diff --git a/app/__init__.py b/app/__init__.py
index 332e35edc..c56ec476c 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -108,6 +108,7 @@ def register_blueprint(application):
     from app.letters.rest import letter_job
     from app.billing.rest import billing_blueprint
     from app.organisation.rest import organisation_blueprint
+    from app.organisation.invite_rest import organisation_invite_blueprint
 
     service_blueprint.before_request(requires_admin_auth)
     application.register_blueprint(service_blueprint, url_prefix='/service')
@@ -181,6 +182,9 @@ def register_blueprint(application):
     organisation_blueprint.before_request(requires_admin_auth)
     application.register_blueprint(organisation_blueprint, url_prefix='/organisations')
 
+    organisation_invite_blueprint.before_request(requires_admin_auth)
+    application.register_blueprint(organisation_invite_blueprint)
+
 
 def register_v2_blueprints(application):
     from app.v2.inbound_sms.get_inbound_sms import v2_inbound_sms_blueprint as get_inbound_sms
diff --git a/app/organisation/invite_rest.py b/app/organisation/invite_rest.py
index 9b5f20d67..1357dc8c0 100644
--- a/app/organisation/invite_rest.py
+++ b/app/organisation/invite_rest.py
@@ -12,23 +12,30 @@ from app.dao.invited_org_user_dao import (
     get_invited_org_users_for_organisation
 )
 from app.dao.templates_dao import dao_get_template_by_id
+from app.errors import register_errors
 from app.models import EMAIL_TYPE, KEY_TYPE_NORMAL, InvitedOrganisationUser
 from app.notifications.process_notifications import persist_notification, send_notification_to_queue
-from app.schemas import invited_org_user_schema
-from app.errors import register_errors
+from app.schema_validation import validate
+from app.organisation.organisation_schema import (
+    post_create_invited_org_user_status_schema,
+    post_update_invited_org_user_status_schema
+)
 
-invite = Blueprint('invite', __name__, url_prefix='/organisation/<organisation_id>/invite')
+organisation_invite_blueprint = Blueprint(
+    'organisation_invite', __name__,
+    url_prefix='/organisation/<uuid:organisation_id>/invite')
 
-register_errors(invite)
+register_errors(organisation_invite_blueprint)
 
 
-@invite.route('', methods=['POST'])
+@organisation_invite_blueprint.route('', methods=['POST'])
 def create_invited_org_user(organisation_id):
-    request_json = request.get_json()
+    data = request.get_json()
+    validate(data, post_create_invited_org_user_status_schema)
 
     invited_org_user = InvitedOrganisationUser(
-        email_address=request_json['email_address'],
-        invited_by_id=request_json['invited_by'],
+        email_address=data['email_address'],
+        invited_by_id=data['invited_by'],
         organisation_id=organisation_id
     )
     save_invited_org_user(invited_org_user)
@@ -45,7 +52,7 @@ def create_invited_org_user(organisation_id):
             'org_name': invited_org_user.organisation.name,
             'url': invited_org_user_url(
                 invited_org_user.id,
-                request_json.get('invite_link_host'),
+                data.get('invite_link_host'),
             ),
         },
         notification_type=EMAIL_TYPE,
@@ -59,20 +66,21 @@ def create_invited_org_user(organisation_id):
     return jsonify(data=invited_org_user.serialize()), 201
 
 
-@invite.route('', methods=['GET'])
+@organisation_invite_blueprint.route('', methods=['GET'])
 def get_invited_org_users_by_organisation(organisation_id):
     invited_org_users = get_invited_org_users_for_organisation(organisation_id)
     return jsonify(data=[x.serialize() for x in invited_org_users]), 200
 
 
-@invite.route('/<invited_org_user_id>', methods=['POST'])
-def update_invited_org_user(organisation_id, invited_org_user_id):
+@organisation_invite_blueprint.route('/<invited_org_user_id>', methods=['POST'])
+def update_invited_org_user_status(organisation_id, invited_org_user_id):
     fetched = get_invited_org_user(organisation_id=organisation_id, invited_org_user_id=invited_org_user_id)
 
-    current_data = dict(fetched.serialize().items())
-    current_data.update(request.get_json())
-    update_dict = invited_org_user_schema.load(current_data).data
-    save_invited_org_user(update_dict)
+    data = request.get_json()
+    validate(data, post_update_invited_org_user_status_schema)
+
+    fetched.status = data['status']
+    save_invited_org_user(fetched)
     return jsonify(data=fetched.serialize()), 200
 
 
diff --git a/app/organisation/organisation_schema.py b/app/organisation/organisation_schema.py
index 830d2338e..48965682c 100644
--- a/app/organisation/organisation_schema.py
+++ b/app/organisation/organisation_schema.py
@@ -31,3 +31,27 @@ post_link_service_to_organisation_schema = {
     },
     "required": ["service_id"]
 }
+
+
+post_create_invited_org_user_status_schema = {
+    "$schema": "http://json-schema.org/draft-04/schema#",
+    "description": "POST create organisation invite schema",
+    "type": "object",
+    "properties": {
+        "email_address": {"type": "string", "format": "email_address"},
+        "invited_by": uuid,
+        "invite_link_host": {"type": "string"}
+    },
+    "required": ["email_address", "invited_by"]
+}
+
+
+post_update_invited_org_user_status_schema = {
+    "$schema": "http://json-schema.org/draft-04/schema#",
+    "description": "POST update organisation invite schema",
+    "type": "object",
+    "properties": {
+        "status": {"type": "string"}
+    },
+    "required": ["status"]
+}
diff --git a/app/schemas.py b/app/schemas.py
index a2105d059..5592026b1 100644
--- a/app/schemas.py
+++ b/app/schemas.py
@@ -100,8 +100,13 @@ class UserSchema(BaseSchema):
     class Meta:
         model = models.User
         exclude = (
-            "updated_at", "created_at", "user_to_service", "user_to_organisation"
-            "_password", "verify_codes")
+            "updated_at",
+            "created_at",
+            "user_to_service",
+            "user_to_organisation",
+            "_password",
+            "verify_codes"
+        )
         strict = True
 
     @validates('name')
diff --git a/tests/app/invite/test_invite_rest.py b/tests/app/invite/test_invite_rest.py
index 2071651a3..2a5450324 100644
--- a/tests/app/invite/test_invite_rest.py
+++ b/tests/app/invite/test_invite_rest.py
@@ -161,40 +161,6 @@ def test_get_invited_users_by_service_with_no_invites(client, notify_db, notify_
     assert len(json_resp['data']) == 0
 
 
-def test_get_invited_user_by_service_and_id(client, sample_service, sample_invited_user):
-    url = '/service/{}/invite/{}'.format(sample_service.id, sample_invited_user.id)
-
-    auth_header = create_authorization_header()
-
-    response = client.get(
-        url,
-        headers=[('Content-Type', 'application/json'), auth_header]
-    )
-    assert response.status_code == 200
-    json_resp = json.loads(response.get_data(as_text=True))
-
-    invite_email_address = sample_invited_user.email_address
-    invite_from = sample_service.users[0]
-
-    assert json_resp['data']['service'] == str(sample_service.id)
-    assert json_resp['data']['email_address'] == invite_email_address
-    assert json_resp['data']['from_user'] == str(invite_from.id)
-    assert json_resp['data']['id']
-
-
-def test_get_invited_user_by_service_but_unknown_invite_id_returns_404(client, sample_service):
-    unknown_id = uuid.uuid4()
-    url = '/service/{}/invite/{}'.format(sample_service.id, unknown_id)
-
-    auth_header = create_authorization_header()
-
-    response = client.get(
-        url,
-        headers=[('Content-Type', 'application/json'), auth_header]
-    )
-    assert response.status_code == 404
-
-
 def test_update_invited_user_set_status_to_cancelled(client, sample_invited_user):
     data = {'status': 'cancelled'}
     url = '/service/{0}/invite/{1}'.format(sample_invited_user.service_id, sample_invited_user.id)