curl -X PUT http://coder-server:8080/api/v2/organizations/{organization}/members/{user}/roles \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Coder-Session-Token: API_KEY'

PUT /api/v2/organizations/{organization}/members/{user}/roles

Body parameter

{
  "roles": [
    "string"
  ]
}

Parameters

Name In Type Required Description
organization path string true Organization ID
user path string true User ID, name, or me
body body codersdk.UpdateRoles true Update roles request

Example responses

200 Response

{
  "created_at": "2019-08-24T14:15:22Z",
  "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
  "roles": [
    {
      "display_name": "string",
      "name": "string",
      "organization_id": "string"
    }
  ],
  "updated_at": "2019-08-24T14:15:22Z",
  "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5"
}

Responses

Status Meaning Description Schema
200 OK OK codersdk.OrganizationMember

To perform this operation, you must be authenticated. Learn more.

Paginated organization members

Code samples

# Example request using curl
curl -X GET http://coder-server:8080/api/v2/organizations/{organization}/paginated-members \
  -H 'Accept: application/json' \
  -H 'Coder-Session-Token: API_KEY'

GET /api/v2/organizations/{organization}/paginated-members

Parameters

Name In Type Required Description
organization path string true Organization ID
q query string false Member search query
after_id query string(uuid) false After ID
limit query integer false Page limit, if 0 returns all members
offset query integer false Page offset

Example responses

200 Response

[
  {
    "count": 0,
    "members": [
      {
        "avatar_url": "string",
        "created_at": "2019-08-24T14:15:22Z",
        "email": "string",
        "global_roles": [
          {
            "display_name": "string",
            "name": "string",
            "organization_id": "string"
          }
        ],
        "has_ai_seat": true,
        "is_service_account": true,
        "last_seen_at": "2019-08-24T14:15:22Z",
        "login_type": "",
        "name": "string",
        "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
        "roles": [
          {
            "display_name": "string",
            "name": "string",
            "organization_id": "string"
          }
        ],
        "status": "active",
        "updated_at": "2019-08-24T14:15:22Z",
        "user_created_at": "2019-08-24T14:15:22Z",
        "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
        "user_updated_at": "2019-08-24T14:15:22Z",
        "username": "string"
      }
    ]
  }
]

Responses

Status Meaning Description Schema
200 OK OK array of codersdk.PaginatedMembersResponse

Response Schema

Status Code 200

Name Type Required Restrictions Description
[array item] array false
» count integer false
» members array false
»» avatar_url string false
»» created_at string(date-time) false
»» email string false
»» global_roles array false
»»» display_name string false
»»» name string false
»»» organization_id string false
»» has_ai_seat boolean false Has ai seat intentionally omits omitempty so the API always includes the field, even when false.
»» is_service_account boolean false
»» last_seen_at string(date-time) false
»» login_type codersdk.LoginType false
»» name string false
»» organization_id string(uuid) false
»» roles array false
»» status codersdk.UserStatus false
»» updated_at string(date-time) false
»» user_created_at string(date-time) false
»» user_id string(uuid) false
»» user_updated_at string(date-time) false
»» username string false

Enumerated Values

Property Value(s)
login_type ``, github, none, oidc, password, token
status active, suspended

To perform this operation, you must be authenticated. Learn more.

Get site member roles

Code samples

# Example request using curl
curl -X GET http://coder-server:8080/api/v2/users/roles \
  -H 'Accept: application/json' \
  -H 'Coder-Session-Token: API_KEY'

GET /api/v2/users/roles

Example responses

200 Response

[
  {
    "assignable": true,
    "built_in": true,
    "display_name": "string",
    "name": "string",
    "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
    "organization_member_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "organization_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "site_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ],
    "user_permissions": [
      {
        "action": "application_connect",
        "negate": true,
        "resource_type": "*"
      }
    ]
  }
]

Responses

Status Meaning Description Schema
200 OK OK array of codersdk.AssignableRoles

Response Schema

Status Code 200

Name Type Required Restrictions Description
[array item] array false
» assignable boolean false
» built_in boolean false Built in roles are immutable
» display_name string false
» name string false
» organization_id string(uuid) false
» organization_member_permissions array false Organization member permissions are specific for the organization in the field 'OrganizationID' above.
»» action codersdk.RBACAction false
»» negate boolean false Negate makes this a negative permission
»» resource_type codersdk.RBACResource false
» organization_permissions array false Organization permissions are specific for the organization in the field 'OrganizationID' above.
» site_permissions array false
» user_permissions array false

Enumerated Values

Property Value(s)
action application_connect, assign, create, create_agent, delete, delete_agent, read, read_personal, share, ssh, start, stop, unassign, update, update_agent, update_personal, use, view_insights
resource_type *, ai_model_price, ai_seat, aibridge_interception, api_key, assign_org_role, assign_role, audit_log, boundary_usage, chat, connection_log, crypto_key, debug_info, deployment_config, deployment_stats, file, group, group_member, idpsync_settings, inbox_notification, license, notification_message, notification_preference, notification_template, oauth2_app, oauth2_app_code_token, oauth2_app_secret, organization, organization_member, prebuilt_workspace, provisioner_daemon, provisioner_jobs, replicas, system, tailnet_coordinator, task, template, usage_event, user, user_secret, webpush_subscription, workspace, workspace_agent_devcontainers, workspace_agent_resource_monitor, workspace_dormant, workspace_proxy

To perform this operation, you must be authenticated. Learn more.

Reference in New Issue View Git Blame Copy Permalink