fix(backend): Inconsistent create params for Invite & Org Invite

[tmilewski]

Description

Updates inconsistent create params for Invites & Organization Invites (including bulk).

Fixes USER-3259

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Summary by CodeRabbit

• New Features

  • Invitation creation now supports selecting a template (invitation or waitlist), optional expiration, notify recipient, ignore existing users, redirect URL, and public metadata.
  • Organization invitations now support optional expiration, inviter user ID, private and public metadata, and redirect URL; bulk invitations accept the same options.

• Chores

  • Prepared a patch release entry aligning invitation creation parameters with the backend API.

[changeset-bot]

🦋 Changeset detected

Latest commit: 22f2fcf

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 11 packages

Name	Type
@clerk/backend	Patch
@clerk/agent-toolkit	Patch
@clerk/astro	Patch
@clerk/express	Patch
@clerk/fastify	Patch
@clerk/nextjs	Patch
@clerk/nuxt	Patch
@clerk/react-router	Patch
@clerk/remix	Patch
@clerk/tanstack-react-start	Patch
@clerk/testing	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
clerk-js-sandbox	Ready	Preview	Comment	Sep 10, 2025 4:43pm

[coderabbitai]

Walkthrough

Adds a changeset for a patch release and updates backend SDK invitation-related type definitions to align with the backend API. Invitation creation gains a required templateSlug and optional fields; organization invitation types add optional expiresInDays, inviterUserId, and privateMetadata. No runtime logic or endpoints change.

Changes

Cohort / File(s)	Summary
Release metadata \.changeset/all-hats-float.md	Adds changeset declaring a patch for @clerk/backend to align invitation create params with backend API.
Invitation API types packages/backend/src/api/endpoints/InvitationApi.ts	Adds TemplateSlug type ('invitation' | 'waitlist_invitation'). Updates CreateParams: adds required templateSlug and optional expiresInDays, ignoreExisting, notify, publicMetadata, redirectUrl. Endpoint functions unchanged; only parameter type shape updated.
Organization API invitation types packages/backend/src/api/endpoints/OrganizationApi.ts	Updates CreateOrganizationInvitationParams and bulk variant to include optional expiresInDays, inviterUserId, privateMetadata; preserves publicMetadata and redirectUrl (order adjusted). No runtime logic changes.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer Code
  participant SDK as Backend SDK (Invitations)
  participant BAPI as Backend API

  Note over Dev,SDK: Create Invitation (aligned params)
  Dev->>SDK: createInvitation({ emailAddress, templateSlug, expiresInDays?, notify?, redirectUrl?, publicMetadata?, ignoreExisting? })
  SDK->>BAPI: POST /invitations with payload
  BAPI-->>SDK: 201 Created (invitation)
  SDK-->>Dev: Invitation object

  rect rgba(230,245,255,0.4)
    Note right of SDK: Organization Invitations (single/bulk)
    Dev->>SDK: createOrganizationInvitation({ emailAddress, role, expiresInDays?, inviterUserId?, privateMetadata?, publicMetadata?, redirectUrl? })
    SDK->>BAPI: POST /organizations/:id/invitations
    BAPI-->>SDK: 201 Created
  end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Pre-merge checks (4 passed, 1 warning)

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Out of Scope Changes Check	⚠️ Warning	In addition to the requested InvitationApi updates, this PR also modifies OrganizationApi invitation types by adding fields like inviterUserId and privateMetadata, which fall outside the scope of USER-3259’s focus on the general invitations endpoint.	Please isolate the OrganizationApi invitation parameter changes in a separate pull request or update the linked issue to explicitly include organization invitation consistency requirements.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The current title succinctly describes that this PR fixes inconsistencies in the create parameters for both invitation and organization invitation endpoints, clearly conveying the primary change without extraneous detail.
Linked Issues Check	✅ Passed	The PR adds the backend-supported expiresInDays and required templateSlug fields to the InvitationApi CreateParams type, thereby aligning the JS SDK with the BAPI as specified in USER-3259 and fulfilling the linked issue’s primary objective.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

Poem

A rabbit taps keys with delighted feet,
“Template slugs aligned—now that’s neat!”
Expiry days hop into place,
Private bits tucked with gentle grace.
SDK and backend now rhyme in time—
Invitations sent, rhythm sublime.
Thump-thump! Ship the patch—prime.

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch tm/user-3259-update-invite-org-invite-create-params

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@6750

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@6750

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@6750

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@6750

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@6750

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@6750

@clerk/elements

npm i https://pkg.pr.new/@clerk/elements@6750

@clerk/clerk-expo

npm i https://pkg.pr.new/@clerk/clerk-expo@6750

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@6750

@clerk/express

npm i https://pkg.pr.new/@clerk/express@6750

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@6750

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@6750

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@6750

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@6750

@clerk/clerk-react

npm i https://pkg.pr.new/@clerk/clerk-react@6750

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@6750

@clerk/remix

npm i https://pkg.pr.new/@clerk/remix@6750

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@6750

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@6750

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@6750

@clerk/themes

npm i https://pkg.pr.new/@clerk/themes@6750

@clerk/types

npm i https://pkg.pr.new/@clerk/types@6750

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@6750

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@6750

commit: 22f2fcf

[wobsoriano]

🧹

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

.changeset/all-hats-float.md (1)

5-6: Changeset likely understates a breaking type change

templateSlug appears to be newly required in InvitationAPI CreateParams (see InvitationApi.ts). If so, this is a breaking change for TS consumers and should not be a patch. Either keep it optional (preferred for patch) or bump to a minor with a clear migration note.

Apply one of:

-Align create params for Invitation and OrganizationInvitation with backend API
+Align create params for Invitation and OrganizationInvitation with backend API.
+
+Note: `templateSlug` remains optional in the SDK for backward compatibility; the backend default is used when omitted.

or reclassify the release as minor if keeping templateSlug required.

packages/backend/src/api/endpoints/InvitationApi.ts (1)

1-8: Missing import for UserPublicMetadata

UserPublicMetadata is referenced but not imported; TS will error if it’s not globally available.

-import type { ClerkPaginationRequest } from '@clerk/types';
+import type { ClerkPaginationRequest, UserPublicMetadata } from '@clerk/types';

packages/backend/src/api/endpoints/OrganizationApi.ts (1)

1-1: Import missing metadata types used below

OrganizationInvitationPrivateMetadata / OrganizationInvitationPublicMetadata are referenced but not imported.

-import type { ClerkPaginationRequest, OrganizationEnrollmentMode } from '@clerk/types';
+import type {
+  ClerkPaginationRequest,
+  OrganizationEnrollmentMode,
+  OrganizationInvitationPrivateMetadata,
+  OrganizationInvitationPublicMetadata,
+} from '@clerk/types';

🧹 Nitpick comments (4)

packages/backend/src/api/endpoints/InvitationApi.ts (2)

11-12: Export param types for DX and to satisfy package guidelines

These types shape a public API surface; exporting them helps consumers and aligns with “packages should export TypeScript types”.

-type TemplateSlug = 'invitation' | 'waitlist_invitation';
+export type TemplateSlug = 'invitation' | 'waitlist_invitation';

Optionally also:

- type CreateParams = { ... }
+ export type CreateInvitationParams = CreateParams;

---

13-21: Add concise JSDoc for newly exposed fields

Public API additions should be documented (notify defaults, redirect behavior, TTL semantics).

 type CreateParams = {
-  emailAddress: string;
-  expiresInDays?: number;
+  /** Recipient email for the invitation. */
+  emailAddress: string;
+  /** Invitation validity in days. If omitted, backend default applies. */
+  expiresInDays?: number;
   ignoreExisting?: boolean;
-  notify?: boolean;
-  publicMetadata?: UserPublicMetadata;
-  redirectUrl?: string;
-  templateSlug?: TemplateSlug;
+  /** Whether to trigger email notification. Defaults to true on backend unless specified. */
+  notify?: boolean;
+  /** Public metadata to attach to the invited user. */
+  publicMetadata?: UserPublicMetadata;
+  /** URL to redirect the user after accepting the invitation. */
+  redirectUrl?: string;
+  /** Invitation email template to use. */
+  templateSlug?: TemplateSlug;
 };

packages/backend/src/api/endpoints/OrganizationApi.ts (2)

165-174: Document new invitation fields and export the params type

Add JSDoc for the new fields and export the type for consumers.

-type CreateOrganizationInvitationParams = {
+export type CreateOrganizationInvitationParams = {
   organizationId: string;
   emailAddress: string;
   role: OrganizationMembershipRole;
-  expiresInDays?: number;
-  inviterUserId?: string;
-  privateMetadata?: OrganizationInvitationPrivateMetadata;
-  publicMetadata?: OrganizationInvitationPublicMetadata;
-  redirectUrl?: string;
+  /** Invitation validity in days. If omitted, backend default applies. */
+  expiresInDays?: number;
+  /** Explicit inviter user id. If omitted, the caller is used. */
+  inviterUserId?: string;
+  /** Private metadata attached to the invitation. */
+  privateMetadata?: OrganizationInvitationPrivateMetadata;
+  /** Public metadata attached to the invitation. */
+  publicMetadata?: OrganizationInvitationPublicMetadata;
+  /** Redirect URL after invitation acceptance. */
+  redirectUrl?: string;
 };

---

379-388: Add JSDoc to bulk endpoint and clarify accepted shapes

Clarify whether the endpoint accepts an array of items or an object with emailAddresses. This avoids ambiguity between backends and @clerk/types.

Proposed JSDoc:

   public async createOrganizationInvitationBulk(
     organizationId: string,
     params: CreateOrganizationInvitationBulkItem[],
   ) {
+    /**
+     * Creates multiple invitations for the given organization.
+     * Accepts an array of invitation item objects. If the backend also accepts
+     * `{ emailAddresses: string[]; role: ... }`, document and accept that shape too
+     * (with runtime normalization) to ease migration.
+     */

If both shapes are allowed by BAPI, consider overloading the signature and normalizing at runtime.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 773d71c and 22f2fcf.

📒 Files selected for processing (3)

• .changeset/all-hats-float.md (1 hunks)
• packages/backend/src/api/endpoints/InvitationApi.ts (1 hunks)
• packages/backend/src/api/endpoints/OrganizationApi.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (7)

.changeset/**

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Automated releases must use Changesets.

Files:

• .changeset/all-hats-float.md

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.{js,jsx,ts,tsx}: All code must pass ESLint checks with the project's configuration
Follow established naming conventions (PascalCase for components, camelCase for variables)
Maintain comprehensive JSDoc comments for public APIs
Use dynamic imports for optional features
All public APIs must be documented with JSDoc
Provide meaningful error messages to developers
Include error recovery suggestions where applicable
Log errors appropriately for debugging
Lazy load components and features when possible
Implement proper caching strategies
Use efficient data structures and algorithms
Profile and optimize critical paths
Validate all inputs and sanitize outputs
Implement proper logging with different levels

Files:

• packages/backend/src/api/endpoints/InvitationApi.ts
• packages/backend/src/api/endpoints/OrganizationApi.ts

**/*.{js,jsx,ts,tsx,json,css,scss,md,yaml,yml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• packages/backend/src/api/endpoints/InvitationApi.ts
• packages/backend/src/api/endpoints/OrganizationApi.ts

packages/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

TypeScript is required for all packages

Files:

• packages/backend/src/api/endpoints/InvitationApi.ts
• packages/backend/src/api/endpoints/OrganizationApi.ts

packages/**/*.{ts,tsx,d.ts}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Packages should export TypeScript types alongside runtime code

Files:

• packages/backend/src/api/endpoints/InvitationApi.ts
• packages/backend/src/api/endpoints/OrganizationApi.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Prefer readonly for properties that shouldn't change after construction
Prefer composition and interfaces over deep inheritance chains
Use mixins for shared behavior across unrelated classes
Implement dependency injection for loose coupling
Let TypeScript infer when types are obvious
Use const assertions for literal types: as const
Use satisfies operator for type checking without widening
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Use type-only imports: import type { ... } from ...
No any types without justification
Proper error handling with typed errors
Consistent use of readonly for immutable data
Proper generic constraints
No unused type parameters
Proper use of utility types instead of manual type construction
Type-only imports where possible
Proper tree-shaking friendly exports
No circular dependencies
Efficient type computations (avoid deep recursion)

Files:

• packages/backend/src/api/endpoints/InvitationApi.ts
• packages/backend/src/api/endpoints/OrganizationApi.ts

**/*.{js,ts,tsx,jsx}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Support multiple Clerk environment variables (CLERK_, NEXT_PUBLIC_CLERK_, etc.) for configuration.

Files:

• packages/backend/src/api/endpoints/InvitationApi.ts
• packages/backend/src/api/endpoints/OrganizationApi.ts

🧬 Code graph analysis (1)

packages/backend/src/api/endpoints/OrganizationApi.ts (1)

packages/types/src/clerk.ts (1)

• CreateBulkOrganizationInvitationParams (2145-2148)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Formatting | Dedupe | Changeset
• GitHub Check: Build Packages
• GitHub Check: semgrep/ci
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (2)

packages/backend/src/api/endpoints/InvitationApi.ts (1)

59-65: BodyParams are automatically snake_cased by the shared request util (via snakecase-keys); enable deepSnakecaseBodyParamKeys: true only if you need nested-object key transforms.

packages/backend/src/api/endpoints/OrganizationApi.ts (1)

165-185: No manual mapping needed: The request builder uses snakecaseKeys for all bodyParams, so expiresInDays, inviterUserId, metadata and redirectUrl are automatically serialized to the expected snake_case keys.