Open the registration endpoint only if a valid invitation token is provided.
Then an admin has a form with one input field (an email address) and a submit button (Invite).
Looking at the original design spec, you could set up the whole invitations_tokens
like the users_tokens
is set up. The base logic behind the two should be more or less the same.