Join via Invite

A user joins a group using an invite link or QR code shared by an owner or admin.

Who Can Do This

Any authenticated user who is not already a member of the group.

Steps

  1. Receive an invite link (https://95octane.app/g/{groupId}?code={inviteCode}) or scan a QR code.
  2. The app opens the invite landing screen, which shows the group's name, description, base location, and member count. The link also carries OpenGraph metadata so messaging apps and social platforms display a preview of the same information when the link is shared.
  3. Tap Join.
  4. If the group requires approval, the request is submitted.
  5. If no approval is required, the user joins immediately.

Rules

  • Any user — including free users — can use an invite link.
  • The owner can generate and regenerate the invite link and QR code. Admins can access and share the current invite link and QR code but cannot regenerate it.
  • The invite link contains a code. The code does not change on its own or on a schedule — it only changes when the owner or admin manually regenerates it. A shared or bookmarked link keeps working until that happens. Once the code is regenerated, any link or QR code shared with the old code is no longer valid.
  • If inviteEnabled is disabled in group settings, invite links are deactivated. The link will not work even if the code is technically correct.
  • If requireApproval is enabled, the invite flow still creates a pending request — an invite does not bypass the approval requirement.
  • A user cannot use an invite link if they already have a pending request or are already a member.
  • This flow works for both public and private groups.

What Happens Next

  • Approval not required: The user becomes a member immediately. The group's owner and admins are notified that a new member has joined.
  • Approval required: The user sees a "Request sent" confirmation. Access is granted only after an owner or admin approves the request. The group's owner and admins are notified of the new request. See Approve or Reject a Join Request.

Failure Cases

  • Invalid or regenerated code: The invite code has been regenerated. The link no longer works. The user is shown an "Invalid invite link" message. Invite codes have no time-based expiry — a link only stops working when the owner manually regenerates the code.
  • Group is banned: The group has been banned by platform operators. The invite landing screen still shows the group's name, description, base location, and member count, alongside a message that the group is not currently accepting members. See Group Ban.
  • Invite disabled: The group has disabled invite links. The user is shown a message that the invite is not active.
  • Already a member: The user is taken to the group screen directly.
  • Pending request exists: The user cannot submit a new request until the existing one is resolved.
  • Group is archived: An archived group accepts no new members. An invite link to an archived group shows that the group is not currently accepting members. See Archive a Group.
  • Group no longer exists: If the group has been deleted, the invite link shows a "Group not found" message. See Delete a Group.
  • Group is frozen (owner lapsed): If the group's owner is no longer a subscriber, invite links and QR codes do not work. The invite landing screen shows that the group is not currently accepting new members. It accepts joins again once a subscriber takes ownership or the owner re-subscribes. See Frozen (owner lapsed).
  • User not authenticated: The app shows the invite landing screen and prompts the user to sign in or create an account. After authentication, the flow resumes from the group detail view.
  • User is blocked: If the user is on the group's blocklist, the join attempt fails with a generic error. The user is not informed they are blocked.
  • Join queue full: If the group already has 100 pending join requests, the join attempt fails with an "OVERBOOKED" error. The user can try again once the queue drops below the cap.

Security

Invite links are static and publicly shareable, which makes them a potential mass-join vector for no-approval groups. To mitigate abuse, the join endpoint is protected by:

  • CAPTCHA — enforced via Cloudflare to block automated join attempts.
  • IP-based rate limiting — enforced at the Cloudflare CDN layer to throttle high-volume join attempts from the same origin, even across different accounts.

Status: partially-live. Backend API (join via invite code) is complete. The groups module has not yet been built in the frontend.