> ## Documentation Index
> Fetch the complete documentation index at: https://docs.byzantine.fi/llms.txt
> Use this file to discover all available pages before exploring further.

# Step 2 Send invitations (passkey)

> Send an invitation to users to join a Byzantine account. If the users did not yet do a KYC on Byzantine, an email will ask them to do so.



## OpenAPI

````yaml /api-reference/openapi-integrator.json post /v1/submit/invite-users
openapi: 3.0.3
info:
  title: Byzantine Integrator API
  description: Byzantine REST API for integrators.
  license:
    name: ''
  version: 0.2.0
servers:
  - url: https://sandbox.api.byzantine.fi
    description: Sandbox
security: []
tags:
  - name: API health
    description: Check API status.
  - name: Customer management
    description: Endpoints to create, update, and retrieve customer information.
  - name: Account management
    description: Endpoints to manage accounts, bank accounts, invitations, and user roles.
  - name: Products
    description: Endpoints to get data about products and vaults.
  - name: Transactions
    description: Endpoints to create and manage transactions.
  - name: OTP authentication
    description: Endpoints to initialize and manage user authentication with OTP.
  - name: Webhooks
    description: Integrator-managed outbound webhook subscriptions and delivery history.
paths:
  /v1/submit/invite-users:
    post:
      tags:
        - Account management
      summary: Step 2 Send invitations (passkey)
      description: >-
        Send an invitation to users to join a Byzantine account. If the users
        did not yet do a KYC on Byzantine, an email will ask them to do so.
      operationId: invite_users
      parameters:
        - name: X-Pubkey
          in: header
          description: >-
            Integrator's ECDSA public key (P-256 curve, compressed SEC1 format).
            Example:
            0x038fedef7c12f93bbf342ad8943b7a825a3b41f61c9dc118b2c718efebabbf62fd
          required: true
          schema:
            type: string
        - name: X-Timestamp
          in: header
          description: >-
            Unix timestamp in seconds (UTC). Must be within tolerance window (1
            minute) to prevent replay attacks. Example: 1760375826
          required: true
          schema:
            type: string
        - name: X-Signature
          in: header
          description: >-
            ECDSA signature (DER-encoded, hex with 0x prefix). Signs the
            message: {timestamp}{METHOD}{path_and_query}{json_body}. Example:
            0x3045022100...
          required: true
          schema:
            type: string
      requestBody:
        description: Body to invite new users to an existing account
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/InviteUsersRequestBodyPasskey'
        required: true
      responses:
        '201':
          description: Users invited successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/InviteUsersResponse'
        '400':
          description: Invalid request payload
        '401':
          description: Unauthorized - Account does not belong to integrator
        '500':
          description: Internal server error
      security:
        - integrator_auth: []
components:
  schemas:
    InviteUsersRequestBodyPasskey:
      type: object
      required:
        - signedBody
        - invitedBy
        - webAuthnStamp
      properties:
        signedBody:
          $ref: '#/components/schemas/CreateUsersRequest'
        invitedBy:
          $ref: '#/components/schemas/Uuid'
        webAuthnStamp:
          type: string
          description: >-
            Cryptographically passkey signed (stamped). For more info, see
            [authentication
            methods](https://docs.byzantine.fi/api-reference/authentication-methods).
    InviteUsersResponse:
      type: object
      description: >-
        Response body when new users are successfully invited to a Byzantine
        account
      required:
        - accountId
        - newUsers
        - invitedBy
        - invitedAt
      properties:
        accountId:
          $ref: '#/components/schemas/Uuid'
        newUsers:
          type: array
          items:
            $ref: '#/components/schemas/InvitedUser'
        invitedBy:
          $ref: '#/components/schemas/Uuid'
        invitedAt:
          type: string
          format: date-time
          description: The timestamp when the users were invited.
    CreateUsersRequest:
      type: object
      description: >-
        The object that needs to be signed by the end user to invite a new user
        to a Byzantine account.
      required:
        - type
        - timestampMs
        - organizationId
        - parameters
      properties:
        type:
          type: string
          description: Defaults to `ACTIVITY_TYPE_CREATE_USERS_V3`
          example: ACTIVITY_TYPE_CREATE_USERS_V3
        timestampMs:
          type: string
          description: UNIX timestamp of the creation of the request.
        organizationId:
          type: string
          description: The account ID adding the new user.
          example: d107c1e1-766a-4091-802c-de61a3973e91
        parameters:
          $ref: '#/components/schemas/CreateUsersParams'
    Uuid:
      type: string
      format: uuid
      description: A UUID string
      example: 550e8400-e29b-41d4-a716-446655440000
    InvitedUser:
      type: object
      description: The details of the new users invited.
      required:
        - userId
        - firstName
        - lastName
        - userEmail
      properties:
        userId:
          $ref: '#/components/schemas/Uuid'
        firstName:
          type: string
          description: The first name of the new user.
          example: John
        lastName:
          type: string
          description: The last name of the new user.
          example: Doe
        userEmail:
          type: string
          description: The email of the new user.
          example: john.doe@example.com
    CreateUsersParams:
      type: object
      description: The list of new users to be added.
      required:
        - users
      properties:
        users:
          type: array
          items:
            $ref: '#/components/schemas/CreateUserParam'
    CreateUserParam:
      type: object
      description: >-
        The parameters object containing the specific informations about the new
        user to be added.
      required:
        - userName
        - userEmail
        - apiKeys
        - authenticators
        - oauthProviders
        - userTags
      properties:
        userName:
          type: string
          description: The name of the new user.
          example: John Doe
        userEmail:
          type: string
          description: The email of the new user.
          example: john.doe@example.com
        apiKeys:
          type: array
          items:
            $ref: '#/components/schemas/ApiKeyParam'
        authenticators:
          type: array
          items:
            $ref: '#/components/schemas/AuthenticatorParam'
        oauthProviders:
          type: array
          items:
            $ref: '#/components/schemas/OAuthProviderParam'
        userTags:
          type: array
          items:
            type: string
          description: A list of tag IDs to add to the user.
    ApiKeyParam:
      type: object
      description: >-
        API key object. If set, temporary authentication method until the user
        adds a passkey.
      required:
        - apiKeyName
        - publicKey
        - curveType
      properties:
        apiKeyName:
          type: string
          description: Human-readable name for the API key.
          example: Byzantine API Key
        publicKey:
          type: string
          description: The public key of the API key.
          example: c51b102585622c59715784828c579278d5360159cd214fc976f5ce537c41872231
        curveType:
          type: string
          description: The curve type of encryption algorithm.
          example: API_KEY_CURVE_P256
        expirationSeconds:
          type: string
          description: >-
            Optional window (in seconds) indicating how long the API Key should
            last.
          example: '3600'
          nullable: true
    AuthenticatorParam:
      type: object
      description: Passkey authenticator object.
      required:
        - authenticatorName
        - challenge
        - attestation
      properties:
        authenticatorName:
          type: string
          description: Human-readable name for an Authenticator.
        challenge:
          type: string
          description: Challenge presented for authentication purposes.
        attestation:
          $ref: '#/components/schemas/Attestation'
    OAuthProviderParam:
      type: object
      required:
        - providerName
        - oidcToken
      properties:
        providerName:
          type: string
        oidcToken:
          type: string
    Attestation:
      type: object
      required:
        - credentialId
        - clientDataJson
        - attestationObject
        - transports
      properties:
        credentialId:
          type: string
          description: The cbor encoded then base64 url encoded id of the credential.
        clientDataJson:
          type: string
          description: >-
            A base64 url encoded payload containing metadata about the signing
            context and the challenge.
        attestationObject:
          type: string
          description: >-
            A base64 url encoded payload containing authenticator data and any
            attestation the webauthn provider chooses.
        transports:
          type: array
          items:
            $ref: '#/components/schemas/Transports'
    Transports:
      type: string
      enum:
        - AUTHENTICATOR_TRANSPORT_BLE
        - AUTHENTICATOR_TRANSPORT_INTERNAL
        - AUTHENTICATOR_TRANSPORT_NFC
        - AUTHENTICATOR_TRANSPORT_USB
        - AUTHENTICATOR_TRANSPORT_HYBRID
        - Unknown
  securitySchemes:
    integrator_auth:
      type: apiKey
      in: header
      name: X-Pubkey, X-Timestamp, X-Signature

````