This Val provides an HTTP endpoint for creating organizations and organization memberships in WorkOS with JWT authentication.
- JWT Authentication: Validates WorkOS JWTs using JWKS
- Organization Creation: Creates new organizations in WorkOS
- Membership Management: Automatically creates admin membership for the authenticated user
- Error Handling: Comprehensive error handling for WorkOS API and JWT validation
Creates a new organization and organization membership for the authenticated user.
Authentication: Bearer token (WorkOS JWT)
Request Body:
{ "name": "Organization Name", "domains": ["example.com"] // optional }
Response:
{ "organization": { "id": "org_123", "name": "Organization Name", "domains": ["example.com"], "createdAt": "2023-01-01T00:00:00.000Z", "updatedAt": "2023-01-01T00:00:00.000Z" }, "membership": { "id": "om_456", "userId": "user_789", "organizationId": "org_123", "role": "admin", "status": "active" } }
Health check endpoint.
Response:
{ "status": "ok", "timestamp": "2023-01-01T00:00:00.000Z" }
-
Set Environment Variables in Val Town:
WORKOS_API_KEY: Your WorkOS API key (get from WorkOS Dashboard)JWKS_URL: Your WorkOS JWKS URL for JWT verification
-
Get Your WorkOS API Key:
- Log into your WorkOS Dashboard
- Navigate to API Keys section
- Copy your API key (starts with
sk_)
-
Configure JWKS URL:
- The JWKS URL format is typically:
https://api.workos.com/sso/jwks/{connection_id} - Replace
{connection_id}with your actual WorkOS connection ID - You can also use your custom domain if configured
- The JWKS URL format is typically:
-
Deploy the Val:
- The Val is automatically deployed when you save it
- Make note of your Val's URL for client-side integration
The following environment variables must be configured in Val Town:
WORKOS_API_KEY: Your WorkOS API key (starts withsk_)JWKS_URL: The JWKS URL for JWT verification (e.g.,https://api.workos.com/sso/jwks/{connection_id})
See client-example.js for a complete client implementation with error handling.
// Using the provided client class
const client = new WorkOSOrganizationClient('https://your-val-url.web.val.run');
try {
const result = await client.createOrganization(
workosJWT, // Your WorkOS JWT token
'My New Organization', // Organization name
['mycompany.com'] // Optional domains
);
console.log('Created organization:', result.organization);
console.log('Created membership:', result.membership);
} catch (error) {
console.error('Failed to create organization:', error.message);
}
// Direct usage with fetch API
const response = await fetch('https://your-val-url.web.val.run/create-organization', {
method: 'POST',
headers: {
'Authorization': `Bearer ${workosJWT}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
name: 'My New Organization',
domains: ['mycompany.com']
})
});
const result = await response.json();
console.log('Created organization:', result.organization);
The API returns appropriate HTTP status codes and error messages:
400: Bad request (missing organization name, WorkOS API errors)401: Unauthorized (missing/invalid JWT token)500: Internal server error (configuration issues, unexpected errors)
- JWT tokens are verified using JWKS from WorkOS
- Only authenticated users can create organizations
- Users are automatically assigned admin role in organizations they create
- All WorkOS API calls are made server-side to protect API keys
curl https://your-val-url.web.val.run/health
curl https://your-val-url.web.val.run/
curl -X POST https://your-val-url.web.val.run/create-organization \ -H "Content-Type: application/json" \ -d '{"name": "Test Organization"}'
curl -X POST https://your-val-url.web.val.run/create-organization \ -H "Authorization: Bearer invalid-token" \ -H "Content-Type: application/json" \ -d '{"name": "Test Organization"}'
curl -X POST https://your-val-url.web.val.run/create-organization \ -H "Authorization: Bearer YOUR_WORKOS_JWT_TOKEN" \ -H "Content-Type: application/json" \ -d '{"name": "My New Organization", "domains": ["example.com"]}'