github-starred/better-auth
2
0
Fork 0
mirror of https://github.com/better-auth/better-auth.git synced 2026-05-23 15:42:09 -05:00
Code Issues 2.5k Packages Projects Releases 112 Wiki Activity

[GH-ISSUE #7315] /organization/add-member endpoint does not exist #19416

New Issue
Closed
opened 2026-04-15 18:28:57 -05:00 by GiteaMirror · 6 comments
GiteaMirror commented 2026-04-15 18:28:57 -05:00
Owner
Copy Link

Originally created by @SkyeYoung on GitHub (Jan 13, 2026).
Original GitHub issue: https://github.com/better-auth/better-auth/issues/7315

Is this suited for github?

  • Yes, this is suited for github

To Reproduce

This endpoint can be seen in the official documentation: https://www.better-auth.com/docs/plugins/organization#add-member.

Image

But, when I request /organization/add-member:

❯ curl -X POST "https://demo.better-auth.com/api/auth/organization/add-member" -I
HTTP/2 404
cache-control: public, max-age=0, must-revalidate
date: Tue, 13 Jan 2026 03:34:19 GMT
server: Vercel
strict-transport-security: max-age=63072000
vary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch
x-matched-path: /api/auth/[...all]
x-vercel-cache: MISS
x-vercel-id: sfo1::iad1::m58sw-1768275259642-b4fdef3d40eb
content-length: 0

But other endpoints exist:

❯ curl -X GET "https://demo.better-auth.com/api/auth/organization/list-members" -I
HTTP/2 401
age: 0
cache-control: public, max-age=0, must-revalidate
content-type: application/json
date: Tue, 13 Jan 2026 03:35:50 GMT
server: Vercel
strict-transport-security: max-age=63072000
vary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch
x-matched-path: /api/auth/[...all]
x-vercel-cache: MISS
x-vercel-id: sfo1::iad1::rnz5s-1768275350173-157d50c7bd3a
content-length: 0

If the user is just for testing, or using bash to write scripts, they may not use the sdk. I think it's best to register the endpoint.

Current vs. Expected behavior

use createAuthEndpoint register the endpoint.

What version of Better Auth are you using?

1.4.12

System info

{
  "system": {
    "platform": "darwin",
    "arch": "arm64",
    "version": "Darwin Kernel Version 25.0.0: Mon Aug 25 21:17:51 PDT 2025; root:xnu-12377.1.9~3/RELEASE_ARM64_T6020",
    "release": "25.0.0",
    "cpuCount": 10,
    "cpuModel": "Apple M2 Pro",
    "totalMemory": "32.00 GB",
    "freeMemory": "0.26 GB"
  },
  "node": {
    "version": "v20.18.1",
    "env": "development"
  },
  "packageManager": {
    "name": "npm",
    "version": "10.8.2"
  },
  "frameworks": [
    {
      "name": "next",
      "version": "16.0.10"
    },
    {
      "name": "react",
      "version": "^18.3.1"
    }
  ],
  "databases": [
    {
      "name": "pg",
      "version": "^8.16.3"
    },
    {
      "name": "drizzle",
      "version": "^0.44.7"
    }
  ],
  "betterAuth": {
    "version": "^1.4.12",
    "config": null
  }
}

Which area(s) are affected? (Select all that apply)

Backend

Auth config (if applicable)

import { betterAuth } from "better-auth"
export const auth = betterAuth({
  emailAndPassword: {  
    enabled: true
  },
  plugins: [
    nextCookies(),
    organization(),
    openAPI(),
    admin(),
    apiKey({
      enableSessionForAPIKeys: true
    }),
  ],
});

Additional context

I tested my reproduction against the Latest release.

Originally created by @SkyeYoung on GitHub (Jan 13, 2026). Original GitHub issue: https://github.com/better-auth/better-auth/issues/7315 ### Is this suited for github? - [x] Yes, this is suited for github ### To Reproduce This endpoint can be seen in the official documentation: https://www.better-auth.com/docs/plugins/organization#add-member. <img width="859" height="616" alt="Image" src="https://github.com/user-attachments/assets/e194b704-3d27-47f6-adfb-7e4050aac0a5" /> But, when I request `/organization/add-member`: ```shell ❯ curl -X POST "https://demo.better-auth.com/api/auth/organization/add-member" -I HTTP/2 404 cache-control: public, max-age=0, must-revalidate date: Tue, 13 Jan 2026 03:34:19 GMT server: Vercel strict-transport-security: max-age=63072000 vary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch x-matched-path: /api/auth/[...all] x-vercel-cache: MISS x-vercel-id: sfo1::iad1::m58sw-1768275259642-b4fdef3d40eb content-length: 0 ``` But other endpoints exist: ```shell ❯ curl -X GET "https://demo.better-auth.com/api/auth/organization/list-members" -I HTTP/2 401 age: 0 cache-control: public, max-age=0, must-revalidate content-type: application/json date: Tue, 13 Jan 2026 03:35:50 GMT server: Vercel strict-transport-security: max-age=63072000 vary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch x-matched-path: /api/auth/[...all] x-vercel-cache: MISS x-vercel-id: sfo1::iad1::rnz5s-1768275350173-157d50c7bd3a content-length: 0 ``` If the user is just for testing, or using bash to write scripts, they may not use the sdk. I think it's best to register the endpoint. ### Current vs. Expected behavior use `createAuthEndpoint` register the endpoint. ### What version of Better Auth are you using? 1.4.12 ### System info ```bash { "system": { "platform": "darwin", "arch": "arm64", "version": "Darwin Kernel Version 25.0.0: Mon Aug 25 21:17:51 PDT 2025; root:xnu-12377.1.9~3/RELEASE_ARM64_T6020", "release": "25.0.0", "cpuCount": 10, "cpuModel": "Apple M2 Pro", "totalMemory": "32.00 GB", "freeMemory": "0.26 GB" }, "node": { "version": "v20.18.1", "env": "development" }, "packageManager": { "name": "npm", "version": "10.8.2" }, "frameworks": [ { "name": "next", "version": "16.0.10" }, { "name": "react", "version": "^18.3.1" } ], "databases": [ { "name": "pg", "version": "^8.16.3" }, { "name": "drizzle", "version": "^0.44.7" } ], "betterAuth": { "version": "^1.4.12", "config": null } } ``` ### Which area(s) are affected? (Select all that apply) Backend ### Auth config (if applicable) ```typescript import { betterAuth } from "better-auth" export const auth = betterAuth({ emailAndPassword: { enabled: true }, plugins: [ nextCookies(), organization(), openAPI(), admin(), apiKey({ enableSessionForAPIKeys: true }), ], }); ``` ### Additional context I tested my reproduction against the Latest release.
GiteaMirror added the locked label 2026-04-15 18:28:57 -05:00
GiteaMirror commented 2026-04-15 18:29:02 -05:00
Author
Owner
Copy Link

@better-auth-agent[bot] commented on GitHub (Jan 13, 2026):

It seems like the /organization/add-member endpoint you're trying to access has been part of an open bug issue and was previously documented. However, there has been a lack of resolution, resulting in a 404 error when you attempt to use it [1], [3].

If you're expecting that endpoint to function, it's important to note that there has been discussion about potential conflicts and related issues around it. You may want to consider using a different method or verify with the Better Auth team for the current status of the endpoint.

To move forward, you might want to check related endpoints or follow up on the bug issue [1]. Also, it would be beneficial to tag the Better Auth team members, @bekacru and @ping__, in your queries to get them directly involved for clarification on bug fixes and endpoint availability.

Have you had a chance to look at alternative methods for managing organization members in Better Auth?

If you need more help, tag @better-auth-agent in a comment so I can respond.

DiagramDiscordGitHub

Diagram Join Star

<!-- gh-comment-id:3741737280 --> @better-auth-agent[bot] commented on GitHub (Jan 13, 2026): It seems like the `/organization/add-member` endpoint you're trying to access has been part of an open bug issue and was previously documented. However, there has been a lack of resolution, resulting in a 404 error when you attempt to use it [[1]](https://github.com/better-auth/better-auth/issues/6334), [[3]](https://github.com/better-auth/better-auth/issues/5790). If you're expecting that endpoint to function, it's important to note that there has been discussion about potential conflicts and related issues around it. You may want to consider using a different method or verify with the Better Auth team for the current status of the endpoint. To move forward, you might want to check related endpoints or follow up on the bug issue [[1]](https://github.com/better-auth/better-auth/issues/6334). Also, it would be beneficial to tag the Better Auth team members, @bekacru and @ping__, in your queries to get them directly involved for clarification on bug fixes and endpoint availability. Have you had a chance to look at alternative methods for managing organization members in Better Auth? _If you need more help, tag @better-auth-agent in a comment so I can respond._ <!-- bot:webhook reply v1 --> [Diagram](https://repodiagrams.s3.eu-north-1.amazonaws.com/skyvern_ultra_detailed_interactive.html) • [Discord](https://discord.gg/fG2XXEuQX3) • [GitHub](https://github.com/Skyvern-AI/Skyvern) [![Diagram](https://img.shields.io/badge/Diagram-2b3137?style=flat-square)](https://repodiagrams.s3.eu-north-1.amazonaws.com/skyvern_ultra_detailed_interactive.html) [![Join](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&style=flat-square)](https://discord.gg/fG2XXEuQX3) [![Star](https://img.shields.io/badge/star-181717?logo=github&logoColor=white&style=flat-square)](https://github.com/Skyvern-AI/Skyvern)
GiteaMirror commented 2026-04-15 18:29:04 -05:00
Author
Owner
Copy Link

@dosubot[bot] commented on GitHub (Jan 13, 2026):

The /organization/add-member endpoint is not exposed as a public HTTP endpoint by default in Better Auth v1.4.12. It's only available as a server-side API method (auth.api.addMember), which is why you get a 404 when trying to access it directly via HTTP. This is intentional: the function is meant for server-to-server use, not for direct public API calls reference.

If you want to make this functionality available over HTTP (for example, to use with curl or scripts), you need to manually register a custom endpoint that wraps auth.api.addMember using createAuthEndpoint. Other organization endpoints like /organization/remove-member are registered this way, but add-member is not.

Here’s a minimal example of how you might expose it:

import { createAuthEndpoint } from "better-auth";
import { auth } from "./your-auth-config";

export default createAuthEndpoint(
  "/organization/add-member",
  {
    method: "POST",
    // ...add your validation, middleware, etc.
  },
  async (ctx) => {
    // Call the internal API method
    return auth.api.addMember(ctx.body);
  }
);

Make sure to add proper access control and validation, since exposing this endpoint publicly could allow unauthorized users to add members.

There is an ongoing rewrite of the organization plugin that may change this behavior in the future, but for now, manual registration is required reference.

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other

Chat with Dosu Open in Cursor Join Discord Share on X

<!-- gh-comment-id:3741752811 --> @dosubot[bot] commented on GitHub (Jan 13, 2026): <!-- Answer --> The /organization/add-member endpoint is not exposed as a public HTTP endpoint by default in Better Auth v1.4.12. It's only available as a server-side API method (auth.api.addMember), which is why you get a 404 when trying to access it directly via HTTP. This is intentional: the function is meant for server-to-server use, not for direct public API calls [reference](https://github.com/better-auth/better-auth/issues/6334). If you want to make this functionality available over HTTP (for example, to use with curl or scripts), you need to manually register a custom endpoint that wraps auth.api.addMember using createAuthEndpoint. Other organization endpoints like /organization/remove-member are registered this way, but add-member is not. Here’s a minimal example of how you might expose it: ```typescript import { createAuthEndpoint } from "better-auth"; import { auth } from "./your-auth-config"; export default createAuthEndpoint( "/organization/add-member", { method: "POST", // ...add your validation, middleware, etc. }, async (ctx) => { // Call the internal API method return auth.api.addMember(ctx.body); } ); ``` Make sure to add proper access control and validation, since exposing this endpoint publicly could allow unauthorized users to add members. There is an ongoing rewrite of the organization plugin that may change this behavior in the future, but for now, manual registration is required [reference](https://github.com/better-auth/better-auth/pull/7251). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/39632dee-84f9-42c5-8750-dde678cde65d?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/39632dee-84f9-42c5-8750-dde678cde65d?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/39632dee-84f9-42c5-8750-dde678cde65d?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/39632dee-84f9-42c5-8750-dde678cde65d?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/39632dee-84f9-42c5-8750-dde678cde65d?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/39632dee-84f9-42c5-8750-dde678cde65d?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/39632dee-84f9-42c5-8750-dde678cde65d?feedback_type=other)</sup> [![Chat with Dosu](https://dosu.dev/dosu-chat-badge.svg)](https://app.dosu.dev/cdda13d9-dd27-4d31-b09a-5d8bec92de21/ask?utm_source=github)&nbsp;[![Open in Cursor](https://dosu.dev/dosu-in-cursor.svg)](https://cursor.com/link/prompt?text=The%20/organization/add-member%20endpoint%20is%20not%20exposed%20as%20a%20public%20HTTP%20endpoint%20by%20default%20in%20Better%20Auth%20v1.4.12.%20It%27s%20only%20available%20as%20a%20server-side%20API%20method%20%28auth.api.addMember%29%2C%20which%20is%20why%20you%20get%20a%20404%20when%20trying%20to%20access%20it%20directly%20via%20HTTP.%20This%20is%20intentional%3A%20the%20function%20is%20meant%20for%20server-to-server%20use%2C%20not%20for%20direct%20public%20API%20calls%C2%A0%5Breference%5D%28https%3A//github.com/better-auth/better-auth/issues/6334%29.%0A%0AIf%20you%20want%20to%20make%20this%20functionality%20available%20over%20HTTP%20%28for%20example%2C%20to%20use%20with%20curl%20or%20scripts%29%2C%20you%20need%20to%20manually%20register%20a%20custom%20endpoint%20that%20wraps%20auth.api.addMember%20using%20createAuthEndpoint.%20Other%20organization%20endpoints%20like%20/organization/remove-member%20are%20registered%20this%20way%2C%20but%20add-member%20is%20not.%0A%0AHere%E2%80%99s%20a%20minimal%20example%20of%20how%20you%20might%20expose%20it%3A%0A%0A%60%60%60typescript%0Aimport%20%7B%20createAuthEndpoint%20%7D%20from%20%22better-auth%22%3B%0Aimport%20%7B%20auth%20%7D%20from%20%22./your-auth-config%22%3B%0A%0Aexport%20default%20createAuthEndpoint%28%0A%20%20%22/organization/add-member%22%2C%0A%20%20%7B%0A%20%20%20%20method%3A%20%22POST%22%2C%0A%20%20%20%20//%20...add%20your%20validation%2C%20middleware%2C%20etc.%0A%20%20%7D%2C%0A%20%20async%20%28ctx%29%20%3D%3E%20%7B%0A%20%20%20%20//%20Call%20the%20internal%20API%20method%0A%20%20%20%20return%20auth.api.addMember%28ctx.body%29%3B%0A%20%20%7D%0A%29%3B%0A%60%60%60%0A%0AMake%20sure%20to%20add%20proper%20access%20control%20and%20validation%2C%20since%20exposing%20this%20endpoint%20publicly%20could%20allow%20unauthorized%20users%20to%20add%20members.%0A%0AThere%20is%20an%20ongoing%20rewrite%20of%20the%20organization%20plugin%20that%20may%20change%20this%20behavior%20in%20the%20future%2C%20but%20for%20now%2C%20manual%20registration%20is%20required%C2%A0%5Breference%5D%28https%3A//github.com/better-auth/better-auth/pull/7251%29.)&nbsp;[![Join Discord](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&label=)](https://go.dosu.dev/discord-bot)&nbsp;[![Share on X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/better-auth/better-auth/issues/7315)
GiteaMirror commented 2026-04-15 18:29:06 -05:00
Author
Owner
Copy Link

@ping-maxwell commented on GitHub (Jan 13, 2026):

Just checked our code base and it must had been a relatively recent change, it's a pathless endpoint meaning it's intended to be called from the server only. (aka using auth.api.addMember)
I'll update the docs.

<!-- gh-comment-id:3741771257 --> @ping-maxwell commented on GitHub (Jan 13, 2026): Just checked our code base and it must had been a relatively recent change, it's a pathless endpoint meaning it's intended to be called from the server only. (aka using `auth.api.addMember`) I'll update the docs.
GiteaMirror commented 2026-04-15 18:29:07 -05:00
Author
Owner
Copy Link

@SkyeYoung commented on GitHub (Jan 13, 2026):

@ping-maxwell My thoughts are as follows, may I ask if you've considered them?

If the user is just for testing, or using bash to write scripts, they may not use the sdk. I think it's best to register the endpoint.

<!-- gh-comment-id:3741823452 --> @SkyeYoung commented on GitHub (Jan 13, 2026): @ping-maxwell My thoughts are as follows, may I ask if you've considered them? > If the user is just for testing, or using bash to write scripts, they may not use the sdk. I think it's best to register the endpoint.
GiteaMirror commented 2026-04-15 18:29:10 -05:00
Author
Owner
Copy Link

@SkyeYoung commented on GitHub (Jan 13, 2026):

@ping-maxwell https://github.com/better-auth/better-auth/issues/7315#issuecomment-3741823452

Hi, could you please answer my question?

<!-- gh-comment-id:3742340019 --> @SkyeYoung commented on GitHub (Jan 13, 2026): @ping-maxwell https://github.com/better-auth/better-auth/issues/7315#issuecomment-3741823452 Hi, could you please answer my question?
GiteaMirror commented 2026-04-15 18:29:11 -05:00
Author
Owner
Copy Link

@ping-maxwell commented on GitHub (Jan 13, 2026):

you have to use the sdk

<!-- gh-comment-id:3744270491 --> @ping-maxwell commented on GitHub (Jan 13, 2026): you have to use the sdk
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
adapter
astro
awaiting external contributor
blocked
breaking
breaking change
bug
c-devops
core
credentials
database
dependencies
devops
devtools
docs
documentation
duplicate
elysia
enhancement
enterprise
expo
express
fastify
good first issue
help wanted
hono
identity
infra
integration
invalid
javascript
locked
maintenance
need-more-information
needs: info
needs: repro
nextjs
nuxt
oauth
organization
P0
payments
perf
platform
plugin
pull-request
Mirrored from GitHub Pull Request
 question
ready
regression
remix
security
social-provider
solid
stale
svelte
tanstack-start
tracking
version-bump
vue
wontfix
No Label locked
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/better-auth#19416
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?