# Memberships ## CreateMembership **post** `/gitpod.v1.GroupService/CreateMembership` Creates a membership for a user in a group. Use this method to: - Add users to groups - Grant group-based permissions to users ### Examples - Add a user to a group: Creates a membership for a user in a group. ```yaml groupId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" subject: id: "f53d2330-3795-4c5d-a1f3-453121af9c60" principal: PRINCIPAL_USER ``` ### Authorization Requires `org:admin` permission on the organization or `group:admin` permission on the specific group. ### Body Parameters - `groupId: optional string` - `subject: optional Subject` Subject to add to the group - `id: optional string` id is the UUID of the subject - `principal: optional Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` ### Returns - `member: optional GroupMembership` GroupMembership represents a subject's membership in a group - `id: optional string` Unique identifier for the group membership - `avatarUrl: optional string` Subject's avatar URL - `groupId: optional string` Group identifier - `name: optional string` Subject's display name - `subject: optional Subject` Subject (user, runner, environment, service account, etc.) - `id: optional string` id is the UUID of the subject - `principal: optional Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.GroupService/CreateMembership \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "member": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "avatarUrl": "avatarUrl", "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "name", "subject": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "principal": "PRINCIPAL_UNSPECIFIED" } } } ``` ## DeleteMembership **post** `/gitpod.v1.GroupService/DeleteMembership` Deletes a membership for a user in a group. Use this method to: - Remove users from groups - Revoke group-based permissions ### Examples - Remove a user from a group: Deletes a membership by its ID. ```yaml membershipId: "a1b2c3d4-5678-90ab-cdef-1234567890ab" ``` ### Authorization Requires `org:admin` permission on the organization or `group:admin` permission on the specific group. ### Body Parameters - `membershipId: optional string` The membership to delete ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.GroupService/DeleteMembership \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json {} ``` ## ListMemberships **post** `/gitpod.v1.GroupService/ListMemberships` Lists all memberships of a group. Use this method to: - View all members of a group - Audit group membership ### Examples - List group members: Shows all members of a specific group. ```yaml groupId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" pagination: pageSize: 20 ``` ### Authorization All organization members can view group membership (transparency model). ### Query Parameters - `token: optional string` - `pageSize: optional number` ### Body Parameters - `filter: optional object { search }` filter contains options for filtering the list of memberships. - `search: optional string` search performs case-insensitive search across member name, email, ID, and service account name and description - `groupId: optional string` - `pagination: optional object { token, pageSize }` pagination contains the pagination options for listing memberships - `token: optional string` Token for the next set of results that was returned as next_token of a PaginationResponse - `pageSize: optional number` Page size is the maximum number of results to retrieve per page. Defaults to 25. Maximum 100. ### Returns - `members: optional array of GroupMembership` - `id: optional string` Unique identifier for the group membership - `avatarUrl: optional string` Subject's avatar URL - `groupId: optional string` Group identifier - `name: optional string` Subject's display name - `subject: optional Subject` Subject (user, runner, environment, service account, etc.) - `id: optional string` id is the UUID of the subject - `principal: optional Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` - `pagination: optional object { nextToken }` - `nextToken: optional string` Token passed for retrieving the next set of results. Empty if there are no more results ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.GroupService/ListMemberships \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "members": [ { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "avatarUrl": "avatarUrl", "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "name", "subject": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "principal": "PRINCIPAL_UNSPECIFIED" } } ], "pagination": { "nextToken": "nextToken" } } ``` ## GetMembership **post** `/gitpod.v1.GroupService/GetMembership` Gets a specific membership by group ID and subject. Use this method to: - Check if a user or service account is a member of a group - Verify group membership for access control ### Examples - Check user membership: Checks if a user is a member of a specific group. ```yaml groupId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" subject: id: "f53d2330-3795-4c5d-a1f3-453121af9c60" principal: PRINCIPAL_USER ``` ### Authorization All organization members can check group membership (transparency model). ### Body Parameters - `subject: Subject` Subject to check membership for - `id: optional string` id is the UUID of the subject - `principal: optional Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` - `groupId: optional string` ### Returns - `member: optional GroupMembership` The membership if found, nil if subject is not a member - `id: optional string` Unique identifier for the group membership - `avatarUrl: optional string` Subject's avatar URL - `groupId: optional string` Group identifier - `name: optional string` Subject's display name - `subject: optional Subject` Subject (user, runner, environment, service account, etc.) - `id: optional string` id is the UUID of the subject - `principal: optional Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.GroupService/GetMembership \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{ "subject": { "id": "f53d2330-3795-4c5d-a1f3-453121af9c60", "principal": "PRINCIPAL_USER" } }' ``` #### Response ```json { "member": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "avatarUrl": "avatarUrl", "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "name", "subject": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "principal": "PRINCIPAL_UNSPECIFIED" } } } ``` ## Domain Types ### Group Membership - `GroupMembership object { id, avatarUrl, groupId, 2 more }` GroupMembership represents a subject's membership in a group - `id: optional string` Unique identifier for the group membership - `avatarUrl: optional string` Subject's avatar URL - `groupId: optional string` Group identifier - `name: optional string` Subject's display name - `subject: optional Subject` Subject (user, runner, environment, service account, etc.) - `id: optional string` id is the UUID of the subject - `principal: optional Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` ### Membership Create Response - `MembershipCreateResponse object { member }` - `member: optional GroupMembership` GroupMembership represents a subject's membership in a group - `id: optional string` Unique identifier for the group membership - `avatarUrl: optional string` Subject's avatar URL - `groupId: optional string` Group identifier - `name: optional string` Subject's display name - `subject: optional Subject` Subject (user, runner, environment, service account, etc.) - `id: optional string` id is the UUID of the subject - `principal: optional Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"` ### Membership Delete Response - `MembershipDeleteResponse = unknown` Empty response ### Membership Retrieve Response - `MembershipRetrieveResponse object { member }` - `member: optional GroupMembership` The membership if found, nil if subject is not a member - `id: optional string` Unique identifier for the group membership - `avatarUrl: optional string` Subject's avatar URL - `groupId: optional string` Group identifier - `name: optional string` Subject's display name - `subject: optional Subject` Subject (user, runner, environment, service account, etc.) - `id: optional string` id is the UUID of the subject - `principal: optional Principal` Principal is the principal of the subject - `"PRINCIPAL_UNSPECIFIED"` - `"PRINCIPAL_ACCOUNT"` - `"PRINCIPAL_USER"` - `"PRINCIPAL_RUNNER"` - `"PRINCIPAL_ENVIRONMENT"` - `"PRINCIPAL_SERVICE_ACCOUNT"` - `"PRINCIPAL_RUNNER_MANAGER"`