# Accounts & Teams Chaser supports personal accounts and organization accounts for team collaboration. ## Account types **Personal account** -- created automatically for every user. Resources created under a personal account are private to that user. **Organization account** -- created explicitly for team collaboration. Resources are shared among all organization members. ## Account selection Set the active account on any request: ```http X-Chaser-Account: Acme Engineering ``` Accepts: account ID, exact account name, or `personal`. If omitted, your personal account is used. All resources (sessions, workspaces, jobs, webhooks, billing, audit) are scoped to the active account. ## List and inspect accounts ```bash # List all accounts you belong to curl -sS "$CHASER_API_URL/v1/accounts" \ -H "Authorization: Bearer $CHASER_API_KEY" | jq # Get the resolved active account curl -sS "$CHASER_API_URL/v1/accounts/current" \ -H "Authorization: Bearer $CHASER_API_KEY" \ -H "X-Chaser-Account: Acme Engineering" | jq ``` ## Create an organization ```bash curl -sS "$CHASER_API_URL/v1/accounts/organizations" \ -H "Authorization: Bearer $CHASER_API_KEY" \ -H "Content-Type: application/json" \ -d '{"name": "Acme Engineering"}' | jq ``` ## Manage members Members have one of three roles: `owner`, `admin`, or `member`. ```bash # List members curl -sS "$CHASER_API_URL/v1/accounts/current/members" \ -H "Authorization: Bearer $CHASER_API_KEY" \ -H "X-Chaser-Account: Acme Engineering" | jq # Add a member curl -sS "$CHASER_API_URL/v1/accounts/current/members" \ -H "Authorization: Bearer $CHASER_API_KEY" \ -H "X-Chaser-Account: Acme Engineering" \ -H "Content-Type: application/json" \ -d '{"email": "teammate@example.com", "role": "admin"}' | jq # Update role curl -sS -X PATCH "$CHASER_API_URL/v1/accounts/current/members/" \ -H "Authorization: Bearer $CHASER_API_KEY" \ -H "X-Chaser-Account: Acme Engineering" \ -H "Content-Type: application/json" \ -d '{"role": "member"}' | jq # Remove a member curl -sS -X DELETE "$CHASER_API_URL/v1/accounts/current/members/" \ -H "Authorization: Bearer $CHASER_API_KEY" \ -H "X-Chaser-Account: Acme Engineering" ``` **Permissions:** - Any member can list members - Only owners and admins can add, update, or remove members - Only owners can add or modify owner memberships - The last owner cannot be removed or demoted ## Service accounts Service accounts provide non-human identities for automation. Each service account can have multiple scoped API keys. ```bash # Create a service account curl -sS "$CHASER_API_URL/v1/accounts/current/service-accounts" \ -H "Authorization: Bearer $CHASER_API_KEY" \ -H "X-Chaser-Account: Acme Engineering" \ -H "Content-Type: application/json" \ -d '{"name": "deploy-bot"}' | jq # Create a scoped API key for it curl -sS "$CHASER_API_URL/v1/accounts/current/service-accounts//keys" \ -H "Authorization: Bearer $CHASER_API_KEY" \ -H "X-Chaser-Account: Acme Engineering" \ -H "Content-Type: application/json" \ -d '{ "name": "deploy-key", "scopes": ["sessions.read", "sessions.write", "workspaces.read", "exec.write"] }' | jq ``` Service account keys can drive account-scoped session, workspace, exec, file transfer, audit, webhook, and MCP automation when granted the corresponding scopes. Only organization owners and admins can create, manage, and delete service accounts. ## API keys User API keys are bound to the account selected at creation time: ```bash # Create a key for the personal account curl -sS "$CHASER_API_URL/v1/keys" \ -H "Authorization: Bearer $CHASER_API_KEY" \ -H "X-Chaser-Account: personal" \ -H "Content-Type: application/json" \ -d '{"name": "personal-automation", "scopes": ["sessions.read", "exec.write"]}' | jq # Create a key for an organization curl -sS "$CHASER_API_URL/v1/keys" \ -H "Authorization: Bearer $CHASER_API_KEY" \ -H "X-Chaser-Account: Acme Engineering" \ -H "Content-Type: application/json" \ -d '{"name": "org-automation", "scopes": ["sessions.read", "exec.write"]}' | jq ``` A user API key cannot be used with a different `X-Chaser-Account` than the one it was created for. Create separate keys for each account context. For shared automation, prefer service accounts over individual user API keys.