# vortex-rust-sdk
**Invitation infrastructure for modern apps**
Vortex handles the complete invitation lifecycle — sending invites via email/SMS/share links, tracking clicks and conversions, managing referral programs, and optimizing your invitation flows with A/B testing.
[Learn more about Vortex →](https://tryvortex.com)
## Why This SDK?
This backend SDK securely signs user data for Vortex components. Your API key stays on your server, while the signed token is passed to the frontend where Vortex components render the invitation UI.
- Keep your API key secure — it never touches the browser
- Sign user identity for attribution — know who sent each invitation
- Control what data components can access via scoped tokens
- Verify webhook signatures for secure event handling
## How It Works
Vortex uses a split architecture: your backend signs tokens with the SDK, and your frontend renders components that use those tokens to securely interact with Vortex.
```
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ Your Server │ │ User Browser │ │ Vortex Cloud │
│ (this SDK) │ │ (component) │ │ │
└────────┬────────┘ └────────┬────────┘ └────────┬────────┘
│ │ │
│ 1. generate_token() │ │
│◄──────────────────────│ │
│ │ │
│ 2. Return token │ │
│──────────────────────►│ │
│ │ │
│ │ 3. Component calls │
│ │ API with token │
│ │──────────────────────►│
│ │ │
│ │ 4. Render UI, │
│ │ send invitations │
│ │◄──────────────────────│
│ │ │
```
### Integration Flow
**1. Install the backend SDK** `[backend]`
Add this SDK to your Rust project
```rust
cargo add vortex-sdk
```
**2. Initialize the client** `[backend]`
Create a Vortex client with your API key (keep this on the server!)
```rust
use vortex_sdk::VortexClient;
let client = VortexClient::new(std::env::var("VORTEX_API_KEY")?);
```
**3. Generate a token for the current user** `[backend]`
When a user loads a page with a Vortex component, generate a signed token on your server
```rust
let payload = GenerateTokenPayload {
user: Some(TokenUser { id: user_id.into(), ..Default::default() }),
..Default::default()
};
let token = client.generate_token(payload, None)?;
```
**4. Pass the token to your frontend** `[backend]`
Include the token in your response
```rust
Json(json!({ "vortex_token": token }))
```
**5. Render a Vortex component with the token** `[frontend]`
Use the React/Angular/Web Component with the token
```rust
import { VortexInvite } from "@teamvortexsoftware/vortex-react";
<VortexInvite token={vortexToken} />
```
**6. Vortex handles the rest** `[vortex]`
The component securely communicates with Vortex servers, displays the invitation UI, sends emails/SMS, tracks conversions, and reports analytics
### Security Model
> ⚠️ **Important:** Your Vortex API key is a secret that grants full access to your account. It must never be exposed to browsers or client-side code.
By signing tokens on your server, you:
- Keep your API key secret (it never leaves your server)
- Control exactly what user data is shared with components
- Ensure invitations are attributed to real, authenticated users
- Prevent abuse — users can only send invitations as themselves
#### When Signing is Optional
Token signing is controlled by your component configuration in the Vortex dashboard.
---
## Quick Start
Generate a secure token for Vortex components
```rust
use vortex_sdk::{VortexClient, GenerateTokenPayload, TokenUser};
let client = VortexClient::new(std::env::var("VORTEX_API_KEY")?);
let payload = GenerateTokenPayload {
user: Some(TokenUser { id: "user-123".into(), email: Some("user@example.com".into()), ..Default::default() }),
..Default::default()
};
let token = client.generate_token(payload, None)?;
```
## Installation
```bash
cargo add vortex-sdk
```
## Initialization
```rust
let client = VortexClient::new(std::env::var("VORTEX_API_KEY")?);
```
### Environment Variables
| `VORTEX_API_KEY` | ✓ | Your Vortex API key |
## Core Methods
These are the methods you'll use most often.
### `generate_token()`
Generate a signed token for use with Vortex widgets
**Signature:**
```rust
fn generate_token(&self, payload: &GenerateTokenPayload, options: Option<&GenerateTokenOptions>) -> Result<String, VortexError>
```
**Parameters:**
| `payload` | `&GenerateTokenPayload` | ✓ | Data to sign (user, component, scope, vars, etc.) |
| `options` | `Option<&GenerateTokenOptions>` | | Optional configuration (expires_in) |
**Returns:** `Result<String, VortexError>`
_Added in v0.8.0_
---
### `get_invitation()`
Get a specific invitation by ID
**Signature:**
```rust
async fn get_invitation(&self, invitation_id: &str) -> Result<Invitation, VortexError>
```
**Parameters:**
| `invitation_id` | `&str` | ✓ | The invitation ID |
**Returns:** `Result<Invitation, VortexError>`
_Added in v0.1.0_
---
### `accept_invitation()`
Accept a single invitation (recommended method)
**Signature:**
```rust
async fn accept_invitation(&self, invitation_id: &str, user: crate::types::AcceptUser) -> Result<Invitation, VortexError>
```
**Parameters:**
| `invitation_id` | `&str` | ✓ | Single invitation ID to accept |
| `user` | `crate::types::AcceptUser` | ✓ | User object with email and/or phone |
**Returns:** `Result<Invitation, VortexError>`
**Example:**
```rust
use vortex_sdk::{VortexClient, AcceptUser};
let client = VortexClient::new("VRTX.key.secret".to_string());
let user = AcceptUser::new().with_email("user@example.com");
let result = client.accept_invitation("inv-123", user).await;
```
_Added in v0.6.0_
---
## All Methods
<details>
<summary>Click to expand full method reference</summary>
### `get_invitations_by_target()`
Get invitations by target (email or sms)
**Signature:**
```rust
async fn get_invitations_by_target(&self, target_type: &str, target_value: &str) -> Result<Vec<Invitation>, VortexError>
```
**Parameters:**
| `target_type` | `&str` | ✓ | Type of target (email, phone) |
| `target_value` | `&str` | ✓ | The target value |
**Returns:** `Result<Vec<Invitation>, VortexError>`
_Added in v0.1.0_
---
### `revoke_invitation()`
Revoke (delete) an invitation
**Signature:**
```rust
async fn revoke_invitation(&self, invitation_id: &str) -> Result<(), VortexError>
```
**Parameters:**
| `invitation_id` | `&str` | ✓ | The invitation ID to revoke |
**Returns:** `Result<(), VortexError>`
_Added in v0.1.0_
---
### `accept_invitations()`
Accept multiple invitations
**Signature:**
```rust
async fn accept_invitations(&self, invitation_ids: Vec<String>, param: impl Into<crate::types::AcceptInvitationParam>) -> Result<Invitation, VortexError>
```
**Parameters:**
| `invitation_ids` | `Vec<String>` | ✓ | Vector of invitation IDs to accept |
| `param` | `impl Into<crate::types::AcceptInvitationParam>` | ✓ | User data (preferred) or legacy target format |
**Returns:** `Result<Invitation, VortexError>`
_Added in v0.1.0_
---
### `delete_invitations_by_scope()`
Delete all invitations for a specific scope
**Signature:**
```rust
async fn delete_invitations_by_scope(&self, scope_type: &str, scope: &str) -> Result<(), VortexError>
```
**Parameters:**
| `scope_type` | `&str` | ✓ | The scope type (organization, team, etc.) |
| `scope` | `&str` | ✓ | The scope identifier |
**Returns:** `Result<(), VortexError>`
_Added in v0.4.0_
---
### `get_invitations_by_scope()`
Get all invitations for a specific scope
**Signature:**
```rust
async fn get_invitations_by_scope(&self, scope_type: &str, scope: &str) -> Result<Vec<Invitation>, VortexError>
```
**Parameters:**
| `scope_type` | `&str` | ✓ | The scope type (organization, team, etc.) |
| `scope` | `&str` | ✓ | The scope identifier |
**Returns:** `Result<Vec<Invitation>, VortexError>`
_Added in v0.4.0_
---
### `reinvite()`
Reinvite a user (send invitation again)
**Signature:**
```rust
async fn reinvite(&self, invitation_id: &str) -> Result<Invitation, VortexError>
```
**Parameters:**
| `invitation_id` | `&str` | ✓ | The invitation ID to reinvite |
**Returns:** `Result<Invitation, VortexError>`
_Added in v0.2.0_
---
### `create_invitation()`
Create an invitation from your backend This method allows you to create invitations programmatically using your API key, without requiring a user JWT token. Useful for server-side invitation creation, such as "People You May Know" flows or admin-initiated invitations. - `email`: Send an email invitation - `sms`: Create an SMS invitation (short link returned for you to send) - `internal`: Create an internal invitation for PYMK flows (no email sent)
**Signature:**
```rust
async fn create_invitation(&self, request: CreateInvitationRequest) -> Result<CreateInvitationResponse, VortexError>
```
**Parameters:**
| `request` | `CreateInvitationRequest` | ✓ | |
**Returns:** `Result<CreateInvitationResponse, VortexError>`
**Example:**
```rust
use vortex_sdk::{VortexClient, CreateInvitationRequest, CreateInvitationTarget, Inviter, CreateInvitationScope};
async fn main() -> Result<(), Box<dyn std::error::Error>> {
let client = VortexClient::new("VRTX.xxx.yyy".to_string());
// Create an email invitation
let request = CreateInvitationRequest::new(
"widget-config-123",
CreateInvitationTarget::email("invitee@example.com"),
Inviter::new("user-456")
.with_email("inviter@example.com")
.with_user_name("John Doe"),
)
.with_groups(vec![
CreateInvitationScope::new("team", "team-789", "Engineering"),
]);
let result = client.create_invitation(request).await?;
// Create an internal invitation (PYMK flow - no email sent)
let request = CreateInvitationRequest::new(
"widget-config-123",
CreateInvitationTarget::internal("internal-user-abc"),
Inviter::new("user-456"),
)
.with_source("pymk");
let result = client.create_invitation(request).await?;
Ok(())
}
```
_Added in v0.1.0_
---
### `get_autojoin_domains()`
Get autojoin domains configured for a specific scope
**Signature:**
```rust
async fn get_autojoin_domains(&self, scope_type: &str, scope: &str) -> Result<AutojoinDomainsResponse, VortexError>
```
**Parameters:**
| `scope_type` | `&str` | ✓ | The type of scope (e.g., "organization", "team", "project") |
| `scope` | `&str` | ✓ | The scope identifier (customer's group ID) |
**Returns:** `Result<AutojoinDomainsResponse, VortexError>`
_Added in v0.6.0_
---
### `sync_internal_invitation()`
Configure autojoin domains for a specific scope
**Signature:**
```rust
async fn sync_internal_invitation(&self, request: &SyncInternalInvitationRequest) -> Result<SyncInternalInvitationResponse, VortexError>
```
**Parameters:**
| `request` | `&SyncInternalInvitationRequest` | ✓ | The configure autojoin request |
**Returns:** `Result<SyncInternalInvitationResponse, VortexError>`
**Example:**
```rust
use vortex_sdk::{VortexClient, SyncInternalInvitationRequest};
async fn main() -> Result<(), Box<dyn std::error::Error>> {
let client = VortexClient::new("VRTX.xxx.yyy".to_string());
let request = SyncInternalInvitationRequest::new(
"user-123", "user-456", "accepted", "component-uuid",
);
let result = client.sync_internal_invitation(&request).await?;
println!("Processed {} invitations", result.processed);
Ok(())
}
```
_Added in v0.6.0_
---
</details>
## Types
<details>
<summary>Click to expand type definitions</summary>
### `GenerateTokenPayload`
Payload for generate_token() - used to generate secure tokens for Vortex components
| `user` | `Option<TokenUser>` | | The authenticated user who will be using the Vortex component |
| `component` | `Option<String>` | | Component ID to generate token for (from your Vortex dashboard) |
| `scope` | `Option<String>` | | Scope identifier to restrict invitations (format: "scopeType:scopeId") |
| `vars` | `Option<HashMap<String, Value>>` | | Custom variables to pass to the component for template rendering |
### `TokenUser`
User data for token generation - represents the authenticated user sending invitations
| `id` | `String` | ✓ | Unique identifier for the user in your system. Used to attribute invitations. |
| `email` | `Option<String>` | | User's email address. Used for reply-to in invitation emails. |
| `name` | `Option<String>` | | Display name shown to invitation recipients (e.g., "John invited you") |
| `avatar_url` | `Option<String>` | | URL to user's avatar image. Displayed in invitation emails and widgets. |
| `admin_scopes` | `Option<Vec<String>>` | | List of scope IDs where this user has admin privileges |
| `allowed_email_domains` | `Option<Vec<String>>` | | Restrict invitations to specific email domains (e.g., ["acme.com"]) |
### `AcceptUser`
User data for accepting invitations - identifies who accepted the invitation
| `email` | `Option<String>` | | Email address of the accepting user. At least one of email or phone is required. |
| `phone` | `Option<String>` | | Phone number with country code. At least one of email or phone is required. |
| `name` | `Option<String>` | | Display name of the accepting user (shown in notifications to inviter) |
| `is_existing` | `Option<bool>` | | Whether user was already registered. Some(true)=existing, Some(false)=new signup, None=unknown. |
### `CreateInvitationTarget`
Target specification when creating an invitation - where to send the invite
| `target_type` | `String` | ✓ | Delivery channel: "email", "phone", "share", or "internal" |
| `value` | `String` | ✓ | Target address: email address, phone number with country code, or internal user ID |
| `name` | `Option<String>` | | Display name of the recipient (used in email greetings) |
### `CreateInvitationScope`
Scope specification when creating an invitation - what group/team to invite into
| `scope_type` | `String` | ✓ | Scope type (e.g., "team", "organization", "workspace") |
| `group_id` | `String` | ✓ | Your internal identifier for this scope/group |
| `name` | `String` | ✓ | Display name for the scope (shown in invitation emails) |
### `Identifier`
Email or phone identifier for looking up users
| `identifier_type` | `String` | ✓ | Identifier type: "email" or "phone" |
| `value` | `String` | ✓ | The email address or phone number (with country code for phone) |
### `ConfigureAutojoinRequest`
Request to configure autojoin domains for a scope
| `scope_type` | `String` | ✓ | Type of scope (e.g., "team", "workspace") |
| `scope_id` | `String` | ✓ | Your internal identifier for the scope |
| `domains` | `Vec<String>` | ✓ | List of email domains to enable autojoin for (e.g., ["acme.com"]) |
### `SyncInternalInvitationRequest`
Request to sync an internal invitation (for tracking invitations made outside Vortex)
| `inviter_id` | `String` | ✓ | Your internal user ID for the person who sent the invitation |
| `target` | `CreateInvitationTarget` | ✓ | The invitation recipient |
| `scopes` | `Option<Vec<CreateInvitationScope>>` | | Scopes/groups the invitation grants access to |
### `InvitationResult`
Complete invitation details as returned by the Vortex API
| `id` | `String` | ✓ | Unique identifier for this invitation |
| `account_id` | `String` | ✓ | Your Vortex account ID |
| `click_throughs` | `i32` | ✓ | Number of times the invitation link was clicked |
| `form_submission_data` | `Option<HashMap<String, serde_json::Value>>` | | Invitation form data submitted by the user, including invitee identifiers (such as email addresses, phone numbers, or internal IDs) and the values of any custom fields. |
| `configuration_attributes` | `Option<HashMap<String, serde_json::Value>>` | | Deprecated: Use form_submission_data instead. Contains the same data. |
| `created_at` | `String` | ✓ | ISO 8601 timestamp when the invitation was created |
| `deactivated` | `bool` | ✓ | Whether this invitation has been revoked or expired |
| `delivery_count` | `i32` | ✓ | Number of times the invitation was sent (including reminders) |
| `delivery_types` | `Vec<String>` | ✓ | Channels used to deliver: "email", "phone", "share", "internal" |
| `foreign_creator_id` | `String` | ✓ | Your internal user ID for the person who created this invitation |
| `invitation_type` | `String` | ✓ | Type: "single_use", "multi_use", or "autojoin" |
| `status` | `String` | ✓ | Current status: queued, sending, sent, delivered, accepted, shared |
| `target` | `Vec<InvitationTarget>` | ✓ | List of invitation recipients with their contact info and status |
| `views` | `i32` | ✓ | Number of times the invitation page was viewed |
| `groups` | `Vec<InvitationScope>` | ✓ | Scopes (teams/orgs) this invitation grants access to |
| `expired` | `bool` | ✓ | Whether this invitation has passed its expiration date |
| `expires` | `Option<String>` | | ISO 8601 timestamp when this invitation expires |
| `inviter` | `Option<Inviter>` | | Information about who sent the invitation |
### `InvitationTarget`
Target recipient of an invitation (from API response)
| `target_type` | `String` | ✓ | Delivery channel: "email", "phone", "share", or "internal" |
| `value` | `String` | ✓ | Target address: email, phone number with country code, or share link ID |
| `name` | `Option<String>` | | Display name of the recipient |
| `avatar_url` | `Option<String>` | | Avatar URL for the recipient |
| `status` | `Option<String>` | | Delivery status for this specific target |
### `InvitationScope`
Scope/group that the invitation grants access to (from API response)
| `id` | `String` | ✓ | Vortex internal UUID for this scope record |
| `account_id` | `String` | ✓ | Your Vortex account ID |
| `group_id` | `String` | ✓ | Your internal scope/group identifier |
| `scope_type` | `String` | ✓ | Scope type (e.g., "team", "organization", "workspace") |
| `name` | `String` | ✓ | Display name for the scope |
| `created_at` | `String` | ✓ | ISO 8601 timestamp when the scope was created |
### `InvitationAcceptance`
Details about an invitation acceptance event
| `id` | `String` | ✓ | Unique identifier for this acceptance record |
| `invitation_id` | `String` | ✓ | ID of the invitation that was accepted |
| `email` | `Option<String>` | | Email of the user who accepted |
| `phone` | `Option<String>` | | Phone of the user who accepted |
| `name` | `Option<String>` | | Name of the user who accepted |
| `is_existing` | `Option<bool>` | | Whether the user already had an account |
| `created_at` | `String` | ✓ | ISO 8601 timestamp when the acceptance occurred |
### `Inviter`
Information about the user who sent an invitation
| `id` | `String` | ✓ | Your internal user ID for the inviter |
| `email` | `Option<String>` | | Email address of the inviter |
| `name` | `Option<String>` | | Display name of the inviter |
| `avatar_url` | `Option<String>` | | Avatar URL of the inviter |
### `AutojoinDomain`
Autojoin domain configuration - users with matching email domains automatically join
| `id` | `String` | ✓ | Unique identifier for this autojoin configuration |
| `domain` | `String` | ✓ | Email domain that triggers autojoin (e.g., "acme.com") |
### `AutojoinDomainsResponse`
Response from get_autojoin_domains()
| `domains` | `Vec<AutojoinDomain>` | ✓ | List of configured autojoin domains |
### `SyncInternalInvitationResponse`
Response from sync_internal_invitation()
| `invitation` | `InvitationResult` | ✓ | The created or updated invitation |
| `created` | `bool` | ✓ | true if a new invitation was created, false if existing was updated |
### `VortexWebhookEvent`
Webhook event payload delivered to your endpoint
| `id` | `String` | ✓ | Unique identifier for this webhook delivery |
| `event_type` | `String` | ✓ | Event type (e.g., "invitation.accepted", "member.created") |
| `timestamp` | `String` | ✓ | ISO 8601 timestamp when the event occurred |
| `data` | `Value` | ✓ | Event-specific payload data (serde_json::Value) |
</details>
## Webhooks
Webhooks let your server receive real-time notifications when events happen in Vortex. Use them to sync invitation state with your database, trigger onboarding flows, update your CRM, or send internal notifications.
### Setup
1. Go to your Vortex dashboard → Integrations → Webhooks tab
2. Click "Add Webhook"
3. Enter your endpoint URL (must be HTTPS in production)
4. Copy the signing secret — you'll use this to verify webhook signatures
5. Select which events you want to receive
### Verifying Webhooks
Always verify webhook signatures using `VortexWebhooks::verify_signature()` to ensure requests are from Vortex.
The signature is sent in the `X-Vortex-Signature` header.
### Example: Axum webhook handler
```rust
use axum::{extract::State, http::HeaderMap, Json};
use vortex_sdk::VortexWebhooks;
async fn handle_webhook(
State(webhooks): State<VortexWebhooks>,
headers: HeaderMap,
body: String,
) -> Result<Json<serde_json::Value>, (StatusCode, String)> {
let signature = headers
.get("X-Vortex-Signature")
.and_then(|v| v.to_str().ok())
.ok_or((StatusCode::BAD_REQUEST, "Missing signature".into()))?;
// Verify the signature
if !webhooks.verify_signature(&body, signature) {
return Err((StatusCode::BAD_REQUEST, "Invalid signature".into()));
}
// Parse the event
let event = webhooks.parse_event(&body)?;
match event.event_type.as_str() {
"invitation.accepted" => {
// User accepted an invitation — activate their account
println!("Accepted: {:?}", event.data);
}
"member.created" => {
// New member joined via invitation
println!("New member: {:?}", event.data);
}
_ => {}
}
Ok(Json(serde_json::json!({ "received": true })))
}
```
### Common Use Cases
**Activate users on acceptance**
When invitation.accepted fires, mark the user as active in your database and trigger your onboarding flow.
**Track invitation performance**
Monitor email.delivered, email.opened, and link.clicked events to measure invitation funnel metrics.
**Sync team membership**
Use member.created and group.member.added to keep your internal membership records in sync.
**Alert on delivery issues**
Watch for email.bounced events to proactively reach out via alternative channels.
### Supported Events
| `invitation.created` | A new invitation was created |
| `invitation.accepted` | An invitation was accepted by the recipient |
| `invitation.deactivated` | An invitation was deactivated (revoked or expired) |
| `invitation.email.delivered` | Invitation email was successfully delivered |
| `invitation.email.bounced` | Invitation email bounced (invalid address) |
| `invitation.email.opened` | Recipient opened the invitation email |
| `invitation.link.clicked` | Recipient clicked the invitation link |
| `invitation.reminder.sent` | A reminder email was sent for a pending invitation |
| `member.created` | A new member was created from an accepted invitation |
| `group.member.added` | A member was added to a scope/group |
| `deployment.created` | A new deployment configuration was created |
| `deployment.deactivated` | A deployment was deactivated |
| `abtest.started` | An A/B test was started |
| `abtest.winner_declared` | An A/B test winner was declared |
| `email.complained` | Recipient marked the email as spam |
## Error Handling
All SDK errors extend `VortexError`.
| `VortexError::WebhookSignatureInvalid` | Returned when webhook signature verification fails. Check that you are using the raw request body and the correct signing secret. |
| `VortexError` | General error type for validation errors (e.g., missing API key, invalid parameters) |
---