# Accept user invitation

Source: https://business-api-docs.youhodler.com/docs/api/reference/user-invitations/user-invitations-accept

Public endpoint — no Bearer token required. The invitation recipient submits `(invitation_id, challenge_ref)` received via the magic-link e-mail. On success the response contains a short-lived `session_token` that the client can use for a platform session.

## Request

**Request URL — POST**
```http
POST /user-invitations/accept
```

**Request Body — application/json**
```json
{
  "challenge_ref": "challenge-ref-0001",
  "invitation_id": "b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b"
}
```

## Responses

**201 Resource created successfully**

Resource created successfully.

```json
{
  "actor_scope_ref": "enterprises/b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b",
  "enterprise_ref": "enterprises/b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b",
  "invitation": {
    "accepted_at": "2026-05-01T10:00:00Z",
    "cancelled_at": null,
    "challenge_ref": null,
    "created_at": "2026-05-01T10:00:00Z",
    "email_constraint": "jane.doe@acme.example",
    "enterprise_ref": "enterprises/b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b",
    "etag": "W/\"a1b2c3d4\"",
    "expires_at": "2026-05-01T10:00:00Z",
    "id": "b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b",
    "invited_by": "users/b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b",
    "pending_human_actor_ref": "users/b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b",
    "role": "roles/b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b",
    "scope": "enterprises/b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b",
    "status": "accepted",
    "updated_at": "2026-05-01T10:00:00Z"
  },
  "session_expires_at": "2026-05-01T10:00:00Z",
  "session_token": "sess_eyJhbGciOiJSUzI1NiJ9.payload.sig"
}
```

**400 Invalid request payload**

Invalid request payload, query, or parameter shape.

```json
{
  "code": "invalid_request",
  "details": {
    "reason": "missing_required_field"
  },
  "message": "A required field is missing or invalid"
}
```

**409 State conflict — the request cannot be applied to the current resource state**

State conflict — the request cannot be applied to the current resource state.

```json
{
  "code": "state_conflict",
  "details": {
    "reason": "state_conflict"
  },
  "message": "The request cannot be applied to the current resource state."
}
```

**422 Operation is not admissible — it violates a business rule**

Operation is not admissible — it violates a business rule, policy constraint, or lifecycle precondition specific to this resource.

```json
{
  "code": "not_admissible",
  "details": {
    "reason": "not_admissible"
  },
  "message": "The operation is not admissible in the current state."
}
```

**429 Request rate limit exceeded**

Request rate limit exceeded. Retry after the delay indicated in the `details.retry_after_ms` field.

```json
{
  "code": "rate_limited",
  "details": {
    "retry_after_ms": 5000
  },
  "message": "Too many requests."
}
```

**502 Upstream service returned an unexpected error**

Upstream service returned an unexpected error.

```json
{
  "code": "upstream_error",
  "message": "An upstream service returned an unexpected error."
}
```

**503 Service is temporarily unavailable**

Service is temporarily unavailable; retry with backoff.

```json
{
  "code": "temporarily_unavailable",
  "details": {
    "reason": "downstream_identity_unavailable"
  },
  "message": "A downstream service is temporarily unavailable"
}
```