Skip to main content

Workspace.Members.Import Csv

Tags: members, users

Endpoints

Import

POST /api/v2/w/{workspace_uuid}/members/import

Description:

Workspace member management

Import members from CSV file with streaming progress updates.

identity_conflict_policy='overwrite_identity_fields' is intended to be sent only after an operator reviews a preview. Two known, accepted limits:

  • Preview→commit is not transactional (TOCTOU): the commit re-classifies each row against live DB state, so under the default skip policy a row that became a conflict after the preview is still skipped. Under overwrite the operator's prior approval is applied to current state, so an identity that changed between preview and commit is overwritten on the stale approval. Closing this would require optimistic locking / a preview token.
  • Preview-first is advisory, not enforced: overwrite requires only MEMBERS_ADMIN (which can already mutate identity via the member-update API) and every overwrite is audited; there is no backend gate requiring a prior preview call.

Authorization: Requires members:admin scope

Parameters:

  • file (UploadFile)
  • new_member_role_id (Integer)
  • trust_email_addresses (Boolean)
  • trust_phone_numbers (Boolean)
  • identity_conflict_policy (IdentityConflictPolicy)

Preview

POST /api/v2/w/{workspace_uuid}/members/import/preview

Description:

Workspace member management

Read-only preview classifying each CSV row before any write (GRA-5545).

Returns create/update/unchanged/conflict/error counts plus, for phone-only identity conflicts, the existing vs incoming identity so the operator can decide before committing. @phi_audit(bulk=True) because the response can surface existing Member PHI in bulk; the response is never logged.

Design trade-off (accepted): returning existing name/date_of_birth for conflicted rows lets one authorized call enumerate identity PHI for the matched members. This is the explicit purpose of the conflict-review flow — the operator must compare existing vs incoming to choose skip/overwrite — and is bounded to phone-only conflict rows, gated by MEMBERS_ADMIN and the bulk PHI audit above. Identity is not returned for create/update/unchanged rows (PHI minimization).

Authorization: Requires members:admin scope

Parameters:

  • file (UploadFile)
  • new_member_role_id (Integer)
  • trust_email_addresses (Boolean)
  • trust_phone_numbers (Boolean)

Response: See MemberImportPreviewResponse