POST /api/groups/requests/{MembershipRequestID}/actions

Executes an action that is available for a given membership request. The two possible actions are to approve or disapprove the request.

Authorization Roles/Permissions: This operation doesn't require any specific role; in theory, anyone can invoke the operation. However, the workflow action itself has requirements regarding who can execute it. The user invoking the operation must be authorized to execute the specific workflow action, or the operation will fail. For example, an app administrator can request an API contract for his/her own app, but not for another app. For more information, see Executing Workflow Actions.

Authorization token renewal: This operation changes information that is reflected in the authorization token; therefore, when invoking this operation, you must also renew the token.

This topic includes the following sections:

HTTP Method


Back to top



Back to top

Sample Request

The example below shows an invited user declining an invitation to join a group, and entering a comment in response to the invitation.

Request URL


Sample request headers

POST /api/groups/requests/group_member_req24576.acmepaymentscorp/actions HTTP/1.1
Host: {hostname}
Accept: */*
Content-Type: application/json; charset=UTF-8

Sample request body

  "Comments":"Sorry, Jane, can't take this on right now. Appreciate the invite though."

Back to top

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header Description
Accept Any Accept header value that supports a response Content-Type of text/plain is valid; for example, */*.

Any one of the following media types is valid for the request Content-Type:

application/json, application/vnd.soa.v71+json, application/vnd.soa.v72+json, application/vnd.soa.v80+json, application/vnd.soa.v81+json

X-Csrf-Token_{fedmemberID} The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform. By default, the CSRF header is not required for GET operations and is required for all others, with a few exceptions relating to user login.

Back to top

Request Parameters

Parameter Parm Type Data Type Required Description
MembershipRequestID Path string Required A unique ID assigned by the platform to the team membership request.
Action Body Action Required

Contains information about an action performed on a resource as part of a workflow-related activity.

For information on possible values, see All Groups: Valid Workflow Actions. ActionName is required.

Back to top


If successful, this operation returns HTTP status code 200, with the MembershipRequestID as confirmation that the operation completed successfully.

Back to top

Sample Response

In the sample response below, the MembershipRequestID is returned as confirmation that the operation completed successfully.

Sample response headers

HTTP/1.1 200 OK
Content-Type: text/plain
Date: Fri, 14 Jun 2013 18:40:25 GMT
Atmo-Renew-Token: renew

Sample response body


Back to top

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header Description
Atmo-Renew-Token renew. This is a custom response header used when the action of the method causes a change in a value that's stored in the token. The token includes information on the user's apps, APIs, and groups, so actions such as adding an app or accepting an invitation to join an app team require update of the token. A value of renew means that the operation has changed some information that's stored in the token, and you must therefore renew the token using the POST /api/login/renewToken operation.
Content-Type text/plain

Back to top

Response Body

Name Type Description
MembershipRequestID string The unique ID assigned by the platform to the team membership request.

Back to top

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item Value
401 Unauthorized. For example, you would get this response if you didn't include the custom X-Csrf-Token_{fedmemberID} header in the request, when it was required by the platform settings; or if you included an invalid or expired value for this header. You would also get this response for any operation that requires login (almost all) if the login cookie was missing.
404 The resource could not be found.
405 Method Not Allowed. For example, you might get this if you specified an invalid Accept header or omitted a required Content-Type header, or used the wrong HTTP verb.
409 Invalid action for current resource state: the action attempted was not valid for the team member's current state.
500 An error occurred processing the call.

More information about Akana API Platform API error messages.

Back to top

Related Topics