This system powers how communities add, invite, and onboard members.
It supports:
- manual member creation
- automated onboarding
- website integrations
- hackathon registrations
- volunteer management
- sponsor/judge onboarding
Everything flows through one secure onboarding pipeline.
CommDesk uses a modern stack.
Desktop application built with Tauri
Frontend UI built with React
Backend API built with Node.js and Express
Database:
MongoDB
Email system:
Resend / SendGrid / AWS SES
The member system allows communities to:
add members
invite volunteers
onboard hackathon participants
register mentors
add judges
add sponsors
manage roles
integrate onboarding with websites
CommDesk becomes the central identity system for communities.
The most important concept is User vs Member.
User → authentication account
Member → role inside community
Example:
User
email: john@example.com
Member
community: Apex Circle
role: Mentor
This allows:
one user → multiple communities
Example:
User: Alice
Member:
GDG Ranchi → Volunteer
Apex Circle → Mentor
Members move through different states.
On Boarding
↓
Active
↓
Inactive
↓
Suspended
↓
Banned
Default when created:
On Boarding
Meaning:
invited but not activated
CommDesk supports three onboarding methods.
Community owner adds member manually.
Used for:
mentors
organizers
team members
Endpoint:
POST /api/v1/members
Authentication:
JWT
Used by:
owner
organizer
admin
Used by external systems.
Examples:
community website
hackathon website
event registration form
Endpoint:
POST /api/v1/members
Authentication:
API KEY
Example header:
Authorization: Bearer cd_live_92hfh3hf
Import hundreds of members at once.
Examples:
volunteers
students
hackathon participants
Endpoint:
POST /api/v1/members/import
Upload format:
CSV
Example CSV:
firstName,lastName,email,role
John,Doe,john@email.com,Volunteer
Alice,Lee,alice@email.com,Mentor
Instead of separate APIs, use one clean API.
POST /api/v1/members
The backend detects authentication type:
JWT → dashboard request
API KEY → external onboarding
Example request:
{
"firstName": "John",
"lastName": "Doe",
"email": "john@example.com",
"primaryRole": "Mentor",
"location": "Berlin",
"skills": ["React", "Node"],
"areaOfInterest": ["MENTORSHIP"],
"internalNotes": "Speaker for React workshops",
"accessLevel": {
"internalDashboard": true,
"comunityForum": true,
"adminControls": false,
"superAdmin": false
}
}Backend executes these steps:
validate request
identify community
check duplicate email
create user account if needed
create member record
set status = On Boarding
generate activation token
send onboarding email
log audit event
Members must activate account.
Activation email includes:
secure activation token
activation link
Example link:
https://commdesk.app/activate?token=abc123
POST /api/v1/auth/activate-member
Request:
{
"token": "abc123",
"password": "NewSecurePassword"
}Backend flow:
verify token
hash password
activate account
membershipStatus → Active
Never send passwords in email.
Instead use:
activation link
Benefits:
secure
modern onboarding
no password leaks
Example MongoDB document.
Member
{
_id
communityId
userId
firstName
lastName
email
primaryRole
location
skills
areaOfInterest
internalNotes
membershipStatus
accessLevel
profilePhotoUrl
onboardingSource
createdBy
createdAt
}
User
{
_id
email
passwordHash
emailVerified
createdAt
}
Communities generate API keys.
Example key:
cd_live_9f83hf93
Database schema:
ApiKey
{
keyHash
communityId
permissions
createdBy
active
}
Permissions example:
member:create
member:read
event:create
hackathon:register
CommDesk APIs allow communities to connect with:
community websites
hackathon portals
event landing pages
discord bots
mobile apps
Examples:
Show members on website:
GET /api/v1/members
Register participant:
POST /api/v1/members
Roles control what members can do.
Examples:
Founder
System Admin
Organizer
Mentor
Volunteer
Member
Judge
Sponsor
Permissions control:
event creation
member management
admin dashboard
API management
Your UI already includes:
internalDashboard
comunityForum
adminControls
superAdmin
These determine internal permissions.
Every important action is logged.
Examples:
member_created
member_invited
member_activated
member_role_changed
member_removed
Schema:
AuditLog
{
actorId
action
communityId
metadata
createdAt
}
Important protections.
100 onboarding requests/hour per API key
Use:
Zod
Prevent:
duplicate email
duplicate domain
IP tracking
API key throttling
Email templates required:
member_invitation
account_activation
password_reset
member_role_update
Recommended email services:
Resend
SendGrid
AWS SES
Track onboarding performance.
Example metrics:
members added
members activated
API onboarding
bulk imports
Endpoint:
GET /analytics/members
In the CommDesk desktop app:
Add Member page
Member List
Invitation Tracking
Role Management
Desktop benefits:
fast UI
native notifications
offline support
secure runtime
Dashboard onboarding:
owner logs in
↓
adds member
↓
status = On Boarding
↓
activation email sent
↓
member activates account
↓
status = Active
External onboarding:
community website form
↓
CommDesk API
↓
member created
↓
activation email sent