Workspaces
Workspaces are the tenant boundary in Press.js Cloud. Deploys, upload sessions, render jobs, managed PDFs, API keys, webhook signing secrets, usage, billing, and audit logs all belong to a workspace.
Every user starts with a personal workspace. Additional workspaces start on a blank internal plan with zero usage, storage, membership, and audit capacity until that workspace upgrades to Pro from Billing.
Workspace limits
Section titled “Workspace limits”| Capability | Free | Starter | Pro |
|---|---|---|---|
| Personal workspace | ✓ | ✓ | ✓ |
| Members | Owner only | Owner only | Up to 5 |
| Audit logs | — | — | ✓ |
Each paid plan is bound to one workspace. Blank workspaces show Pro as the available upgrade path from Billing.
Workspace membership controls access on every request.
| Role | Capabilities |
|---|---|
| Owner | Full workspace administration, including owner-level member changes and all admin, editor, and viewer capabilities |
| Admin | Manage non-owner members, invitations, billing, workspace settings, API keys, workspace webhook secrets, and production aliases |
| Editor | Create and manage deploys, upload sessions, render jobs, deploy settings, preview aliases, render outputs, and managed PDF deletion/permanent links |
| Viewer | Read workspace resources, create download/preview links for render outputs and managed PDFs, and view audit logs on Pro |
Owner-level changes require an owner. Admins can manage day-to-day team operations while owner control stays with owners.
Invitations
Section titled “Invitations”Owners and admins can invite Pro workspace members by email from Workspace Settings. Invitees sign in with a verified email that matches the invitation, then join with the role selected by the inviter.
Invitation tokens are random, stored as hashes, expire after 7 days, and can be revoked before acceptance.
API keys and webhooks
Section titled “API keys and webhooks”API keys are workspace-scoped. A key can access resources in its workspace according to the creator’s active membership. If the creator is removed from the workspace, subsequent API requests with that key lose access.
Each workspace has a default webhook signing secret. Deploys can inherit the workspace secret or define a deploy-level secret. Both secrets are encrypted at rest, revealed on demand, and rotatable from settings.
Billing and audit logs
Section titled “Billing and audit logs”Billing is attached to the workspace. Upgrading a workspace to Pro unlocks audit logs and team membership for that workspace.
Audit logs cover membership, invitation, role, workspace settings, deploy, upload commit, render, PDF, billing, API key, and webhook signing secret write operations.