Update Staff (v1)
Method + Path
PATCH /v1/workspace/:workspaceId/staff/:staffId
Actual backend path: /v1/workspace/:workspaceId/staff/:staffId
Description
Update an existing staff member in a workspace. All fields are optional - only provided fields will be updated.
Authentication
Required - JWT token in Authorization header
Required Permissions:
staff.update
Headers
| Header | Type | Required | Description |
|---|---|---|---|
Authorization | string | Yes | Bearer token: Bearer <token> |
Content-Type | string | Yes | application/json |
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
workspaceId | string | Yes | Workspace identifier |
staffId | string | Yes | Staff member identifier |
Request Body
{
"fullName": "Jane Doe",
"email": "jane@example.com",
"password": "newpassword123",
"permissions": [
"sessions.view"
],
"status": "suspended",
"avatarUrl": "https://example.com/new-avatar.jpg",
"customFields": [
{
"fieldKey": "department",
"value": "Marketing"
}
]
}
Body Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
fullName | string | No | Staff member's full name (minimum 1 character if provided) |
email | string | No | Valid email address |
password | string | No | Password (minimum 8 characters if provided) |
permissions | array | No | Array of permission strings (minimum 1 if provided) |
status | string | No | Staff status. Valid values: active, invited, suspended |
avatarUrl | string | No | URL to staff avatar image (must be valid URL if provided, can be null) |
customFields | array | No | Array of custom field values |
Note: At least one field must be provided for update.
Response (200)
{
"staff": {
"id": "507f1f77bcf86cd799439011",
"fullName": "Jane Doe",
"email": "jane@example.com",
"permissions": ["sessions.view"],
"status": "suspended",
"avatarUrl": "https://example.com/new-avatar.jpg",
"customFields": [],
"createdAt": "2024-01-15T10:00:00Z",
"updatedAt": "2024-01-15T11:00:00Z"
}
}
Common Errors
- 400 Bad Request: Invalid request body or no fields provided
- 401 Unauthorized: Missing or invalid authentication token
- 403 Forbidden: Insufficient permissions (requires
staff.update) - 404 Not Found: Staff member or workspace not found
- 409 Conflict: Email already exists
- 422 Unprocessable Entity: Validation errors
- 500 Internal Server Error: Server error