# POST /api/v1/advisory-firms/{firm_id}/users/invite > Invite a staff member to the firm - **Tag:** advisory-firms - **Operation ID:** `invite_staff_to_firm_api_v1_advisory_firms__firm_id__users_invite_post` ## Description Invite a user by email to join the firm as staff (admin or member). If the user already exists they are added immediately; otherwise an invitation email is sent and they are added on signup. Owner role cannot be assigned via invitation. ## Authentication Bearer token in `Authorization` header. Required header: `x-business-id: `. ## Parameters - `firm_id` (path, string, required) ## Request body Schema: `InviteStaffRequest` - `email` (string · required) — Email address of the person to invite. - `role` (string) (one of: admin, member) — Role to assign: 'admin' or 'member'. Owner cannot be invited. - `first_name` (string) — Optional first name to personalize the invitation. - `last_name` (string) — Optional last name to personalize the invitation. - `message` (string) — Optional personal message from the inviter included in the email. - `business_ids` (array · string) — For 'member' role: explicit list of businesses the invitee should be assigned to on acceptance. Ignored for 'admin' (admins see every firm business). - `team_id` (string) — For 'member' role: team to add the invitee to on acceptance. Mutually exclusive with 'business_ids' and 'assign_all_firm_businesses'. - `assign_all_firm_businesses` (boolean) — For 'member' role: if true, grant the invitee direct assignment to every currently active firm business on acceptance. ## Responses ### 201 — Successful Response Schema: `InviteStaffResponse` - `status` (string · required) — 'added' if user existed and was added, 'invited' if invitation email was sent. - `reason` (string) — Why this branch was chosen. Lets the UI render the right confirmation message without parsing 'message'. - `message` (string · required) - `email_sent` (boolean) — Whether the notification email was sent successfully. ### 400 — Bad Request - Invalid input ### 401 — Unauthorized - Authentication required ### 403 — Forbidden - Insufficient permissions ### 409 — Conflict - Resource already exists ### 422 — Validation Error Schema: `HTTPValidationError` - `detail` (array · ValidationError) → `ValidationError` - `loc` (array · string | integer · required) - `msg` (string · required) - `type` (string · required) - `input` (object) - `ctx` (object) ## Code samples ### cURL ```bash curl -X POST 'https://api.ondayzero.com/api/v1/advisory-firms/{firm_id}/users/invite' \ -H 'Authorization: Bearer dz_your_token' \ -H 'x-business-id: YOUR_BUSINESS_ID' \ -H 'Content-Type: application/json' \ -d '{ "email": "string" }' ``` ### JavaScript ```javascript const response = await fetch('https://api.ondayzero.com/api/v1/advisory-firms/{firm_id}/users/invite', { method: 'POST', headers: { Authorization: 'Bearer dz_your_token', 'x-business-id': 'YOUR_BUSINESS_ID', 'Content-Type': 'application/json', }, body: JSON.stringify({ "email": "string" }), }); const data = await response.json(); ``` ### Python ```python import httpx headers = { "Authorization": "Bearer dz_your_token", "x-business-id": "YOUR_BUSINESS_ID", } payload = { "email": "string" } response = httpx.post("https://api.ondayzero.com/api/v1/advisory-firms/{firm_id}/users/invite", headers=headers, json=payload) data = response.json() ``` ## See also - HTML version: https://www.ondayzero.com/docs/reference/advisory-firms/invite-staff-to-firm - OpenAPI slice: https://www.ondayzero.com/docs/reference/advisory-firms/invite-staff-to-firm/openapi.json - Other endpoints in **advisory-firms**: https://www.ondayzero.com/docs/reference/advisory-firms