# EGP User Account Service ## Docs - [Overview](https://egpaccountservice.apidog.io/overview-961818m0.md): ## API Docs - Invitations [Accept an organization invitation](https://egpaccountservice.apidog.io/accept-an-organization-invitation-16406228e0.md): Accepts an invitation using the provided token. If the email doesn't exist, a new user is created (requiring profile completion later). If the user exists, they are added to the org. Optionally returns a JWT for immediate login. - Invitations [Send an invitation to join an organization](https://egpaccountservice.apidog.io/send-an-invitation-to-join-an-organization-16406229e0.md): Sends an email invitation to a user to join the specified organization with a given role. Requires JWT authentication and the user must be an Admin or Owner of the organization. - Authentication [Login with email/password](https://egpaccountservice.apidog.io/login-with-emailpassword-16406224e0.md): Logs in a user using email and password, returning a JWT. - Authentication [Register a new global user](https://egpaccountservice.apidog.io/register-a-new-global-user-16406225e0.md): Creates a new global user account with email and password. - Authentication [Exchange user token for service token](https://egpaccountservice.apidog.io/exchange-user-token-for-service-token-16493836e0.md): Exchanges a valid user JWT (HMAC) for a new service-specific JWT (RSA-signed) containing organization roles. - Authentication [Get a challenge for Web3 signing](https://egpaccountservice.apidog.io/get-a-challenge-for-web3-signing-16406226e0.md): Requests a unique, short-lived challenge for a given wallet address and chain type (EVM chains like ethereum, polygon, arbitrum or Solana). For EVM chains, this returns a formatted EIP-4361 SIWE message to be signed. For Solana, it returns a simple nonce string. - Authentication [Verify Web3 signature and login](https://egpaccountservice.apidog.io/verify-web3-signature-and-login-16406227e0.md): Verifies a signature previously obtained by signing the challenge from /auth/web3/nonce. For EVM chains, requires the full SIWE message and signature. For Solana, requires the address, chain, and signature of the simple nonce. Issues a standard JWT on successful verification. - Organizations [Create a new organization](https://egpaccountservice.apidog.io/create-a-new-organization-16406230e0.md): Creates a new organization. The calling user automatically becomes the OWNER. Requires JWT authentication. - Organizations [Get organization details](https://egpaccountservice.apidog.io/get-organization-details-16406231e0.md): Retrieves details for a specific organization. Requires JWT authentication and the user must be an Admin or Owner of the organization. - Organizations [Get organization settings](https://egpaccountservice.apidog.io/get-organization-settings-16406232e0.md): Retrieves settings for a specific organization. Requires JWT authentication and the user must be at least a Member of the organization. - Organizations [Update organization settings](https://egpaccountservice.apidog.io/update-organization-settings-16406233e0.md): Updates settings for a specific organization. Requires JWT authentication and the user must be an Admin or Owner of the organization. Sends the complete settings object. - Organizations [List members of an organization](https://egpaccountservice.apidog.io/list-members-of-an-organization-16406237e0.md): Lists members of a specific organization. Requires JWT authentication and the user must be at least a Member of the organization. - Organizations [Directly add an existing user to the organization](https://egpaccountservice.apidog.io/directly-add-an-existing-user-to-the-organization-16406238e0.md): Adds an existing global user to the organization with a specific role (MEMBER or ADMIN). Requires JWT authentication and the user must be an Admin or Owner of the organization. - Organizations [Remove a member from an organization](https://egpaccountservice.apidog.io/remove-a-member-from-an-organization-16406240e0.md): Removes a member from the organization. Requires JWT authentication and the user must be an Admin or Owner of the organization. Subject to permission rules (e.g., cannot remove last owner). - Organizations [Get a specific member's details](https://egpaccountservice.apidog.io/get-a-specific-members-details-16493840e0.md): Retrieves details for a specific member within the organization. Requires JWT authentication and the user must be at least a Member of the organization. - Organizations [Update a member's role](https://egpaccountservice.apidog.io/update-a-members-role-16406239e0.md): Updates the role of a member within the organization. Requires JWT authentication and the user must be an Admin or Owner of the organization. Subject to permission rules (e.g., cannot demote last owner). - SSO [Request Challenge for Web3 SSO (EVM Only)](https://egpaccountservice.apidog.io/request-challenge-for-web3-sso-evm-only-16493841e0.md): Generates and stores a SIWE message for the user to sign, used in the Web3 SSO flow. Requires an active session from the /init step. Solana chains are not supported for SSO. - SSO [Initiate Web3 SSO Flow (IdP Start)](https://egpaccountservice.apidog.io/initiate-web3-sso-flow-idp-start-16493842e0.md): Validates the RP request (client_id, redirect_uri), stores RP details and state in the session, and returns JSON guiding the frontend interaction (wallet connection, nonce signing). - SSO [Verify SIWE Signature & Issue Token for Web3 SSO (EVM Only)](https://egpaccountservice.apidog.io/verify-siwe-signature-issue-token-for-web3-sso-evm-only-16493843e0.md): Verifies the user's signed SIWE message. Retrieves RP details from session. If a valid organization_id hint was provided during initiation, it includes that organization's ID and the user's roles in the JWT. If no valid hint was provided, it attempts to find the user's most recently joined organization and includes its context in the JWT. If the user belongs to no organizations, the JWT will contain zero organization_id and empty roles. Finally, it clears SSO session state and returns the final redirect URL (containing the token) for the RP. Solana chains are not supported. - Applications [Delete an application](https://egpaccountservice.apidog.io/delete-an-application-16406222e0.md): Deletes a specific application. Requires JWT authentication and the user must be an Admin or Owner of the application's organization. - Applications [Get application details](https://egpaccountservice.apidog.io/get-application-details-16406220e0.md): Retrieves details for a specific application. Requires JWT authentication and the user must be at least a Member of the application's organization. - Applications [Update application details](https://egpaccountservice.apidog.io/update-application-details-16406221e0.md): Updates details for a specific application. Requires JWT authentication and the user must be an Admin or Owner of the application's organization. Only fields provided are updated. - Applications [List applications within an organization](https://egpaccountservice.apidog.io/list-applications-within-an-organization-16493833e0.md): Lists all applications belonging to a specific organization. Requires JWT authentication and the user must be at least a Member of the organization. - Applications [Create an application within an organization](https://egpaccountservice.apidog.io/create-an-application-within-an-organization-16406223e0.md): Creates a new application associated with the specified organization. Requires JWT authentication and the user must be an Admin or Owner of the organization. - API Keys [Revoke an API key](https://egpaccountservice.apidog.io/revoke-an-api-key-16406217e0.md): Revokes a specific API key by its ID. Requires JWT authentication and the user must be an Admin or Owner of the organization associated with the key's application. - API Keys [List API keys for an application](https://egpaccountservice.apidog.io/list-api-keys-for-an-application-16406218e0.md): Retrieves a list of API keys (metadata only, no raw keys) associated with the specified application. Requires JWT authentication and the user must be an Admin or Owner of the application's organization. - API Keys [Generate an API key for an application](https://egpaccountservice.apidog.io/generate-an-api-key-for-an-application-16406219e0.md): Creates a new API key associated with the specified application. Requires JWT authentication and the user must be an Admin or Owner of the application's organization. Owners get all permissions; Admins get requested permissions. - User Self-Service [Get current user's profile](https://egpaccountservice.apidog.io/get-current-users-profile-16406234e0.md): Retrieves the profile details of the currently authenticated user (via JWT). - User Self-Service [Update current user's profile](https://egpaccountservice.apidog.io/update-current-users-profile-16406235e0.md): Updates the first name and/or last name of the currently authenticated user (via JWT). Fields not provided are ignored. - User Self-Service [Update current user's password](https://egpaccountservice.apidog.io/update-current-users-password-16406236e0.md): Updates the password for the currently authenticated user (via JWT). Requires the current password to be provided for verification. - Custom System Data [List users with custom system data](https://egpaccountservice.apidog.io/list-users-with-custom-system-data-16493837e0.md): Retrieves a paginated list of users within the specified organization who have custom system data, including their latest data version. Requires JWT or API Key authentication with 'member:customsystem:read', 'member:customsystem:*', or Admin/Owner role. - Custom System Data [Get user's custom system data](https://egpaccountservice.apidog.io/get-users-custom-system-data-16493838e0.md): Retrieves the versioned, admin-managed custom system data (JSON blob) for a specific user within an organization. Requires JWT or API Key authentication with 'member:customsystem:read', 'member:customsystem:*', or Admin/Owner role. Supports retrieving the latest version (default), a specific version (?version=N), or all versions (?versions=all). - Custom System Data [Set/Update user's custom system data](https://egpaccountservice.apidog.io/setupdate-users-custom-system-data-16493839e0.md): Creates a *new version* of the admin-managed custom system data (JSON blob) for a specific user within an organization. Requires JWT or API Key authentication with 'member:customsystem:write', 'member:customsystem:*', or Admin/Owner role. The request body must contain the complete JSON data under a 'data' key. - Custom Data [Get user's custom data](https://egpaccountservice.apidog.io/get-users-custom-data-16493844e0.md): Retrieves the user-defined custom data (JSON blob) associated with a specific user within an organization. Requires JWT authentication. Users can get their own data; Admins/Owners can get any member's data. - Custom Data [Set/Update user's custom data](https://egpaccountservice.apidog.io/setupdate-users-custom-data-16493845e0.md): Sets or updates the user-defined custom data (JSON blob) for a specific user within an organization. The provided JSON data is merged with the existing data. Requires JWT authentication. Users can update their own data; Admins/Owners can update any member's data. - Inventory [List inventory items for an application](https://egpaccountservice.apidog.io/list-inventory-items-for-an-application-16493834e0.md): Retrieves a paginated list of inventory items for a specific application. Supports filtering by userId, itemType, itemName, itemId. Members can only see their own items unless explicitly granted broader permissions. Admins/Owners and API keys with 'inventory:read' can see all items. Metadata inclusion and version filtering are supported. - Inventory [Create or update an inventory item](https://egpaccountservice.apidog.io/create-or-update-an-inventory-item-16493835e0.md): Creates or updates an inventory item for a specific user within an application. Requires Admin/Owner role or API Key with 'inventory:write' permission. Supports setting both user and system metadata. If an item with the same userId and itemName exists, it updates; otherwise, it creates.