PandaDoc User Management API Guide

Auth method: API Key (header) or OAuth 2.0 (Authorization Code flow)

Setup steps

1. Log in to PandaDoc and navigate to Settings > Integrations > API.
2. Generate an API key for server-to-server use, or register an OAuth 2.0 application to obtain client_id and client_secret.
3. For OAuth 2.0: redirect users to https://app.pandadoc.com/oauth2/authorize with required scopes, exchange the returned code for an access token at https://api.pandadoc.com/oauth2/access_token.
4. Pass the API key as header 'Authorization: API-Key ' or the OAuth token as 'Authorization: Bearer ' on all requests.
5. API access (including OAuth app creation) requires at minimum a Business plan.

Required scopes

List workspace members

• Method: GET
• URL: https://api.pandadoc.com/public/v1/members
• Watch out for: Returns members of the authenticated user's current workspace only. Pagination uses 'page' and 'count' query params.

Request example

GET /public/v1/members?page=1&count=50
Authorization: API-Key <key>

Response example

{
  "results": [
    {"user_id": "abc123", "email": "user@example.com",
     "first_name": "Jane", "last_name": "Doe",
     "role": "User", "status": "active"}
  ]
}

Get a workspace member

• Method: GET
• URL: https://api.pandadoc.com/public/v1/members/{membership_id}
• Watch out for: Requires membership_id, not user_id. Obtain membership_id from the list endpoint.

Request example

GET /public/v1/members/mem_abc123
Authorization: API-Key <key>

Response example

{
  "user_id": "abc123",
  "email": "user@example.com",
  "first_name": "Jane",
  "role": "Manager",
  "status": "active"
}

Invite a new member to workspace

• Method: POST
• URL: https://api.pandadoc.com/public/v1/members
• Watch out for: Sends an email invitation; user status remains 'pending' until accepted. Cannot pre-set password via API.

Request example

POST /public/v1/members
Authorization: API-Key <key>
Content-Type: application/json

{"email": "newuser@example.com", "role": "User"}

Response example

{
  "membership_id": "mem_xyz789",
  "email": "newuser@example.com",
  "status": "pending"
}

Update a workspace member's role

• Method: PATCH
• URL: https://api.pandadoc.com/public/v1/members/{membership_id}
• Watch out for: Only role and is_admin fields are updatable via this endpoint. Email and name changes are not supported.

Request example

PATCH /public/v1/members/mem_xyz789
Authorization: API-Key <key>
Content-Type: application/json

{"role": "Manager"}

Response example

{
  "membership_id": "mem_xyz789",
  "role": "Manager",
  "status": "active"
}

Delete (remove) a workspace member

• Method: DELETE
• URL: https://api.pandadoc.com/public/v1/members/{membership_id}
• Watch out for: Removes the user from the workspace; does not delete the PandaDoc account itself. Documents owned by the user are retained.

Request example

DELETE /public/v1/members/mem_xyz789
Authorization: API-Key <key>

Response example

HTTP 204 No Content

List workspaces

• Method: GET
• URL: https://api.pandadoc.com/public/v1/workspaces
• Watch out for: Only workspaces the authenticated user belongs to are returned. Multi-workspace management requires separate API keys per workspace.

Request example

GET /public/v1/workspaces
Authorization: API-Key <key>

Response example

{
  "results": [
    {"id": "ws_001", "name": "Acme Corp", "is_default": true}
  ]
}

Get current authenticated user

• Method: GET
• URL: https://api.pandadoc.com/public/v1/members/current
• Watch out for: Useful for validating API key identity and confirming workspace context before performing member operations.

Request example

GET /public/v1/members/current
Authorization: API-Key <key>

Response example

{
  "user_id": "abc123",
  "email": "admin@example.com",
  "is_admin": true,
  "workspace_id": "ws_001"
}

• Rate limits: PandaDoc enforces per-minute and per-day request limits. Exact limits are not fully published in official docs; the developer portal notes limits vary by plan.
• Rate-limit headers: Yes
• Retry-After header: No
• Rate-limit notes: HTTP 429 is returned when limits are exceeded. Official per-plan rate limit values are not publicly documented. Retry with exponential backoff on 429 responses.
• Pagination method: offset
• Default page size: 50
• Max page size: 100
• Pagination pointer: page / count

• Webhooks available: Yes
• Webhook notes: PandaDoc supports webhooks for document lifecycle events. Webhooks are configured in the PandaDoc dashboard under Settings > Integrations > Webhooks. There are no dedicated user/member lifecycle webhook events (e.g., member added/removed).
• Alternative event strategy: Poll GET /public/v1/members on a schedule to detect membership changes, as no member-lifecycle webhook events are available.
• Webhook events: document_state_changed, document_updated, document_deleted, recipient_completed, document_viewed

• SCIM available: Yes

• SCIM version: 2.0

• Plan required: Enterprise (SSO prerequisite required)

• Endpoint: https://app.pandadoc.com/scim/v2

• Supported operations: Create user (POST /Users), Deactivate/delete user (DELETE /Users/{id} or PATCH active=false), List users (GET /Users), Get user (GET /Users/{id})

Limitations:

• SSO must be configured and active before SCIM can be enabled.
• Enterprise plan required; not available on Starter or Business.
• User attribute updates (name, email changes) via SCIM PATCH may have limited support - community sources indicate create and deactivate are the primary supported operations.
• Group/team provisioning support is limited; verify with PandaDoc support for current group SCIM support.
• Supported IdPs: Okta, Microsoft Entra ID (Azure AD), OneLogin.
• Google Workspace SSO/SCIM is not officially supported.
• Pricing seed notes indicate SCIM 1.1 behavior in some contexts - confirm current SCIM 2.0 endpoint availability with PandaDoc support.

Three primary automation scenarios are supported by the current API surface:

• Onboard via REST (Business+): POST to /public/v1/members with email and role. The response returns membership_id and status: pending. The user must accept the email invitation before status transitions to active - poll GET /public/v1/members/{membership_id} to detect activation. There is no way to bypass the invitation flow via REST; for zero-touch provisioning, SCIM (Enterprise only) is required.

• Deprovision via SCIM (Enterprise): Configure SCIM at https://app.pandadoc.com/scim/v2 with a supported IdP (Okta, Microsoft Entra ID, or OneLogin - Google Workspace is not officially supported). Deactivating the user in the IdP triggers a SCIM PATCH (active=false) or DELETE. If SSO is disabled, SCIM provisioning stops functioning entirely. Documents owned by the deprovisioned user are retained.

• Membership audit: Paginate GET /public/v1/members?page=1&count=100 (max page size 100, offset-based) to retrieve all members with role, is_admin, and status fields. Cross-reference against your HR system or identity graph to surface orphaned active accounts. Repeat per workspace; no cross-workspace aggregation endpoint exists.

Onboard a new employee to a PandaDoc workspace

1. POST https://api.pandadoc.com/public/v1/members with {"email": "newuser@company.com", "role": "User"} using an admin API key.
2. Receive a 201 response with membership_id and status='pending'.
3. Poll GET /public/v1/members/{membership_id} until status changes to 'active' (user has accepted the invitation).
4. Optionally PATCH /public/v1/members/{membership_id} to update role after activation.

Watch out for: The user must manually accept the email invitation before they can use PandaDoc. There is no way to bypass the invitation flow via the REST API. For automated provisioning without manual acceptance, use SCIM (Enterprise only).

Deprovision a departing employee via SCIM (Enterprise)

1. Ensure SCIM is configured in PandaDoc under Settings > Security > SCIM with your IdP (Okta, Entra ID, or OneLogin).
2. Deactivate or remove the user in your IdP.
3. The IdP sends a SCIM PATCH (active=false) or DELETE to https://app.pandadoc.com/scim/v2/Users/{id}.
4. PandaDoc deactivates the user's workspace access automatically.
5. Verify removal by calling GET https://api.pandadoc.com/public/v1/members and confirming the user is no longer listed as active.

Watch out for: SCIM requires Enterprise plan and active SSO. If SSO is disabled, SCIM provisioning will also stop functioning. Documents owned by the deprovisioned user are retained in the workspace.

Audit all workspace members and their roles

1. GET https://api.pandadoc.com/public/v1/members?page=1&count=100 with admin API key.
2. Iterate through paginated results (increment 'page' until results array is empty or fewer than 'count' items returned).
3. For each member, record user_id, email, role, is_admin, and status fields.
4. Cross-reference against your HR system or IdP to identify orphaned accounts (status='active' but user no longer employed).
5. Call DELETE /public/v1/members/{membership_id} for any accounts to be removed.

Watch out for: The member list API is scoped to a single workspace. If your organization uses multiple PandaDoc workspaces, repeat this process with the API key for each workspace. There is no cross-workspace admin API.

The most significant integration caveat is the gap between what SCIM advertises and what it reliably delivers: community sources indicate that user attribute updates (name, email changes) via SCIM PATCH have limited support, making PandaDoc's SCIM implementation closer to create/deactivate-only in practice.

Email addresses cannot be updated via the member REST API either - users must change their own email through profile settings, breaking any automated identity graph sync that depends on canonical email as a join key.

OAuth 2.0 access tokens expire and require refresh token handling; API keys do not expire but carry no automatic rotation. The PATCH /public/v1/members/{membership_id} endpoint only accepts role and is_admin updates - it cannot be used to correct name or contact data pushed from an upstream identity source.

Teams building a full identity graph against PandaDoc should treat it as a write-limited node: reliable for provisioning and deprovisioning, unreliable for ongoing attribute synchronization without manual fallback.