# Wellesley Platform API Wellesley is a decentralized social platform built on top of ActivityPub. It operates as a federation of independent servers that exchange data using standard ActivityPub messages alongside custom extensions. The platform strives for Mastodon compatibility while introducing additional capabilities such as Groups, rich media, AI agents, and fine-grained access control. This API provides full access to the platform's functionality including user and account management, posting and feeds, group creation and moderation, notifications, real-time streaming, search, federated content delivery, AI agent configuration, and platform administration. Most endpoints accept and return JSON. Pagination follows cursor-based patterns using Link headers. **Authentication:** Endpoints that require authentication expect an `Authorization` header with a valid access token. Unauthenticated requests to protected endpoints will receive a 401 response. **RBAC (Role-Based Access Control):** Some endpoints are protected by RBAC permissions. When an endpoint description mentions "RBAC: requires ...", the caller must hold the listed permission(s) in addition to being authenticated. Requests that lack the required permissions will receive a 403 response. RBAC permissions are scoped to resources (e.g., Group, Post, User) and actions (e.g., Read, Write, Moderate), and are assigned through roles. Version: 1.0 ## Servers Simple setup, all in one. Digital Ocean ``` https://dust.allroads.social ``` Simple setup, db is separate. Digital Ocean ``` https://meteor.allroads.social ``` ## Security ### header Authentication token Type: apiKey In: header Name: Authorization ## Download OpenAPI description [Wellesley Platform API](https://docs.wellesley.social/_bundle/openapi.yaml) ## AI Agents The AI Agents API manages bot creation and configuration. Each bot is a user profile of type Service with a configuration profile that includes tools, triggers, and scope. Global bots operate in the global scope; group bots operate within a group scope. ### List bots - [GET /api/v1/ai-agents](https://docs.wellesley.social/openapi/ai-agents/paths/~1api~1v1~1ai-agents/get.md): Returns bots within the specified scope. RBAC: - requires ANY of AIAgents.Read, AIAgents.Manage, GroupAIAgents.Read, GroupAIAgents.Manage ### Create a bot - [POST /api/v1/ai-agents](https://docs.wellesley.social/openapi/ai-agents/paths/~1api~1v1~1ai-agents/post.md): Creates a new bot along with its configuration profile. Use scope='global' for platform-wide bots (requires AIAgents.Manage) or a group TypeId for group-scoped bots (requires GroupAIAgents.Manage). RBAC: - requires ANY of AIAgents.Manage, GroupAIAgents.Manage ### Report AI agent job execution result - [POST /api/v1/ai-agents/jobs/results](https://docs.wellesley.social/openapi/ai-agents/paths/~1api~1v1~1ai-agents~1jobs~1results/post.md): Service callback endpoint to report job status, usage counters, and token usage. RBAC: requires AIAgents.UpdateStats ### Retrieve posts for AI agents - [GET /api/v1/ai-agents/posts](https://docs.wellesley.social/openapi/ai-agents/paths/~1api~1v1~1ai-agents~1posts/get.md): Returns posts for AI agents. If ownerId is missing, retrieves posts from the global space (group_id is null) with PUBLIC visibility. Supports pagination and optional 'since' timestamp to fetch posts strictly newer than the given timestamp. RBAC: requires AIAgents.PostsRead ### Retrieve a bot - [GET /api/v1/ai-agents/{agentId}](https://docs.wellesley.social/openapi/ai-agents/paths/~1api~1v1~1ai-agents~1%7Bagentid%7D/get.md): Returns a bot by id within the specified scope. RBAC: - requires ANY of AIAgents.Read, AIAgents.Manage, GroupAIAgents.Read, GroupAIAgents.Manage ### Delete a bot - [DELETE /api/v1/ai-agents/{agentId}](https://docs.wellesley.social/openapi/ai-agents/paths/~1api~1v1~1ai-agents~1%7Bagentid%7D/delete.md): Deletes a bot and its profile within the specified scope. This operation is irreversible. RBAC: - requires ANY of AIAgents.Manage, GroupAIAgents.Manage ### Disable a bot - [PUT /api/v1/ai-agents/{agentId}/disable](https://docs.wellesley.social/openapi/ai-agents/paths/~1api~1v1~1ai-agents~1%7Bagentid%7D~1disable/put.md): Disables an enabled bot within the specified scope. RBAC: - requires ANY of AIAgents.Manage, GroupAIAgents.Manage ### Enable a bot - [PUT /api/v1/ai-agents/{agentId}/enable](https://docs.wellesley.social/openapi/ai-agents/paths/~1api~1v1~1ai-agents~1%7Bagentid%7D~1enable/put.md): Enables a bot within the specified scope. Optional version query parameter sets that version as current before enabling. RBAC: - requires ANY of AIAgents.Manage, GroupAIAgents.Manage ### Update AI agent profile - [PUT /api/v1/ai-agents/{agentId}/profile](https://docs.wellesley.social/openapi/ai-agents/paths/~1api~1v1~1ai-agents~1%7Bagentid%7D~1profile/put.md): Creates or replaces AI agent configuration profile within the specified scope. Payload may reset modelId to null and tools/triggers to empty lists; uploadIds controls attached documents. Budgets/rate limits can be set to null to remove limits. RBAC: - requires ANY of AIAgents.Manage, GroupAIAgents.Manage ### Update AI agent user profile - [PUT /api/v1/ai-agents/{agentId}/user](https://docs.wellesley.social/openapi/ai-agents/paths/~1api~1v1~1ai-agents~1%7Bagentid%7D~1user/put.md): Updates the bot user profile fields using the same update rules as UsersResource. Access is controlled by AI agents manage permissions and scope; agent self-auth is not required. RBAC: - requires ANY of AIAgents.Manage, GroupAIAgents.Manage ### List AI agent profile versions - [GET /api/v1/ai-agents/{agentId}/versions](https://docs.wellesley.social/openapi/ai-agents/paths/~1api~1v1~1ai-agents~1%7Bagentid%7D~1versions/get.md): Returns immutable profile version history for an agent. RBAC: - requires ANY of AIAgents.Read, AIAgents.Manage, GroupAIAgents.Read, GroupAIAgents.Manage ### Get AI agent version - [GET /api/v1/ai-agents/{agentId}/versions/{version}](https://docs.wellesley.social/openapi/ai-agents/paths/~1api~1v1~1ai-agents~1%7Bagentid%7D~1versions~1%7Bversion%7D/get.md): Returns a full AI agent object with the requested immutable profile version. RBAC: - requires ANY of AIAgents.Read, AIAgents.Manage, GroupAIAgents.Read, GroupAIAgents.Manage ## AI Models Endpoints for searching AI models and managing per-scope enablement. Models are catalog entries synced from models.dev. Use scope parameter with enable/disable endpoints to manage models per-scope. ### Search AI models - [GET /api/v1/ai-models](https://docs.wellesley.social/openapi/ai-models/paths/~1api~1v1~1ai-models/get.md): Search and filter AI models with pagination. Returns models matching all specified criteria with scoped enablement state. Searching for embedding models with specific vector dimension: For embedding models, the maxOutputTokens field in the model limits represents the embedding vector dimension (e.g., 1536 for OpenAI ada-002, 3072 for text-embedding-3-large). To find embedding models with a specific vector size, combine: - capabilities=EMBEDDINGS - filter to embedding models only - minMaxOutputTokens and maxMaxOutputTokens set to the desired dimension Example: To find embedding models with 1536-dimensional vectors: ?scope=global&capabilities=EMBEDDINGS&minMaxOutputTokens=1536&maxMaxOutputTokens=1536 RBAC: - requires ANY of AIModels.Read, GroupAIModels.Read ### Get an AI model - [GET /api/v1/ai-models/{modelId}](https://docs.wellesley.social/openapi/ai-models/paths/~1api~1v1~1ai-models~1%7Bmodelid%7D/get.md): Returns a single AI model by ID with scoped enablement state. RBAC: - requires ANY of AIModels.Read, GroupAIModels.Read ### List agents using scoped model configuration - [GET /api/v1/ai-models/{modelId}/agents](https://docs.wellesley.social/openapi/ai-models/paths/~1api~1v1~1ai-models~1%7Bmodelid%7D~1agents/get.md): Returns AI agents that currently reference this model's scoped configuration in the given scope. RBAC: - requires ANY of AIModels.Manage, GroupAIModels.Manage ### Remove scoped model configuration - [DELETE /api/v1/ai-models/{modelId}/configure](https://docs.wellesley.social/openapi/ai-models/paths/~1api~1v1~1ai-models~1%7Bmodelid%7D~1configure/delete.md): Removes scoped model enablement/configuration row for the model in the specified scope. RBAC: - requires ANY of AIModels.Manage, GroupAIModels.Manage ### Disable a model in a scope - [PUT /api/v1/ai-models/{modelId}/disable](https://docs.wellesley.social/openapi/ai-models/paths/~1api~1v1~1ai-models~1%7Bmodelid%7D~1disable/put.md): Disables a model in the specified scope. RBAC: - requires ANY of AIModels.Manage, GroupAIModels.Manage ### Enable a model in a scope - [PUT /api/v1/ai-models/{modelId}/enable](https://docs.wellesley.social/openapi/ai-models/paths/~1api~1v1~1ai-models~1%7Bmodelid%7D~1enable/put.md): Enables a model for use in the specified scope. Requires the provider to be configured with a valid API key in that scope. RBAC: - requires ANY of AIModels.Manage, GroupAIModels.Manage ### Get model migration path - [GET /api/v1/ai-models/{modelId}/migration-path](https://docs.wellesley.social/openapi/ai-models/paths/~1api~1v1~1ai-models~1%7Bmodelid%7D~1migration-path/get.md): Returns the chain of models from the given model to the final active successor. Catalog-only, no scope needed. RBAC: - requires ANY of AIModels.Read, GroupAIModels.Read ### Resolve an AI model - [GET /api/v1/ai-models/{modelId}/resolve](https://docs.wellesley.social/openapi/ai-models/paths/~1api~1v1~1ai-models~1%7Bmodelid%7D~1resolve/get.md): Resolves a model by following the successor chain if deprecated. Returns the active model that should be used. Catalog-only, no scope needed. RBAC: - requires ANY of AIModels.Read, GroupAIModels.Read ## AI Providers Endpoints for viewing AI providers and configuring per-scope API keys. Providers are catalog entries synced from models.dev. Use scope='global' for platform-wide configuration (requires AIProviders permissions) or a group TypeId for group-specific configuration (requires GroupAIProviders permissions). ### List AI providers - [GET /api/v1/ai-providers](https://docs.wellesley.social/openapi/ai-providers/paths/~1api~1v1~1ai-providers/get.md): Returns all catalog AI providers with scoped configuration state (configured, hasApiKey, etc.). RBAC: - requires ANY of AIProviders.Read, GroupAIProviders.Read ### Get an AI provider - [GET /api/v1/ai-providers/{providerId}](https://docs.wellesley.social/openapi/ai-providers/paths/~1api~1v1~1ai-providers~1%7Bproviderid%7D/get.md): Returns a single AI provider by ID with scoped configuration state. RBAC: - requires ANY of AIProviders.Read, GroupAIProviders.Read ### List agents using scoped provider configuration - [GET /api/v1/ai-providers/{providerId}/agents](https://docs.wellesley.social/openapi/ai-providers/paths/~1api~1v1~1ai-providers~1%7Bproviderid%7D~1agents/get.md): Returns AI agents that currently use scoped models linked to this provider in the given scope. RBAC: - requires ANY of AIProviders.Manage, GroupAIProviders.Manage ### Remove scoped configuration for a provider - [DELETE /api/v1/ai-providers/{providerId}/configure](https://docs.wellesley.social/openapi/ai-providers/paths/~1api~1v1~1ai-providers~1%7Bproviderid%7D~1configure/delete.md): Removes the scoped provider record and scoped model records for the scope. Agents that were using those models are automatically disabled. RBAC: - requires ANY of AIProviders.Manage, GroupAIProviders.Manage ### Configure a provider for a scope - [PUT /api/v1/ai-providers/{providerId}/configure](https://docs.wellesley.social/openapi/ai-providers/paths/~1api~1v1~1ai-providers~1%7Bproviderid%7D~1configure/put.md): Sets or updates the API key and auth configuration for a provider in the given scope. Creates a scoped provider record if one doesn't exist. RBAC: - requires ANY of AIProviders.Manage, GroupAIProviders.Manage ### List models for this provider - [GET /api/v1/ai-providers/{providerId}/models](https://docs.wellesley.social/openapi/ai-providers/paths/~1api~1v1~1ai-providers~1%7Bproviderid%7D~1models/get.md): Returns all AI models for the specified provider with scoped enablement state. RBAC: - requires ANY of AIModels.Read, GroupAIModels.Read ## Accounts Account management and authentication endpoints. Handles user registration, login flows (email/phone), profile management, and account lifecycle operations. Supports multi-step signup with email/SMS verification, CAPTCHA, and optional admin approval. ### Signup - Step 4: Submit signup reason - [POST /api/v1/accounts/add-reason](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1add-reason/post.md): Step 4 of signup (if required): collects reason for joining the platform. Used for manual approval workflows. Notifies admins of pending registration. Required when registration mode is set to approval-based. ### Email/username authentication - [POST /api/v1/accounts/authenticate/email](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1authenticate~1email/post.md): Authenticates using email address or username with password. Returns a session token for authenticated requests. The system automatically detects whether the login field is an email (contains @) or username. Updates last sign-in timestamp on successful authentication. ### Phone number authentication - [POST /api/v1/accounts/authenticate/phone](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1authenticate~1phone/post.md): Two-step phone authentication process. First call sends SMS code to the phone number. Second call with the code completes authentication and returns session token. Phone number must be registered to an existing account. ### Change user display name - [PUT /api/v1/accounts/change/name](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1change~1name/put.md): Updates the display name for a specific user in the account. Can only change names for users belonging to the authenticated account. Specify user by either username or user ID. Changes are immediately reflected and streamed to connected clients. ### Verify CAPTCHA challenge - [POST /api/v1/accounts/check-captcha](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1check-captcha/post.md): Step 3 of signup (if enabled): validates CAPTCHA to prevent automated signups. Uses IP address for additional validation. Advances to next step on success. Skip if CAPTCHA is disabled in config. ### Signup - Step 2: Verify email with code - [POST /api/v1/accounts/confirm-email](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1confirm-email/post.md): Step 2 of email signup: validates the confirmation code sent to email. Advances registration to next step (CAPTCHA, reason, or account creation). Code expires after a set time and has limited retry attempts. ### Signup - Step 2: Verify phone with code - [POST /api/v1/accounts/confirm-phone](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1confirm-phone/post.md): Step 2 of phone signup: validates the SMS code sent to phone number. Advances registration to next step (CAPTCHA, reason, or account creation). Code expires after a set time and has limited retry attempts. ### Delete current account - [DELETE /api/v1/accounts/delete](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1delete/delete.md): Permanently deletes the authenticated account and all associated users. Sends deletion notifications to federated followers. Cannot delete if it's the last admin account on the server. This operation is irreversible - all data including posts, follows, and media will be removed. ### Signup - Final Step: Complete account creation - [POST /api/v1/accounts/finish-creating](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1finish-creating/post.md): Final step of signup: creates the account and user after all validations pass. Returns account details with authentication token for immediate login. Sends welcome email if applicable. Can optionally update username at this stage. ### Retrieve token for approved phone account - [PUT /api/v1/accounts/get-token/{hash}](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1get-token~1%7Bhash%7D/put.md): One-time token retrieval for phone-based accounts approved by admin. Used when admin manually approves a phone registration. The signup request is deleted after successful token generation. Only works for accounts in USER step of registration. ### Get current account profile - [GET /api/v1/accounts/profile](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1profile/get.md): Returns the authenticated account with all associated users. Most accounts have a single user, but the system supports multiple users per account. Requires authentication token. ### Resend verification code - [PUT /api/v1/accounts/resend-code/{hash}](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1resend-code~1%7Bhash%7D/put.md): Resends verification code via email or SMS based on registration type. Automatically detects whether to send email or SMS from the signup request. Rate limited to prevent abuse. Use when code was not received or expired. ### Resend confirmation email - [PUT /api/v1/accounts/resend-email/{hash}](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1resend-email~1%7Bhash%7D/put.md): Resends the email verification code for pending registrations. Use when the initial email was not received or code expired. Rate limited to prevent abuse. Deprecated - use /resend-code instead. ### Signup - Step 1: Start email signup process - [POST /api/v1/accounts/signup](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1signup/post.md): Initiates account registration with email verification. Step 1 of multi-step signup: validates input, checks availability, sends confirmation email. Returns registration hash for tracking signup progress. Username must not be reserved, email must be unique and not blocked. ### Signup - Step 1: Start phone signup process - [POST /api/v1/accounts/signup-phone](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1signup-phone/post.md): Initiates account registration with phone verification. Step 1 of multi-step signup: validates input, checks availability, sends SMS code. Returns registration hash for tracking signup progress. Username must not be reserved, phone number must be unique. ### Switch between account users - [POST /api/v1/accounts/user/reselect-user](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1user~1reselect-user/post.md): Generates a new token for a different user within the same account. Useful for accounts with multiple users to switch active user context. Either userId or userName must be provided. Only users belonging to the authenticated account can be selected. ### Get account users with owned groups - [GET /api/v1/accounts/users-owned-groups](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1users-owned-groups/get.md): Returns all users belonging to the authenticated account and, for each user, the list of groups they own. Useful for account-level management and confirmation workflows. ## Addresses Endpoints for suggesting and validating physical addresses ### Suggest addresses for the given address part - [GET /api/v1/addresses/suggest](https://docs.wellesley.social/openapi/addresses/paths/~1api~1v1~1addresses~1suggest/get.md) ## Admin Accounts Administrative endpoints for account and user management. Provides comprehensive tools for managing user accounts, including creation, deletion, role assignment, password management, state changes, and user impersonation for bot accounts. Requires Users.Manage permission unless otherwise noted on individual endpoints. ### Retrieve account information by ID - [GET /api/v1/admin/account/{accountId}](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1account~1%7Baccountid%7D/get.md): Fetches comprehensive details about an account including its associated users. Returns account metadata (email, creation date) and all users linked to this account. Most accounts have a single user, but the system supports multiple users per account. RBAC: requires Users.Manage ### Change email address for an account - [PUT /api/v1/admin/change/email](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1change~1email/put.md): Administratively updates the email address for a user account. Can identify the user by username or user ID. The new email must be valid and unique in the system. This operation is logged for audit purposes and the change takes effect immediately. RBAC: requires Users.Manage ### Change password for an account - [PUT /api/v1/admin/change/password](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1change~1password/put.md): Administratively resets the password for a user account. Can identify the user by username or user ID. The new password should meet security requirements. This operation is logged for audit purposes and does not require knowing the current password. RBAC: requires Users.Manage ### Assign role to a user - [PUT /api/v1/admin/change/role/assign](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1change~1role~1assign/put.md): Assigns a server or group role to a user identified by username or user ID. Roles use the format 'Scope:RoleName' (e.g., 'System:ADMIN'). The change is audit-logged and streamed to the account's real-time channel. Requires Users.Manage permission. RBAC: requires Users.Manage ### Revoke role from a user - [PUT /api/v1/admin/change/role/revoke](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1change~1role~1revoke/put.md): Revokes a role from a user identified by username or user ID. Cannot revoke the System:ADMIN role if it is the last remaining admin on the server. The change is audit-logged and streamed to the account's real-time channel. Requires Users.Manage permission. RBAC: requires Users.Manage ### Create a new account with initial user - [POST /api/v1/admin/create-account](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1create-account/post.md): Creates a new account with an initial user profile. The account will have a unique email and the user will have a unique username. This endpoint validates that the username is not reserved, the username doesn't already exist, and the email is not already registered. Returns the created account with its associated user information. RBAC: requires Users.Manage ### Create a new user under an existing account - [POST /api/v1/admin/create-user](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1create-user/post.md): Creates a new user profile under an existing account. The user will have a unique username within the account's domain. This endpoint validates that the username is not reserved, the username doesn't already exist, and the associated account exists. Returns the created user information. RBAC: requires Users.Manage ### Delete an account with all associated users - [DELETE /api/v1/admin/delete](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1delete/delete.md): Permanently deletes an account and all its associated users. Can identify the account by email address, account ID, or username. This operation notifies followers on remote servers about the deletion and marks all associated content appropriately. This action is irreversible. Administrators cannot delete their own account through this endpoint. RBAC: requires Users.Manage ### Delete a user - [DELETE /api/v1/admin/delete-user](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1delete-user/delete.md): Permanently deletes a user profile. Can identify the user by username or user ID. This operation notifies followers on remote servers about the deletion and marks all associated content appropriately. This action is irreversible. Administrators cannot delete their own user profile through this endpoint. RBAC: requires Users.Manage ### Impersonate a user - [GET /api/v1/admin/impersonate](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1impersonate/get.md): Allows a service to impersonate a user by their username. This will return a token that can be used to act on behalf the user's account. Only bots can be impersonated, not regular users. RBAC: - requires ALL of Users.Manage, Users.Impersonate ### Permanently purge an account from the system - [DELETE /api/v1/admin/purge](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1purge/delete.md): Force-deletes an account and all associated data, even if previously soft-deleted. This operation bypasses normal deletion safeguards and completely removes all traces of the account from the system. Use with extreme caution as this action is irreversible and cannot be recovered. Administrators cannot purge their own account. RBAC: requires Users.Manage ### Regenerate cryptographic keys for a user - [POST /api/v1/admin/regenerate-keys](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1regenerate-keys/post.md): Regenerates the Ed25519 cryptographic keys for a specified user. This is used for federation security and ActivityPub signatures. Can identify the user by username or user ID. The old keys are invalidated and new keys are generated immediately. Remote servers will be notified of the key change through federation protocols. RBAC: requires Users.Manage ### Regenerate cryptographic keys for all users - [POST /api/v1/admin/regenerate-keys-all](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1regenerate-keys-all/post.md): Initiates a background job to regenerate Ed25519 cryptographic keys for all users in the system. This is typically used for security updates or key rotation policies. The operation runs asynchronously and processes users in batches. Returns a job ID that can be used to track progress. Default batch size is used unless specified. RBAC: requires Users.Manage ### Release a username for reuse - [POST /api/v1/admin/release-username](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1release-username/post.md): Administratively releases a username, making it available for new user registrations. This is typically used after account deletions or username changes to free up desirable usernames. The operation immediately makes the username available in the system. RBAC: requires Users.Manage ### Search for users - [GET /api/v1/admin/search](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1search/get.md): Performs an administrative search for users with multiple filter criteria. Can search by user ID, account ID, username, domain, display name, state, email, IP address, country, or role. Supports mixed search across username, display name, and email simultaneously. Results include detailed user information and support pagination and sorting. IP addresses are matched exactly, and country codes should use ISO 3166-1 alpha-2 format. RBAC: requires Users.Manage ### Update user moderation state - [POST /api/v1/admin/user/change-state](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1user~1change-state/post.md): Changes the moderation state of a user (e.g., ACTIVE, SUSPENDED, LIMITED). This affects what actions the user can perform on the platform. When suspending a user, their content may be hidden and followers on remote servers are notified. When unsuspending, the user's content is restored and remote servers are updated. Administrators cannot change their own state. Changes are logged for audit purposes and can be linked to moderation reports. RBAC: requires Users.Manage ### Bulk update user moderation states - [POST /api/v1/admin/user/change-state-bulk](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1user~1change-state-bulk/post.md): Changes the moderation state for multiple users in a single optimized operation. Performs one bulk DB update, submits jobs in batches for users transitioning to or from SUSPENDED, and distributes updates without per-user queries. RBAC: requires Users.Manage ### Retrieve detailed user information by ID - [GET /api/v1/admin/user/{userId}](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1user~1%7Buserid%7D/get.md): Fetches comprehensive details about a specific user including their account association, profile information, roles, state, statistics, and activity data. Requires either Users.Read or Users.Manage permission. RBAC: - requires ALL of Users.Manage - requires ANY of Users.Read, Users.Manage ## Admin ActivityPub Administrative endpoints for managing ActivityPub federation delivery. Provides tools to clear delivery error counters and restart delivery for specific remote domains. Requires Federation.Manage permission. ### Clear ActivityPub delivery errors for a domain - [POST /api/v1/admin/clear-ap-errors](https://docs.wellesley.social/openapi/admin-activitypub/paths/~1api~1v1~1admin~1clear-ap-errors/post.md): Resets the failure counter for the specified remote domain. Use this after a remote server has resolved its issues to allow federation delivery to resume. Requires Federation.Manage permission. RBAC: requires Federation.Manage ### Restart ActivityPub delivery for a domain - [POST /api/v1/admin/restart-ap-delivery](https://docs.wellesley.social/openapi/admin-activitypub/paths/~1api~1v1~1admin~1restart-ap-delivery/post.md): Marks the specified domain as available and restarts federation delivery. Use when a domain was previously marked unavailable due to repeated delivery failures and you want to force-resume communication. Requires Federation.Manage permission. RBAC: requires Federation.Manage ## Admin Audit Administrative endpoints for viewing and searching audit logs. Provides comprehensive logging of all security-relevant actions performed in the system, including account management, user changes, settings modifications, and moderation actions. Requires Audit.Read permission. ### List audit log entries - [GET /api/v1/admin/audit_log](https://docs.wellesley.social/openapi/admin-audit/paths/~1api~1v1~1admin~1audit_log/get.md): Retrieves a paginated list of audit log entries with flexible filtering options. Returns security-relevant actions performed by users, accounts, or services within the platform. RBAC: requires Audit.Read ## Admin Domain Blocks Administrative APIs for managing domain blocks. Provides endpoints to block specific domains with different severity levels (SUSPEND, LIMIT, NOOP), update existing blocks, unblock domains, and list currently blocked domains. Domain blocks prevent or limit federation with specified domains. Write operations require Federation.Manage permission; read operations require Federation.Read or Federation.Manage permission. ### Update domain block - [PUT /api/v1/admin/domain-block](https://docs.wellesley.social/openapi/admin-domain-blocks/paths/~1api~1v1~1admin~1domain-block/put.md): Modifies an existing domain block with new settings. Can change the block severity, media/report rejection settings, comments, and obfuscation. Triggers background jobs if the state changes. RBAC: requires Federation.Manage ### List blocked domains (Admin) - [GET /api/v1/admin/domain-block](https://docs.wellesley.social/openapi/admin-domain-blocks/paths/~1api~1v1~1admin~1domain-block/get.md): Retrieves the complete list of domains that are blocked, including all metadata such as private comments, exact domain names, and internal settings. This endpoint is for administrators only. RBAC: - requires ANY of Federation.Read, Federation.Manage ### Block a domain - [POST /api/v1/admin/domain-block](https://docs.wellesley.social/openapi/admin-domain-blocks/paths/~1api~1v1~1admin~1domain-block/post.md): Creates a new domain block that prevents or limits interactions with the specified domain. The block severity can be SUSPEND (removes all content), LIMIT (hides posts from non-followers), or NOOP (only rejects media/reports). Cannot block the instance's own domain. RBAC: requires Federation.Manage ### Unblock a domain - [DELETE /api/v1/admin/domain-block/{domain}](https://docs.wellesley.social/openapi/admin-domain-blocks/paths/~1api~1v1~1admin~1domain-block~1%7Bdomain%7D/delete.md): Removes a block from a domain to allow interactions with it again. This triggers background jobs to restore any suspended accounts and content from the domain. RBAC: requires Federation.Manage ## Admin Domains Allow List Administrative endpoints for managing domain allowlists. When domain allowlisting is enabled, only domains in this list can federate with the instance. Write operations require Federation.Manage permission; read operations require Federation.Read or Federation.Manage permission. ### List allowed domains - [GET /api/v1/admin/domain-allow](https://docs.wellesley.social/openapi/admin-domains-allow-list/paths/~1api~1v1~1admin~1domain-allow/get.md): Retrieves a paginated list of all domains in the federation allowlist. This list determines which external instances can federate with this server when allowlisting is enabled. RBAC: - requires ANY of Federation.Read, Federation.Manage ### Add domain to allowlist - [POST /api/v1/admin/domain-allow](https://docs.wellesley.social/openapi/admin-domains-allow-list/paths/~1api~1v1~1admin~1domain-allow/post.md): Adds a domain to the federation allowlist. When domain allowlisting is enabled, only domains in this list can federate with the instance. Cannot add the instance's own domain. RBAC: requires Federation.Manage ### Remove domain from allowlist - [DELETE /api/v1/admin/domain-allow/{domain}](https://docs.wellesley.social/openapi/admin-domains-allow-list/paths/~1api~1v1~1admin~1domain-allow~1%7Bdomain%7D/delete.md): Removes a domain from the federation allowlist. This will trigger background jobs to unfederate with the domain and clean up any existing connections. RBAC: requires Federation.Manage ## Admin Email Allow List Administrative endpoints for managing the email domain allowlist used during user registration. When enabled, only email addresses from allowed domains can sign up. Write operations require AdminSettings.Manage permission; read operations require AdminSettings.Read or AdminSettings.Manage permission. ### List email allowed domains - [GET /api/v1/admin/email-allow](https://docs.wellesley.social/openapi/admin-email-allow-list/paths/~1api~1v1~1admin~1email-allow/get.md): Retrieves a paginated list of all domains in the email allowlist. RBAC: - requires ALL of AdminSettings.Manage - requires ANY of AdminSettings.Read, AdminSettings.Manage ### Add domain to email signup allowlist - [POST /api/v1/admin/email-allow](https://docs.wellesley.social/openapi/admin-email-allow-list/paths/~1api~1v1~1admin~1email-allow/post.md): Adds a domain to the email allowlist. Only emails from allowed domains can register when enabled. RBAC: requires AdminSettings.Manage ### Remove domain from email signup allowlist - [DELETE /api/v1/admin/email-allow/{domain}](https://docs.wellesley.social/openapi/admin-email-allow-list/paths/~1api~1v1~1admin~1email-allow~1%7Bdomain%7D/delete.md): Removes a domain from the email allowlist. RBAC: requires AdminSettings.Manage ## Admin Email Blocks Administrative APIs for managing email blocks to prevent unwanted signups. Supports blocking specific email addresses and entire domains. Email blocks are automatically normalized and checked during user registration. Requires Users.Moderate permission. ### List blocked email patterns - [GET /api/v1/admin/email-block](https://docs.wellesley.social/openapi/admin-email-blocks/paths/~1api~1v1~1admin~1email-block/get.md): Retrieves the complete list of email patterns and domains that are blocked for signups. Includes the blocking reason and timestamps for each pattern. Patterns are shown in their normalized form. RBAC: requires Users.Moderate ### Block email pattern - [POST /api/v1/admin/email-block](https://docs.wellesley.social/openapi/admin-email-blocks/paths/~1api~1v1~1admin~1email-block/post.md): Creates a new email block that prevents signups from the specified email pattern. Supports blocking: specific emails (user@example.com) or domain patterns (example.com). Patterns are automatically normalized for consistency. RBAC: requires Users.Moderate ### Unblock email pattern - [DELETE /api/v1/admin/email-block/{pattern}](https://docs.wellesley.social/openapi/admin-email-blocks/paths/~1api~1v1~1admin~1email-block~1%7Bpattern%7D/delete.md): Removes a block from an email pattern or domain to allow signups from it again. The pattern will be normalized before removal to match the stored format. RBAC: requires Users.Moderate ## Admin FASP Administrative endpoints for managing FASP (Fediverse Auxiliary Service Provider) provider registrations and default capability assignments. Allows accepting, declining, and blocking providers, as well as configuring which provider is the default for each capability. Read operations require Federation.Read or Federation.Manage permission; write operations require Federation.Manage permission. ### List default providers - [GET /api/v1/admin/fasp/defaults](https://docs.wellesley.social/openapi/admin-fasp/paths/~1api~1v1~1admin~1fasp~1defaults/get.md): Retrieves all default providers configured for each capability. RBAC: - requires ANY of Federation.Read, Federation.Manage ### Set default provider for capability - [PUT /api/v1/admin/fasp/defaults/{capability}](https://docs.wellesley.social/openapi/admin-fasp/paths/~1api~1v1~1admin~1fasp~1defaults~1%7Bcapability%7D/put.md): Sets the default FASP provider for a capability. The provider must be in ACCEPTED state and must support the specified capability. The change is audit-logged. Requires Federation.Manage permission. RBAC: requires Federation.Manage ### Remove default provider for capability - [DELETE /api/v1/admin/fasp/defaults/{capability}](https://docs.wellesley.social/openapi/admin-fasp/paths/~1api~1v1~1admin~1fasp~1defaults~1%7Bcapability%7D/delete.md): Removes the default FASP provider assignment for a capability. After removal, no default provider will be used for this capability until a new one is set. The change is audit-logged. Requires Federation.Manage permission. RBAC: requires Federation.Manage ### Get default provider for capability - [GET /api/v1/admin/fasp/defaults/{capability}](https://docs.wellesley.social/openapi/admin-fasp/paths/~1api~1v1~1admin~1fasp~1defaults~1%7Bcapability%7D/get.md): Retrieves the default provider for a specific capability. RBAC: - requires ANY of Federation.Read, Federation.Manage ### List FASP providers - [GET /api/v1/admin/fasp/providers](https://docs.wellesley.social/openapi/admin-fasp/paths/~1api~1v1~1admin~1fasp~1providers/get.md): Retrieves a list of all FASP providers with optional state filtering. RBAC: - requires ANY of Federation.Read, Federation.Manage ### Get FASP provider by ID - [GET /api/v1/admin/fasp/providers/{faspId}](https://docs.wellesley.social/openapi/admin-fasp/paths/~1api~1v1~1admin~1fasp~1providers~1%7Bfaspid%7D/get.md): Retrieves detailed information about a specific FASP provider. RBAC: - requires ANY of Federation.Read, Federation.Manage ### Accept FASP provider registration - [POST /api/v1/admin/fasp/providers/{faspId}/accept](https://docs.wellesley.social/openapi/admin-fasp/paths/~1api~1v1~1admin~1fasp~1providers~1%7Bfaspid%7D~1accept/post.md): Accepts a pending FASP provider registration, enabling it to provide capabilities to this instance. The state change is audit-logged. Requires Federation.Manage permission. RBAC: requires Federation.Manage ### Request backfill from FASP provider - [POST /api/v1/admin/fasp/providers/{faspId}/backfill](https://docs.wellesley.social/openapi/admin-fasp/paths/~1api~1v1~1admin~1fasp~1providers~1%7Bfaspid%7D~1backfill/post.md): Sends a backfill request to the specified FASP provider for the given content category. The remote provider will then deliver historical data back to this server. Requires Federation.Manage permission. RBAC: requires Federation.Manage ### Block FASP provider (stealth) - [POST /api/v1/admin/fasp/providers/{faspId}/block](https://docs.wellesley.social/openapi/admin-fasp/paths/~1api~1v1~1admin~1fasp~1providers~1%7Bfaspid%7D~1block/post.md): Blocks a FASP provider and removes it from default capability assignments. Future registration attempts from this provider will be silently ignored. The state change is audit-logged. Requires Federation.Manage permission. RBAC: requires Federation.Manage ### Update FASP provider capabilities - [POST /api/v1/admin/fasp/providers/{faspId}/capabilities](https://docs.wellesley.social/openapi/admin-fasp/paths/~1api~1v1~1admin~1fasp~1providers~1%7Bfaspid%7D~1capabilities/post.md): Updates the capabilities of a FASP provider. Activates newly enabled capabilities on the remote provider and merges new capabilities with existing ones. Requires Federation.Manage permission. RBAC: requires Federation.Manage ### Decline FASP provider registration - [POST /api/v1/admin/fasp/providers/{faspId}/decline](https://docs.wellesley.social/openapi/admin-fasp/paths/~1api~1v1~1admin~1fasp~1providers~1%7Bfaspid%7D~1decline/post.md): Declines a FASP provider registration by permanently deleting the provider and all associated subscriptions, defaults, backfill requests, debug callbacks, and preview-card trends. The deletion is audit-logged. Requires Federation.Manage permission. RBAC: requires Federation.Manage ## Admin FASP Remote Administrative endpoints for managing a remote FASP server. Allows Wellesley admins to configure connection to a FASP server and manage Fediverse server registrations remotely. ### List FASP backfill requests - [GET /api/v1/admin/fasp-remote/backfills](https://docs.wellesley.social/openapi/admin-fasp-remote/paths/~1api~1v1~1admin~1fasp-remote~1backfills/get.md): Lists all backfill requests on the FASP server. RBAC: - requires ANY of Federation.Read, Federation.Manage ### Get blocked domains - [GET /api/v1/admin/fasp-remote/blocklist](https://docs.wellesley.social/openapi/admin-fasp-remote/paths/~1api~1v1~1admin~1fasp-remote~1blocklist/get.md): Retrieves the list of blocked domains from the FASP server. RBAC: - requires ANY of Federation.Read, Federation.Manage ### Remove domain from blocklist - [DELETE /api/v1/admin/fasp-remote/blocklist/{domain}](https://docs.wellesley.social/openapi/admin-fasp-remote/paths/~1api~1v1~1admin~1fasp-remote~1blocklist~1%7Bdomain%7D/delete.md): Removes a domain from the FASP blocklist. The action is audit-logged. Requires Federation.Manage permission. RBAC: requires Federation.Manage ### Add domain to blocklist - [POST /api/v1/admin/fasp-remote/blocklist/{domain}](https://docs.wellesley.social/openapi/admin-fasp-remote/paths/~1api~1v1~1admin~1fasp-remote~1blocklist~1%7Bdomain%7D/post.md): Adds a domain to the FASP blocklist. Future content from this domain will be blocked. The action is audit-logged. Requires Federation.Manage permission. RBAC: requires Federation.Manage ### Remove FASP remote configuration - [DELETE /api/v1/admin/fasp-remote/config](https://docs.wellesley.social/openapi/admin-fasp-remote/paths/~1api~1v1~1admin~1fasp-remote~1config/delete.md): Removes the FASP remote admin configuration, disconnecting from the remote FASP server. The operation is audit-logged. Requires Federation.Manage permission. RBAC: requires Federation.Manage ### Get FASP remote configuration - [GET /api/v1/admin/fasp-remote/config](https://docs.wellesley.social/openapi/admin-fasp-remote/paths/~1api~1v1~1admin~1fasp-remote~1config/get.md): Returns the current FASP remote admin configuration with masked token. RBAC: - requires ANY of Federation.Read, Federation.Manage ### Configure FASP remote connection - [POST /api/v1/admin/fasp-remote/config](https://docs.wellesley.social/openapi/admin-fasp-remote/paths/~1api~1v1~1admin~1fasp-remote~1config/post.md): Sets up the connection to a remote FASP server by providing the base URL and admin token. Validates the connection before saving the configuration. The base URL is normalized before storage. The operation is audit-logged. Requires Federation.Manage permission. RBAC: requires Federation.Manage ### Trigger global state recovery - [POST /api/v1/admin/fasp-remote/recover-state](https://docs.wellesley.social/openapi/admin-fasp-remote/paths/~1api~1v1~1admin~1fasp-remote~1recover-state/post.md): Triggers global state recovery on the FASP server, rebuilding internal state from stored data. The action is audit-logged. Requires Federation.Manage permission. RBAC: requires Federation.Manage ### List server registrations - [GET /api/v1/admin/fasp-remote/registrations](https://docs.wellesley.social/openapi/admin-fasp-remote/paths/~1api~1v1~1admin~1fasp-remote~1registrations/get.md): Lists server registrations on the FASP server with optional status filter. RBAC: - requires ANY of Federation.Read, Federation.Manage ### Approve server registration - [POST /api/v1/admin/fasp-remote/registrations/{serverId}/approve](https://docs.wellesley.social/openapi/admin-fasp-remote/paths/~1api~1v1~1admin~1fasp-remote~1registrations~1%7Bserverid%7D~1approve/post.md): Approves a pending Fediverse server registration on the remote FASP server. The action is audit-logged with the server's domain. Requires Federation.Manage permission. RBAC: requires Federation.Manage ### Trigger backfill for a server - [POST /api/v1/admin/fasp-remote/registrations/{serverId}/backfill](https://docs.wellesley.social/openapi/admin-fasp-remote/paths/~1api~1v1~1admin~1fasp-remote~1registrations~1%7Bserverid%7D~1backfill/post.md): Triggers a data backfill for a specific server registration on the FASP server. The action is audit-logged. Requires Federation.Manage permission. RBAC: requires Federation.Manage ### Block server registration - [POST /api/v1/admin/fasp-remote/registrations/{serverId}/block](https://docs.wellesley.social/openapi/admin-fasp-remote/paths/~1api~1v1~1admin~1fasp-remote~1registrations~1%7Bserverid%7D~1block/post.md): Blocks a Fediverse server and its domain on the remote FASP server. Future registration attempts from this domain will be rejected. The action is audit-logged. Requires Federation.Manage permission. RBAC: requires Federation.Manage ### Decline server registration - [POST /api/v1/admin/fasp-remote/registrations/{serverId}/decline](https://docs.wellesley.social/openapi/admin-fasp-remote/paths/~1api~1v1~1admin~1fasp-remote~1registrations~1%7Bserverid%7D~1decline/post.md): Declines and permanently deletes a Fediverse server registration on the remote FASP server. The action is audit-logged. Requires Federation.Manage permission. RBAC: requires Federation.Manage ### Trigger state recovery for a server - [POST /api/v1/admin/fasp-remote/registrations/{serverId}/recover-state](https://docs.wellesley.social/openapi/admin-fasp-remote/paths/~1api~1v1~1admin~1fasp-remote~1registrations~1%7Bserverid%7D~1recover-state/post.md): Triggers state recovery for a specific server registration on the FASP server. The action is audit-logged. Requires Federation.Manage permission. RBAC: requires Federation.Manage ### Confirm token rotation - [POST /api/v1/admin/fasp-remote/rotate-token/confirm](https://docs.wellesley.social/openapi/admin-fasp-remote/paths/~1api~1v1~1admin~1fasp-remote~1rotate-token~1confirm/post.md): Confirms token rotation with the verification code and updates the stored token. RBAC: requires Federation.Manage ### Request admin token rotation - [POST /api/v1/admin/fasp-remote/rotate-token/request](https://docs.wellesley.social/openapi/admin-fasp-remote/paths/~1api~1v1~1admin~1fasp-remote~1rotate-token~1request/post.md): Requests a new admin token. A verification code will be sent to the configured admin email. RBAC: requires Federation.Manage ### Get FASP server statistics - [GET /api/v1/admin/fasp-remote/stats](https://docs.wellesley.social/openapi/admin-fasp-remote/paths/~1api~1v1~1admin~1fasp-remote~1stats/get.md): Retrieves statistics from the configured FASP server. RBAC: - requires ANY of Federation.Read, Federation.Manage ### List FASP subscriptions - [GET /api/v1/admin/fasp-remote/subscriptions](https://docs.wellesley.social/openapi/admin-fasp-remote/paths/~1api~1v1~1admin~1fasp-remote~1subscriptions/get.md): Lists all event subscriptions on the FASP server. RBAC: - requires ANY of Federation.Read, Federation.Manage ### Initiate admin token recovery - [POST /api/v1/admin/fasp-remote/token/recover](https://docs.wellesley.social/openapi/admin-fasp-remote/paths/~1api~1v1~1admin~1fasp-remote~1token~1recover/post.md): Initiates the admin token recovery flow by sending a verification code to the admin email. This proxies to the FASP server without the admin token (forgot-token flow). The action is audit-logged. Requires Federation.Manage permission. RBAC: requires Federation.Manage ### Confirm admin token recovery - [POST /api/v1/admin/fasp-remote/token/recover/confirm](https://docs.wellesley.social/openapi/admin-fasp-remote/paths/~1api~1v1~1admin~1fasp-remote~1token~1recover~1confirm/post.md): Confirms admin token recovery with the verification code. This proxies to the FASP server without the admin token (forgot-token flow). The action is audit-logged. Requires Federation.Manage permission. RBAC: requires Federation.Manage ### Check for FASP server updates - [GET /api/v1/admin/fasp-remote/update](https://docs.wellesley.social/openapi/admin-fasp-remote/paths/~1api~1v1~1admin~1fasp-remote~1update/get.md): Checks whether a newer version of the FASP server is available. RBAC: - requires ANY of Federation.Read, Federation.Manage ## Admin Federation Config Administrative endpoints for managing federation mode and allowlist in a single operation. ### Update federation config - [PUT /api/v1/admin/federation/config](https://docs.wellesley.social/openapi/admin-federation-config/paths/~1api~1v1~1admin~1federation~1config/put.md): Atomically updates federation mode and allowlist. Optionally triggers a purge of all non-allowlisted content. RBAC: requires Federation.Manage ### Get federation config - [GET /api/v1/admin/federation/config](https://docs.wellesley.social/openapi/admin-federation-config/paths/~1api~1v1~1admin~1federation~1config/get.md): Returns the current federation mode and the full allowlist. RBAC: - requires ANY of Federation.Read, Federation.Manage ## Admin Federation Metrics Administrative endpoints for monitoring and managing federation with other ActivityPub instances. Provides metrics on connected domains, user counts, post statistics, and federation health monitoring including sliding window performance metrics for inbox processing. Requires Federation.Read or Federation.Manage permission. ### List federated domains - [GET /api/v1/admin/federation](https://docs.wellesley.social/openapi/admin-federation-metrics/paths/~1api~1v1~1admin~1federation/get.md): Retrieves a paginated list of all domains this instance is federated with, including user counts, availability status, and blocking state. Supports filtering by domain name, availability, and block status. ### List tracked ActivityPub operations - [GET /api/v1/admin/federation/metrics/operations](https://docs.wellesley.social/openapi/admin-federation-metrics/paths/~1api~1v1~1admin~1federation~1metrics~1operations/get.md): Retrieves a list of all ActivityPub operations that have been tracked on this server. An operation combines the Activity type with the inner object type (if present). Examples: 'create-note' (Create activity with Note object), 'follow' (Follow activity), 'accept-follow' (Accept activity with Follow object), 'announce' (boost/reblog), 'undo-announce'. RBAC: - requires ANY of Federation.Read, Federation.Manage ### Get metrics for specific operation - [GET /api/v1/admin/federation/metrics/running-average-single](https://docs.wellesley.social/openapi/admin-federation-metrics/paths/~1api~1v1~1admin~1federation~1metrics~1running-average-single/get.md): Returns sliding window metrics for a single ActivityPub operation, including count, average processing time, and percentiles. The metrics are calculated over the specified time window. Returns 404 if no data exists for the operation or the window has expired. RBAC: - requires ANY of Federation.Read, Federation.Manage ### Get metrics for multiple operations - [GET /api/v1/admin/federation/metrics/running-averages-all](https://docs.wellesley.social/openapi/admin-federation-metrics/paths/~1api~1v1~1admin~1federation~1metrics~1running-averages-all/get.md): Returns sliding window metrics for all ActivityPub operations or a filtered subset. Only includes operations that have active data within the specified time window. Each operation's metrics include count, average processing time, and percentiles. RBAC: - requires ANY of Federation.Read, Federation.Manage ### Get domain federation details - [GET /api/v1/admin/federation/{domain}](https://docs.wellesley.social/openapi/admin-federation-metrics/paths/~1api~1v1~1admin~1federation~1%7Bdomain%7D/get.md): Retrieves detailed federation statistics for a specific domain, including user counts, post counts, follower/following relationships, reports, availability status, and blocking information. RBAC: - requires ANY of Federation.Read, Federation.Manage ## Admin Federation Mode Manage the federation mode of the instance (OPEN, LIMITED, CLOSED) ### Change federation mode - [PUT /api/v1/admin/federation/mode](https://docs.wellesley.social/openapi/admin-federation-mode/paths/~1api~1v1~1admin~1federation~1mode/put.md): Changes the federation mode. Switching to CLOSED purges all federated content. Switching from OPEN to LIMITED purges non-allowlisted content. RBAC: requires Federation.Manage ### Get current federation mode - [GET /api/v1/admin/federation/mode](https://docs.wellesley.social/openapi/admin-federation-mode/paths/~1api~1v1~1admin~1federation~1mode/get.md): Returns the current federation mode of the instance RBAC: - requires ANY of Federation.Read, Federation.Manage ## Admin Feeds Administrative endpoints for managing user feed caches. Provides tools for regenerating, clearing, and diagnosing cached home feeds stored in Redis. Feed regeneration recomputes the feed from the database and updates the cache. Requires Jobs.Manage permission. ### Clear user feed cache - [POST /api/v1/admin/feed/clear-user-feed](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1clear-user-feed/post.md): Removes cached feed data from Redis for specified user(s). If no user is specified, clears all cached feeds. Use with caution as this will force feed regeneration on next access. Returns the number of Redis keys deleted. RBAC: requires Jobs.Manage ### Get exact cached post count for user feed - [GET /api/v1/admin/feed/count-user-feed](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1count-user-feed/get.md): Returns the exact number of cached posts currently stored in Redis for a user's home feed. Requires exactly one of userId or username. RBAC: requires Jobs.Manage ### Diagnose user feed cache - [GET /api/v1/admin/feed/diagnose](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1diagnose/get.md): Compares the Redis-cached home feed against the database-generated feed for one or all recently active users. Returns detailed comparison results including exact match status, order mismatches, and missing/extra post IDs. Use filters to skip exact matches or order mismatches for easier debugging. Requires Jobs.Manage permission. RBAC: requires Jobs.Manage ### Get metrics across all operations - [GET /api/v1/admin/feed/metrics/global-all-operation](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1global-all-operation/get.md): Retrieves global aggregated metrics across all feed operations within a time window. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get global aggregated metrics - [GET /api/v1/admin/feed/metrics/global-single](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1global-single/get.md): Retrieves global aggregated feed performance metrics for a specific operation within a time window. Includes average times, total measurements, and user counts. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get feed metrics history - [GET /api/v1/admin/feed/metrics/history](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1history/get.md): Retrieves historical feed performance metrics for a specific operation and user. Returns a list of feed metrics ordered by timestamp. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get comprehensive feed metrics - [GET /api/v1/admin/feed/metrics/history/all](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1history~1all/get.md): Retrieves complete feed metrics history for a user across all operations. Returns a map where keys are operation types and values are lists of feed metrics. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get user running average - [GET /api/v1/admin/feed/metrics/running-average-single](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1running-average-single/get.md): Retrieves the running average performance metrics for a specific user and operation within a sliding time window. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get all user running averages - [GET /api/v1/admin/feed/metrics/running-averages-all](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1running-averages-all/get.md): Retrieves running average performance metrics for a specific user across all feed operations. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Identify slowest feed operations - [GET /api/v1/admin/feed/metrics/slowest-operations](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1slowest-operations/get.md): Analyzes and ranks feed operations by their average execution time across all users. Helps identify performance bottlenecks. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Identify users with performance issues - [GET /api/v1/admin/feed/metrics/slowest-users](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1slowest-users/get.md): Analyzes and identifies users experiencing the slowest feed operation times. Can analyze a specific operation or aggregate across all operations. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get performance leaderboards for all operations - [GET /api/v1/admin/feed/metrics/slowest-users-all](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1slowest-users-all/get.md): Retrieves performance leaderboards for all feed operations. Returns a map of operations to ranked user lists. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get performance leaderboard - [GET /api/v1/admin/feed/metrics/slowest-users-single](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1slowest-users-single/get.md): Retrieves a ranked list of users by their feed operation performance for a specific operation. Can show either slowest or fastest users based on sort order. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get comprehensive metrics summary - [GET /api/v1/admin/feed/metrics/summary](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1summary/get.md): Generates a complete summary of feed performance metrics across all operations, including totals and averages. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get comprehensive user counts - [GET /api/v1/admin/feed/metrics/user-count-all](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1user-count-all/get.md): Returns user counts for all feed operations within the time window. Returns a map structure for comprehensive analysis. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get active user count - [GET /api/v1/admin/feed/metrics/user-count-single](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1user-count-single/get.md): Returns the count of unique users who performed a specific feed operation within the time window. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Regenerate user feed cache - [POST /api/v1/admin/feed/regenerate-user-feed](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1regenerate-user-feed/post.md): Forces regeneration of cached feed data for specified user(s). If no user is specified, regenerates feeds for all recently active users (signed in within the last period). Returns the number of feeds queued for regeneration. RBAC: requires Jobs.Manage ## Admin Groups Administrative endpoints for managing groups, channels, and events. Provides search and listing capabilities for all groups on the server regardless of privacy or visibility. Requires Users.Read or Users.Manage permission. ### Search for groups - [GET /api/v1/admin/groups/search](https://docs.wellesley.social/openapi/admin-groups/paths/~1api~1v1~1admin~1groups~1search/get.md): Administrative search for groups with multiple filter criteria. Filters include member user/account linkage, group name, domain, privacy, visibility, and join mode. Returns groups regardless of visibility/privacy. RBAC: - requires ANY of Users.Read, Users.Manage ### Get groups by user roles - [GET /api/v1/admin/groups/user/{userId}](https://docs.wellesley.social/openapi/admin-groups/paths/~1api~1v1~1admin~1groups~1user~1%7Buserid%7D/get.md): Retrieves all groups where the specified user holds at least one of the given roles (e.g., owner, admin, moderator). Requires Users.Read or Users.Manage permission. RBAC: - requires ANY of Users.Read, Users.Manage ### Get groups owned by an account - [GET /api/v1/admin/groups/{accountId}](https://docs.wellesley.social/openapi/admin-groups/paths/~1api~1v1~1admin~1groups~1%7Baccountid%7D/get.md): Retrieves all groups where any user belonging to the specified account is the owner. Supports pagination. Requires Users.Read or Users.Manage permission. RBAC: - requires ANY of Users.Read, Users.Manage ### Get all channels for a group - [GET /api/v1/admin/groups/{groupId}/channels](https://docs.wellesley.social/openapi/admin-groups/paths/~1api~1v1~1admin~1groups~1%7Bgroupid%7D~1channels/get.md): Retrieves all channels belonging to a group. Channels are sub-users within a group that organize content into topics. Requires Users.Read or Users.Manage permission. RBAC: - requires ANY of Users.Read, Users.Manage ### Get group events - [GET /api/v1/admin/groups/{groupId}/events](https://docs.wellesley.social/openapi/admin-groups/paths/~1api~1v1~1admin~1groups~1%7Bgroupid%7D~1events/get.md): Retrieves all events associated with a group, skipping visibility checks. Optionally includes translations. Requires Users.Read or Users.Manage permission. RBAC: - requires ANY of Users.Read, Users.Manage ## Admin Jobs Administrative endpoints for monitoring and managing background job queues. Provides statistics, job listings, and queue monitoring for all asynchronous tasks such as federation delivery, media processing, and cleanup jobs. Requires Jobs.Read or Jobs.Manage permission. ### Clear all jobs for a status - [DELETE /api/v1/jobs/clear](https://docs.wellesley.social/openapi/admin-jobs/paths/~1api~1v1~1jobs~1clear/delete.md): Removes all jobs from the specified list. Cannot clear active jobs (would orphan coroutines). Requires Jobs.Manage permission. RBAC: - requires ALL of Jobs.Manage - requires ANY of Jobs.Read, Jobs.Manage ### List dead letter queue jobs - [GET /api/v1/jobs/dlq](https://docs.wellesley.social/openapi/admin-jobs/paths/~1api~1v1~1jobs~1dlq/get.md): Returns a paginated list of jobs in the dead letter queue (DLQ). These are jobs that failed deserialization and were moved out of normal processing. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Delete a specific job - [DELETE /api/v1/jobs/job](https://docs.wellesley.social/openapi/admin-jobs/paths/~1api~1v1~1jobs~1job/delete.md): Deletes a job from the specified list (submitted, finished, failed, retries, schedule, dlq). Cannot delete active jobs. Requires Jobs.Manage permission. RBAC: - requires ALL of Jobs.Manage - requires ANY of Jobs.Read, Jobs.Manage ### List all job types - [GET /api/v1/jobs/list-jobs](https://docs.wellesley.social/openapi/admin-jobs/paths/~1api~1v1~1jobs~1list-jobs/get.md): Returns a list of all available job types in the system. Supports pagination. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get statistics for a specific queue - [GET /api/v1/jobs/list-stats](https://docs.wellesley.social/openapi/admin-jobs/paths/~1api~1v1~1jobs~1list-stats/get.md): Returns detailed statistics for a specific job queue including counts of finished, failed, active, submitted, and retry jobs. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get statistics for all queues - [GET /api/v1/jobs/list-stats-all](https://docs.wellesley.social/openapi/admin-jobs/paths/~1api~1v1~1jobs~1list-stats-all/get.md): Returns aggregated statistics across all job queues including counts of finished, failed, active, submitted, scheduled, and retry jobs. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### List jobs by status in a queue - [GET /api/v1/jobs/lists](https://docs.wellesley.social/openapi/admin-jobs/paths/~1api~1v1~1jobs~1lists/get.md): Returns a paginated list of jobs with a specific status (finished, failed, active, submitted, retries, schedule, dlq) from a specific queue. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### List active job processor instances - [GET /api/v1/jobs/processes](https://docs.wellesley.social/openapi/admin-jobs/paths/~1api~1v1~1jobs~1processes/get.md): Returns all active job processor instances with their hostname, PID, and last heartbeat time. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get Redis server info - [GET /api/v1/jobs/redis-info](https://docs.wellesley.social/openapi/admin-jobs/paths/~1api~1v1~1jobs~1redis-info/get.md): Returns basic Redis server information including version, memory usage, and connected clients. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Retry a single failed job - [POST /api/v1/jobs/retry](https://docs.wellesley.social/openapi/admin-jobs/paths/~1api~1v1~1jobs~1retry/post.md): Moves a failed job back to the submitted queue with tries reset to 0. Requires Jobs.Manage permission. RBAC: - requires ALL of Jobs.Manage - requires ANY of Jobs.Read, Jobs.Manage ### Retry all failed jobs in a queue - [POST /api/v1/jobs/retry-all](https://docs.wellesley.social/openapi/admin-jobs/paths/~1api~1v1~1jobs~1retry-all/post.md): Moves all failed jobs in the specified queue back to submitted with tries reset. Requires Jobs.Manage permission. RBAC: - requires ALL of Jobs.Manage - requires ANY of Jobs.Read, Jobs.Manage ### Get overall job statistics - [GET /api/v1/jobs/stats](https://docs.wellesley.social/openapi/admin-jobs/paths/~1api~1v1~1jobs~1stats/get.md): Returns aggregated statistics for all finished and failed jobs across all queues. Requires Jobs.Read or Jobs.Manage permission. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get daily job statistics - [GET /api/v1/jobs/stats-per-day](https://docs.wellesley.social/openapi/admin-jobs/paths/~1api~1v1~1jobs~1stats-per-day/get.md): Returns job statistics broken down by day for the specified number of past days. Can be filtered by queue or aggregated across all queues. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get combined per-queue summary - [GET /api/v1/jobs/summary](https://docs.wellesley.social/openapi/admin-jobs/paths/~1api~1v1~1jobs~1summary/get.md): Returns a combined summary for all queues including job counts, latency, and worker configuration. Single call replaces multiple stats calls. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get worker configuration - [GET /api/v1/jobs/workers](https://docs.wellesley.social/openapi/admin-jobs/paths/~1api~1v1~1jobs~1workers/get.md): Returns static configuration for all registered workers including queue name, description, max retries, concurrency, and enabled status. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ## Admin Posts Administrative endpoints for managing posts. Provides moderation capabilities to delete posts that violate community guidelines or are part of reported content. Requires Reports.Manage permission. ### Delete posts - [POST /api/v1/admin/posts/delete](https://docs.wellesley.social/openapi/admin-posts/paths/~1api~1v1~1admin~1posts~1delete/post.md): Deletes posts for moderation purposes. Can delete a single post by its ID or all posts associated with a report. The deletion is permanent and includes creating audit logs and report notes. When deleting via reportId, all posts referenced in the report are deleted and the report is marked as actioned. RBAC: requires Reports.Manage ## Admin Remote Link Service Administrative endpoints for configuring a remote link preview service provider. This service fetches rich link previews (title, description, image) for URLs shared in posts. The provider must support the 'link_preview' FASP capability. Requires AdminSettings.Manage permission. ### Get current remote link preview service configuration - [GET /api/v1/admin/link-service](https://docs.wellesley.social/openapi/admin-remote-link-service/paths/~1api~1v1~1admin~1link-service/get.md): Returns the configured remote link preview service base URL if set; otherwise null. Requires AdminSettings.Manage permission. RBAC: requires AdminSettings.Manage ### Configure remote link preview service - [POST /api/v1/admin/link-service/configure](https://docs.wellesley.social/openapi/admin-remote-link-service/paths/~1api~1v1~1admin~1link-service~1configure/post.md): Validates the provided base URL, checks provider capabilities at /provider_info endpoint, and saves the configuration if the provider supports 'link_preview' capability. Requires AdminSettings.Manage permission. RBAC: requires AdminSettings.Manage ## Admin Signup Requests Administrative endpoints for managing user signup requests. Provides tools for reviewing, approving, rejecting, and managing signup requests in the moderation queue. Supports workflow for manual account approval when enabled. Read operations require Signups.Read or Signups.Manage permission; write operations require Signups.Manage permission. ### Approve a signup request - [PUT /api/v1/admin/signup_requests/approve/{hash}](https://docs.wellesley.social/openapi/admin-signup-requests/paths/~1api~1v1~1admin~1signup_requests~1approve~1%7Bhash%7D/put.md): Approves a pending signup request and creates the user account. Sends a welcome email to the user upon successful account creation. If username conflicts occur, sends an alternative email prompting the user to choose a different username. If email/phone conflicts occur, the request is deleted as the user likely already has an account. The operation is logged for audit purposes. RBAC: requires Signups.Manage ### Delete a signup request - [DELETE /api/v1/admin/signup_requests/delete/{hash}](https://docs.wellesley.social/openapi/admin-signup-requests/paths/~1api~1v1~1admin~1signup_requests~1delete~1%7Bhash%7D/delete.md): Permanently removes a signup request from the system without notifying the user. Use this for cleaning up invalid, duplicate, or spam requests. Unlike rejection, this does not send any notification to the applicant. The request cannot be recovered after deletion. RBAC: requires Signups.Manage ### List pending signup requests - [GET /api/v1/admin/signup_requests/list](https://docs.wellesley.social/openapi/admin-signup-requests/paths/~1api~1v1~1admin~1signup_requests~1list/get.md): Retrieves a paginated list of signup requests awaiting admin approval. Can filter by email address, request hash, or originating IP address. Results are sorted by creation date (newest first) by default. Only shows requests at the ADMIN approval step. RBAC: - requires ANY of Signups.Read, Signups.Manage ### Reject a signup request - [PUT /api/v1/admin/signup_requests/reject/{hash}](https://docs.wellesley.social/openapi/admin-signup-requests/paths/~1api~1v1~1admin~1signup_requests~1reject~1%7Bhash%7D/put.md): Rejects a pending signup request and permanently removes it from the queue. Sends a rejection email to the applicant with an optional reason for the rejection. This action is final and the user would need to submit a new signup request. The rejection is logged for audit purposes. RBAC: requires Signups.Manage ## Admin Uploads Administrative endpoints for managing file uploads and media storage. Provides tools for monitoring user storage usage, searching uploaded files, and managing upload processing jobs. Supports queue management for async upload processing workflows. Requires Uploads.Read permission. ### List upload processing jobs in queue - [GET /api/v1/admin/uploads/jobs/queue/{queueName}](https://docs.wellesley.social/openapi/admin-uploads/paths/~1api~1v1~1admin~1uploads~1jobs~1queue~1%7Bqueuename%7D/get.md): Retrieves upload processing jobs from a specific queue (submitted, in_progress, or completed). Used to monitor the status of async upload processing tasks such as image resizing, video encoding, or thumbnail generation. Supports filtering by upload type and sorting by various fields like submission time or processing duration. RBAC: requires Uploads.Read ### Get upload job queue summaries - [GET /api/v1/admin/uploads/jobs/summary](https://docs.wellesley.social/openapi/admin-uploads/paths/~1api~1v1~1admin~1uploads~1jobs~1summary/get.md): Retrieves summary statistics for all upload processing queues, showing counts of jobs in submitted, in-progress, and completed states. Provides a high-level overview of the upload processing system's current workload and performance. Useful for monitoring system health and identifying processing bottlenecks. RBAC: requires Uploads.Read ### Search user uploads with filters - [GET /api/v1/admin/uploads/search](https://docs.wellesley.social/openapi/admin-uploads/paths/~1api~1v1~1admin~1uploads~1search/get.md): Searches and retrieves uploads for a specific user with optional filtering by upload type (IMAGE, VIDEO, AUDIO, DOCUMENT) and tags (Avatar, Header, Post, etc.). Supports pagination for large result sets. Returns upload metadata including file information, processing status, and associated tags. RBAC: requires Uploads.Read ### Get user storage information - [GET /api/v1/admin/uploads/storage/{userId}](https://docs.wellesley.social/openapi/admin-uploads/paths/~1api~1v1~1admin~1uploads~1storage~1%7Buserid%7D/get.md): Retrieves detailed storage usage information for a specific user, including total storage used, file counts by type, and storage limits. Useful for monitoring user storage consumption and enforcing quotas. RBAC: requires Uploads.Read ### Get upload processing logs - [GET /api/v1/admin/uploads/{uploadId}/logs](https://docs.wellesley.social/openapi/admin-uploads/paths/~1api~1v1~1admin~1uploads~1%7Buploadid%7D~1logs/get.md): Retrieves detailed processing logs for a specific upload, including workflow steps, timestamps, and any errors encountered during processing. Useful for debugging upload issues. Requires Uploads.Read permission. RBAC: requires Uploads.Read ## Aliases User alias management for account migration and identity linking. Aliases allow a user to declare previous identities on remote federated servers, which is required for ActivityPub account migration. All endpoints require authentication. ### List of aliases - [GET /api/v1/user-alias](https://docs.wellesley.social/openapi/aliases/paths/~1api~1v1~1user-alias/get.md): Returns all aliases registered for the authenticated user as a list of ActivityPub URIs. Requires authentication. ### Remove alias - [DELETE /api/v1/user-alias](https://docs.wellesley.social/openapi/aliases/paths/~1api~1v1~1user-alias/delete.md): Removes an existing alias from the authenticated user by its ActivityPub URI. Requires authentication. ### Create alias - [POST /api/v1/user-alias](https://docs.wellesley.social/openapi/aliases/paths/~1api~1v1~1user-alias/post.md): Adds a remote account alias for the authenticated user. The acct parameter must include a domain (e.g., 'user@remote.social'). The remote actor is fetched and verified via ActivityPub before the alias is saved. Used to declare a previous identity for account migration. Requires authentication. ## Application Data Endpoints for managing application-specific data storage. Provides a flexible key-value storage system for applications to store custom data associated with users, groups, or the platform. Supports tagging, filtering, and ownership-based access control. ### Query application data with filters - [GET /api/v1/apps/{appId}/data](https://docs.wellesley.social/openapi/application-data/paths/~1api~1v1~1apps~1%7Bappid%7D~1data/get.md): Retrieves application data entries based on filter criteria. Can filter by data type, tags (multiple tags are AND-ed), and owner. The user must have read permissions for the specified owner if filtering by owner. Returns all matching entries for the application. Without filters, returns all data the user has permission to access. ### Create new application data entry - [POST /api/v1/apps/{appId}/data](https://docs.wellesley.social/openapi/application-data/paths/~1api~1v1~1apps~1%7Bappid%7D~1data/post.md): Creates a new data entry for the specified application. The data can be owned by a user, group, user within a group context, or the platform itself. Ownership determines access permissions. The data structure is flexible, supporting any JSON content with optional type categorization and tags for filtering. ### Update existing application data - [PUT /api/v1/apps/{appId}/data/{id}](https://docs.wellesley.social/openapi/application-data/paths/~1api~1v1~1apps~1%7Bappid%7D~1data~1%7Bid%7D/put.md): Updates an existing data entry for the application. The user must have manage permissions for the data owner (user/group). The ownership cannot be changed during update - the new ownerId must match the existing one. Updates the data content, type, and tags while preserving ownership. ### Delete application data entry - [DELETE /api/v1/apps/{appId}/data/{id}](https://docs.wellesley.social/openapi/application-data/paths/~1api~1v1~1apps~1%7Bappid%7D~1data~1%7Bid%7D/delete.md): Permanently deletes a data entry from the application storage. The user must have manage permissions for the data owner. This operation cannot be undone. All associated metadata including tags and type information is also removed. ## Applications Endpoints for serving and routing platform applications to users ### Install a new application from ZIP file - [POST /api/v1/apps](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps/post.md): Uploads and installs a new application from a ZIP archive. The application is created in a disabled state by default unless the 'enable' parameter is set to true. Requires authentication and the Apps.Manage RBAC permission. The installation is logged in the audit trail. RBAC: requires Apps.Manage ### List globally available applications - [GET /api/v1/apps](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps/get.md): Returns a list of applications available at the global entry point. These applications are accessible to all users. ### List all enabled applications - [GET /api/v1/apps/enabled](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1enabled/get.md): Returns a list of all currently enabled applications on the platform. Only applications in enabled state are returned. No authentication required. ### List all installed applications - [GET /api/v1/apps/installed](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1installed/get.md): Returns a list of all installed applications on the platform, including both enabled and disabled applications. No authentication required. ### List user's available applications - [GET /api/v1/apps/user](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1user/get.md): Returns a list of applications available to the authenticated user, including both globally available and user-specific applications. ### Remove application from user's list - [DELETE /api/v1/apps/user/{appId}](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1user~1%7Bappid%7D/delete.md): Removes the specified application from the authenticated user's personal application list. ### Add application to user's list - [PUT /api/v1/apps/user/{appId}](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1user~1%7Bappid%7D/put.md): Adds the specified application to the authenticated user's personal application list, making it available in their user-specific context. ### Update an existing application from ZIP file - [PUT /api/v1/apps/{appId}](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1%7Bappid%7D/put.md): Updates an existing application by uploading a new ZIP archive. The application manifest in the ZIP must match the existing application ID. Requires authentication and the Apps.Manage RBAC permission. The update is logged in the audit trail. RBAC: requires Apps.Manage ### Get application details by ID - [GET /api/v1/apps/{appId}](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1%7Bappid%7D/get.md): Returns the complete application definition including manifest, routes, and configuration for the specified application ID. ### Delete an application - [DELETE /api/v1/apps/{appId}](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1%7Bappid%7D/delete.md): Permanently deletes an application from the platform. The application cannot be deleted if it's set as default for any routes. This operation is irreversible. Requires authentication and the Apps.Manage RBAC permission. RBAC: requires Apps.Manage ### Set application as platform default - [PUT /api/v1/apps/{appId}/default](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1%7Bappid%7D~1default/put.md): Sets the specified application as the default handler for its declared routes at the platform level. This affects all users who haven't set their own defaults. Requires authentication and the Apps.Manage RBAC permission. Resets route caches after update. RBAC: requires Apps.Manage ### Disable an application - [PUT /api/v1/apps/{appId}/disable](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1%7Bappid%7D~1disable/put.md): Disables an enabled application, removing its routes and functionality from user access. The application cannot be disabled if it's set as default for any routes. Requires authentication and the Apps.Manage RBAC permission. Unregisters the application's routes upon disabling. RBAC: requires Apps.Manage ### Enable an application - [PUT /api/v1/apps/{appId}/enable](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1%7Bappid%7D~1enable/put.md): Enables a disabled application, making its routes and functionality available to users. The application must not already be enabled. Requires authentication and the Apps.Manage RBAC permission. Registers the application's routes upon enabling. RBAC: requires Apps.Manage ### Get application with usage statistics - [GET /api/v1/apps/{appId}/stats](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1%7Bappid%7D~1stats/get.md): Returns the application definition along with usage statistics including install count, active users, and other metrics. ### Set application as user's default - [PUT /api/v1/apps/{appId}/user-default](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1%7Bappid%7D~1user-default/put.md): Sets the specified application as the default handler for its declared routes for the authenticated user. This overrides platform-level defaults for this user. ### Remove user's default application - [DELETE /api/v1/apps/{appId}/user-default](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1%7Bappid%7D~1user-default/delete.md): Removes the user's default application setting for the specified application's routes, reverting to platform defaults. ## Async Refreshes Endpoints for polling the status of asynchronous background operations such as home feed regeneration and federated search ### Get async refresh status - [GET /api/v1/async_refreshes/{id}](https://docs.wellesley.social/openapi/async-refreshes/paths/~1api~1v1~1async_refreshes~1%7Bid%7D/get.md): Returns the current status of an asynchronous background operation. Records expire after 10 minutes. ## Blocks User blocking functionality for preventing interaction with specific users. Blocking a user prevents them from following you, seeing your posts, or interacting with your content. Block operations are federated to remote servers when blocking remote users. ### List of blocked users - [GET /api/v1/block](https://docs.wellesley.social/openapi/blocks/paths/~1api~1v1~1block/get.md): Returns a paginated list of all users that the authenticated user has blocked. Results are ordered by block date (most recent first) and include user profile information. ### List of users who blocked you - [GET /api/v1/block/by](https://docs.wellesley.social/openapi/blocks/paths/~1api~1v1~1block~1by/get.md): Returns a paginated list of users who have blocked the authenticated user. This information helps understand why certain interactions may be restricted. Results are ordered by block date and include basic user information. ### Unblock previously blocked user - [DELETE /api/v1/block/{userId}](https://docs.wellesley.social/openapi/blocks/paths/~1api~1v1~1block~1%7Buserid%7D/delete.md): Removes a block on a user, allowing interactions to resume. For remote users, sends an Undo Block activity via ActivityPub. The user must currently be blocked for this operation to succeed. ### Block specific user - [POST /api/v1/block/{userId}](https://docs.wellesley.social/openapi/blocks/paths/~1api~1v1~1block~1%7Buserid%7D/post.md): Blocks a user, preventing all interactions between you and the blocked user. This action automatically unfollows both users from each other, removes any reposts, and removes any existing mute. For remote users, sends a Block activity via ActivityPub. Cannot block yourself. ## Compatibility Version-agnostic API compatibility endpoints ### Get API compatibility information - [GET /api/meta/compat](https://docs.wellesley.social/openapi/compatibility/paths/~1api~1meta~1compat/get.md): Returns API compatibility information including the current breaking generation and minimum supported generation. This endpoint is version-agnostic (not under /api/v1), unauthenticated, and always available. Clients should embed COMPILED_BREAKING_GENERATION at build time and use this endpoint to determine compatibility: - If client_generation < min_supported_generation: block usage and force update - If client_generation < breaking_generation: optional update warning - Otherwise: proceed normally This endpoint must remain backward-compatible indefinitely. ## Domain Blocks Public API for listing domains blocked by this instance. Visibility and reason details are controlled by platform settings. ### List blocked domains (Public) - [GET /api/v1/domain-block](https://docs.wellesley.social/openapi/domain-blocks/paths/~1api~1v1~1domain-block/get.md): Returns the list of domains blocked by this instance with sensitive fields removed. Visibility depends on platform settings: access may be restricted to NONE (hidden), USER (authenticated users only), or ALL (everyone). Reason text visibility is controlled separately by a similar access setting. Obfuscated domains are partially masked for privacy. ## Domain-blocks Manage user-level domain blocks to filter content from specific federated servers. All endpoints require authentication. Domain blocks hide posts and notifications from the blocked domain and remove followers from it. ### List of blocked domains for the user - [GET /api/v1/user-domain-block](https://docs.wellesley.social/openapi/domain-blocks/paths/~1api~1v1~1user-domain-block/get.md): Returns the list of all domains currently blocked by the authenticated user. Each entry is a domain string (e.g. 'example.com'). ### Unblock previously blocked domain - [DELETE /api/v1/user-domain-block/{domain}](https://docs.wellesley.social/openapi/domain-blocks/paths/~1api~1v1~1user-domain-block~1%7Bdomain%7D/delete.md): Removes a domain block for the authenticated user, restoring content visibility from that domain. Returns an error if the domain is not currently blocked. ### Block specific domain - [POST /api/v1/user-domain-block/{domain}](https://docs.wellesley.social/openapi/domain-blocks/paths/~1api~1v1~1user-domain-block~1%7Bdomain%7D/post.md): Block a domain to: * hide all public posts from it * hide all notifications from it * remove all followers from it * prevent following new users from it (but does not remove existing follows) ## Drafts Endpoints for personal auto-saved drafts ### Upsert a draft by owner - [POST /api/v1/drafts](https://docs.wellesley.social/openapi/drafts/paths/~1api~1v1~1drafts/post.md) ### Get all drafts for current user - [GET /api/v1/drafts](https://docs.wellesley.social/openapi/drafts/paths/~1api~1v1~1drafts/get.md) ### Get draft by owner - [GET /api/v1/drafts/{ownerId}](https://docs.wellesley.social/openapi/drafts/paths/~1api~1v1~1drafts~1%7Bownerid%7D/get.md) ### Delete draft by owner - [DELETE /api/v1/drafts/{ownerId}](https://docs.wellesley.social/openapi/drafts/paths/~1api~1v1~1drafts~1%7Bownerid%7D/delete.md) ### Publish draft by owner - [POST /api/v1/drafts/{ownerId}/publish](https://docs.wellesley.social/openapi/drafts/paths/~1api~1v1~1drafts~1%7Bownerid%7D~1publish/post.md) ## Email Email address management for user accounts. Provides secure email change workflow with verification codes, password confirmation, and notification system. All email changes require authentication and are logged for security. ### Confirm and complete email change - [POST /api/v1/accounts/email/change/confirm](https://docs.wellesley.social/openapi/email/paths/~1api~1v1~1accounts~1email~1change~1confirm/post.md): Completes the email change process by verifying the confirmation code. Updates the account's email address upon successful verification. Sends confirmation to the new email address. Invalidates all existing tokens except the current session for security. The change is logged in the audit trail. ### Request email address change - [POST /api/v1/accounts/email/change/request](https://docs.wellesley.social/openapi/email/paths/~1api~1v1~1accounts~1email~1change~1request/post.md): Initiates email change process for the authenticated account. Requires current password verification for security. Sends notification to current email and verification code to new email. The new email must not already be registered. Includes IP address and geolocation in notification for security awareness. ### Resend email verification code - [PUT /api/v1/accounts/email/change/resend-code](https://docs.wellesley.social/openapi/email/paths/~1api~1v1~1accounts~1email~1change~1resend-code/put.md): Resends the verification code to the new email address for a pending email change. Use when the initial code was not received or has expired. Rate limited to prevent abuse. Requires an active email change request. ## Embeddings Admin Administrative endpoints for managing vector embeddings used in AI-powered features such as semantic search and content recommendations. Provides tools for enabling/disabling embeddings, configuring the embedding model, estimating costs, and managing batch recalculation jobs. Requires AdminSettings.Manage permission. ### Disable embeddings - [PUT /api/v1/admin/embeddings/disable](https://docs.wellesley.social/openapi/embeddings-admin/paths/~1api~1v1~1admin~1embeddings~1disable/put.md): Disables embedding generation while preserving the model configuration. Existing embeddings are kept. Re-enabling with the same model will only recalculate missing embeddings. RBAC: requires AdminSettings.Manage ### Enable embeddings - [PUT /api/v1/admin/embeddings/enable](https://docs.wellesley.social/openapi/embeddings-admin/paths/~1api~1v1~1admin~1embeddings~1enable/put.md): Enables embedding generation and starts recalculation. If no modelId is provided, uses the previously configured model. If modelId matches current model, only recalculates posts without embeddings. If modelId is different, clears all embeddings and recalculates all posts. RBAC: requires AdminSettings.Manage ### Estimate embedding cost - [GET /api/v1/admin/embeddings/estimate-cost](https://docs.wellesley.social/openapi/embeddings-admin/paths/~1api~1v1~1admin~1embeddings~1estimate-cost/get.md): Estimates the cost of generating embeddings for posts. If no modelId is provided, uses the currently configured model. Returns whether this is a full recalculation (different model) or partial (only missing). RBAC: requires AdminSettings.Manage ### Cancel recalculation - [DELETE /api/v1/admin/embeddings/recalculation](https://docs.wellesley.social/openapi/embeddings-admin/paths/~1api~1v1~1admin~1embeddings~1recalculation/delete.md): Cancels any active embedding recalculation job. Returns the updated status showing the job as cancelled. RBAC: requires AdminSettings.Manage ### Get embedding system status - [GET /api/v1/admin/embeddings/status](https://docs.wellesley.social/openapi/embeddings-admin/paths/~1api~1v1~1admin~1embeddings~1status/get.md): Returns complete embedding system status including enabled state, model configuration, post statistics, and current recalculation progress if any. RBAC: requires AdminSettings.Manage ## Emoji Custom emoji management system for the platform. Supports creating, uploading, importing/exporting, searching, and deleting custom emojis. Emojis are automatically resized and optimized. Admin-only operations require Emojis.Manage permission. ### Get emojis by shortcodes or categories - [GET /api/v1/custom_emojis](https://docs.wellesley.social/openapi/emoji/paths/~1api~1v1~1custom_emojis/get.md): Retrieves emojis by exact shortcodes and/or by exact categories from cache. Multiple values can be requested in a single call using comma separation. If both parameters are provided, the union of results is returned. Returns paginated response with items (current page results), total (count matching filter), and totalItems (total emojis in system). ### Delete emojis - [DELETE /api/v1/custom_emojis](https://docs.wellesley.social/openapi/emoji/paths/~1api~1v1~1custom_emojis/delete.md): Deletes custom emojis by shortcode or category. Can delete multiple emojis at once using comma-separated values. Either shortcode or category must be provided. Returns the count of deleted emojis. Requires Emojis.Manage permission (admin only). RBAC: requires Emojis.Manage ### Create emoji from URL - [POST /api/v1/custom_emojis](https://docs.wellesley.social/openapi/emoji/paths/~1api~1v1~1custom_emojis/post.md): Creates a custom emoji by downloading from provided URLs. The emoji file is downloaded, processed, and stored locally. Supports overwriting existing emojis with the same shortcode. Can specify category, visibility, and domain for federated emojis. Requires Emojis.Manage permission (admin only). RBAC: requires Emojis.Manage ### List custom emoji categories - [GET /api/v1/custom_emojis/categories](https://docs.wellesley.social/openapi/emoji/paths/~1api~1v1~1custom_emojis~1categories/get.md): Returns distinct non-empty categories. Supports optional query and pagination. RBAC: requires Emojis.Manage ### Export emojis to ZIP - [GET /api/v1/custom_emojis/export](https://docs.wellesley.social/openapi/emoji/paths/~1api~1v1~1custom_emojis~1export/get.md): Exports emojis from a specific category as a ZIP archive. The ZIP contains all emoji files from the specified category. Useful for backup or migration purposes. Returns 404 if no emojis found in the category. Requires Emojis.Manage permission (admin only). RBAC: requires Emojis.Manage ### Bulk import emojis from ZIP - [POST /api/v1/custom_emojis/import](https://docs.wellesley.social/openapi/emoji/paths/~1api~1v1~1custom_emojis~1import/post.md): Imports multiple emojis from a ZIP archive. Filenames (without extension) become emoji shortcodes. All imported emojis share the same category and visibility settings. Images are automatically resized to 128x128 if larger. Animated GIFs are preserved with static versions generated. Supports batch overwriting of existing emojis. Requires Emojis.Manage permission (admin only). RBAC: requires Emojis.Manage ### Bulk import emojis from ZIP upload - [POST /api/v1/custom_emojis/import/upload](https://docs.wellesley.social/openapi/emoji/paths/~1api~1v1~1custom_emojis~1import~1upload/post.md): Imports multiple emojis from a ZIP archive that was previously uploaded via /uploads. Filenames (without extension) become emoji shortcodes. All imported emojis share the same category and visibility settings. Images are automatically resized to 128x128 if larger. Animated GIFs are preserved with static versions generated. Supports batch overwriting of existing emojis. RBAC: requires Emojis.Manage ### Search emojis by partial shortcode or category - [GET /api/v1/custom_emojis/search](https://docs.wellesley.social/openapi/emoji/paths/~1api~1v1~1custom_emojis~1search/get.md): Searches for emojis whose shortcodes or categories contain provided substrings. Useful for autocomplete functionality. Multiple searches can be performed in one request by passing comma-separated values. If no parameters provided, returns all emojis from cache. Returns paginated response with items (current page results), total (count matching filter), and totalItems (total emojis in system). ### Upload emoji from existing upload - [POST /api/v1/custom_emojis/upload](https://docs.wellesley.social/openapi/emoji/paths/~1api~1v1~1custom_emojis~1upload/post.md): Processes an existing upload (created via /uploads) as a custom emoji. Clients must first create an upload and PUT the file to the returned URL, then call this endpoint with the uploadId. RBAC: requires Emojis.Manage ### Partially update emoji metadata - [PATCH /api/v1/custom_emojis/{shortcode}](https://docs.wellesley.social/openapi/emoji/paths/~1api~1v1~1custom_emojis~1%7Bshortcode%7D/patch.md): Updates emoji metadata fields without requiring file upload. Supports updating category, visibility and domain. Requires Emojis.Manage permission. RBAC: requires Emojis.Manage ## Events Endpoints for creating, retrieving, and managing events and attendees ### Get public events or user-specific events - [GET /api/v1/events](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events/get.md): Returns public events for unauthenticated users, or events for a specific user/owner for authenticated users. Supports filtering by organizer or owner. ### Create a new event - [POST /api/v1/events](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events/post.md): Creates a new event with specified details including title, description, date/time, location, and privacy settings. The authenticated user becomes the event organizer. ### Export group's public calendar - [GET /api/v1/events/calendar/g/{groupname}.ics](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1calendar~1g~1%7Bgroupname%7D.ics/get.md): Exports a group's non invite-only events as an ICS (iCalendar) file. Only available if the group has enabled public calendar export in their settings. ### Export private calendar - [GET /api/v1/events/calendar/p/{id}.ics](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1calendar~1p~1%7Bid%7D.ics/get.md): Exports a user's or group's private calendar using a unique private ID. Events visibility is configured in calendar settings. ### Export user's public calendar - [GET /api/v1/events/calendar/u/{username}.ics](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1calendar~1u~1%7Busername%7D.ics/get.md): Exports a user's all non invite-only events as an ICS (iCalendar) file. Only available if the user has enabled public calendar export in their settings. ### Get authenticated user's events - [GET /api/v1/events/my](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1my/get.md): Returns events for the authenticated user with various filtering options including past events, organized events, and events pending response. ### Search events - [GET /api/v1/events/search](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1search/get.md): Searches events by mode: following, local, or federated (FASP). For local/fasp modes at least one of query, date range, or location filter must be provided. If groupId is not provided search is not restricted by group. ### Get event calendar settings - [GET /api/v1/events/settings](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1settings/get.md): Retrieves calendar export settings for the authenticated user or a specified group, including public/private calendar visibility and export options. ### Regenerate private calendar ID - [POST /api/v1/events/settings/regeneratePrivateId](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1settings~1regenerateprivateid/post.md): Generates a new unique ID for the private calendar URL. This invalidates the previous private calendar link. ### Update event calendar settings - [POST /api/v1/events/settings/update](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1settings~1update/post.md): Updates calendar export settings including public/private calendar visibility, detail level, and export scope. ### Update event details - [PUT /api/v1/events/{eventId}](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D/put.md): Updates an existing event's information including title, description, date/time, location, and privacy settings. Only the event organizer can update the event. ### Get event details by ID - [GET /api/v1/events/{eventId}](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D/get.md): Retrieves detailed information about a specific event including attendee status, statistics, and optional translations. ### Delete an event - [DELETE /api/v1/events/{eventId}](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D/delete.md): Soft deletes an event, marking it as cancelled. The event is not permanently removed and can still be viewed as deleted. Only the event organizer can delete the event. ### Export event as ICS file - [GET /api/v1/events/{eventId}.ics](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D.ics/get.md): Exports a single event in ICS (iCalendar) format for import into calendar applications. ### Accept an invite-only event invitation - [POST /api/v1/events/{eventId}/accept](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1accept/post.md): Accepts an invitation to the invite-only event, confirming attendance. Only invited users can accept. ### Get invite-only event attendees - [GET /api/v1/events/{eventId}/attendees](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1attendees/get.md): Returns the list of attendees for an invite-only event along with their response statuses (accepted, tentative, rejected, pending). ### Remove user from invite-only event - [DELETE /api/v1/events/{eventId}/attendees/{userId}](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1attendees~1%7Buserid%7D/delete.md): Revokes a user's invitation or removes them from an invite-only event. Only the event organizer can remove attendees. ### Invite user to an invite-only event - [POST /api/v1/events/{eventId}/attendees/{userId}](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1attendees~1%7Buserid%7D/post.md): Sends an invitation to a specific user for an invite-only event. Only the event organizer can invite attendees. ### Cancel a scheduled event - [POST /api/v1/events/{eventId}/cancel](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1cancel/post.md): Cancels a scheduled event, notifying all attendees. The event remains visible but marked as cancelled. Only the event organizer can cancel. ### Express interest in an event - [POST /api/v1/events/{eventId}/interested](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1interested/post.md): Marks the authenticated user as interested in a public event. Cannot be used for invite-only events. Returns updated event statistics. ### Join a public event - [POST /api/v1/events/{eventId}/join](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1join/post.md): Confirms attendance for a public event. Cannot be used for invite-only events which require invitations. Returns updated event statistics. ### Leave or revoke interest in event - [DELETE /api/v1/events/{eventId}/joinOrInterested](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1joinorinterested/delete.md): Removes the authenticated user's interest or participation in a public event. Cannot be used for invite-only events. Returns updated event statistics. ### Tentatively accept invite-only event - [POST /api/v1/events/{eventId}/maybe](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1maybe/post.md): Responds 'maybe' to the invite-only event invitation, indicating tentative attendance. Only invited users can respond. ### Get mutual event attendees - [GET /api/v1/events/{eventId}/mutual](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1mutual/get.md): Returns a list of users who are both attending the specified public event and are followed by the authenticated user. ### Reject invite-only event invitation - [POST /api/v1/events/{eventId}/reject](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1reject/post.md): Declines an invitation to the invite-only event. Only invited users can reject invitations. ### Translate event content - [POST /api/v1/events/{eventId}/translate](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1translate/post.md): Translates event title and description to the specified language. Translation is cached for future requests. ## FASP Administration endpoints for managing FASP (Fediverse Auxiliary Service Provider) registrations and capabilities. Handles the FASP registration workflow: providers register via POST, admins confirm registration, and capabilities are activated or deactivated. Also provides debug and backfill request tools. The registration endpoint is publicly accessible; all other endpoints require the Federation.Manage RBAC permission. ### Clear all FASP providers - [POST /api/v1/fasp/clear](https://docs.wellesley.social/openapi/fasp/paths/~1api~1v1~1fasp~1clear/post.md): Truncates all FASP provider data including subscriptions and backfill requests. This is a destructive operation that cannot be undone. Requires Federation.Manage RBAC permission. RBAC: requires Federation.Manage ### Register a FASP provider - [POST /api/v1/fasp/registration](https://docs.wellesley.social/openapi/fasp/paths/~1api~1v1~1fasp~1registration/post.md): Initiates the FASP registration workflow. A FASP provider submits its name, base URL, server ID, and Ed25519 public key. The server generates a key pair, stores the provider, and returns the FASP ID, server public key, and a registration completion URI for admin confirmation. Blocked base URLs receive a fake success response (stealth block). No authentication required. RBAC: requires Federation.Manage ### Update FASP provider capabilities - [POST /api/v1/fasp/{providerId}/capabilities](https://docs.wellesley.social/openapi/fasp/paths/~1api~1v1~1fasp~1%7Bproviderid%7D~1capabilities/post.md): Updates the capabilities of a registered FASP provider. Merges new capabilities with existing ones and activates newly enabled capabilities on the remote provider by calling their activation endpoint. Requires Federation.Manage RBAC permission. RBAC: requires Federation.Manage ### Send debug call to FASP provider - [POST /api/v1/fasp/{providerId}/debug-call](https://docs.wellesley.social/openapi/fasp/paths/~1api~1v1~1fasp~1%7Bproviderid%7D~1debug-call/post.md): Sends a debug callback request to the specified FASP provider's debug endpoint. Used for testing connectivity and signature verification with the provider. Requires Federation.Manage RBAC permission. RBAC: requires Federation.Manage ### Request backfill from FASP provider - [POST /api/v1/fasp/{providerId}/request_backfill](https://docs.wellesley.social/openapi/fasp/paths/~1api~1v1~1fasp~1%7Bproviderid%7D~1request_backfill/post.md): Sends a backfill request to the specified FASP provider for the given content category. The remote provider will then deliver historical data back to this server. Requires Federation.Manage RBAC permission. RBAC: requires Federation.Manage ## Federation Server-to-server endpoints for federated group access. Remote servers request tokens on behalf of their users by signing requests with the user's private key via HTTP Signatures. No standard authentication is required; requests are validated through cryptographic signatures. ### Issue a group federation token (server-to-server) - [POST /api/v1/federation/tokens](https://docs.wellesley.social/openapi/federation/paths/~1api~1v1~1federation~1tokens/post.md): Issues a short-lived token for a remote user to access a specific group. The request must be signed with the user's private key using HTTP Signatures (ActivityPub). The user must be a member of the requested group. This is a server-to-server endpoint and does not require standard authentication; it relies on cryptographic HTTP signature verification. ### Request a federation token for a remote group - [POST /api/v1/groups/{groupId}/federation-token](https://docs.wellesley.social/openapi/federation/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1federation-token/post.md): Proxies a federation token request to a remote group server. The server signs the request on behalf of the authenticated user using HTTP Signatures. Returns a short-lived token that can be used for direct API calls to the remote group server. Only works for remote (federated) groups; local groups return an error. The user must be a member of the target group. Authentication is required. ## Follow User follow relationship management. Handles following/unfollowing users, managing follow requests, and querying follower/followee relationships. Supports both local and remote (federated) users with ActivityPub protocol integration. ### List mutual connections - [GET /api/v1/users/connections](https://docs.wellesley.social/openapi/follow/paths/~1api~1v1~1users~1connections/get.md): Returns users who have a mutual (bidirectional) follow relationship with the authenticated user. Both users follow each other. Can filter by connection status. By default returns only ACCEPTED mutual connections. Useful for finding close connections or friends. ### Follow a user - [POST /api/v1/users/follow/{username}](https://docs.wellesley.social/openapi/follow/paths/~1api~1v1~1users~1follow~1%7Busername%7D/post.md): Initiates a follow relationship with a local or remote user. For remote users, specify the domain parameter or include it in the username (user@domain). Supports mutual follows (bidirectional connections) when mutual=true. Checks for blocks and self-follows. Remote follows are sent via ActivityPub. Local follows may auto-accept based on user settings. ### Accept follow request - [POST /api/v1/users/follow/{username}/accept](https://docs.wellesley.social/openapi/follow/paths/~1api~1v1~1users~1follow~1%7Busername%7D~1accept/post.md): Accepts a pending follow request from another user. Changes follow status from PENDING to ACCEPTED. Checks for blocks before accepting. Sends Accept activity to remote followers via ActivityPub. Only the followee can accept their own follow requests. ### Reset follow request to pending - [POST /api/v1/users/follow/{username}/pend](https://docs.wellesley.social/openapi/follow/paths/~1api~1v1~1users~1follow~1%7Busername%7D~1pend/post.md): Resets a previously accepted or rejected follow request back to PENDING status. Useful when reconsidering a follow decision. The request can then be accepted or rejected again. Only affects the local follow status, not remote ActivityPub state. ### Reject follow request - [POST /api/v1/users/follow/{username}/reject](https://docs.wellesley.social/openapi/follow/paths/~1api~1v1~1users~1follow~1%7Busername%7D~1reject/post.md): Rejects a pending follow request from another user. Changes follow status from PENDING to REJECTED. Sends Reject activity to remote followers via ActivityPub. The follower can retry following after rejection. Only the followee can reject their own follow requests. ### Unfollow a user - [POST /api/v1/users/follow/{username}/undo](https://docs.wellesley.social/openapi/follow/paths/~1api~1v1~1users~1follow~1%7Busername%7D~1undo/post.md): Removes a follow relationship with a local or remote user. For remote users, specify the domain parameter or include it in the username. If mutual=true, removes bidirectional connection. Sends Undo Follow activity to remote users via ActivityPub. Returns error if no follow relationship exists. ### List users you follow - [GET /api/v1/users/followees](https://docs.wellesley.social/openapi/follow/paths/~1api~1v1~1users~1followees/get.md): Returns a paginated list of users that the authenticated user follows. Can filter by follow status (ACCEPTED, PENDING, REJECTED) or return all statuses. By default returns only ACCEPTED followees. Supports search with q. Includes both local and remote users. ### List followers - [GET /api/v1/users/followers](https://docs.wellesley.social/openapi/follow/paths/~1api~1v1~1users~1followers/get.md): Returns a paginated list of users who follow the authenticated user. Can filter by follow status (ACCEPTED, PENDING, REJECTED) or return all statuses. By default returns only ACCEPTED followers. Supports search with q. Includes both local and remote followers. ### Get relationships with users - [GET /api/v1/users/relationships](https://docs.wellesley.social/openapi/follow/paths/~1api~1v1~1users~1relationships/get.md): Returns relationship status between the authenticated user and specified target users. Shows following/followed status and optionally blocked/muted/notes. Returns a map of user IDs to relationship objects. If no relationship exists for a user ID, it's omitted from the response. Useful for bulk checking relationship status. ## Geo Endpoints for geographic location lookup and timezone services ### Get address from coordinates - [GET /api/v1/geo](https://docs.wellesley.social/openapi/geo/paths/~1api~1v1~1geo/get.md): Performs reverse geocoding to convert latitude and longitude coordinates into a human-readable address. Requires authentication. ## Group Applications Endpoints for managing applications available to groups. Applications are installable modules that extend group functionality. Group admins can add or remove applications from their groups. The global apps list shows all available applications at the GROUP entry point, while per-group lists show only applications installed for that specific group. Management operations require the GroupApps.Manage RBAC permission. ### List all available group applications - [GET /api/v1/groups/apps](https://docs.wellesley.social/openapi/group-applications/paths/~1api~1v1~1groups~1apps/get.md): Returns a list of all applications available at the GROUP entry point. These are the applications that any group can install. Does not require a specific group context. ### List applications installed for a specific group - [GET /api/v1/groups/{groupId}/apps](https://docs.wellesley.social/openapi/group-applications/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1apps/get.md): Returns a list of applications installed and available for the specified group. Accessible according to group visibility settings (public groups allow unauthenticated access). ### Remove application from group - [DELETE /api/v1/groups/{groupId}/apps/{appId}](https://docs.wellesley.social/openapi/group-applications/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1apps~1%7Bappid%7D/delete.md): Uninstalls an application from the specified group. Requires the GroupApps.Manage RBAC permission (group admin). ### Add application to group - [PUT /api/v1/groups/{groupId}/apps/{appId}](https://docs.wellesley.social/openapi/group-applications/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1apps~1%7Bappid%7D/put.md): Installs an application to the specified group, making it available for group members. Requires the GroupApps.Manage RBAC permission (group admin). ## Group Blocks Manage group-level user blocks ### List all blocks for a group - [GET /api/v1/groups/{groupId}/blocks](https://docs.wellesley.social/openapi/group-blocks/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1blocks/get.md): RBAC: requires GroupMembers.Manage ### Remove a block from a group - [DELETE /api/v1/groups/{groupId}/blocks](https://docs.wellesley.social/openapi/group-blocks/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1blocks/delete.md): RBAC: requires GroupMembers.Manage ### Block a user from joining the group - [POST /api/v1/groups/{groupId}/blocks](https://docs.wellesley.social/openapi/group-blocks/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1blocks/post.md): RBAC: requires GroupMembers.Manage ## Group Channels API endpoints for managing channels within groups. Channels are specialized accounts that enable organized content distribution within groups. They support hierarchical organization with primary and auto-subscribe channels, privacy controls inherited from parent groups, and both scoped (group-specific) and global usernames for discovery. Group admins manage channels while members follow. ### List all group channels - [GET /api/v1/groups/{groupId}/channels](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels/get.md): Retrieves a complete list of all channels within the specified group. Requires group membership to access. Returns both public and private channels visible to the authenticated user. The response includes channel metadata such as privacy settings, auto-subscribe status, and whether each channel is designated as the primary channel. Channels are returned in creation order. RBAC: requires GroupChannels.Read ### Create a new group channel - [POST /api/v1/groups/{groupId}/channels](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels/post.md): Creates a new channel within the specified group. Requires group administrator privileges. The channel's privacy is constrained by the parent group's privacy settings (private groups can only have private channels). The first channel created is automatically designated as both primary and auto-subscribe. Channels can have both scoped usernames (group-specific) and optional global usernames (platform-wide). Note: Avatar and header images must be set via the update endpoint after creation. RBAC: requires GroupChannels.Manage ### List auto-subscribe channels - [GET /api/v1/groups/{groupId}/channels/auto-subscribe](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels~1auto-subscribe/get.md): Retrieves all channels designated as auto-subscribe for the specified group. Auto-subscribe channels are automatically followed by new members upon joining. Requires group membership to access. Returns an empty array if no auto-subscribe channels are configured. The response includes full channel information including privacy settings and follow status. RBAC: requires GroupChannels.Read ### Get group channel by scoped username - [GET /api/v1/groups/{groupId}/channels/lookup](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels~1lookup/get.md): Retrieves a channel using its group-scoped username (slug). Useful for accessing channels without global usernames. Private channels and channels inside private groups require membership and otherwise return 404. ### Retrieve primary channel - [GET /api/v1/groups/{groupId}/channels/primary](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels~1primary/get.md): Retrieves the designated primary channel for the specified group. Access control is based on both group and channel privacy settings. Public groups with public primary channels are accessible to everyone. Private groups or private channels require group membership. Returns 404 if no primary channel is designated or if access is denied due to privacy settings. ### List public channels - [GET /api/v1/groups/{groupId}/channels/public](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels~1public/get.md): Retrieves all public channels from a public group. This endpoint is accessible to everyone, including non-members and unauthenticated users, but only works for public groups. Private groups will return an error regardless of their channels' privacy settings. Useful for discovery and browsing group content before joining. Channels with global usernames are included with their platform-wide identifiers. ### Update an existing group channel - [PUT /api/v1/groups/{groupId}/channels/{channelId}](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels~1%7Bchannelid%7D/put.md): Modifies properties of an existing channel. Requires group administrator privileges. Only included fields are updated; null fields preserve existing values. Privacy changes are constrained by the parent group's privacy (cannot make a channel public in a private group). Changes to auto-subscribe status affect auto-follow behavior for new members. RBAC: requires GroupChannels.Manage ### Get group channel by id - [GET /api/v1/groups/{groupId}/channels/{channelId}](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels~1%7Bchannelid%7D/get.md): Retrieves a channel within the current group by its identifier. Access to private channels (or channels in private groups) is restricted to group members; outsiders receive a 404. ### Delete a group channel - [DELETE /api/v1/groups/{groupId}/channels/{channelId}](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels~1%7Bchannelid%7D/delete.md): Removes the specified channel from the group. Requires group administrator privileges. The channel is marked as deleted immediately and background workers handle cleanup of posts, media, and follower relationships. RBAC: requires GroupChannels.Manage ### Update channel auto-subscribe status - [PUT /api/v1/groups/{groupId}/channels/{channelId}/auto-subscribe](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels~1%7Bchannelid%7D~1auto-subscribe/put.md): Toggles whether a channel is designated as an auto-subscribe channel. Requires group admin privileges. Auto-subscribe channels are automatically followed by new group members upon joining. Multiple channels can be marked as auto-subscribe. This setting helps onboard new members by ensuring they receive content from essential channels immediately. RBAC: requires GroupChannels.Manage ### Designate channel as primary - [PUT /api/v1/groups/{groupId}/channels/{channelId}/primary](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels~1%7Bchannelid%7D~1primary/put.md): Sets the specified channel as the primary channel for the group. Requires group administrator privileges. Only one channel can be designated as primary per group. The primary channel serves as the main communication channel and is prominently displayed in group interfaces. Any existing primary channel designation is automatically removed. RBAC: requires GroupChannels.Manage ### Assign or update global username - [PUT /api/v1/groups/{groupId}/channels/{channelId}/username](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels~1%7Bchannelid%7D~1username/put.md): Assigns, updates, or removes a global username for a public channel. Requires group administrator privileges. Global usernames provide platform-wide discovery and must be unique across the entire system. Only public channels in public groups can have global usernames. Setting the username to null removes any existing global username assignment. RBAC: requires GroupChannels.Manage ## Group Invitations API endpoints for managing group invitations. Group owners and admins can invite users to join their groups. Invitees can accept or reject invitations. Creating invitations requires the GroupMembers.Invite RBAC permission. Accepting, rejecting, and viewing personal invitations require standard authentication. ### List current user's group invitations - [GET /api/v1/groups/invites](https://docs.wellesley.social/openapi/group-invitations/paths/~1api~1v1~1groups~1invites/get.md): Returns a paginated list of all group invitations addressed to the authenticated user, optionally filtered by status. Authentication is required. ### Get current user's invitation for a group - [GET /api/v1/groups/{groupId}/invite](https://docs.wellesley.social/openapi/group-invitations/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1invite/get.md): Retrieves the invitation for the authenticated user in the specified group, regardless of status. Returns 404 if no invitation exists. Authentication is required. ### List invitations for a group - [GET /api/v1/groups/{groupId}/invites](https://docs.wellesley.social/openapi/group-invitations/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1invites/get.md): Returns a paginated list of invitations for the specified group, optionally filtered by status. Requires the GroupMembers.Invite RBAC permission (group admin/owner). Authentication is required. RBAC: requires GroupMembers.Invite ### Invite a user to join a group - [POST /api/v1/groups/{groupId}/invites](https://docs.wellesley.social/openapi/group-invitations/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1invites/post.md): Creates an invitation for a user to join the group. Only group owners and admins can create invitations. The invitee must not already be a member of the group or have a pending invitation. Exactly one of inviteeId or inviteeEmail must be provided. The response contains the created invite and an emailSent flag indicating whether an invitation email was sent from this server (false for remote users, whose home server sends the email). RBAC: requires GroupMembers.Invite ### Accept invitation to a group - [POST /api/v1/groups/{groupId}/invites/accept](https://docs.wellesley.social/openapi/group-invitations/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1invites~1accept/post.md): Accepts an invitation to join a local group. The user becomes a member with the VIEWER role. The pending invite is looked up by (groupId, authenticated user). Note: This endpoint is for local groups only. For remote (federated) groups, invite records are not stored locally - the client should call the remote server directly with a GroupFederationToken. ### Reject invitation to a group - [POST /api/v1/groups/{groupId}/invites/reject](https://docs.wellesley.social/openapi/group-invitations/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1invites~1reject/post.md): Rejects an invitation to join a local group. The invitation status will be updated to REJECTED. The pending invite is looked up by (groupId, authenticated user). Note: This endpoint is for local groups only. For remote (federated) groups, invite records are not stored locally - the client should call the remote server directly with a GroupFederationToken. ### Cancel a group invitation - [DELETE /api/v1/groups/{groupId}/invites/{groupInviteId}](https://docs.wellesley.social/openapi/group-invitations/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1invites~1%7Bgroupinviteid%7D/delete.md): Requires GroupMembers.Invite permission (group owner/admin). The invitation must be in PENDING status. RBAC: requires GroupMembers.Invite ## Group Join API endpoints for group join workflows. Users can request to join a group, and group admins can approve or reject join requests. Join behavior depends on the group's join mode: OPEN (instant), APPROVAL (requires admin approval), or INVITE_ONLY (requires invitation). Groups may also have entry questions that must be answered before joining. Admin operations (listing, approving, rejecting requests) require the GroupMembers.Manage RBAC permission. All endpoints require authentication. ### Join a group - [POST /api/v1/groups/{groupId}/join](https://docs.wellesley.social/openapi/group-join/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1join/post.md): Request to join a group. The behavior depends on the group's join mode: OPEN groups accept members immediately with MEMBER role, APPROVAL groups create a PENDING join request requiring admin approval, and INVITE_ONLY groups require an invitation. Groups may also have entry questions that require a valid answerToken from completing the group's questionnaire. Users cannot join a group they're already a member of. ### Cancel group join request - [DELETE /api/v1/groups/{groupId}/join](https://docs.wellesley.social/openapi/group-join/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1join/delete.md): Cancel a join request for a group. This allows users to withdraw their request to join a group that requires approval. Only the user who made the original join request can cancel it. ### List join requests for a group - [GET /api/v1/groups/{groupId}/join-requests](https://docs.wellesley.social/openapi/group-join/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1join-requests/get.md): Get a list of join requests for a group with optional filtering by status, username, and date range. Only group admins can access this endpoint RBAC: requires GroupMembers.Manage ### Reject or delete a join request - [DELETE /api/v1/groups/{groupId}/join-requests/{groupJoinRequestId}](https://docs.wellesley.social/openapi/group-join/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1join-requests~1%7Bgroupjoinrequestid%7D/delete.md): Reject a user's join request for a group. By default, this marks the request as REJECTED. If purge=true is passed, the request is permanently deleted from the database. Only group admins can reject/delete join requests. RBAC: requires GroupMembers.Manage ### Approve a join request - [PUT /api/v1/groups/{groupId}/join-requests/{groupJoinRequestId}](https://docs.wellesley.social/openapi/group-join/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1join-requests~1%7Bgroupjoinrequestid%7D/put.md): Approve a join request for a group. This converts the request into an active group membership with MEMBER role. Only group admins can approve join requests. RBAC: requires GroupMembers.Manage ## Group Member Settings Endpoints for managing member-specific settings within groups. These settings are personal to each group member and affect their individual experience within the group. Members can only access and modify their own settings within groups they belong to. ### Update member's personal settings for a group - [PUT /api/v1/groups/{groupId}/member-settings](https://docs.wellesley.social/openapi/group-member-settings/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1member-settings/put.md): Updates one or more of the current member's personal settings within the specified group. Multiple settings can be updated in a single request. Complete setting objects must be provided - partial updates of individual settings are not supported. Members can only update their own settings and must be active members of the group. Changes take effect immediately. ### Get member's personal settings for a group - [GET /api/v1/groups/{groupId}/member-settings](https://docs.wellesley.social/openapi/group-member-settings/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1member-settings/get.md): Retrieves the current member's personal settings within the specified group. Returns a JSON object with setting keys mapped to their values. Members can only access their own settings and must be active members of the group. Settings control member-specific preferences like notification preferences, display options, and personal configurations within the group context. ### Delete member's personal settings for a group - [DELETE /api/v1/groups/{groupId}/member-settings](https://docs.wellesley.social/openapi/group-member-settings/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1member-settings/delete.md): Deletes one or more of the current member's personal settings within the specified group, reverting them to default values. Multiple settings can be deleted in a single request. Members can only delete their own settings and must be active members of the group. After deletion, the settings will use system or group defaults. ## Group Members API endpoints for managing group membership. Provides functionality to add, update, and remove members from groups, as well as retrieve membership information. Supports both local and federated groups through ActivityPub protocol. Access control is enforced based on group privacy settings and user permissions. ### Get current user's group memberships - [GET /api/v1/groups](https://docs.wellesley.social/openapi/group-members/paths/~1api~1v1~1groups/get.md): Retrieves all groups that the currently authenticated user is a member of. Returns both public and private groups since the user is requesting their own memberships. Returns full Group objects with complete group details. Results are paginated. This is a convenience endpoint equivalent to calling /groups/member/{userId}/groups with your own user ID. ### Get group memberships for a specific user - [GET /api/v1/groups/member/{userId}](https://docs.wellesley.social/openapi/group-members/paths/~1api~1v1~1groups~1member~1%7Buserid%7D/get.md): Retrieves all group memberships for the specified user. Privacy rules apply: requesting your own memberships returns all groups (public and private), while requesting another user's memberships returns only their public group memberships. Results are paginated. ### Get groups that a user is a member of - [GET /api/v1/groups/member/{userId}/groups](https://docs.wellesley.social/openapi/group-members/paths/~1api~1v1~1groups~1member~1%7Buserid%7D~1groups/get.md): Retrieves all groups where the specified user is a member. Privacy rules apply: requesting your own groups returns all groups (public and private), while requesting another user's groups returns public groups and private groups where the viewer is also a member. Returns full Group objects rather than membership records. Results are paginated. ### Get groups owned by current user - [GET /api/v1/groups/owned](https://docs.wellesley.social/openapi/group-members/paths/~1api~1v1~1groups~1owned/get.md): Retrieves all groups that were created by the currently authenticated user account. This returns groups where the user is the owner, not just a member. A single user account can own and manage multiple groups. Returns full Group objects with complete group details including private groups owned by the user. Results are paginated. ### Get all members of a group - [GET /api/v1/groups/{groupId}/members](https://docs.wellesley.social/openapi/group-members/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1members/get.md): Retrieves the list of all members in the specified group as GroupMember objects. Public groups are accessible to all authenticated users, Private groups accessible to members only. Supports sorting by join time, posts, relationship to current user, domain, displayName, username, createdAfter, or entityType. Supports filtering by role, domain, displayName, username, createdAfter, and entityType. Supports pagination. If no filter parameters are provided, returns all members. ### Admin-level search for group members - [GET /api/v1/groups/{groupId}/members/search](https://docs.wellesley.social/openapi/group-members/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1members~1search/get.md): Performs an administrative search for group members with multiple filter criteria. Requires GroupMembers.Moderate permission. Can search by roles, actor type, status, country, domain, display name, username, IP address, or join date. Supports sorting by join time, display name, username, number of posts, or country. Results include detailed member information including statistics, last activity, and location data. RBAC: requires GroupMembers.Moderate ### Update an existing group member - [PUT /api/v1/groups/{groupId}/members/{memberId}](https://docs.wellesley.social/openapi/group-members/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1members~1%7Bmemberid%7D/put.md): Updates the role, status, or metadata of an existing group member. For local groups, the update is applied immediately. For federated groups, an ActivityPub message is sent to the remote server to request the update. Requires GroupMembers.Manage permission for the target group. RBAC: requires GroupMembers.Manage ### Remove a member from a group - [DELETE /api/v1/groups/{groupId}/members/{memberId}](https://docs.wellesley.social/openapi/group-members/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1members~1%7Bmemberid%7D/delete.md): Removes the specified user from the group. For local groups, the membership is deleted immediately. For federated groups, an ActivityPub message is sent to request removal. Requires GroupMembers.Manage permission. An optional reason can be provided for audit logging. RBAC: requires GroupMembers.Manage ### Transfer group ownership - [POST /api/v1/groups/{groupId}/members/{newOwnerId}/transfer-ownership](https://docs.wellesley.social/openapi/group-members/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1members~1%7Bnewownerid%7D~1transfer-ownership/post.md): Transfers the ownership of the group to another existing member. The current owner is demoted to admin and the target member becomes the new owner. Can be called by the current owner, or by a system admin if the current owner is suspended. ### Leave a group - [DELETE /api/v1/groups/{groupId}/membership](https://docs.wellesley.social/openapi/group-members/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1membership/delete.md): Removes the authenticated user from the group. The user's posts and comments remain but permissions are revoked. The user can rejoin later with fresh membership. Cannot leave if the user is the last admin of the group. Authentication is required. ### Get current user's membership in a group - [GET /api/v1/groups/{groupId}/membership](https://docs.wellesley.social/openapi/group-members/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1membership/get.md): Returns the membership information for the authenticated user in the specified group. Returns a MembershipInfo object with state indicating: MEMBER (active member), PENDING_JOIN (has pending join request), PENDING_INVITE (has pending invite), or NONE (no relationship). Authentication is required. ### Get group members as User objects - [GET /api/v1/groups/{groupId}/users](https://docs.wellesley.social/openapi/group-members/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1users/get.md): Retrieves the list of all members in the specified group. Public groups are accessible to all authenticated users, Private groups accessible to members only. Supports sorting by join time, posts, or relationship to current user. Supports role filtering and pagination. ## Group Pins API endpoints for managing pinned groups. Users can pin groups they are a member of to keep them easily accessible. Pinned groups support custom ordering via pin numbers and appear first in the user's group list. All endpoints require authentication. ### Get user's pinned groups - [GET /api/v1/groups/pinned](https://docs.wellesley.social/openapi/group-pins/paths/~1api~1v1~1groups~1pinned/get.md): Retrieve all groups pinned by the current user, ordered by pin number. Each group includes viewer context: isMember (always true), pin, and canManage. ### Unpin a group - [DELETE /api/v1/groups/{groupId}/pin](https://docs.wellesley.social/openapi/group-pins/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1pin/delete.md): Removes a group from the user's pinned list. The user must be a member of the group. Authentication is required. ### Pin a group - [PUT /api/v1/groups/{groupId}/pin](https://docs.wellesley.social/openapi/group-pins/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1pin/put.md): Pins a group to the user's pinned list with an optional order number. The user must be a member of the group. If no pin number is provided, the next available number is assigned automatically. Authentication is required. ## Group Questions API endpoints for managing group entry questions. Groups can require prospective members to answer questions before joining. Questions support multiple types (text, single choice, multiple choice) and are used to screen members when the group's join mode is set to QUESTIONS. Answers are validated and generate a token that can be used during the join process. ### Get all questions for a group - [GET /api/v1/groups/{groupId}/questions](https://docs.wellesley.social/openapi/group-questions/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1questions/get.md): Retrieves the complete list of questions that prospective members must answer when joining the group. Questions are returned in order based on their ordering value (lowest first). This endpoint is not accessible for groups with INVITE_ONLY join mode. Authentication is required to prevent question harvesting. ### Create a new group question - [POST /api/v1/groups/{groupId}/questions](https://docs.wellesley.social/openapi/group-questions/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1questions/post.md): Adds a new question that prospective members must answer when joining the group. Requires GroupQuestions.Manage permission. Questions can be of type TEXT (free-form answer), SINGLE_CHOICE (one option), or MULTIPLE_CHOICE (multiple options). For choice questions, provide the available options in the choices array. The creation is tracked in the audit log. RBAC: requires GroupQuestions.Manage ### Submit answers to group entry questions - [POST /api/v1/groups/{groupId}/questions/answers](https://docs.wellesley.social/openapi/group-questions/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1questions~1answers/post.md): Submits answers to all required group questions as part of the join process. Returns a token that must be provided when calling the join endpoint. The group must have questions enabled (joinQuestions.show = true) and the user must not already be a member. Answers are validated against the current questions and stored for review by group administrators. The token expires after a configured period. ### Update an existing group question - [PUT /api/v1/groups/{groupId}/questions/{questionId}](https://docs.wellesley.social/openapi/group-questions/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1questions~1%7Bquestionid%7D/put.md): Modifies an existing question's text, type, choices, or ordering. Requires GroupQuestions.Manage permission. When changing question type, ensure the choices array is appropriate (empty for TEXT, populated for SINGLE_CHOICE/MULTIPLE_CHOICE). All fields must be provided in the update. Changes are tracked in the audit log for compliance. RBAC: requires GroupQuestions.Manage ### Delete a group question - [DELETE /api/v1/groups/{groupId}/questions/{questionId}](https://docs.wellesley.social/openapi/group-questions/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1questions~1%7Bquestionid%7D/delete.md): Permanently removes a question from the group's entry requirements. Requires GroupQuestions.Manage permission. This action cannot be undone. Any existing answers to this question are preserved for audit purposes but will not be evaluated for new join requests. The deletion is recorded in the audit log. RBAC: requires GroupQuestions.Manage ## Group Rules API endpoints for managing community rules within groups. Rules define the expected conduct and content policies that members must follow. Each rule consists of text (the rule itself), a hint (explanation or context), and an ordering value for display sequence. Rules are scoped to specific groups and can be managed by users with appropriate permissions. ### Get all rules for a group - [GET /api/v1/groups/{groupId}/rules](https://docs.wellesley.social/openapi/group-rules/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1rules/get.md): Retrieves the complete list of rules for a specific group. Rules are returned in order based on their ordering value (lowest first). This endpoint is publicly accessible as group rules should be visible to potential members before joining. Each rule includes its text content, explanatory hint, and display ordering. ### Create a new group rule - [POST /api/v1/groups/{groupId}/rules](https://docs.wellesley.social/openapi/group-rules/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1rules/post.md): Creates a new rule for the specified group. Requires GroupSettings.Manage permission. The rule will be assigned a unique ID and added to the group's rule list. Rules are used to establish community guidelines and expected behavior. An audit log entry is created for this action. RBAC: requires GroupSettings.Manage ### Reorder multiple group rules - [POST /api/v1/groups/{groupId}/rules/reorder](https://docs.wellesley.social/openapi/group-rules/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1rules~1reorder/post.md): Batch updates the display ordering of multiple rules within a group. This endpoint allows efficient reordering of rules without individual API calls. Requires GroupSettings.Manage permission. Each reordering operation is tracked in the audit log. Rules not included in the request maintain their current ordering. Returns all group rules with updated ordering values. RBAC: requires GroupSettings.Manage ### Delete a group rule - [DELETE /api/v1/groups/{groupId}/rules/{id}](https://docs.wellesley.social/openapi/group-rules/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1rules~1%7Bid%7D/delete.md): Permanently removes a rule from the group. Requires GroupSettings.Manage permission. This action cannot be undone. The deletion is recorded in the audit log. Returns 404 if the rule doesn't exist or doesn't belong to the specified group. RBAC: requires GroupSettings.Manage ### Update an existing group rule - [PUT /api/v1/groups/{groupId}/rules/{ruleId}](https://docs.wellesley.social/openapi/group-rules/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1rules~1%7Bruleid%7D/put.md): Modifies an existing rule's text, hint, or ordering. Requires GroupSettings.Manage permission. The entire rule content must be provided in the update request. Changes are tracked in the audit log for compliance and moderation purposes. Returns 404 if the rule doesn't exist. RBAC: requires GroupSettings.Manage ## Group Settings Endpoints for managing group-specific settings and configuration options. These endpoints allow authorized group members to view, update, and delete settings that control group behavior, features, and customization options. ### Update group settings - [PUT /api/v1/groups/{groupId}/settings](https://docs.wellesley.social/openapi/group-settings/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1settings/put.md): Update multiple group settings in a single operation. Each setting must be provided as a complete object with all required fields. Partial updates are not supported to ensure data consistency and prevent configuration errors. Requires authentication and the GroupSettings.Manage RBAC permission within the group. RBAC: requires GroupSettings.Manage ### Get group settings - [GET /api/v1/groups/{groupId}/settings](https://docs.wellesley.social/openapi/group-settings/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1settings/get.md): Retrieve specific group settings by their keys. Returns a JSON object mapping setting names to their configured values. Only settings that the authenticated user has permission to read will be included in the response. Requires authentication and group membership. ### Delete group settings - [DELETE /api/v1/groups/{groupId}/settings](https://docs.wellesley.social/openapi/group-settings/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1settings/delete.md): Remove specific group settings by their keys. This operation will permanently delete the specified settings and revert them to their default values. Use with caution as deleted settings cannot be recovered. Requires authentication and the GroupSettings.Manage RBAC permission within the group. RBAC: requires GroupSettings.Manage ## Groups API endpoints for managing groups within the Wellesley platform. Groups are community spaces that can be public or private, support forums, and have their own membership and permission systems. Groups can be federated via ActivityPub for cross-instance communication. ### Create a new group - [POST /api/v1/groups](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups/post.md): Creates a new group owned by the currently authenticated user. The user becomes the group owner with full administrative privileges. The group name must be unique across the platform. A default channel is automatically created for the group. ### Get all user's groups with comprehensive sorting - [GET /api/v1/groups/my-groups](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1my-groups/get.md): Returns user's groups in order: 1) pinned by pin number, 2) owned unpinned by creation date, 3) member unpinned by creation date. Each group includes viewer context: isMember (always true), pin (if pinned), and canManage. ### Get group by name - [GET /api/v1/groups/name/{groupname}](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1name~1%7Bgroupname%7D/get.md): Retrieves a group using its unique name (slug). The group name is case-insensitive and must follow username validation rules (alphanumeric, underscores, hyphens). This endpoint is publicly accessible (@PermitAll) and is useful for human-readable URLs. Stats visibility is controlled by group settings. ### Search groups by name - [GET /api/v1/groups/search](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1search/get.md): Searches for groups whose names contain the specified substring. The search is case-insensitive. If no substring is provided or it's empty, returns all visible groups. Results respect visibility and membership: returns VISIBLE groups (public or private) and any groups the user is a member of if UNLISTED (HIDDEN groups never appear in search or listings). This endpoint is publicly accessible (@PermitAll). Results are paginated. ### Get mutual groups with another user - [GET /api/v1/groups/users/{userId}/mutual](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1users~1%7Buserid%7D~1mutual/get.md): Retrieves groups that both the current user and the specified user are members of. Only returns groups where both users have active memberships (MEMBER status). Useful for finding common communities and shared interests between users. ### Update group information - [PUT /api/v1/groups/{groupId}](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1%7Bgroupid%7D/put.md): Updates the group's basic information including name, display name, description, and privacy settings. Requires GroupData.Manage permission. The group owner and administrators can perform this operation. Changes to privacy settings may affect member access and visibility. RBAC: requires GroupData.Manage ### Get group by ID - [GET /api/v1/groups/{groupId}](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1%7Bgroupid%7D/get.md): Retrieves detailed information about a specific group including metadata, settings, and upload references. Accessible for public groups without membership. Hidden groups return 404 for non-members to maintain privacy. Includes real-time statistics. Stats visibility is controlled by group settings. ### Delete a group - [DELETE /api/v1/groups/{groupId}](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1%7Bgroupid%7D/delete.md): Permanently deletes a group and all associated data including memberships, roles, and channel content. This operation is irreversible. Requires the Group.Delete RBAC permission (typically group owner). The deletion is federated via ActivityPub to notify remote instances. RBAC: requires Group.Delete ### Update group branding - [PUT /api/v1/groups/{groupId}/branding](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1branding/put.md): Updates the visual branding elements of a group including color theme, banner image, and avatar. Color must be in HEX format. Banner and avatar are references to previously uploaded media. Setting banner or avatar to null removes them. Requires the GroupSettings.Manage RBAC permission (group admin). RBAC: requires GroupSettings.Manage ### Get group details with membership info - [GET /api/v1/groups/{groupId}/details](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1details/get.md): Retrieves group details combined with the viewer's membership information. For remote (federated) groups, refreshes data from the remote server if stale. The response includes: - Full group information (same as GET /groups/{groupId}) - Viewer's membership state (MEMBER, PENDING_JOIN, PENDING_INVITE, or NONE) - Related objects (membership details, join request, or pending invite) This endpoint is useful for displaying group pages where the viewer's relationship to the group is relevant, such as showing Accept/Reject buttons for pending invites. ### Get group feed - [GET /api/v1/groups/{groupId}/feed](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1feed/get.md): Returns a merged feed of posts across channels in the group. Members with channel subscriptions see posts from subscribed channels only. Non-members or members without subscriptions see posts from all public channels. Use allChannels=true to bypass subscription gating and show all accessible channels. Post visibility otherwise follows the standard post privacy rules. ## Import Endpoints for importing data from other platforms including followers, blocks, and mutes ### List user's import jobs - [GET /api/v1/import](https://docs.wellesley.social/openapi/import/paths/~1api~1v1~1import/get.md): Returns a list of all import jobs created by the authenticated user, including their current status and results. ### Import data from CSV file - [POST /api/v1/import](https://docs.wellesley.social/openapi/import/paths/~1api~1v1~1import/post.md): Uploads and processes a CSV file for bulk import of data such as followers, blocks, or mutes from other platforms. The import is processed asynchronously after upload. ### Start import processing - [POST /api/v1/import/start/{id}](https://docs.wellesley.social/openapi/import/paths/~1api~1v1~1import~1start~1%7Bid%7D/post.md): Begins processing a previously uploaded import job. The import must be in PENDING state to be started. ### Get import job details - [GET /api/v1/import/{id}](https://docs.wellesley.social/openapi/import/paths/~1api~1v1~1import~1%7Bid%7D/get.md): Retrieves the current status and details of a specific import job, including processing progress and any errors. ## Instance Server instance information and configuration. Provides metadata about the server, compatible domains, supported languages, timezones, and countries. All endpoints are publicly accessible without authentication. ### Get instance information - [GET /api/v1/instance](https://docs.wellesley.social/openapi/instance/paths/~1api~1v1~1instance/get.md): Returns comprehensive server instance metadata including domain, version, build information, registration configuration, and server rules. Useful for clients to understand server capabilities and requirements. ### Get country information - [GET /api/v1/instance/countries](https://docs.wellesley.social/openapi/instance/paths/~1api~1v1~1instance~1countries/get.md): Returns country data including names (common/official/native), flags, and phone codes. Data is cached in Redis with 7-day TTL and fetched from external API if not cached. Falls back to local file if API is unavailable. Used for country selection in user profiles and phone number validation. ### Search compatible federated domains - [GET /api/v1/instance/domains](https://docs.wellesley.social/openapi/instance/paths/~1api~1v1~1instance~1domains/get.md): Returns a list of federated server domains compatible with specified software. Filters domains by prefix matching for autocomplete functionality. Useful for discovering servers running specific ActivityPub software (Mastodon, Pleroma, etc.). Results are cached for performance. ### Get extended server description - [GET /api/v1/instance/extended_description](https://docs.wellesley.social/openapi/instance/paths/~1api~1v1~1instance~1extended_description/get.md): Returns detailed 'about' information for this server instance. Includes formatted HTML content describing the server's purpose and policies. Content is admin-configurable (feature pending implementation). ### Get supported languages - [GET /api/v1/instance/supported_languages](https://docs.wellesley.social/openapi/instance/paths/~1api~1v1~1instance~1supported_languages/get.md): Returns all languages supported by the platform for content and UI translation. Each language includes its ISO code and native name. Used for language selection in user preferences and content language detection. Languages are used by the translation API for multi-language support. ### Get supported timezones - [GET /api/v1/instance/timezones](https://docs.wellesley.social/openapi/instance/paths/~1api~1v1~1instance~1timezones/get.md): Returns a comprehensive list of all supported timezones with metadata. Includes timezone abbreviations, UTC offsets, DST information, and display text. Used for user timezone selection in profile settings. ## Link Preview Link preview generation service for extracting and caching URL metadata. Provides rich preview cards with title, description, image, and other metadata for embedding in posts and messages. Supports OpenGraph and Twitter Card protocols. ### Generate link preview - [GET /api/v1/links](https://docs.wellesley.social/openapi/link-preview/paths/~1api~1v1~1links/get.md): Fetches and returns metadata for a given URL to create a rich preview card. Extracts title, description, image, author, and other OpenGraph/Twitter Card metadata. Results are cached for performance. Returns error if URL is unreachable or has no metadata. The URL must be properly formatted and accessible. ## Lists User list management for organizing and grouping followed accounts. Lists allow users to curate collections of accounts for easier content consumption. Lists can be public or private. Only the list owner can modify their lists. All endpoints require authentication. ### Get authenticated user's lists - [GET /api/v1/lists](https://docs.wellesley.social/openapi/lists/paths/~1api~1v1~1lists/get.md): Returns all lists created by the authenticated user for organizing followed accounts. ### Create a new list - [POST /api/v1/lists](https://docs.wellesley.social/openapi/lists/paths/~1api~1v1~1lists/post.md): Creates a new list for organizing followed accounts. Lists can be public or private. ### Update list properties - [PUT /api/v1/lists/{listId}](https://docs.wellesley.social/openapi/lists/paths/~1api~1v1~1lists~1%7Blistid%7D/put.md): Updates the name, privacy setting, or other properties of an existing list. Only the list owner can update it. ### Get list details by ID - [GET /api/v1/lists/{listId}](https://docs.wellesley.social/openapi/lists/paths/~1api~1v1~1lists~1%7Blistid%7D/get.md): Retrieves details of a specific list including its name, privacy setting, and metadata. Private lists can only be accessed by their owner. ### Delete a list - [DELETE /api/v1/lists/{listId}](https://docs.wellesley.social/openapi/lists/paths/~1api~1v1~1lists~1%7Blistid%7D/delete.md): Permanently deletes a list and removes all user associations. Only the list owner can delete it. ### Get users in a list - [GET /api/v1/lists/{listId}/users](https://docs.wellesley.social/openapi/lists/paths/~1api~1v1~1lists~1%7Blistid%7D~1users/get.md): Returns all users that have been added to a specific list. Private lists can only be accessed by their owner. ### Remove user from list - [DELETE /api/v1/lists/{listId}/users/{userId}](https://docs.wellesley.social/openapi/lists/paths/~1api~1v1~1lists~1%7Blistid%7D~1users~1%7Buserid%7D/delete.md): Removes a user from a list. Only the list owner can remove users. ### Add user to list - [POST /api/v1/lists/{listId}/users/{userId}](https://docs.wellesley.social/openapi/lists/paths/~1api~1v1~1lists~1%7Blistid%7D~1users~1%7Buserid%7D/post.md): Adds a user to a list for organization and filtering purposes. Only followed users can be added to lists. Only the list owner can add users. ## Logins Login method management for authenticated accounts. Allows adding or removing email/password and phone number as authentication methods. Adding a login method requires email or SMS verification. Removing a method is blocked if it is the last remaining login identifier. All changes are audited. All endpoints require authentication. ### Request to add email/password to account - [POST /api/v1/accounts/logins/add-email-password](https://docs.wellesley.social/openapi/logins/paths/~1api~1v1~1accounts~1logins~1add-email-password/post.md): Initiates the process of adding email and password authentication to an existing account. A confirmation code will be sent to the provided email address. ### Confirm email/password addition - [POST /api/v1/accounts/logins/add-email-password/confirm](https://docs.wellesley.social/openapi/logins/paths/~1api~1v1~1accounts~1logins~1add-email-password~1confirm/post.md): Confirms the addition of email/password authentication by verifying the confirmation code sent to the email. On success, sets the email and password on the account, sends a confirmation email, and logs the change in the audit trail. Requires authentication. ### Resend email confirmation code - [PUT /api/v1/accounts/logins/add-email-password/resend-code](https://docs.wellesley.social/openapi/logins/paths/~1api~1v1~1accounts~1logins~1add-email-password~1resend-code/put.md): Resends the confirmation code to the pending email address when adding email/password authentication. ### Add phone number to account - [POST /api/v1/accounts/logins/add-phone](https://docs.wellesley.social/openapi/logins/paths/~1api~1v1~1accounts~1logins~1add-phone/post.md): Adds phone number authentication to the account. If no code is provided, initiates SMS verification. If code is provided, confirms the phone number. ### Remove email/password from account - [DELETE /api/v1/accounts/logins/remove-email-password](https://docs.wellesley.social/openapi/logins/paths/~1api~1v1~1accounts~1logins~1remove-email-password/delete.md): Removes email and password authentication method from the account. Cannot be removed if it's the last remaining login method. ### Remove phone number from account - [DELETE /api/v1/accounts/logins/remove-phone](https://docs.wellesley.social/openapi/logins/paths/~1api~1v1~1accounts~1logins~1remove-phone/delete.md): Removes phone number authentication from the account. Cannot be removed if it's the last remaining login method. ## Markdown Markdown-to-HTML rendering service for post and article previews. Supports autolinking of hashtags, @mentions, and custom emoji. Requires authentication. ### Convert markdown to HTML - [PUT /api/v1/markdown](https://docs.wellesley.social/openapi/markdown/paths/~1api~1v1~1markdown/put.md): Converts markdown formatted text to HTML for preview purposes. By default, processes hashtags into linked tags, @mentions into profile links, and custom emoji shortcodes into images. Use ?skipAutolink=true to get a plain markdown-to-HTML conversion without autolinking. Requires authentication. ## Metrics Endpoints for retrieving metrics and analytics data from the events stream ### Get metrics for a specified time period - [GET /api/v1/metrics](https://docs.wellesley.social/openapi/metrics/paths/~1api~1v1~1metrics/get.md): Retrieves metrics data for the events stream within a specified time period. Supports both predefined periods (last day/week/month) and custom date ranges. RBAC: - requires ANY of Federation.Read, Federation.Manage ### Get current server totals - [GET /api/v1/metrics/totals](https://docs.wellesley.social/openapi/metrics/paths/~1api~1v1~1metrics~1totals/get.md): Returns the current total counts of users and posts on the server. RBAC: - requires ANY of Federation.Read, Federation.Manage ## Mutes User muting functionality for hiding content from specific users without blocking them. Muting a user hides their posts from your timelines and notifications, but does not prevent them from following you or interacting with your content. Mutes can be temporary (with an expiration duration) or permanent. All endpoints require authentication. ### List all muted users - [GET /api/v1/mute](https://docs.wellesley.social/openapi/mutes/paths/~1api~1v1~1mute/get.md): Returns a paginated list of all users currently muted by the authenticated user. Includes both permanently and temporarily muted users. Requires authentication. ### Unmute a previously muted user - [DELETE /api/v1/mute/{userId}](https://docs.wellesley.social/openapi/mutes/paths/~1api~1v1~1mute~1%7Buserid%7D/delete.md): Removes the mute on a specific user, allowing their content to appear again in timelines and notifications. Cancels any scheduled automatic unmute. If you follow the unmuted user, their posts are restored to your home feed. Requires authentication. ### Mute a specific user - [POST /api/v1/mute/{userId}](https://docs.wellesley.social/openapi/mutes/paths/~1api~1v1~1mute~1%7Buserid%7D/post.md): Hides all content from a specific user. Can optionally set an expiration time for the mute. Muted users' posts will not appear in timelines or notifications. If the target user is already blocked, returns an error instead. Removes the muted user's posts from your home feed if you follow them. Requires authentication. ## Names Unified API for validating name availability. Supports checking user/channel usernames and group names. Returns whether a name is reserved or already in use. ### Check if a name is available - [GET /api/v1/names/check](https://docs.wellesley.social/openapi/names/paths/~1api~1v1~1names~1check/get.md): Unified endpoint for checking name availability. For USER scope: checks global user/channel namespace if no scope (groupId) provided, or checks channel username within a specific group if scope is provided. For GROUP scope: checks group name availability (scope not allowed). ## Notes Manage personal notes about other users. Notes are private and only visible to the user who created them. All endpoints require authentication. Users cannot create notes about themselves. ### Set or update note for a user - [PUT /api/v1/notes](https://docs.wellesley.social/openapi/notes/paths/~1api~1v1~1notes/put.md): Creates or updates a personal note about another user. These notes are private and only visible to the authenticated user who created them. ### Get notes for multiple users - [GET /api/v1/notes](https://docs.wellesley.social/openapi/notes/paths/~1api~1v1~1notes/get.md): Retrieves personal notes the authenticated user has created about specified users. Returns notes for multiple users in a single request. ### Delete note for a user - [DELETE /api/v1/notes/{userId}](https://docs.wellesley.social/openapi/notes/paths/~1api~1v1~1notes~1%7Buserid%7D/delete.md): Permanently deletes a personal note about a specific user. ## Notifications User notification management for retrieving, counting, and updating notification status. Notifications are generated by user interactions such as follows, mentions, reposts, and likes. Supports filtering by notification type and status (read/unread). All endpoints require authentication. ### List user's notifications - [GET /api/v1/notifications](https://docs.wellesley.social/openapi/notifications/paths/~1api~1v1~1notifications/get.md): Retrieves a paginated list of the authenticated user's notifications. Supports filtering by specific notification types (include or exclude) and by read/unread status. Results are ordered by creation date, most recent first. Requires authentication. ### Get notifications count - [GET /api/v1/notifications/count](https://docs.wellesley.social/openapi/notifications/paths/~1api~1v1~1notifications~1count/get.md): Returns the total count of the authenticated user's notifications matching the given filters. Supports the same type and status filters as the list endpoint. Useful for displaying unread badge counts. Requires authentication. ### Mark all notifications as read or unread - [POST /api/v1/notifications/mark-all](https://docs.wellesley.social/openapi/notifications/paths/~1api~1v1~1notifications~1mark-all/post.md): Bulk-updates the read/unread status of all notifications for the authenticated user. Returns the number of notifications that were changed. Requires authentication. ### Get notification by ID - [GET /api/v1/notifications/{id}](https://docs.wellesley.social/openapi/notifications/paths/~1api~1v1~1notifications~1%7Bid%7D/get.md): Retrieves a specific notification by its ID. Only returns the notification if it belongs to the authenticated user. Requires authentication. ### Mark notification as read or unread - [POST /api/v1/notifications/{id}/mark](https://docs.wellesley.social/openapi/notifications/paths/~1api~1v1~1notifications~1%7Bid%7D~1mark/post.md): Updates the read/unread status of a specific notification. Only the notification owner can change its status. Requires authentication. ## Passkeys Passkey (WebAuthn) registration and authentication ### List registered passkeys - [GET /api/v1/passkeys](https://docs.wellesley.social/openapi/passkeys/paths/~1api~1v1~1passkeys/get.md): Returns passkey credentials for current selected user ### Begin passkey authentication - [GET /api/v1/passkeys/begin-auth](https://docs.wellesley.social/openapi/passkeys/paths/~1api~1v1~1passkeys~1begin-auth/get.md): Generates and returns WebAuthn assertion (request) options. The server will set cookies to maintain the authentication challenge context. Optionally restrict by username. ### Begin passkey registration - [GET /api/v1/passkeys/begin-register](https://docs.wellesley.social/openapi/passkeys/paths/~1api~1v1~1passkeys~1begin-register/get.md): Generates and returns WebAuthn creation options for the current user. The server will set cookies to maintain the registration challenge context. ### Finish passkey authentication - [POST /api/v1/passkeys/finish-auth](https://docs.wellesley.social/openapi/passkeys/paths/~1api~1v1~1passkeys~1finish-auth/post.md): Verifies the authenticator assertion against the stored challenge and returns a session token on success. ### Finish passkey registration - [POST /api/v1/passkeys/finish-register](https://docs.wellesley.social/openapi/passkeys/paths/~1api~1v1~1passkeys~1finish-register/post.md): Validates the authenticator attestation response against the stored challenge and persists the new credential. ### Remove a registered passkey - [DELETE /api/v1/passkeys/{credentialId}](https://docs.wellesley.social/openapi/passkeys/paths/~1api~1v1~1passkeys~1%7Bcredentialid%7D/delete.md): Deletes a credential by id. Cannot remove last remaining login method. ## Password Password management endpoints for changing and recovering account passwords. Supports two flows: authenticated password change (requires current password and email confirmation) and unauthenticated password recovery (sends reset code to account email). All password changes invalidate other active sessions for security. ### Confirm and apply password change - [POST /api/v1/accounts/password/change/confirm](https://docs.wellesley.social/openapi/password/paths/~1api~1v1~1accounts~1password~1change~1confirm/post.md): Step 2 of authenticated password change: verifies the email confirmation code and applies the new password. Sends a confirmation email and invalidates all other active sessions. Requires authentication. ### Request password change - [POST /api/v1/accounts/password/change/request](https://docs.wellesley.social/openapi/password/paths/~1api~1v1~1accounts~1password~1change~1request/post.md): Step 1 of authenticated password change: validates the current password and stores the new password temporarily. Sends a confirmation code to the account email. Requires authentication and a valid current password. ### Resend password change confirmation code - [PUT /api/v1/accounts/password/change/resend-code](https://docs.wellesley.social/openapi/password/paths/~1api~1v1~1accounts~1password~1change~1resend-code/put.md): Resends the confirmation code for an in-progress password change to the account email. Use when the original code was not received or expired. Requires authentication. Rate limited to prevent abuse. ### Request password recovery - [POST /api/v1/accounts/password/recover](https://docs.wellesley.social/openapi/password/paths/~1api~1v1~1accounts~1password~1recover/post.md): Step 1 of password recovery for unauthenticated users: sends a recovery code to the account email. Accepts either email or username as the login identifier. Must NOT be authenticated - returns error if called with an active session. Rate limited to prevent abuse. ### Set new password after recovery - [POST /api/v1/accounts/password/recover/change](https://docs.wellesley.social/openapi/password/paths/~1api~1v1~1accounts~1password~1recover~1change/post.md): Step 3 of password recovery: sets the new password for an unauthenticated user. Requires that the recovery code was previously validated via /recover/check-code. Sends a confirmation email and invalidates all existing sessions. Must NOT be authenticated - returns error if called with an active session. ### Validate password recovery code - [POST /api/v1/accounts/password/recover/check-code](https://docs.wellesley.social/openapi/password/paths/~1api~1v1~1accounts~1password~1recover~1check-code/post.md): Step 2 of password recovery: validates the recovery code sent to email. On success, stores a temporary flag allowing the password to be changed in the next step. Must NOT be authenticated - returns error if called with an active session. ## Phone Phone number change management for authenticated users. Implements a secure 4-step phone change flow: (1) request change and receive SMS code on current phone, (2) verify current phone ownership, (3) submit new phone number and receive SMS code, (4) verify new phone number. All endpoints require authentication. ### Confirm authentication with phone number - [POST /api/v1/accounts/phone/change/confirm/auth](https://docs.wellesley.social/openapi/phone/paths/~1api~1v1~1accounts~1phone~1change~1confirm~1auth/post.md): Step 2. Validate the provided authentication code. After 3 failed attempts, the current user session will be invalidated. ### Change phone number for authenticated user - [POST /api/v1/accounts/phone/change/confirm/new-phone](https://docs.wellesley.social/openapi/phone/paths/~1api~1v1~1accounts~1phone~1change~1confirm~1new-phone/post.md): Step 4. Validate the new verification code. Upon successful verification, the user's phone number will be updated to the newly verified number. All other active sessions are invalidated for security. The change is logged in the audit trail. ### Request a new phone number - [POST /api/v1/accounts/phone/change/new-phone](https://docs.wellesley.social/openapi/phone/paths/~1api~1v1~1accounts~1phone~1change~1new-phone/post.md): Step 3. Request a new phone number from the user. Verification code will be sent via SMS to that number. ### Request phone number change for authenticated user - [PUT /api/v1/accounts/phone/change/request](https://docs.wellesley.social/openapi/phone/paths/~1api~1v1~1accounts~1phone~1change~1request/put.md): Step 1. Request an authentication code to be sent via SMS to the user's original phone number. ### Resend code to check authentication with phone number - [PUT /api/v1/accounts/phone/change/resend-code/auth](https://docs.wellesley.social/openapi/phone/paths/~1api~1v1~1accounts~1phone~1change~1resend-code~1auth/put.md): Resends the SMS verification code to the user's current phone number. Use when the original code was not received or expired. Requires authentication. Rate limited. ### Resend code to confirm new phone number - [PUT /api/v1/accounts/phone/change/resend-code/new-phone](https://docs.wellesley.social/openapi/phone/paths/~1api~1v1~1accounts~1phone~1change~1resend-code~1new-phone/put.md): Resends the SMS verification code to the new phone number submitted in step 3. Use when the original code was not received or expired. Requires authentication. Rate limited. ## Pins Endpoints for managing `Pins` (top-level posts) and `Highlights` (pinned replies). Top-level pins are shown first in the profile scope and are limited by admin setting `Maximum number of pinned posts`. Replies can be pinned as highlights under their root post. Pin and unpin actions are federated via ActivityPub. ### List pins and highlights - [GET /api/v1/posts/pins](https://docs.wellesley.social/openapi/pins/paths/~1api~1v1~1posts~1pins/get.md): Returns pinned post IDs ordered by pin time (newest first). By default returns only top-level Pins (postOnly=true). Set postOnly=false to include reply Highlights as well. When ownerId is provided, returns pins for that scope owner after access checks. ### Unpin post or remove highlight - [DELETE /api/v1/posts/pins/{postId}](https://docs.wellesley.social/openapi/pins/paths/~1api~1v1~1posts~1pins~1%7Bpostid%7D/delete.md): Removes a previously pinned post. For root posts, removes a top-level Pin; for replies, removes a Highlight. In personal scope, only the root post author can manage pins/highlights; in groups, owner/admin roles can manage them. The action is federated via ActivityPub Remove. ### Pin post or highlight reply - [POST /api/v1/posts/pins/{postId}](https://docs.wellesley.social/openapi/pins/paths/~1api~1v1~1posts~1pins~1%7Bpostid%7D/post.md): Pins the specified post. For a root post, this creates a top-level Pin in the profile/scope. For a reply, this creates a Highlight under the root post. In personal scope, only the root post author can manage pins/highlights; in groups, owner/admin roles can manage them. Reposts and direct posts cannot be pinned. Top-level pin count is limited by admin settings (Maximum number of pinned posts). The action is federated via ActivityPub Add. ## Platform Data Endpoints for managing platform-wide and group-specific data storage. Unlike application data, this provides direct data management not tied to specific applications. Supports flexible ownership models including platform-level, group-level, and user-level data with appropriate access controls. ### Query platform data with filters - [GET /api/v1/data](https://docs.wellesley.social/openapi/platform-data/paths/~1api~1v1~1data/get.md): Retrieves platform-level data entries based on filter criteria. Can filter by type, tags (multiple tags are AND-ed), and owner. When filtering by owner, requires Data.Manage permission for that owner. Returns all matching entries not tied to any specific application. Without filters, returns all platform data the user has permission to access. ### Create new platform data entry - [POST /api/v1/data](https://docs.wellesley.social/openapi/platform-data/paths/~1api~1v1~1data/post.md): Creates a new data entry at the platform level, not associated with any specific application. The data can be owned by users, groups, or the platform itself. Requires Data.Manage permission for the specified owner. Supports flexible JSON content with optional type categorization and tags. ### Update existing platform data - [PUT /api/v1/data/{id}](https://docs.wellesley.social/openapi/platform-data/paths/~1api~1v1~1data~1%7Bid%7D/put.md): Updates an existing platform-level data entry. Requires Data.Manage permission for the data owner. The ownership cannot be changed - the new ownerId must match the existing one. Updates the content, type, and tags while preserving the original ownership. ### Delete platform data entry - [DELETE /api/v1/data/{id}](https://docs.wellesley.social/openapi/platform-data/paths/~1api~1v1~1data~1%7Bid%7D/delete.md): Permanently deletes a platform-level data entry. Requires Data.Manage permission for the data owner. This operation is irreversible and removes all associated metadata including type and tags. Use with caution as deleted data cannot be recovered. ## Platform Settings Endpoints for managing platform-wide settings and configuration options. These endpoints control server-level settings that affect the entire platform, including features, limits, security policies, and default behaviors for all users and groups. ### Update platform settings - [PUT /api/v1/settings](https://docs.wellesley.social/openapi/platform-settings/paths/~1api~1v1~1settings/put.md): Update multiple platform-wide settings in a single operation. Each setting must be provided as a complete object with all required fields. Partial updates are not supported to ensure system stability and prevent configuration errors. Requires authentication. Write access is checked per setting: ADMIN settings require the AdminSettings.Manage RBAC permission. ### Get platform settings - [GET /api/v1/settings](https://docs.wellesley.social/openapi/platform-settings/paths/~1api~1v1~1settings/get.md): Retrieve specific platform-wide settings by their keys. Returns a JSON object mapping setting names to their configured values. Access depends on each setting's read permission: GUEST settings are publicly accessible without authentication, USER settings require an authenticated user, and ADMIN settings require the AdminSettings.Read RBAC permission. ### Delete platform settings - [DELETE /api/v1/settings](https://docs.wellesley.social/openapi/platform-settings/paths/~1api~1v1~1settings/delete.md): Remove specific platform settings by their keys. This operation will permanently delete the specified settings and revert them to their system default values. Use extreme caution as this affects the entire platform. Requires authentication. Write access is checked per setting: ADMIN settings require the AdminSettings.Manage RBAC permission. ### List setting keys - [GET /api/v1/settings/names](https://docs.wellesley.social/openapi/platform-settings/paths/~1api~1v1~1settings~1names/get.md): Return a list of fully-qualified setting key names for the requested settings type. ## Polls Endpoints for interacting with polls attached to posts, including voting and refreshing results from federated instances. Requires authentication. Polls are created as part of a post via the Posts API. ### Refresh poll results - [POST /api/v1/polls/{pollId}/refresh](https://docs.wellesley.social/openapi/polls/paths/~1api~1v1~1polls~1%7Bpollid%7D~1refresh/post.md): Refreshes poll results from the remote server if the poll is from a federated instance and the results may be stale. Returns the updated poll with current vote counts. ### Vote in a poll - [POST /api/v1/polls/{pollId}/vote](https://docs.wellesley.social/openapi/polls/paths/~1api~1v1~1polls~1%7Bpollid%7D~1vote/post.md): Submit vote(s) for a poll. Multiple choices can be selected if the poll allows it. Users cannot vote in their own polls or vote multiple times. ## Posts Endpoints for creating, reading, updating, and deleting posts, as well as managing comments, likes, bookmarks, reposts, subscriptions, and votes. Most endpoints require authentication; read-only feed and post endpoints are accessible to guests via @PermitAll. Post mutations are federated via ActivityPub. ### Get posts feed - [GET /api/v1/posts](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts/get.md): Returns posts based on various filters. For authenticated users, shows their personalized feed. For unauthenticated users, shows public posts only. Supports filtering by user, owner, tags, lists, bookmarks, and more. Can include comments, translations, and various metadata. ### Create a new post - [POST /api/v1/posts](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts/post.md): Creates a new post with text content. Can be a regular post, article, or other post type. Posts can be public, unlisted, followers-only, or direct messages. Sensitive content requires a content warning. The post is automatically distributed to followers and federated instances. ### Get bookmarked posts - [GET /api/v1/posts/bookmarked](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1bookmarked/get.md): Returns posts that the currently authenticated user has bookmarked and can still access under current privacy/visibility rules. Use my=true to return only the user's own bookmarked posts. ### Get home feed - [GET /api/v1/posts/feeds/following](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1feeds~1following/get.md): Returns the home feed showing posts from accounts the current user follows. This is the main timeline feed. Supports caching for performance, with fallback to database if cache is empty or regenerating. Can include follow status, bookmarks, and translations. ### Get public posts feed - [GET /api/v1/posts/feeds/public](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1feeds~1public/get.md): Returns a feed of public posts visible to everyone. Can be filtered by owner type, local vs federated posts, and whether to include reposts. Supports various metadata inclusions like follow status, bookmarks, translations, and trends. Also called Discover Feed. ### Get liked posts - [GET /api/v1/posts/liked](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1liked/get.md): Returns all posts that the currently authenticated user has liked. Can be filtered by owner type to show only posts from users, groups, categories, or events. ### Get posts with mentions - [GET /api/v1/posts/mentioned](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1mentioned/get.md): Returns all posts where the currently authenticated user was mentioned. Can be filtered by owner type and privacy level (e.g., to show only direct messages where mentioned). ### Get current user's posts - [GET /api/v1/posts/my](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1my/get.md): Returns all posts created by the currently authenticated user. Can filter for reposts only or bookmarked posts only. Optionally includes comments and bookmark status. ### Get user's replies - [GET /api/v1/posts/replies](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1replies/get.md): Returns posts that a user has replied to, along with their replies. Shows the original post as the parent with the user's reply nested within it. Useful for viewing a user's conversation participation. ### Get subscribed posts - [GET /api/v1/posts/subscriptions](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1subscriptions/get.md): Returns all posts the authenticated user is subscribed to for notifications. Can be filtered by scope owner or return all subscriptions across scopes with ?all=true. Requires authentication. ### Update post content - [PUT /api/v1/posts/{postId}](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D/put.md): Updates an existing post's content, privacy settings, or metadata. Only the post author can update their own posts. Cannot update comments through this endpoint. Sensitive content must include a content warning. ### Get post by ID - [GET /api/v1/posts/{postId}](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D/get.md): Retrieves a specific post by its ID. Can optionally include comments with configurable depth levels, parent posts for comments, bookmarks, translations, trends, and repost information. Supports building comment trees with specified depth limits. ### Delete a post - [DELETE /api/v1/posts/{postId}](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D/delete.md): Permanently deletes a post. Only the post author can delete their own posts. This action removes the post from all timelines and sends deletion notifications to federated instances. ### Get active users in conversation - [GET /api/v1/posts/{postId}/active-users](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1active-users/get.md): Returns users who have posted in this conversation thread, including their avatars, reply counts, and last post time. Works for any post type (personal, group channel, event). Includes both current and former group members for group contexts. Excludes blocked/muted users, deleted posts, and suspended users. ### Remove bookmark - [DELETE /api/v1/posts/{postId}/bookmark](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1bookmark/delete.md): Removes a post from the authenticated user's bookmarks. Fails if the post was not previously bookmarked. This action is private and does not notify the post author. ### Bookmark a post - [POST /api/v1/posts/{postId}/bookmark](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1bookmark/post.md): Adds a post to the authenticated user's bookmarks for later reading. Bookmarks are private and not visible to other users or the post author. Each post can only be bookmarked once per user. ### Get post commenters - [GET /api/v1/posts/{postId}/commenters](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1commenters/get.md): Returns a list of unique users who have commented on a specific post. Includes follow relationship status and supports deduplication of multiple comments by the same user. ### Get post comments - [GET /api/v1/posts/{postId}/comments](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1comments/get.md): Retrieves all comments for a specific post. Supports pagination and configurable comment depth levels. Returns an empty list if comments are disabled for the post. Comments are organized in a tree structure based on their reply relationships. ### Create a comment - [POST /api/v1/posts/{postId}/comments](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1comments/post.md): Creates a new comment on a post. Comments can be nested replies to other comments. The authenticated user becomes the comment author. Comments inherit visibility from their parent post. ### Update a comment - [PUT /api/v1/posts/{postId}/comments/{commentId}](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1comments~1%7Bcommentid%7D/put.md): Updates an existing comment's content. Only the comment author can update their own comments. The comment must belong to the specified post. Maintains the comment's position in the thread hierarchy. ### Delete a comment - [DELETE /api/v1/posts/{postId}/comments/{commentId}](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1comments~1%7Bcommentid%7D/delete.md): Permanently deletes a comment from a post. Only the comment author can delete their own comments. The comment must belong to the specified post. Child comments may be affected depending on the platform's threading model. ### Detach repost from original - [POST /api/v1/posts/{postId}/detach](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1detach/post.md): Allows the original post author to detach a repost or quote from their post. This breaks the connection between the repost and the original, typically used when the repost violates the author's wishes or contains inappropriate commentary. ### Downvote a post - [POST /api/v1/posts/{postId}/downvote](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1downvote/post.md): Adds a negative vote to a post from the authenticated user. If the user previously upvoted, the vote is changed to a downvote. Users cannot vote on their own posts. Returns the updated vote summary. ### View edit history of a post - [GET /api/v1/posts/{postId}/edits](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1edits/get.md): Retrieves the complete edit history of a post, showing all versions from creation to current state. Each edit includes the text, media, mentions, and timestamp of the change. Useful for transparency and tracking post modifications over time. ### Update the quote approval policy on a post - [PUT /api/v1/posts/{postId}/interaction-policy](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1interaction-policy/put.md): Sets the per-post quote approval policy. Only the post author can update this. Values: PUBLIC (anyone can quote), FOLLOWERS (only followers), NOBODY (all quotes require approval). ### Get post likes - [GET /api/v1/posts/{postId}/likes](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1likes/get.md): Returns a list of users who have liked a specific post. Can include follow relationship status between the viewer and the liking users. Supports pagination for posts with many likes. ### Unlike a post - [DELETE /api/v1/posts/{postId}/likes](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1likes/delete.md): Removes the authenticated user's like from a post. Returns the new total number of likes. Sends unlike notifications and federates the activity. Fails if the post was not previously liked. ### Like a post - [POST /api/v1/posts/{postId}/likes](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1likes/post.md): Adds a like to a post from the authenticated user. Each user can only like a post once. Returns the new total number of likes. Sends like notifications to the post author and federates the activity. ### Mute a conversation - [POST /api/v1/posts/{postId}/mute](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1mute/post.md): Mutes the conversation that the specified post belongs to. When a conversation is muted, notifications for activity in that thread are suppressed. Posts still appear in feeds and streams. ### List accepted quotes of a post - [GET /api/v1/posts/{postId}/quotes](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1quotes/get.md): Returns a paginated list of posts that quote the specified post and have been accepted. ### Revoke a quote authorization - [POST /api/v1/posts/{postId}/quotes/{quoteAuthId}/revoke](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1quotes~1%7Bquoteauthid%7D~1revoke/post.md): Revokes an accepted quote authorization. Only the quoted post's author can revoke. The quoting post will no longer be listed as an accepted quote. ### Refresh the preview card for a post - [POST /api/v1/posts/{postId}/refresh-card](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1refresh-card/post.md): Regenerates the link preview card for a post that contains URLs. Only the post author can refresh the card. This is useful when the linked content has changed and you want to update the preview information. ### Undo a repost - [DELETE /api/v1/posts/{postId}/repost](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1repost/delete.md): Removes your repost or quote of a specific post. This deletes the repost from your timeline and notifies the original author. Only your own reposts can be undone. ### Repost or quote another post - [POST /api/v1/posts/{postId}/repost](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1repost/post.md): Creates a repost (boost) or quote post of someone else's content. Regular reposts simply share the original post, while quotes add your own commentary. Only public posts and public follow-posts can be reposted. You cannot repost a repost. ### Get post reposts - [GET /api/v1/posts/{postId}/reposts](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1reposts/get.md): Returns a list of users who have reposted or quoted a specific post. Can filter by repost type (regular repost vs quote). Includes follow relationship status and supports deduplication of multiple reposts by the same user. ### Subscribe to post notifications - [PUT /api/v1/posts/{postId}/subscription](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1subscription/put.md): Subscribes the authenticated user to receive notifications for new activity on a post (new comments, edits, etc.). Users cannot subscribe to their own posts as they already receive notifications by default. For remote posts, sends a Follow(post) ActivityPub activity. ### Get subscription status for a post - [GET /api/v1/posts/{postId}/subscription](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1subscription/get.md): Returns 200 if the authenticated user is subscribed to this post's notifications, or 404 if not subscribed. ### Unsubscribe from post - [DELETE /api/v1/posts/{postId}/subscription](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1subscription/delete.md): Removes the subscription for post notifications. The user will no longer receive notifications about new activity on this post. For remote posts, sends an Undo(Follow(post)) ActivityPub activity. ### Track post view - [POST /api/v1/posts/{postId}/track-view](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1track-view/post.md): Records that a user has viewed this post. Used for analytics and engagement metrics. Works for both authenticated and unauthenticated users. ### Translate post content - [POST /api/v1/posts/{postId}/translate](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1translate/post.md): Translates the text content of a post to the specified target language. Can return either plain text or HTML formatted translation. Uses automatic translation services to provide the translation. ### Unmute a conversation - [POST /api/v1/posts/{postId}/unmute](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1unmute/post.md): Unmutes the conversation that the specified post belongs to. Notifications for activity in that thread will resume. ### Upvote a post - [POST /api/v1/posts/{postId}/upvote](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1upvote/post.md): Adds a positive vote to a post from the authenticated user. If the user previously downvoted, the vote is changed to an upvote. Users cannot vote on their own posts. Returns the updated vote summary. ### Get post votes - [GET /api/v1/posts/{postId}/votes](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1votes/get.md): Returns a summary of upvotes and downvotes for a post, including the authenticated user's own vote direction. Requires authentication. ## RBAC Endpoints for retrieving Role-Based Access Control (RBAC) configurations and managing roles, resources, permissions and role-to-user assignments. Scoped Role Definition (`RBACRole`): - Represents roles within the RBAC system. - Each role has a unique `roleId`, a `name`, an optional `description`, and a `scope`. - The `scope` defines the domain or area in which the role is valid. - The `scope` can be Global (hardcoded), currently the only one is "global" - The `scope` also can be dynamic, currently we use Group Ids, like "gr_05hxcvk1hjexere4pvtrj0hggt" - Roles come with assigned permissions (`RBACPermissions`) that define what actions the role can perform on system resources. - Metadata such as `createdAt` and `updatedAt` timestamps track the role's lifecycle events. Permissions (`RBACPermissions`): - Encapsulates resource-specific access controls. - Each permission object specifies the `resource` (e.g., "user", "document") and an associated list of allowed `RBACAccess` types. - `RBACAccess` enumerates the supported actions: `Read`, `Add`, `Modify`, `Delete`. Role Assignments to Actors (`RBACActorRole`): - Maps actors (e.g., users, services) to specific roles. - Tracks the association through `actorId` (representing the unique entity being assigned) and `roleId` (specific role ID). - Includes timestamps to record when the assignment was created or updated. ### Retrieves all RBAC-guarded resources and their access lists - [GET /api/v1/rbac](https://docs.wellesley.social/openapi/rbac/paths/~1api~1v1~1rbac/get.md): Returns the complete list of RBAC-protected resources along with their supported access types (Read, Add, Modify, Delete, etc.). Use this to understand what resources exist in the system and what permissions can be assigned to them. No authentication required. ### Retrieves permissions for the specified actor within a scope - [GET /api/v1/rbac/actors/{actorId}/permissions](https://docs.wellesley.social/openapi/rbac/paths/~1api~1v1~1rbac~1actors~1%7Bactorid%7D~1permissions/get.md): Retrieves all permissions assigned to an actor within a specified scope. If no scope is provided, assumes GlobalScope ### Retrieves roles for the specified actor within the specified scope - [GET /api/v1/rbac/actors/{actorId}/roles](https://docs.wellesley.social/openapi/rbac/paths/~1api~1v1~1rbac~1actors~1%7Bactorid%7D~1roles/get.md): Retrieves all roles assigned to the specified actor within the specified scope. If no scope is specified, assumes the GlobalScope RBAC: - requires ANY of GroupRoles.Read, Roles.Read ### Retrieves all roles in the specified scope - [GET /api/v1/rbac/roles](https://docs.wellesley.social/openapi/rbac/paths/~1api~1v1~1rbac~1roles/get.md): Returns all roles that exist within the specified scope. The scope can be 'global' for global roles or a group ID for group-scoped roles. RBAC: - requires ANY of Roles.Read, GroupRoles.Read ### Create a new role in the specified scope - [POST /api/v1/rbac/roles](https://docs.wellesley.social/openapi/rbac/paths/~1api~1v1~1rbac~1roles/post.md): Creates a new role with specified permissions within the specified scope. The scope can be 'global' for global roles or a group ID for group-scoped roles. The scope value in the request body is ignored — the scope query parameter is authoritative. Group-scoped roles cannot include restricted permissions (GroupRoles.Manage, Group.Delete). RBAC: - requires ANY of Roles.Manage, GroupRoles.Manage ### Update the specified role - [PUT /api/v1/rbac/roles/{roleId}](https://docs.wellesley.social/openapi/rbac/paths/~1api~1v1~1rbac~1roles~1%7Broleid%7D/put.md): Updates the name, description, and/or permissions of an existing role identified by its role ID within the specified scope. The role's scope cannot be changed. Group-scoped roles cannot include restricted permissions (GroupRoles.Manage, Group.Delete). RBAC: - requires ANY of Roles.Manage, GroupRoles.Manage ### Delete the specified role - [DELETE /api/v1/rbac/roles/{roleName}](https://docs.wellesley.social/openapi/rbac/paths/~1api~1v1~1rbac~1roles~1%7Brolename%7D/delete.md): Permanently deletes a role by name within the specified scope. All actor-to-role assignments for this role will also be removed. This operation cannot be undone. RBAC: - requires ANY of Roles.Manage, GroupRoles.Manage ### Retrieves the description and the access list for the specified resource - [GET /api/v1/rbac/{resource}](https://docs.wellesley.social/openapi/rbac/paths/~1api~1v1~1rbac~1%7Bresource%7D/get.md): Returns the resource model including its name, description, and supported access types for a specific RBAC-guarded resource. Use the resource name as it appears in the full resource list (e.g., 'GroupMembers', 'Users', 'Roles'). Returns ResourceNotFound if the resource does not exist. No authentication required. ## Remote collections API to retrieve followers and following collections for remote (federated) users. Fetches collection data from remote ActivityPub servers, resolves actor URIs to user profiles, and returns them in the local user format. Supports pagination via offset/limit parameters. All endpoints are publicly accessible (@PermitAll) and operate on remote users only -- local users are rejected. ### Get remote user's followers - [GET /api/v1/users/remote/{userNameFull}/followers](https://docs.wellesley.social/openapi/remote-collections/paths/~1api~1v1~1users~1remote~1%7Busernamefull%7D~1followers/get.md): Retrieves the follower collection of a remote federated user. Fetches the followers from the remote server using ActivityPub protocol. Supports pagination through offset and limit parameters. Only works for remote users, not local users. ### Get remote user's following - [GET /api/v1/users/remote/{userNameFull}/following](https://docs.wellesley.social/openapi/remote-collections/paths/~1api~1v1~1users~1remote~1%7Busernamefull%7D~1following/get.md): Retrieves the following collection of a remote federated user. Fetches the list of accounts that the remote user follows from their home server using ActivityPub protocol. Supports pagination through offset and limit parameters. Only works for remote users, not local users. ## Reports Unified moderation endpoints for server and group reports. Pass scope= for group scope; omit scope for server scope. ### Get users eligible to be assigned reports - [GET /api/v1/admin/reports/eligible-assignees](https://docs.wellesley.social/openapi/reports/paths/~1api~1v1~1admin~1reports~1eligible-assignees/get.md): Returns a list of users who can be assigned to moderate reports. This includes users with report-management permissions who are not suspended or limited. Use this to populate assignment dropdowns in the moderation UI. RBAC: - requires ANY of Reports.Read, Reports.Manage, GroupReports.Read, GroupReports.Manage ### List moderation reports with filtering - [GET /api/v1/admin/reports/list](https://docs.wellesley.social/openapi/reports/paths/~1api~1v1~1admin~1reports~1list/get.md): Retrieves a paginated list of moderation reports. Can filter by target ID, target type (post/user/group), or resolution status. Supports pagination for large result sets. Reports include details about the target content, assigned moderator, and any notes. RBAC: - requires ANY of Reports.Read, Reports.Manage, GroupReports.Read, GroupReports.Manage ### List reported groups with aggregated report data - [GET /api/v1/admin/reports/reported-groups](https://docs.wellesley.social/openapi/reports/paths/~1api~1v1~1admin~1reports~1reported-groups/get.md): Returns groups that have been reported, grouped by group with aggregate statistics. Each entry includes the group, a representative report, open/total counts, and latest dates. Group reports are always global scope (handled by server admins). RBAC: - requires ANY of Reports.Read, Reports.Manage ### List reported posts with aggregated report data - [GET /api/v1/admin/reports/reported-posts](https://docs.wellesley.social/openapi/reports/paths/~1api~1v1~1admin~1reports~1reported-posts/get.md): Returns posts that have been reported, grouped by post with aggregate statistics. Each entry includes the post, a representative report, open/total report counts, and latest dates. This view is designed for moderators to efficiently review reported content by post. RBAC: - requires ANY of Reports.Read, Reports.Manage, GroupReports.Read, GroupReports.Manage ### List reported users with aggregated report data - [GET /api/v1/admin/reports/reported-users](https://docs.wellesley.social/openapi/reports/paths/~1api~1v1~1admin~1reports~1reported-users/get.md): Returns users that have been reported directly (not via their posts), grouped by user with aggregate statistics. Each entry includes the user, a representative report, open/total counts, and latest dates. This view is designed for moderators to review user-level reports. RBAC: - requires ANY of Reports.Read, Reports.Manage, GroupReports.Read, GroupReports.Manage ### Get specific report details - [GET /api/v1/admin/reports/{reportId}](https://docs.wellesley.social/openapi/reports/paths/~1api~1v1~1admin~1reports~1%7Breportid%7D/get.md): Retrieves complete details of a specific moderation report including the target content (post/user/group), assigned moderator, resolution status, comments from reporters, and all associated moderator notes. Use this to review a report before taking action. RBAC: - requires ANY of Reports.Read, Reports.Manage, GroupReports.Read, GroupReports.Manage ### Add moderation note to report - [POST /api/v1/admin/reports/{reportId}/add-note](https://docs.wellesley.social/openapi/reports/paths/~1api~1v1~1admin~1reports~1%7Breportid%7D~1add-note/post.md): Adds an internal moderation note to the report. Notes are used to document investigation findings, actions taken, or communication between moderators. Each note is timestamped and attributed to the adding moderator. Notes are visible only to moderators and not to reporters or reported users. RBAC: - requires ANY of Reports.Manage, GroupReports.Manage ### Assign report to a moderator - [POST /api/v1/admin/reports/{reportId}/assign](https://docs.wellesley.social/openapi/reports/paths/~1api~1v1~1admin~1reports~1%7Breportid%7D~1assign/post.md): Assigns the report to a specific moderator for handling. When a user is assigned, the report state changes to 'under_review'. Pass null userId to unassign (returns to 'open' state). This helps coordinate moderation efforts by showing who is actively investigating. RBAC: - requires ANY of Reports.Manage, GroupReports.Manage ### Permanently delete a report - [DELETE /api/v1/admin/reports/{reportId}/delete](https://docs.wellesley.social/openapi/reports/paths/~1api~1v1~1admin~1reports~1%7Breportid%7D~1delete/delete.md): Permanently removes a report and all its comments from the system. This should only be used for invalid or spam reports. For legitimate reports that have been addressed, use resolve or dismiss instead to maintain moderation history. This action cannot be undone. RBAC: - requires ANY of Reports.Manage, GroupReports.Manage ### Dismiss report without action - [POST /api/v1/admin/reports/{reportId}/dismiss](https://docs.wellesley.social/openapi/reports/paths/~1api~1v1~1admin~1reports~1%7Breportid%7D~1dismiss/post.md): Dismisses a report, indicating that no action is warranted (e.g., false report, not against rules). The current user is recorded as having dismissed the report. This sets the state to 'dismissed' and records actionTakenAt timestamp. RBAC: - requires ANY of Reports.Manage, GroupReports.Manage ### Remove moderation note from report - [POST /api/v1/admin/reports/{reportId}/remove-note](https://docs.wellesley.social/openapi/reports/paths/~1api~1v1~1admin~1reports~1%7Breportid%7D~1remove-note/post.md): Removes a specific moderation note from the report by its index position. Use this to correct mistakes or remove outdated information. Notes are zero-indexed, so the first note has index 0. Only valid indices are accepted. RBAC: - requires ANY of Reports.Manage, GroupReports.Manage ### Reopen a closed report - [POST /api/v1/admin/reports/{reportId}/reopen](https://docs.wellesley.social/openapi/reports/paths/~1api~1v1~1admin~1reports~1%7Breportid%7D~1reopen/post.md): Reopens a previously resolved or dismissed report for further investigation. This sets the state back to 'open', clears assignment, and clears action taken fields. Useful when initial resolution was insufficient or new information becomes available. RBAC: - requires ANY of Reports.Manage, GroupReports.Manage ### Mark report as resolved - [POST /api/v1/admin/reports/{reportId}/resolve](https://docs.wellesley.social/openapi/reports/paths/~1api~1v1~1admin~1reports~1%7Breportid%7D~1resolve/post.md): Marks a report as resolved, indicating that action has been taken (e.g., content removed, user warned). The current user is recorded as the moderator who resolved the report. This sets the state to 'resolved' and records actionTakenAt timestamp. RBAC: - requires ANY of Reports.Manage, GroupReports.Manage ### Unassign report from any moderator - [POST /api/v1/admin/reports/{reportId}/unassign](https://docs.wellesley.social/openapi/reports/paths/~1api~1v1~1admin~1reports~1%7Breportid%7D~1unassign/post.md): Removes the assignment of this report from any moderator, making it available for other moderators to claim. The report state returns to 'open' if it was 'under_review'. Use when unable to complete investigation or when transferring to another moderator. RBAC: - requires ANY of Reports.Manage, GroupReports.Manage ### Report a post, user, or group to moderators - [POST /api/v1/reports](https://docs.wellesley.social/openapi/reports/paths/~1api~1v1~1reports/post.md): Creates a new report targeting a user, a post, or a group. If a report already exists for the same target, the new report is merged as a comment on the existing report instead of creating a duplicate. When 'forward' is true and the target is remote, sends a Flag activity via ActivityPub to the target's home instance (not applicable for group reports). For group reports: non-secret groups can be reported by anyone, secret groups can only be reported by members. Requires authentication. ### Edit your existing comment on a report - [POST /api/v1/reports/{reportId}/edit-comment](https://docs.wellesley.social/openapi/reports/paths/~1api~1v1~1reports~1%7Breportid%7D~1edit-comment/post.md): Updates the authenticated user's existing report comment for the specified report. ## Rules Manage platform rules that govern user conduct and content policies. Retrieving rules is publicly accessible. Creating, updating, deleting, and reordering rules require authentication and the Rules.Manage RBAC permission. All write operations are logged in the audit trail. ### Update existing rule - [PUT /api/v1/rules](https://docs.wellesley.social/openapi/rules/paths/~1api~1v1~1rules/put.md): Modifies an existing platform rule with updated text, hint, or ordering. Requires authentication and the Rules.Manage RBAC permission. Returns 404 if the rule does not exist. The update is logged in the audit trail. RBAC: requires Rules.Manage ### Get all rules - [GET /api/v1/rules](https://docs.wellesley.social/openapi/rules/paths/~1api~1v1~1rules/get.md): Retrieves the complete list of platform rules that users must follow. Publicly accessible without authentication. Rules are returned ordered by their display position. ### Create a rule - [POST /api/v1/rules](https://docs.wellesley.social/openapi/rules/paths/~1api~1v1~1rules/post.md): Creates a new platform rule with text content, optional hint explanation, and ordering priority. Requires authentication and the Rules.Manage RBAC permission. The creation is logged in the audit trail. RBAC: requires Rules.Manage ### Reorder rules - [POST /api/v1/rules/reorder](https://docs.wellesley.social/openapi/rules/paths/~1api~1v1~1rules~1reorder/post.md): Updates the display ordering of multiple rules at once by providing new ordering values. Requires authentication and the Rules.Manage RBAC permission. Each reorder operation is logged individually in the audit trail. Returns the complete updated list of rules after reordering. RBAC: requires Rules.Manage ### Delete existing rule - [DELETE /api/v1/rules/{id}](https://docs.wellesley.social/openapi/rules/paths/~1api~1v1~1rules~1%7Bid%7D/delete.md): Permanently removes a platform rule by its ID. Requires authentication and the Rules.Manage RBAC permission. The deletion is logged in the audit trail. RBAC: requires Rules.Manage ## Search Endpoints for searching across users, posts, and tags with various filtering options ### Search across public post, users, tags. No auth required - [GET /api/v1/search](https://docs.wellesley.social/openapi/search/paths/~1api~1v1~1search/get.md): Performs a search query across different content types with support for URL resolution, username lookups, and various filtering options. Authenticated requests include relationship data (following/followed) in user results unless includeRelations=false. Group results include VISIBLE groups; UNLISTED/HIDDEN groups are included only for members. ## Sessions Authentication session management endpoints. Allows users to view active sessions across devices, revoke individual sessions or all other sessions, and permanently delete session records. Sessions are tracked in both the database and Redis for real-time state synchronization. All endpoints require authentication. The current session cannot be revoked or deleted. ### Delete all sessions except current - [DELETE /api/v1/sessions/all](https://docs.wellesley.social/openapi/sessions/paths/~1api~1v1~1sessions~1all/delete.md): Permanently deletes all session records for the account except the current one. Unlike revoke-all, this removes session records from the database entirely. All other session tokens are removed from Redis. Requires authentication. ### List all sessions - [GET /api/v1/sessions/list](https://docs.wellesley.social/openapi/sessions/paths/~1api~1v1~1sessions~1list/get.md): Returns all sessions for the authenticated account, sorted by most recently used. Session state is synchronized with Redis to reflect real-time activity. Sessions not found in Redis are marked as EXPIRED. Requires authentication. ### Revoke all sessions except current - [PUT /api/v1/sessions/revoke/all](https://docs.wellesley.social/openapi/sessions/paths/~1api~1v1~1sessions~1revoke~1all/put.md): Expires all sessions for the account except the current one. Useful for securing the account after a suspected compromise. All other session tokens are removed from Redis. Requires authentication. ### Revoke a session - [PUT /api/v1/sessions/revoke/{sessionKey}](https://docs.wellesley.social/openapi/sessions/paths/~1api~1v1~1sessions~1revoke~1%7Bsessionkey%7D/put.md): Expires a specific session by its session key, making it inactive but retaining the record. The session token is removed from Redis. Cannot revoke the current session - use logout instead. Requires authentication. ### Delete a session - [DELETE /api/v1/sessions/{sessionKey}](https://docs.wellesley.social/openapi/sessions/paths/~1api~1v1~1sessions~1%7Bsessionkey%7D/delete.md): Permanently deletes a specific session record by its session key. Unlike revoke, this removes the session from the database entirely. The session token is also removed from Redis. Cannot delete the current session. Requires authentication. ## SignupInviteLinks Manage signup invite links for user registration. All endpoints require authentication. Invite links allow existing users to invite new members with configurable usage limits and expiration dates. ### List invite links for current user - [GET /api/v1/users/invite-links](https://docs.wellesley.social/openapi/signupinvitelinks/paths/~1api~1v1~1users~1invite-links/get.md): Returns a paginated list of invite links created by the authenticated user. Optionally filter by active/inactive status. Each link includes usage count, maximum uses, expiration date, and creation timestamp. ### Create a new signup invite link - [POST /api/v1/users/invite-links](https://docs.wellesley.social/openapi/signupinvitelinks/paths/~1api~1v1~1users~1invite-links/post.md): Creates a new invite link with an auto-generated unique code. The invite can optionally have a maximum use count and expiration date. Requires authentication. Fails if invites are not enabled on the platform or if the user has exceeded the maximum number of invite links. ### Deactivate an invite link - [PUT /api/v1/users/invite-links/deactivate/{code}](https://docs.wellesley.social/openapi/signupinvitelinks/paths/~1api~1v1~1users~1invite-links~1deactivate~1%7Bcode%7D/put.md): Deactivates an existing invite link by its code, preventing further use. Only the owner of the invite link can deactivate it. Returns 404 if the invite link is not found or does not belong to the authenticated user. ## Suggestions Personalized follow suggestions for the authenticated user based on FASP recommendations. Excludes users already followed or pending follow requests, and users blocked by either side. ### Get follow suggestions - [GET /api/v1/suggestions](https://docs.wellesley.social/openapi/suggestions/paths/~1api~1v1~1suggestions/get.md): Returns recommended users for the authenticated account. Results are fetched from FASP providers, resolved to users, and filtered to remove already-followed users, pending follow requests, and blocked relationships. ## Tags Endpoints for managing hashtags, including following, featuring, and retrieving tag information ### Get list of featured tags - [GET /api/v1/tags/featured](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1featured/get.md): Returns the featured (pinned) tags for the authenticated user or a specified user. For remote users, featured tags may be refreshed from their origin server if stale. Tags blocked by scope policy are filtered out. Requires authentication. ### Remove from featured tags by name - [DELETE /api/v1/tags/featured/{name}](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1featured~1%7Bname%7D/delete.md): Removes a tag from the authenticated user's featured (pinned) tags and notifies followers via ActivityPub. Requires authentication. ### Feature tag by name - [POST /api/v1/tags/featured/{name}](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1featured~1%7Bname%7D/post.md): Adds a tag to the authenticated user's featured (pinned) tags and notifies followers via ActivityPub. Tags blocked by scope policy cannot be featured. Requires authentication. ### Follow tag by name - [POST /api/v1/tags/follow/{name}](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1follow~1%7Bname%7D/post.md): Subscribes the authenticated user to a tag within the specified scope, so posts with this tag appear in their feed. Tags blocked by scope policy cannot be followed. Requires authentication. ### Get list of followed tags - [GET /api/v1/tags/followed](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1followed/get.md): Returns all tags the authenticated user is following within the specified scope. Tags blocked by scope policy are filtered out. Requires authentication. ### Overwrite black/whitelist - [PUT /api/v1/tags/list](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1list/put.md): Bulk overwrite list entries for a scope RBAC: - requires ANY of Data.Manage, GroupData.Manage ### Add to black/whitelist - [PATCH /api/v1/tags/list](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1list/patch.md): Add entries. For blacklist, soft flag toggles hard/soft. RBAC: - requires ANY of Data.Manage, GroupData.Manage ### Get black/whitelist for a scope - [GET /api/v1/tags/list](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1list/get.md): Returns array of tag names in black/whitelist. 'soft' applies only to blacklist. RBAC: - requires ANY of Data.Read, GroupData.Manage ### Remove from black/whitelist - [DELETE /api/v1/tags/list](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1list/delete.md): Remove entries. For blacklist, soft must be specified to remove from that list. RBAC: - requires ANY of Data.Manage, GroupData.Manage ### Set policy mode - [PUT /api/v1/tags/policy](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1policy/put.md): Set scope policy to 'whitelist' or 'blacklist'. RBAC: - requires ANY of Data.Manage, GroupData.Manage ### Get policy mode - [GET /api/v1/tags/policy](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1policy/get.md): Returns 'whitelist' or 'blacklist' for scope. Defaults to 'blacklist' if unset. RBAC: - requires ANY of Data.Read, GroupData.Manage ### Report a tag - [POST /api/v1/tags/report](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1report/post.md): Creates a tag report in a scope. The tag name is normalized before storing. Requires authentication. ### List tag reports in a scope - [GET /api/v1/tags/reports](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1reports/get.md): Returns all tag reports for the given scope. Requires Data.Read or GroupData.Manage permission. RBAC: - requires ANY of Data.Read, GroupData.Manage ### Search tags by prefix - [GET /api/v1/tags/search](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1search/get.md): Returns tag names matching partial name. Scope is optional. ### Get trending tags for a scope - [GET /api/v1/tags/trending](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1trending/get.md): Returns trending tags within the specified scope with optional sorting and pagination. Tags blocked by scope policy are filtered out. No authentication required. ### Unfollow tag by name - [POST /api/v1/tags/unfollow/{name}](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1unfollow~1%7Bname%7D/post.md): Unsubscribes the authenticated user from a tag within the specified scope. Requires authentication. ### Get tag by name - [GET /api/v1/tags/{name}](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1%7Bname%7D/get.md): Retrieves tag details including usage history. Tags blocked by scope policy (blacklist/whitelist) are not returned. No authentication required. ## Translation Endpoints for translating text between languages ### Translate text to a target language - [POST /api/v1/translate/text](https://docs.wellesley.social/openapi/translation/paths/~1api~1v1~1translate~1text/post.md): Translates the provided text into the specified target language. Supports both plain text and HTML content (set isHtml=true for HTML). Requires authentication. ## Trends Endpoints for retrieving trending content on the platform including trending tags, links, and posts. All endpoints are publicly accessible without authentication. Trend data is sourced from FASP (Federated Auxiliary Service Providers) where available. ### Get trending events - [GET /api/v1/trends/events](https://docs.wellesley.social/openapi/trends/paths/~1api~1v1~1trends~1events/get.md): Returns a list of currently trending events. Event trends are sourced from FASP providers and resolved to full event objects from the local database. No authentication required. ### Get trending links - [GET /api/v1/trends/links](https://docs.wellesley.social/openapi/trends/paths/~1api~1v1~1trends~1links/get.md): Returns a list of currently trending links with their preview card metadata (title, description, image). Link trends are sourced from FASP providers. No authentication required. ### Get trending posts - [GET /api/v1/trends/posts](https://docs.wellesley.social/openapi/trends/paths/~1api~1v1~1trends~1posts/get.md): Returns a list of currently trending posts. Post trends are sourced from FASP providers and resolved to full post objects from the local database. No authentication required. ### Get trending tags - [GET /api/v1/trends/tags](https://docs.wellesley.social/openapi/trends/paths/~1api~1v1~1trends~1tags/get.md): Returns a list of currently trending hashtags. Results can be scoped to a specific context (e.g., a group) using the scope parameter. Tags that violate tag policy (blacklist/whitelist) for the scope are filtered out. No authentication required. ## Uploads Endpoints for uploading, retrieving, and managing media files. The upload flow is two-step: first create an upload via POST to get an upload URL, then PUT the actual file content to that URL. Most endpoints require authentication. Class-level @RBACAuthorize requires authentication by default; public endpoints use @PermitAll. ### Create a new upload entry - [POST /api/v1/uploads](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads/post.md): Creates a new upload record and returns an upload URL where the file content should be PUT. This is the first step of the two-step upload flow. Requires authentication. ### List uploads attached to an entity - [GET /api/v1/uploads/attached/{entityId}](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1attached~1%7Bentityid%7D/get.md): Returns all uploads attached to the specified entity (post, event, etc.). Requires authentication. ### Batch delete multiple uploads - [POST /api/v1/uploads/batch](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1batch/post.md): Deletes multiple uploads at once. All uploads must belong to the authenticated user and the batch size must be between 1 and 20. Requires authentication. ### List uploads by tags - [POST /api/v1/uploads/list](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1list/post.md): Returns uploads matching the specified tag criteria from the request body. Only the authenticated user's uploads are returned. Requires authentication. ### List all uploads by owner - [GET /api/v1/uploads/owner/{ownerId}](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1owner~1%7Bownerid%7D/get.md): Returns all uploads (standalone and attached) owned by the specified entity. Requires authentication. ### List standalone uploads by owner - [GET /api/v1/uploads/owner/{ownerId}/standalone](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1owner~1%7Bownerid%7D~1standalone/get.md): Returns uploads owned by the specified entity that are not attached to any entity. Requires authentication. ### Search uploads - [GET /api/v1/uploads/search](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1search/get.md): Searches the authenticated user's uploads with optional filtering by upload type (image, video, etc.) and tag (Post, Avatar, Header, etc.). Returns paginated results. Requires authentication. ### Find usages of uploads - [GET /api/v1/uploads/usages](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1usages/get.md): Returns where the specified uploads are used, including posts, avatars, and headers. Accepts a comma-separated list of upload IDs. Requires authentication. ### Get upload by ID - [GET /api/v1/uploads/{id}](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1%7Bid%7D/get.md): Retrieves upload metadata and file information for a specific upload. Only the upload owner can access their uploads. Requires authentication. ### Delete upload by ID - [DELETE /api/v1/uploads/{id}](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1%7Bid%7D/delete.md): Permanently deletes an upload and its associated files. Only the upload owner can delete their uploads. Requires authentication. ### Replace upload metadata - [POST /api/v1/uploads/{id}/meta](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1%7Bid%7D~1meta/post.md): Completely replaces the upload's metadata with the provided data, removing any existing metadata not included in the request. Only the upload owner can modify metadata. Requires authentication. ### Partially update upload metadata - [PUT /api/v1/uploads/{id}/meta](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1%7Bid%7D~1meta/put.md): Merges the provided metadata fields into the upload's existing metadata, preserving fields not included in the request. Only the upload owner can modify metadata. Requires authentication. ### Update upload privacy settings - [POST /api/v1/uploads/{id}/privacy](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1%7Bid%7D~1privacy/post.md): Sets the privacy level and allowed users for an upload. This replaces the existing privacy settings entirely. Only the upload owner can modify privacy. Requires authentication. ### Replace upload tags - [POST /api/v1/uploads/{id}/tags](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1%7Bid%7D~1tags/post.md): Completely replaces the upload's tags with the provided set, removing any existing tags not in the request. Tags categorize uploads (e.g., Post, Avatar, Header, Emoji). Only the upload owner can modify tags. Requires authentication. ### Add tags to upload - [PUT /api/v1/uploads/{id}/tags](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1%7Bid%7D~1tags/put.md): Adds the provided tags to the upload's existing tag set without removing any existing tags. Only the upload owner can modify tags. Requires authentication. ### Change video thumbnail - [POST /api/v1/uploads/{id}/thumbnail](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1%7Bid%7D~1thumbnail/post.md): Updates the thumbnail/preview image for a video upload by extracting a frame at the specified timestamp (in seconds). Only applicable to video uploads. Only the upload owner can change thumbnails. Requires authentication. ### Update standalone upload owner - [PUT /api/v1/uploads/{uploadId}/owner](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1%7Buploadid%7D~1owner/put.md): Change the owner of a standalone upload. Only works for uploads not yet attached to any entity. Requires authentication. ## User Devices Manage user device registrations for Web Push notifications. Allows registering, listing, and removing push notification subscriptions. All endpoints except VAPID public key retrieval require authentication. ### Register or update a device for push notifications - [PUT /api/v1/devices](https://docs.wellesley.social/openapi/user-devices/paths/~1api~1v1~1devices/put.md): Registers a new device subscription or updates an existing one for push notifications. The request must include a valid Web Push subscription with endpoint, keys, and device metadata. Requires authentication. If a device with the same endpoint already exists, it is updated. ### Get all registered devices for the current user - [GET /api/v1/devices](https://docs.wellesley.social/openapi/user-devices/paths/~1api~1v1~1devices/get.md): Returns a list of all devices registered for push notifications by the authenticated user. Each device entry includes the subscription endpoint, device metadata, and registration timestamp. Requires authentication. ### Delete all registered devices for the current user - [DELETE /api/v1/devices/all](https://docs.wellesley.social/openapi/user-devices/paths/~1api~1v1~1devices~1all/delete.md): Removes all device registrations for the authenticated user, effectively disabling push notifications on all devices. Requires authentication. Useful when a user wants to reset their push notification setup. ### Get VAPID public key for browser push subscriptions - [GET /api/v1/devices/vapid-public-key](https://docs.wellesley.social/openapi/user-devices/paths/~1api~1v1~1devices~1vapid-public-key/get.md): Returns the server's VAPID (Voluntary Application Server Identification) public key needed by clients to create Web Push subscriptions. This endpoint is publicly accessible without authentication so clients can subscribe before or after login. ### Delete a registered device for the current user - [DELETE /api/v1/devices/{deviceId}](https://docs.wellesley.social/openapi/user-devices/paths/~1api~1v1~1devices~1%7Bdeviceid%7D/delete.md): Removes a specific device registration identified by its device ID, stopping push notifications to that device. Requires authentication. Only the authenticated user's own devices can be deleted. ## User Settings Endpoints for managing user-specific settings and preferences. These endpoints allow authenticated users to view, update, and delete their personal settings that control their account behavior, interface preferences, privacy options, and feature customizations. ### Update user settings - [PUT /api/v1/settings/user](https://docs.wellesley.social/openapi/user-settings/paths/~1api~1v1~1settings~1user/put.md): Update multiple user settings in a single operation for the authenticated user. Each setting must be provided as a complete object with all required fields. Partial updates are not supported to ensure data consistency and prevent preference corruption. Side effect: if notification preferences are updated with syncAcrossProfiles enabled, the preferences are propagated to all other profiles on the same account. ### Get user settings - [GET /api/v1/settings/user](https://docs.wellesley.social/openapi/user-settings/paths/~1api~1v1~1settings~1user/get.md): Retrieve specific user settings by their keys for the authenticated user. Returns a JSON object mapping setting names to their configured values. Only settings belonging to the current user are accessible through this endpoint. ### Delete user settings - [DELETE /api/v1/settings/user](https://docs.wellesley.social/openapi/user-settings/paths/~1api~1v1~1settings~1user/delete.md): Remove specific user settings by their keys for the authenticated user. This operation will permanently delete the specified settings and revert them to their default values. Deleted preferences cannot be recovered. ## Users User profile management endpoints. Handles user creation, retrieval by ID or username, profile updates, deletion, and social graph queries (followers/following). Supports both authenticated and guest access with varying levels of detail. Guest users receive basic profile data; authenticated users can access relationship statuses and full profiles. ### Delete user - [DELETE /api/v1/users](https://docs.wellesley.social/openapi/users/paths/~1api~1v1~1users/delete.md): Deletes a user profile by ID. Requires authentication. Only users belonging to the authenticated account can be deleted. The deletion is audited. ### Create new user for the account - [POST /api/v1/users](https://docs.wellesley.social/openapi/users/paths/~1api~1v1~1users/post.md): Creates a new user profile under the authenticated account. Requires authentication. Required fields: username, displayName, applicationId. Reserved usernames and duplicates are rejected. Only admins can create admin users. Bot/Service actor types cannot be assigned during creation. ### Get user by username - [GET /api/v1/users](https://docs.wellesley.social/openapi/users/paths/~1api~1v1~1users/get.md): Retrieves a user profile by username. Supports both local usernames and federated usernames (user@domain format). Accessible to both authenticated and guest users. If the username was recently changed, returns a 302 redirect to the new username. Use the 'full' parameter to include extended profile data. Authenticated users can request relationship statuses. ### Get current user profile - [GET /api/v1/users/profile](https://docs.wellesley.social/openapi/users/paths/~1api~1v1~1users~1profile/get.md): Returns the full profile of the currently authenticated user, including summary, stats, fields, avatar, header, and all extended profile data. Requires authentication. ### Get list of username changes - [GET /api/v1/users/rename-history](https://docs.wellesley.social/openapi/users/paths/~1api~1v1~1users~1rename-history/get.md): Returns the username change history for the currently authenticated user, along with the maximum number of renames allowed. Requires authentication. ### Update user's profile - [PUT /api/v1/users/{userId}](https://docs.wellesley.social/openapi/users/paths/~1api~1v1~1users~1%7Buserid%7D/put.md): Updates the profile of the specified user. Requires authentication and the user must belong to the authenticated account. Updatable fields include: displayName, username, summary, avatarId, headerId, timezone, location, birthday, and channel settings. Username changes are audited and subject to a maximum rename limit. Cannot convert a regular user to a bot/Service actor type. ### Get user by userId - [GET /api/v1/users/{userId}](https://docs.wellesley.social/openapi/users/paths/~1api~1v1~1users~1%7Buserid%7D/get.md): Retrieves a user profile by their unique user ID. Accessible to both authenticated and guest users. Use 'full' parameter to include extended profile data (summary, stats, header, fields). Authenticated users can request relationship statuses (following, blocked, muted) between themselves and the target user. Returns 302 redirect if the user has been renamed. ### Trigger deep sync for a remote user - [POST /api/v1/users/{userId}/deep-sync](https://docs.wellesley.social/openapi/users/paths/~1api~1v1~1users~1%7Buserid%7D~1deep-sync/post.md): Triggers a deep sync of a remote user's outbox. Fetches all posts paginated from the user's outbox and saves them locally. Only works for remote users that the caller follows. Returns the current sync state. ### Users which follow the given account - [GET /api/v1/users/{userId}/followers](https://docs.wellesley.social/openapi/users/paths/~1api~1v1~1users~1%7Buserid%7D~1followers/get.md): Returns a paginated list of users who follow the specified user. Accessible to both authenticated and guest users. The list may be hidden if the user's privacy settings disable follower visibility, or if the viewer is blocked by the target user. The owner of the profile can always see their own followers. Supports search filtering by username, display name, or domain. ### Users which the given account follows - [GET /api/v1/users/{userId}/following](https://docs.wellesley.social/openapi/users/paths/~1api~1v1~1users~1%7Buserid%7D~1following/get.md): Returns a paginated list of users that the specified user follows. Accessible to both authenticated and guest users. The list may be hidden if the user's privacy settings disable follower visibility, or if the viewer is blocked by the target user. The owner of the profile can always see their own following list. Supports search filtering by username, display name, or domain. ### Update user avatar and header - [PUT /api/v1/users/{userId}/media](https://docs.wellesley.social/openapi/users/paths/~1api~1v1~1users~1%7Buserid%7D~1media/put.md): Updates the avatar and/or header images for the specified user. Requires authentication and the user must belong to the authenticated account. Pass upload IDs for the new avatar or header. ## Authorize Interaction Resource ### Authorize Interaction - [GET /authorize_interaction](https://docs.wellesley.social/openapi/authorize-interaction-resource/paths/~1authorize_interaction/get.md) ## Platform routes ### Root page - [GET /](https://docs.wellesley.social/openapi/platform-routes/getroot.md) ### User profile page - [GET /@{username}](https://docs.wellesley.social/openapi/platform-routes/getuser.md) ### User event page - [GET /@{username}/events/{eventId}](https://docs.wellesley.social/openapi/platform-routes/getuserevent.md) ### User post page - [GET /@{username}/posts/{postId}](https://docs.wellesley.social/openapi/platform-routes/getuserpost.md) ### About page - [GET /about](https://docs.wellesley.social/openapi/platform-routes/getabout.md) ### Main feed - [GET /feed](https://docs.wellesley.social/openapi/platform-routes/getfeed.md) ### Discover feed - [GET /feed/discover](https://docs.wellesley.social/openapi/platform-routes/getfeeddiscover.md) ### Following feed - [GET /feed/following](https://docs.wellesley.social/openapi/platform-routes/getfeedfollowing.md) ### Group page - [GET /g/{groupName}](https://docs.wellesley.social/openapi/platform-routes/getgroup.md) ### Group channel page - [GET /g/{groupName}/@{channelName}](https://docs.wellesley.social/openapi/platform-routes/getgroupchannel.md) ### Group channel post page - [GET /g/{groupName}/@{channelName}/posts/{postId}](https://docs.wellesley.social/openapi/platform-routes/getgroupchannelpost.md) ### Group bot page - [GET /g/{groupName}/bots/@{botName}](https://docs.wellesley.social/openapi/platform-routes/getgroupbot.md) ### Group event page - [GET /g/{groupName}/events/{eventId}](https://docs.wellesley.social/openapi/platform-routes/getgroupevent.md) ### Privacy policy page - [GET /privacy](https://docs.wellesley.social/openapi/platform-routes/getprivacy.md) ### Terms of use page - [GET /terms](https://docs.wellesley.social/openapi/platform-routes/getterms.md)