Fyren Docs
Features

Team Management

Authentication, roles, and team member management.

Fyren is single-tenant — each instance manages one organization. Team members sign up with email and password, and are assigned roles that control what they can do.

Authentication

Fyren uses BetterAuth for user authentication with the following flows:

  • Sign up — Create an account with email and password
  • Sign in — Authenticate and receive a session cookie
  • Email verification — Confirm your email address via a verification link
  • Password reset — Request a reset link and set a new password
  • Session management — Secure, cookie-based sessions with automatic expiry

The admin dashboard uses session cookies. For programmatic access, use API keys.

Roles

RoleDescription
ownerFull access to all features and settings. Can manage all members and roles.
adminCan manage components, monitors, incidents, maintenance, subscribers, webhooks, and settings. Cannot modify other admins or the owner.
memberLimited access. Can view the dashboard and perform basic operations.

Permission Rules

  • The owner cannot be removed or have their role changed (ownership must be transferred)
  • Admins cannot modify or remove other admins — only the owner can
  • Admins can invite new members as member only, not as admin
  • Only the owner can invite as admin

Team Invitations

Invite team members by email. The invitation flow:

  1. An admin or owner sends an invite with a specified role
  2. An email is sent with an invitation link (valid for 7 days)
  3. The invitee clicks the link and creates an account (or signs in if they already have one)
  4. They are added to the organization with the specified role

Managing Invitations

POST   /api/v1/admin/invites          — Send an invite
GET    /api/v1/admin/invites           — List pending invites
DELETE /api/v1/admin/invites/:id       — Revoke a pending invite
POST   /api/v1/invites/:token/accept   — Accept an invite (public endpoint)

Invitations that are expired or already accepted are excluded from the pending list.

Member Management

GET    /api/v1/admin/members           — List all organization members
PUT    /api/v1/admin/members/:id       — Update a member's role
DELETE /api/v1/admin/members/:id       — Remove a member from the organization
POST   /api/v1/admin/members/leave     — Leave the organization (session auth only)

Removing a member nulls their organization role but preserves their BetterAuth account. The owner cannot leave the organization.

First-Time Setup

When setting up a fresh Fyren instance, the first user to create the organization becomes the owner automatically. A setup flow is available at /setup to guide initial configuration.

API Keys

Programmatic access to the Fyren admin API.

API Overview

Overview of the Fyren REST API.

On this page

AuthenticationRolesPermission RulesTeam InvitationsManaging InvitationsMember ManagementFirst-Time Setup