I’m experiencing an inconsistency between GUI functionality and API access for user invitations on my Monday.com account. The invite_users GraphQL mutation returns an “Unauthorized field or type” error, despite being able to successfully invite users through the web interface.
API Request Used
{
“query”: “mutation { invite_users (emails: [“usma64319@email.com”], product: work_management, user_role: GUEST) { errors { message code email } invited_users { id } } }”
}
Complete Error Response
{
“body”: {
“data”: {},
“errors”: [
{
“message”: “Unauthorized field or type”,
“path”: [“invite_users”],
“extensions”: {
“code”: “UNAUTHORIZED_FIELD_OR_TYPE”
}
}
],
“extensions”: {
“request_id”: “33e7a964-6461-9d14-88c5-17fc0daa13de”
}
}
}
Details of my setup:
-
Plan: Free plan (testing before upgrade)
-
Scopes granted:
users:read,users:write,account:read,boards:read,boards:write,workspaces:read,workspaces:write(and others) -
Token: Generated via OAuth, confirmed active
Additional context:
-
When I perform the same action through the monday.com UI (invite via email), it works fine. The invited user shows up in the
users {}query and returns a validid. -
The API, however, always returns the error above.
My questions:
-
Is the
invite_usersmutation restricted by plan (e.g. not supported on the Free plan)? -
Or is this error expected in the API but not the UI?
-
If not plan-related, are there additional scopes or permissions needed beyond
users:writefor this mutation to work?