diff --git a/server/api/admin/members/invite.post.js b/server/api/admin/members/invite.post.js
index 70e1c76..8918fb3 100644
--- a/server/api/admin/members/invite.post.js
+++ b/server/api/admin/members/invite.post.js
@@ -49,9 +49,7 @@ export default defineEventHandler(async (event) => {
         { expiresIn: '48h' },
       )
 
-      // Store jti for single-use enforcement in verify.post.js
-      member.magicLinkJti = jti
-      member.magicLinkJtiUsed = false
+      // Store jti for single-use enforcement in verify.post.js (set after email succeeds below)
 
       // Token in fragment — never hits server logs
       const loginLink = `${baseUrl}/verify#${token}`
@@ -87,11 +85,20 @@ export default defineEventHandler(async (event) => {
         continue
       }
 
-      // Mark member as active and record invite sent
-      member.status = 'active'
-      member.inviteEmailSent = true
-      member.inviteEmailSentAt = new Date()
-      await member.save()
+      // Mark member as active, record invite sent, store jti for single-use enforcement
+      await Member.findByIdAndUpdate(
+        member._id,
+        {
+          $set: {
+            magicLinkJti: jti,
+            magicLinkJtiUsed: false,
+            status: 'active',
+            inviteEmailSent: true,
+            inviteEmailSentAt: new Date(),
+          },
+        },
+        { runValidators: false }
+      )
 
       results.push({ memberId: member._id, email: member.email, success: true })
     } catch (err) {
diff --git a/server/plugins/validate-env.js b/server/plugins/validate-env.js
index 9f4b363..c190c4b 100644
--- a/server/plugins/validate-env.js
+++ b/server/plugins/validate-env.js
@@ -4,7 +4,6 @@ export default defineNitroPlugin(() => {
     'JWT_SECRET',
     'RESEND_API_KEY',
     'HELCIM_API_TOKEN',
-    'NUXT_PUBLIC_HELCIM_TOKEN',
   ]
 
   const missing = required.filter((key) => {