WorkOS Organization Creator

This Val provides an HTTP endpoint for creating organizations and organization memberships in WorkOS with JWT authentication.

Features

JWT Authentication: Validates WorkOS JWTs using JWKS
Organization Creation: Creates new organizations in WorkOS
Membership Management: Automatically creates admin membership for the authenticated user
Error Handling: Comprehensive error handling for WorkOS API and JWT validation

Endpoints

POST `/create-organization`

Creates a new organization and organization membership for the authenticated user.

Authentication: Bearer token (WorkOS JWT)

Request Body:

{
  "name": "Organization Name",
  "domains": ["example.com"] // optional
}

Response:

{
  "organization": {
    "id": "org_123",
    "name": "Organization Name",
    "domains": ["example.com"],
    "createdAt": "2023-01-01T00:00:00.000Z",
    "updatedAt": "2023-01-01T00:00:00.000Z"
  },
  "membership": {
    "id": "om_456",
    "userId": "user_789",
    "organizationId": "org_123",
    "role": "admin",
    "status": "active"
  }
}

GET `/health`

Health check endpoint.

Response:

{
  "status": "ok",
  "timestamp": "2023-01-01T00:00:00.000Z"
}

Setup Instructions

Set Environment Variables in Val Town:
- WORKOS_API_KEY: Your WorkOS API key (get from WorkOS Dashboard)
- JWKS_URL: Your WorkOS JWKS URL for JWT verification
Get Your WorkOS API Key:
- Log into your WorkOS Dashboard
- Navigate to API Keys section
- Copy your API key (starts with sk_)
Configure JWKS URL:
- The JWKS URL format is typically: https://api.workos.com/sso/jwks/{connection_id}
- Replace {connection_id} with your actual WorkOS connection ID
- You can also use your custom domain if configured
Deploy the Val:
- The Val is automatically deployed when you save it
- Make note of your Val's URL for client-side integration

Environment Variables

The following environment variables must be configured in Val Town:

WORKOS_API_KEY: Your WorkOS API key (starts with sk_)
JWKS_URL: The JWKS URL for JWT verification (e.g., https://api.workos.com/sso/jwks/{connection_id})

Usage Example

JavaScript/TypeScript Client

See client-example.js for a complete client implementation with error handling.

// Using the provided client class
const client = new WorkOSOrganizationClient('https://your-val-url.web.val.run');

try {
  const result = await client.createOrganization(
    workosJWT,           // Your WorkOS JWT token
    'My New Organization', // Organization name
    ['mycompany.com']    // Optional domains
  );
  
  console.log('Created organization:', result.organization);
  console.log('Created membership:', result.membership);
} catch (error) {
  console.error('Failed to create organization:', error.message);
}

Direct Fetch API

// Direct usage with fetch API
const response = await fetch('https://your-val-url.web.val.run/create-organization', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${workosJWT}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    name: 'My New Organization',
    domains: ['mycompany.com']
  })
});

const result = await response.json();
console.log('Created organization:', result.organization);

Error Responses

The API returns appropriate HTTP status codes and error messages:

400: Bad request (missing organization name, WorkOS API errors)
401: Unauthorized (missing/invalid JWT token)
500: Internal server error (configuration issues, unexpected errors)

Security

JWT tokens are verified using JWKS from WorkOS
Only authenticated users can create organizations
Users are automatically assigned admin role in organizations they create
All WorkOS API calls are made server-side to protect API keys

Testing

1. Health Check

curl https://your-val-url.web.val.run/health

2. Service Info

curl https://your-val-url.web.val.run/

3. Test Authentication (should return 401)

curl -X POST https://your-val-url.web.val.run/create-organization \
  -H "Content-Type: application/json" \
  -d '{"name": "Test Organization"}'

4. Test with Invalid Token (should return 401)

curl -X POST https://your-val-url.web.val.run/create-organization \
  -H "Authorization: Bearer invalid-token" \
  -H "Content-Type: application/json" \
  -d '{"name": "Test Organization"}'

5. Test with Valid WorkOS JWT

curl -X POST https://your-val-url.web.val.run/create-organization \
  -H "Authorization: Bearer YOUR_WORKOS_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "My New Organization", "domains": ["example.com"]}'

nholden

workos-create-org

WorkOS Organization Creator

Features

Endpoints

POST `/create-organization`

GET `/health`

Setup Instructions

Environment Variables

Usage Example

JavaScript/TypeScript Client

Direct Fetch API

Error Responses

Security

Testing

1. Health Check

2. Service Info

3. Test Authentication (should return 401)

4. Test with Invalid Token (should return 401)

5. Test with Valid WorkOS JWT

nholden

workos-create-org

WorkOS Organization Creator

Features

Endpoints

POST /create-organization

GET /health

Setup Instructions

Environment Variables

Usage Example

JavaScript/TypeScript Client

Direct Fetch API

Error Responses

Security

Testing

1. Health Check

2. Service Info

3. Test Authentication (should return 401)

4. Test with Invalid Token (should return 401)

5. Test with Valid WorkOS JWT

POST `/create-organization`

GET `/health`