Team Management
This guide covers everything you need to know about managing your team in Zyphr — from inviting members to understanding the role hierarchy and controlling per-project access.
Role System Overview
Zyphr uses a two-level role system:
- Account roles — determine what a user can do at the account level (billing, team management, account settings)
- Project roles — determine what a user can do within a specific project (API keys, messages, subscribers, webhooks)
These two levels work together to give you fine-grained control over who can access what.
Account Roles
Account roles are assigned when a user is invited to the account and apply across the entire account.
| Role | Team Management | Billing | Projects | Delete Account |
|---|---|---|---|---|
| Owner | Yes | Yes | All (Admin) | Yes |
| Admin | Yes | No | All (Admin) | No |
| Billing Admin | No | Yes | None (must be assigned) | No |
| Member | No | No | None (must be assigned) | No |
Owner
Owners have complete control over the account. They can manage billing, invite and remove members (including other owners), access all projects, and delete the account.
- Multiple owners are allowed
- At least one owner must exist at all times
- Only owners can promote other members to owner
Admin
Admins can manage the team (invite, remove, change roles) and have automatic admin access to every project. They cannot manage billing or delete the account.
Billing Admin
Billing Admins can view and manage the subscription, payment methods, and invoices. They have no inherent access to any project — they must be explicitly assigned to projects they need to access.
Member
Members have no account-level privileges. They can only access projects they have been explicitly assigned to with a project role.
Project Roles
Project roles control what a user can do within a specific project.
| Role | View Resources | Create/Edit Resources | Manage Settings | Manage Members | Manage API Keys |
|---|---|---|---|---|---|
| Admin | Yes | Yes | Yes | Yes | Yes |
| Developer | Yes | Yes | No | No | No |
| Viewer | Yes | No | No | No | No |
Admin
Full control over the project. Can modify project settings, manage project members, create and revoke API keys, and perform all resource operations.
Developer
Can create, read, update, and delete resources within the project — messages, subscribers, templates, webhooks, etc. Cannot change project settings, manage members, or manage API keys.
Viewer
Read-only access. Can view all resources within the project but cannot create, modify, or delete anything.
Role Cascade
Account-level roles automatically cascade into project access:
| Account Role | Automatic Project Access |
|---|---|
| Owner | Admin on all projects |
| Admin | Admin on all projects |
| Billing Admin | None — must be explicitly assigned |
| Member | None — must be explicitly assigned |
This means:
- You never need to manually assign Owners or Admins to projects — they always have full access
- Members and Billing Admins see only the projects they have been explicitly added to
- If a Member has not been assigned to any project, they will see an empty project list
Inviting Members
Via Dashboard
- Navigate to Account Settings > Team tab
- Click Invite Member
- Enter the email address
- Select an account role
- Click Send Invite
The invitee receives an email with a link to accept the invitation. If they do not already have a Zyphr account, they will be prompted to create one.
Via API
curl -X POST https://api.zyphr.dev/v1/accounts/ACCOUNT_ID/members/invite \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"email": "newdev@company.com",
"role": "member"
}'
Managing Pending Invitations
From the Team tab, you can:
- Resend — Send the invitation email again if it was lost or expired
- Revoke — Cancel the invitation before it is accepted
Assigning Project Access
After a Member or Billing Admin joins the account, assign them to specific projects:
Via Dashboard
- Switch to the target project using the project switcher
- Navigate to Project Settings > Members tab
- Click Add Member
- Select the account member from the dropdown
- Choose a project role (Admin, Developer, or Viewer)
- Click Add
Via API
curl -X POST https://api.zyphr.dev/v1/projects/PROJECT_ID/members \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"user_id": "usr_abc123",
"role": "developer"
}'
Changing Roles
Changing Account Roles
- Navigate to Account Settings > Team tab
- Find the member in the list
- Click the role dropdown and select a new role
- Confirm the change
Changing a member from Owner or Admin to Member will remove their automatic access to all projects. They will only retain access to projects they were explicitly assigned to.
Changing Project Roles
- Navigate to Project Settings > Members tab
- Find the member in the list
- Click the role dropdown and select a new role
Removing Members
Removing from the Account
Removing a member from the account revokes all of their access — account-level and all project assignments.
- Navigate to Account Settings > Team tab
- Click Remove next to the member
- Confirm the removal
Via API
curl -X DELETE https://api.zyphr.dev/v1/accounts/ACCOUNT_ID/members/USER_ID \
-H "Authorization: Bearer YOUR_JWT_TOKEN"
Removing from a Project
Removing a member from a project revokes only their access to that specific project. They remain a member of the account and retain access to other projects they are assigned to.
- Navigate to Project Settings > Members tab
- Click Remove next to the member
- Confirm the removal
Via API
curl -X DELETE https://api.zyphr.dev/v1/projects/PROJECT_ID/members/USER_ID \
-H "Authorization: Bearer YOUR_JWT_TOKEN"
Team Size Limits
The maximum number of team members depends on your plan:
| Plan | Max Team Members |
|---|---|
| Free | 1 |
| Starter | 5 |
| Pro | 25 |
| Scale | 100 |
| Enterprise | Unlimited |
This limit counts all members across all roles (Owners, Admins, Billing Admins, and Members).
Best Practices
Principle of Least Privilege
Assign the minimum role needed for each team member:
- Use Member for most developers — then assign specific project roles
- Reserve Admin for team leads who need to manage the full account
- Use Owner sparingly — only for people who need billing and account deletion access
Environment-Based Access
Set up project roles based on environment sensitivity:
| Team Member | Production | Staging | Development |
|---|---|---|---|
| CTO / Lead | Owner (auto-Admin) | Owner (auto-Admin) | Owner (auto-Admin) |
| Senior Dev | Admin | Admin | Admin |
| Junior Dev | Viewer | Developer | Developer |
| QA Engineer | Viewer | Developer | Viewer |
| Finance | Billing Admin (no project access) | — | — |
Regular Access Reviews
Periodically review your team members and their roles:
- Remove members who have left the organization
- Downgrade roles for members who no longer need elevated access
- Audit project assignments to ensure no one has unnecessary access
Next Steps
- Accounts & Projects — Understand the multi-project account model
- Account Settings — Configure account settings and billing
- Billing & Plans — Manage your subscription