Summary and recommendation
Process Street exposes a REST API at https://api.process.st/api/v1, authenticated via a Bearer token generated in Settings → Integrations → API. The API is org-scoped - one key per organization, no OAuth 2.0 or per-user token flow. Core member operations are available: GET /members (list), GET /members/{memberId} (single lookup), POST /members (invite), DELETE /members/{memberId} (remove).
Group membership management is also supported via /groups and /groups/{groupId}/members endpoints. SCIM is not available as a native feature on any plan; Enterprise customers should contact Process Street sales for IdP provisioning options.
For identity graph construction, the user object exposes id, email, firstName, lastName, role, organizationId, status, and createdDate - sufficient to map Process Street membership into a cross-app identity graph, though the absence of a last-login field limits activity-based access review automation.
API quick reference
| Has user API | Yes |
| Auth method | API Key (Bearer token in Authorization header) |
| Base URL | Official docs |
| SCIM available | No |
| SCIM plan required | Enterprise |
Authentication
Auth method: API Key (Bearer token in Authorization header)
Setup steps
- Log in to Process Street as an admin.
- Navigate to Settings → Integrations → API.
- Generate an API key.
- Include the key in all requests as: Authorization: Bearer
User object / data model
| Field | Type | Description | On create | On update | Notes |
|---|---|---|---|---|---|
| id | string | Unique member identifier | system-generated | immutable | Used as path param in member endpoints |
| string | Member's email address | required | not updatable via API | Primary identifier for invitations | |
| firstName | string | Member's first name | optional | not documented | |
| lastName | string | Member's last name | optional | not documented | |
| username | string | Display username | optional | not documented | |
| role | string | Member role within the organization (e.g., admin, member) | optional | not documented | |
| organizationId | string | ID of the organization the member belongs to | system-assigned | immutable | |
| status | string | Membership status (e.g., active, invited) | system-assigned | not documented | |
| avatarUrl | string | URL of the member's avatar image | system-assigned | not documented | |
| createdDate | string (ISO 8601) | Timestamp when the member was created | system-generated | immutable |
Core endpoints
List organization members
- Method: GET
- URL:
https://api.process.st/api/v1/members - Watch out for: Returns members of the organization associated with the API key. No cross-org queries.
Request example
GET /api/v1/members
Authorization: Bearer <api_key>
Response example
{
"members": [
{
"id": "mem_abc123",
"email": "user@example.com",
"firstName": "Jane",
"lastName": "Doe",
"role": "member"
}
]
}
Get a single member
- Method: GET
- URL:
https://api.process.st/api/v1/members/{memberId} - Watch out for: Member must belong to the authenticated organization.
Request example
GET /api/v1/members/mem_abc123
Authorization: Bearer <api_key>
Response example
{
"member": {
"id": "mem_abc123",
"email": "user@example.com",
"firstName": "Jane",
"lastName": "Doe"
}
}
Invite a member to the organization
- Method: POST
- URL:
https://api.process.st/api/v1/members - Watch out for: Sends an invitation email; member is not active until they accept. Seat limits apply per plan.
Request example
POST /api/v1/members
Authorization: Bearer <api_key>
Content-Type: application/json
{"email": "newuser@example.com"}
Response example
{
"member": {
"id": "mem_xyz789",
"email": "newuser@example.com",
"status": "invited"
}
}
Remove a member from the organization
- Method: DELETE
- URL:
https://api.process.st/api/v1/members/{memberId} - Watch out for: Permanently removes the member from the org. Does not delete their Process Street account.
Request example
DELETE /api/v1/members/mem_abc123
Authorization: Bearer <api_key>
Response example
HTTP 200 OK
{}
List groups
- Method: GET
- URL:
https://api.process.st/api/v1/groups - Watch out for: Groups are org-scoped. Availability may depend on plan.
Request example
GET /api/v1/groups
Authorization: Bearer <api_key>
Response example
{
"groups": [
{"id": "grp_001", "name": "Engineering"}
]
}
Add member to a group
- Method: POST
- URL:
https://api.process.st/api/v1/groups/{groupId}/members - Watch out for: Member must already exist in the organization before being added to a group.
Request example
POST /api/v1/groups/grp_001/members
Authorization: Bearer <api_key>
Content-Type: application/json
{"memberId": "mem_abc123"}
Response example
HTTP 200 OK
{}
Remove member from a group
- Method: DELETE
- URL:
https://api.process.st/api/v1/groups/{groupId}/members/{memberId} - Watch out for: Only removes from the group; does not deactivate the org member.
Request example
DELETE /api/v1/groups/grp_001/members/mem_abc123
Authorization: Bearer <api_key>
Response example
HTTP 200 OK
{}
Rate limits, pagination, and events
- Rate limits: Process Street enforces rate limits on API requests; exact per-plan limits are not publicly documented.
- Rate-limit headers: Unknown
- Retry-After header: Unknown
- Rate-limit notes: Official documentation does not publish specific rate limit numbers. Contact Process Street support for current limits.
- Pagination method: offset
- Default page size: Not documented
- Max page size: Not documented
- Pagination pointer: offset
| Plan | Limit | Concurrent |
|---|---|---|
| All plans | Not publicly specified | 0 |
- Webhooks available: Yes
- Webhook notes: Process Street supports webhooks for workflow run and task events. User/member lifecycle events (invite, removal) are not explicitly documented as webhook triggers.
- Alternative event strategy: Poll GET /api/v1/members for membership changes; use Zapier or native integrations for event-driven member sync.
- Webhook events: workflow-run.created, workflow-run.completed, task.checked, task.unchecked
SCIM API status
- SCIM available: No
- SCIM version: Not documented
- Plan required: Enterprise
- Endpoint: Not documented
Limitations:
- SCIM provisioning is not available as a native feature per official documentation and context data.
- Enterprise plan customers should contact Process Street sales for provisioning options via Okta or Entra ID SSO integrations.
- Okta and Entra ID SSO are supported but automated SCIM user provisioning/deprovisioning is not confirmed as available.
Common scenarios
Three automation scenarios are well-supported by the current API surface.
For employee onboarding: POST /members to send an invitation, then poll GET /members until status transitions from 'invited' to 'active' before executing POST /groups/{groupId}/members - group assignment before activation may fail depending on API validation, so the status poll is not optional.
For offboarding: GET /members to resolve memberId by email, DELETE /members/{memberId} to remove org access, then verify via a follow-up GET. Critically, DELETE does not revoke SSO sessions or delete the underlying Process Street account; IdP-side revocation must be coordinated separately.
For directory sync: retrieve current group membership via GET /groups/{groupId}/members, diff against your source of truth, and apply POST/DELETE operations per delta.
This sync loop must be built and maintained without SCIM support, and rate limit exposure scales with org size - implement exponential backoff on 429 responses, as exact rate limits are not publicly documented.
Onboard a new employee
- POST /api/v1/members with {"email": "newuser@example.com"} to send an invitation.
- Poll GET /api/v1/members until the new member's status transitions from 'invited' to 'active'.
- POST /api/v1/groups/{groupId}/members to assign the member to the appropriate team group.
Watch out for: Member activation requires the user to accept the email invitation; status will remain 'invited' until then. Group assignment before activation may fail depending on API validation.
Offboard a departing employee
- GET /api/v1/members to find the member's id by email.
- DELETE /api/v1/members/{memberId} to remove them from the organization.
- Verify removal by confirming the member no longer appears in GET /api/v1/members response.
Watch out for: This does not revoke SSO sessions or delete the user's Process Street account. Coordinate with your IdP (Okta/Entra) to revoke SSO access simultaneously.
Sync team group membership from an external directory
- GET /api/v1/groups to retrieve all existing groups and their IDs.
- GET /api/v1/groups/{groupId}/members for each group to get current membership.
- Compare against your directory source of truth.
- POST /api/v1/groups/{groupId}/members for members to add; DELETE /api/v1/groups/{groupId}/members/{memberId} for members to remove.
Watch out for: No native SCIM support means this sync must be built and maintained manually or via an iPaaS tool. Rate limit exposure increases with org size; implement request throttling.
Why building this yourself is a trap
The primary API caveat is the absence of SCIM: there is no automated provisioning or deprovisioning handshake with Okta, Entra ID, or other IdPs, so any lifecycle automation must be custom-built and maintained. Rate limits are undocumented publicly; the only safe posture is to treat them as unknown and implement conservative throttling from the start.
Pagination via offset is not fully documented - page size defaults and maximums must be tested empirically for large member lists. Webhooks do not fire on member lifecycle events (invite, removal), so event-driven sync is not possible natively; polling GET /members is the only reliable detection mechanism for membership changes.
The 'invited' status gap means provisioning pipelines must account for an indeterminate window between API invite and user activation, during which group assignments may not be applicable.
Automate Process Street workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
