# Wellesley Platform API Version: 1.0 ## Servers Simple setup, all in one. Digital Ocean ``` https://dust.allroads.social ``` Simple setup, db is separate. Digital Ocean ``` https://meteor.allroads.social ``` ## Security ### header Authentication token Type: apiKey In: header Name: Authorization ## Download OpenAPI description [Wellesley Platform API](https://docs.wellesley.social/_bundle/openapi.yaml) ## AI Agents Assign and list group AI agent assignments ### List AI agent assignments - [GET /api/v1/ai-agents/assignments](https://docs.wellesley.social/openapi/ai-agents/paths/~1api~1v1~1ai-agents~1assignments/get.md): Retrieves a list of AI agent assignments filtered by assignment type and optional resource ID. This allows querying which bots are active in specific scopes (global, forums, categories, channels). Returns an array of assignments matching the specified criteria. RBAC: - requires ANY of AIAgents.Read, AIAgents.Manage ### Delete an AI agent assignment - [DELETE /api/v1/ai-agents/assignments](https://docs.wellesley.social/openapi/ai-agents/paths/~1api~1v1~1ai-agents~1assignments/delete.md): Deletes an existing AI agent assignment by its ID. This deactivates the bot from its assigned scope. Returns success if the assignment was deleted, or ResourceNotFound if the assignment doesn't exist. RBAC: requires AIAgents.Manage ### Create a global AI agent assignment - [POST /api/v1/ai-agents/assignments](https://docs.wellesley.social/openapi/ai-agents/paths/~1api~1v1~1ai-agents~1assignments/post.md): Creates a global AI agent assignment that activates a bot platform-wide. The agent must be a valid bot user (user with isBot=true). Only GLOBAL assignment type is allowed in this context. For group-scoped assignments, use the Group AI Agent Management API instead. RBAC: requires AIAgents.Manage ### Retrieve posts for AI agents - [GET /api/v1/ai-agents/posts](https://docs.wellesley.social/openapi/ai-agents/paths/~1api~1v1~1ai-agents~1posts/get.md): Returns posts for AI agents. If ownerId is missing, retrieves posts from the global space (group_id is null) with PUBLIC visibility. Supports pagination and optional 'since' timestamp to fetch posts strictly newer than the given timestamp. RBAC: requires AIAgents.PostsRead ### List group AI agent assignments - [GET /api/v1/groups/{groupId}/ai-agents/assignments](https://docs.wellesley.social/openapi/ai-agents/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1ai-agents~1assignments/get.md): RBAC: - requires ANY of GroupAIAgents.Read, GroupAIAgents.Manage ### Delete an AI agent assignment - [DELETE /api/v1/groups/{groupId}/ai-agents/assignments](https://docs.wellesley.social/openapi/ai-agents/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1ai-agents~1assignments/delete.md): RBAC: requires GroupAIAgents.Manage ### Create a group AI agent assignment - [POST /api/v1/groups/{groupId}/ai-agents/assignments](https://docs.wellesley.social/openapi/ai-agents/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1ai-agents~1assignments/post.md): RBAC: requires GroupAIAgents.Manage ## Accounts Account management and authentication endpoints. Handles user registration, login flows (email/phone), profile management, and account lifecycle operations. Supports multi-step signup with email/SMS verification, CAPTCHA, and optional admin approval. ### Signup - Step 4: Submit signup reason - [POST /api/v1/accounts/add-reason](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1add-reason/post.md): Step 4 of signup (if required): collects reason for joining the platform. Used for manual approval workflows. Notifies admins of pending registration. Required when registration mode is set to approval-based. ### Email/username authentication - [POST /api/v1/accounts/authenticate/email](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1authenticate~1email/post.md): Authenticates using email address or username with password. Returns a session token for authenticated requests. The system automatically detects whether the login field is an email (contains @) or username. Updates last sign-in timestamp on successful authentication. ### Phone number authentication - [POST /api/v1/accounts/authenticate/phone](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1authenticate~1phone/post.md): Two-step phone authentication process. First call sends SMS code to the phone number. Second call with the code completes authentication and returns session token. Phone number must be registered to an existing account. ### Change user display name - [PUT /api/v1/accounts/change/name](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1change~1name/put.md): Updates the display name for a specific user in the account. Can only change names for users belonging to the authenticated account. Specify user by either username or user ID. Changes are immediately reflected and streamed to connected clients. ### Verify CAPTCHA challenge - [POST /api/v1/accounts/check-captcha](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1check-captcha/post.md): Step 3 of signup (if enabled): validates CAPTCHA to prevent automated signups. Uses IP address for additional validation. Advances to next step on success. Skip if CAPTCHA is disabled in config. ### Signup - Step 2: Verify email with code - [POST /api/v1/accounts/confirm-email](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1confirm-email/post.md): Step 2 of email signup: validates the confirmation code sent to email. Advances registration to next step (CAPTCHA, reason, or account creation). Code expires after a set time and has limited retry attempts. ### Signup - Step 2: Verify phone with code - [POST /api/v1/accounts/confirm-phone](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1confirm-phone/post.md): Step 2 of phone signup: validates the SMS code sent to phone number. Advances registration to next step (CAPTCHA, reason, or account creation). Code expires after a set time and has limited retry attempts. ### Delete current account - [DELETE /api/v1/accounts/delete](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1delete/delete.md): Permanently deletes the authenticated account and all associated users. Sends deletion notifications to federated followers. Cannot delete if it's the last admin account on the server. This operation is irreversible - all data including posts, follows, and media will be removed. ### Signup - Final Step: Complete account creation - [POST /api/v1/accounts/finish-creating](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1finish-creating/post.md): Final step of signup: creates the account and user after all validations pass. Returns account details with authentication token for immediate login. Sends welcome email if applicable. Can optionally update username at this stage. ### Retrieve token for approved phone account - [PUT /api/v1/accounts/get-token/{hash}](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1get-token~1%7Bhash%7D/put.md): One-time token retrieval for phone-based accounts approved by admin. Used when admin manually approves a phone registration. The signup request is deleted after successful token generation. Only works for accounts in USER step of registration. ### Get current account profile - [GET /api/v1/accounts/profile](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1profile/get.md): Returns the authenticated account with all associated users. Most accounts have a single user, but the system supports multiple users per account. Requires authentication token. ### Resend verification code - [PUT /api/v1/accounts/resend-code/{hash}](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1resend-code~1%7Bhash%7D/put.md): Resends verification code via email or SMS based on registration type. Automatically detects whether to send email or SMS from the signup request. Rate limited to prevent abuse. Use when code was not received or expired. ### Resend confirmation email - [PUT /api/v1/accounts/resend-email/{hash}](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1resend-email~1%7Bhash%7D/put.md): Resends the email verification code for pending registrations. Use when the initial email was not received or code expired. Rate limited to prevent abuse. Deprecated - use /resend-code instead. ### Signup - Step 1: Start email signup process - [POST /api/v1/accounts/signup](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1signup/post.md): Initiates account registration with email verification. Step 1 of multi-step signup: validates input, checks availability, sends confirmation email. Returns registration hash for tracking signup progress. Username must not be reserved, email must be unique and not blocked. ### Signup - Step 1: Start phone signup process - [POST /api/v1/accounts/signup-phone](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1signup-phone/post.md): Initiates account registration with phone verification. Step 1 of multi-step signup: validates input, checks availability, sends SMS code. Returns registration hash for tracking signup progress. Username must not be reserved, phone number must be unique. ### Switch between account users - [POST /api/v1/accounts/user/reselect-user](https://docs.wellesley.social/openapi/accounts/paths/~1api~1v1~1accounts~1user~1reselect-user/post.md): Generates a new token for a different user within the same account. Useful for accounts with multiple users to switch active user context. Either userId or userName must be provided. Only users belonging to the authenticated account can be selected. ## Addresses Endpoints for suggesting and validating physical addresses ### Suggest addresses for the given address part - [GET /api/v1/addresses/suggest](https://docs.wellesley.social/openapi/addresses/paths/~1api~1v1~1addresses~1suggest/get.md) ## Admin Accounts Administrative endpoints for account and user management. Provides comprehensive tools for managing user accounts, including creation, deletion, role assignment, password management, state changes, and user impersonation for bot accounts. ### Retrieve account information by ID - [GET /api/v1/admin/account/{accountId}](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1account~1%7Baccountid%7D/get.md): Fetches comprehensive details about an account including its associated users. Returns account metadata (email, creation date) and all users linked to this account. Most accounts have a single user, but the system supports multiple users per account. RBAC: requires Users.Manage ### Change email address for an account - [PUT /api/v1/admin/change/email](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1change~1email/put.md): Administratively updates the email address for a user account. Can identify the user by username or user ID. The new email must be valid and unique in the system. This operation is logged for audit purposes and the change takes effect immediately. RBAC: requires Users.Manage ### Change password for an account - [PUT /api/v1/admin/change/password](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1change~1password/put.md): Administratively resets the password for a user account. Can identify the user by username or user ID. The new password should meet security requirements. This operation is logged for audit purposes and does not require knowing the current password. RBAC: requires Users.Manage ### Assign role to a user - [PUT /api/v1/admin/change/role/assign](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1change~1role~1assign/put.md): Assigns a role to a user by username or id RBAC: requires Users.Manage ### Revoke role from a user - [PUT /api/v1/admin/change/role/revoke](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1change~1role~1revoke/put.md): Revokes a role from a user by username or id. Admin cannot be revoked if it's the last one. RBAC: requires Users.Manage ### Create a new account with initial user - [POST /api/v1/admin/create-account](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1create-account/post.md): Creates a new account with an initial user profile. The account will have a unique email and the user will have a unique username. This endpoint validates that the username is not reserved, the username doesn't already exist, and the email is not already registered. Returns the created account with its associated user information. RBAC: requires Users.Manage ### Create a new user under an existing account - [POST /api/v1/admin/create-user](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1create-user/post.md): Creates a new user profile under an existing account. The user will have a unique username within the account's domain. This endpoint validates that the username is not reserved, the username doesn't already exist, and the associated account exists. Returns the created user information. RBAC: requires Users.Manage ### Delete an account with all associated users - [DELETE /api/v1/admin/delete](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1delete/delete.md): Permanently deletes an account and all its associated users. Can identify the account by email address, account ID, or username. This operation notifies followers on remote servers about the deletion and marks all associated content appropriately. This action is irreversible. Administrators cannot delete their own account through this endpoint. RBAC: requires Users.Manage ### Delete a user - [DELETE /api/v1/admin/delete-user](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1delete-user/delete.md): Permanently deletes a user profile. Can identify the user by username or user ID. This operation notifies followers on remote servers about the deletion and marks all associated content appropriately. This action is irreversible. Administrators cannot delete their own user profile through this endpoint. RBAC: requires Users.Manage ### Impersonate a user - [GET /api/v1/admin/impersonate](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1impersonate/get.md): Allows a service to impersonate a user by their username. This will return a token that can be used to act on behalf the user's account. Only bots can be impersonated, not regular users. RBAC: - requires ALL of Users.Manage, Users.Impersonate ### Permanently purge an account from the system - [DELETE /api/v1/admin/purge](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1purge/delete.md): Force-deletes an account and all associated data, even if previously soft-deleted. This operation bypasses normal deletion safeguards and completely removes all traces of the account from the system. Use with extreme caution as this action is irreversible and cannot be recovered. Administrators cannot purge their own account. RBAC: requires Users.Manage ### Regenerate cryptographic keys for a user - [POST /api/v1/admin/regenerate-keys](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1regenerate-keys/post.md): Regenerates the Ed25519 cryptographic keys for a specified user. This is used for federation security and ActivityPub signatures. Can identify the user by username or user ID. The old keys are invalidated and new keys are generated immediately. Remote servers will be notified of the key change through federation protocols. RBAC: requires Users.Manage ### Regenerate cryptographic keys for all users - [POST /api/v1/admin/regenerate-keys-all](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1regenerate-keys-all/post.md): Initiates a background job to regenerate Ed25519 cryptographic keys for all users in the system. This is typically used for security updates or key rotation policies. The operation runs asynchronously and processes users in batches. Returns a job ID that can be used to track progress. Default batch size is used unless specified. RBAC: requires Users.Manage ### Release a username for reuse - [POST /api/v1/admin/release-username](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1release-username/post.md): Administratively releases a username, making it available for new user registrations. This is typically used after account deletions or username changes to free up desirable usernames. The operation immediately makes the username available in the system. RBAC: requires Users.Manage ### Search for users - [GET /api/v1/admin/search](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1search/get.md): Performs an administrative search for users with multiple filter criteria. Can search by user ID, account ID, username, domain, display name, state, email, IP address, country, or role. Supports mixed search across username, display name, and email simultaneously. Results include detailed user information and support pagination and sorting. IP addresses are matched exactly, and country codes should use ISO 3166-1 alpha-2 format. RBAC: requires Users.Manage ### Update user moderation state - [POST /api/v1/admin/user/change-state](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1user~1change-state/post.md): Changes the moderation state of a user (e.g., ACTIVE, SUSPENDED, LIMITED). This affects what actions the user can perform on the platform. When suspending a user, their content may be hidden and followers on remote servers are notified. When unsuspending, the user's content is restored and remote servers are updated. Administrators cannot change their own state. Changes are logged for audit purposes and can be linked to moderation reports. RBAC: requires Users.Manage ### Bulk update user moderation states - [POST /api/v1/admin/user/change-state-bulk](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1user~1change-state-bulk/post.md): Changes the moderation state for multiple users in a single optimized operation. Performs one bulk DB update, submits jobs in batches for users transitioning to or from SUSPENDED, and distributes updates without per-user queries. RBAC: requires Users.Manage ### Retrieve detailed user information by ID - [GET /api/v1/admin/user/{userId}](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1user~1%7Buserid%7D/get.md): Fetches comprehensive details about a specific user including their account association, profile information, roles, state, statistics, and activity data. Requires either Users.Read or Users.Manage permission. RBAC: - requires ALL of Users.Manage - requires ANY of Users.Read, Users.Manage ## Admin ActivityPub Administrative endpoints for ActivityPub ### Clears ActivityPub delivery errors for the domain - [POST /api/v1/admin/clear-ap-errors](https://docs.wellesley.social/openapi/admin-activitypub/paths/~1api~1v1~1admin~1clear-ap-errors/post.md): RBAC: requires Federation.Manage ### Restarts ActivityPub delivery for the domain - [POST /api/v1/admin/restart-ap-delivery](https://docs.wellesley.social/openapi/admin-activitypub/paths/~1api~1v1~1admin~1restart-ap-delivery/post.md): RBAC: requires Federation.Manage ## Admin Audit Administrative endpoints for viewing and managing audit logs. Provides comprehensive logging of all security-relevant actions performed in the system. ### List audit log entries - [GET /api/v1/admin/audit_log](https://docs.wellesley.social/openapi/admin-audit/paths/~1api~1v1~1admin~1audit_log/get.md): Retrieves a paginated list of audit log entries with flexible filtering options. Returns security-relevant actions performed by users, accounts, or services within the platform. RBAC: requires Audit.Read ## Admin Domain Blocks Administrative APIs for managing domain blocks. Provides endpoints to block specific domains with different severity levels (SUSPEND, LIMIT, NOOP), update existing blocks, unblock domains, and list currently blocked domains. Domain blocks prevent or limit federation with specified domains. ### Update domain block - [PUT /api/v1/admin/domain-block](https://docs.wellesley.social/openapi/admin-domain-blocks/paths/~1api~1v1~1admin~1domain-block/put.md): Modifies an existing domain block with new settings. Can change the block severity, media/report rejection settings, comments, and obfuscation. Triggers background jobs if the state changes. RBAC: requires Federation.Manage ### List blocked domains (Admin) - [GET /api/v1/admin/domain-block](https://docs.wellesley.social/openapi/admin-domain-blocks/paths/~1api~1v1~1admin~1domain-block/get.md): Retrieves the complete list of domains that are blocked, including all metadata such as private comments, exact domain names, and internal settings. This endpoint is for administrators only. RBAC: - requires ANY of Federation.Read, Federation.Manage ### Block a domain - [POST /api/v1/admin/domain-block](https://docs.wellesley.social/openapi/admin-domain-blocks/paths/~1api~1v1~1admin~1domain-block/post.md): Creates a new domain block that prevents or limits interactions with the specified domain. The block severity can be SUSPEND (removes all content), LIMIT (hides posts from non-followers), or NOOP (only rejects media/reports). Cannot block the instance's own domain. RBAC: requires Federation.Manage ### Unblock a domain - [DELETE /api/v1/admin/domain-block/{domain}](https://docs.wellesley.social/openapi/admin-domain-blocks/paths/~1api~1v1~1admin~1domain-block~1%7Bdomain%7D/delete.md): Removes a block from a domain to allow interactions with it again. This triggers background jobs to restore any suspended accounts and content from the domain. RBAC: requires Federation.Manage ## Admin Domains Allow List Administrative endpoints for managing domain allowlists. When domain allowlisting is enabled, only domains in this list can federate with the instance. ### List allowed domains - [GET /api/v1/admin/domain-allow](https://docs.wellesley.social/openapi/admin-domains-allow-list/paths/~1api~1v1~1admin~1domain-allow/get.md): Retrieves a paginated list of all domains in the federation allowlist. This list determines which external instances can federate with this server when allowlisting is enabled. RBAC: - requires ANY of Federation.Read, Federation.Manage ### Add domain to allowlist - [POST /api/v1/admin/domain-allow](https://docs.wellesley.social/openapi/admin-domains-allow-list/paths/~1api~1v1~1admin~1domain-allow/post.md): Adds a domain to the federation allowlist. When domain allowlisting is enabled, only domains in this list can federate with the instance. Cannot add the instance's own domain. RBAC: requires Federation.Manage ### Remove domain from allowlist - [DELETE /api/v1/admin/domain-allow/{domain}](https://docs.wellesley.social/openapi/admin-domains-allow-list/paths/~1api~1v1~1admin~1domain-allow~1%7Bdomain%7D/delete.md): Removes a domain from the federation allowlist. This will trigger background jobs to unfederate with the domain and clean up any existing connections. RBAC: requires Federation.Manage ## Admin Email Allow List Administrative endpoints for managing email domain allowlist used for registrations. ### List email allowed domains - [GET /api/v1/admin/email-allow](https://docs.wellesley.social/openapi/admin-email-allow-list/paths/~1api~1v1~1admin~1email-allow/get.md): Retrieves a paginated list of all domains in the email allowlist. RBAC: - requires ALL of AdminSettings.Manage - requires ANY of AdminSettings.Read, AdminSettings.Manage ### Add domain to email signup allowlist - [POST /api/v1/admin/email-allow](https://docs.wellesley.social/openapi/admin-email-allow-list/paths/~1api~1v1~1admin~1email-allow/post.md): Adds a domain to the email allowlist. Only emails from allowed domains can register when enabled. RBAC: requires AdminSettings.Manage ### Remove domain from email signup allowlist - [DELETE /api/v1/admin/email-allow/{domain}](https://docs.wellesley.social/openapi/admin-email-allow-list/paths/~1api~1v1~1admin~1email-allow~1%7Bdomain%7D/delete.md): Removes a domain from the email allowlist. RBAC: requires AdminSettings.Manage ## Admin Email Blocks Administrative APIs for managing email blocks to prevent unwanted signups. Supports blocking specific email addresses and entire domains. Email blocks are automatically normalized and checked during user registration. ### List blocked email patterns - [GET /api/v1/admin/email-block](https://docs.wellesley.social/openapi/admin-email-blocks/paths/~1api~1v1~1admin~1email-block/get.md): Retrieves the complete list of email patterns and domains that are blocked for signups. Includes the blocking reason and timestamps for each pattern. Patterns are shown in their normalized form. RBAC: requires Users.Moderate ### Block email pattern - [POST /api/v1/admin/email-block](https://docs.wellesley.social/openapi/admin-email-blocks/paths/~1api~1v1~1admin~1email-block/post.md): Creates a new email block that prevents signups from the specified email pattern. Supports blocking: specific emails (user@example.com) or domain patterns (example.com). Patterns are automatically normalized for consistency. RBAC: requires Users.Moderate ### Unblock email pattern - [DELETE /api/v1/admin/email-block/{pattern}](https://docs.wellesley.social/openapi/admin-email-blocks/paths/~1api~1v1~1admin~1email-block~1%7Bpattern%7D/delete.md): Removes a block from an email pattern or domain to allow signups from it again. The pattern will be normalized before removal to match the stored format. RBAC: requires Users.Moderate ## Admin Federation Metrics Administrative endpoints for monitoring and managing federation with other ActivityPub instances. Provides metrics on connected domains, user counts, post statistics, and federation health monitoring. ### List federated domains - [GET /api/v1/admin/federation](https://docs.wellesley.social/openapi/admin-federation-metrics/paths/~1api~1v1~1admin~1federation/get.md): Retrieves a paginated list of all domains this instance is federated with, including user counts, availability status, and blocking state. Supports filtering by domain name, availability, and block status. ### List tracked ActivityPub operations - [GET /api/v1/admin/federation/metrics/operations](https://docs.wellesley.social/openapi/admin-federation-metrics/paths/~1api~1v1~1admin~1federation~1metrics~1operations/get.md): Retrieves a list of all ActivityPub operations that have been tracked on this server. An operation combines the Activity type with the inner object type (if present). Examples: 'create-note' (Create activity with Note object), 'follow' (Follow activity), 'accept-follow' (Accept activity with Follow object), 'announce' (boost/reblog), 'undo-announce'. RBAC: - requires ANY of Federation.Read, Federation.Manage ### Get metrics for specific operation - [GET /api/v1/admin/federation/metrics/running-average-single](https://docs.wellesley.social/openapi/admin-federation-metrics/paths/~1api~1v1~1admin~1federation~1metrics~1running-average-single/get.md): Returns sliding window metrics for a single ActivityPub operation, including count, average processing time, and percentiles. The metrics are calculated over the specified time window. Returns 404 if no data exists for the operation or the window has expired. RBAC: - requires ANY of Federation.Read, Federation.Manage ### Get metrics for multiple operations - [GET /api/v1/admin/federation/metrics/running-averages-all](https://docs.wellesley.social/openapi/admin-federation-metrics/paths/~1api~1v1~1admin~1federation~1metrics~1running-averages-all/get.md): Returns sliding window metrics for all ActivityPub operations or a filtered subset. Only includes operations that have active data within the specified time window. Each operation's metrics include count, average processing time, and percentiles. RBAC: - requires ANY of Federation.Read, Federation.Manage ### Get domain federation details - [GET /api/v1/admin/federation/{domain}](https://docs.wellesley.social/openapi/admin-federation-metrics/paths/~1api~1v1~1admin~1federation~1%7Bdomain%7D/get.md): Retrieves detailed federation statistics for a specific domain, including user counts, post counts, follower/following relationships, reports, availability status, and blocking information. RBAC: - requires ANY of Federation.Read, Federation.Manage ## Admin Feeds Administrative endpoints for managing user feeds and cache ### Clear user feed cache - [POST /api/v1/admin/feed/clear-user-feed](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1clear-user-feed/post.md): Removes cached feed data from Redis for specified user(s). If no user is specified, clears all cached feeds. Use with caution as this will force feed regeneration on next access. Returns the number of Redis keys deleted. RBAC: requires Jobs.Manage ### Diagnose user feed cache - [GET /api/v1/admin/feed/diagnose](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1diagnose/get.md): RBAC: requires Jobs.Manage ### Get metrics across all operations - [GET /api/v1/admin/feed/metrics/global-all-operation](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1global-all-operation/get.md): Retrieves global aggregated metrics for a specific owner type across all feed operations within a time window. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get metrics across all owner types - [GET /api/v1/admin/feed/metrics/global-all-owners](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1global-all-owners/get.md): Retrieves global aggregated metrics for a specific operation across all owner types (USER, GROUP, EVENT, CATEGORY) within a time window. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get global aggregated metrics - [GET /api/v1/admin/feed/metrics/global-single](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1global-single/get.md): Retrieves global aggregated feed performance metrics for a specific operation and owner type combination within a time window. Includes average times, total measurements, and user counts. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get feed metrics history - [GET /api/v1/admin/feed/metrics/history](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1history/get.md): Retrieves historical feed performance metrics for a specific operation, user, and owner type combination. Returns a list of feed metrics ordered by timestamp. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get comprehensive feed metrics - [GET /api/v1/admin/feed/metrics/history/all](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1history~1all/get.md): Retrieves complete feed metrics history for a user across all operations and all owner types. Returns a nested map structure where the outer keys are owner types, inner keys are operation types, and values are lists of feed metrics. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get feed metrics for all operations - [GET /api/v1/admin/feed/metrics/history/all-single-owner](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1history~1all-single-owner/get.md): Retrieves comprehensive feed metrics history for a user across all operation types (populate, merge, unmerge, redis, cache, etc.) for a specific owner type. Returns a map where keys are operation types and values are lists of metrics. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get feed metrics grouped by owner type - [GET /api/v1/admin/feed/metrics/history/by-owner-type](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1history~1by-owner-type/get.md): Retrieves feed metrics history for a specific operation and user, grouped by all owner types (USER, GROUP, EVENT, CATEGORY). Returns a map where keys are owner types and values are lists of feed metrics. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get user running average - [GET /api/v1/admin/feed/metrics/running-average-single](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1running-average-single/get.md): Retrieves the running average performance metrics for a specific user, operation, and owner type within a sliding time window. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get all user running averages - [GET /api/v1/admin/feed/metrics/running-averages-all](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1running-averages-all/get.md): Retrieves running average performance metrics for a specific user across all feed operations for a given owner type. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Identify slowest feed operations - [GET /api/v1/admin/feed/metrics/slowest-operations](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1slowest-operations/get.md): Analyzes and ranks feed operations by their average execution time across all users. Helps identify performance bottlenecks. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Identify users with performance issues - [GET /api/v1/admin/feed/metrics/slowest-users](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1slowest-users/get.md): Analyzes and identifies users experiencing the slowest feed operation times. Can analyze a specific operation or aggregate across all operations. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get performance leaderboards for all operations - [GET /api/v1/admin/feed/metrics/slowest-users-all](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1slowest-users-all/get.md): Retrieves performance leaderboards for all feed operations for a specific owner type. Returns a map of operations to ranked user lists. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get performance leaderboard - [GET /api/v1/admin/feed/metrics/slowest-users-single](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1slowest-users-single/get.md): Retrieves a ranked list of users by their feed operation performance for a specific operation and owner type. Can show either slowest or fastest users based on sort order. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get comprehensive metrics summary - [GET /api/v1/admin/feed/metrics/summary](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1summary/get.md): Generates a complete summary of feed performance metrics across all operations and owner types, including totals and averages. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get comprehensive user counts - [GET /api/v1/admin/feed/metrics/user-count-all](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1user-count-all/get.md): Returns user counts for all feed operations and owner types within the time window. Returns a nested map structure for comprehensive analysis. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get active user count - [GET /api/v1/admin/feed/metrics/user-count-single](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1metrics~1user-count-single/get.md): Returns the count of unique users who performed a specific feed operation within the time window, optionally filtered by owner type. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Regenerate user feed cache - [POST /api/v1/admin/feed/regenerate-user-feed](https://docs.wellesley.social/openapi/admin-feeds/paths/~1api~1v1~1admin~1feed~1regenerate-user-feed/post.md): Forces regeneration of cached feed data for specified user(s). If no user is specified, regenerates feeds for all recently active users (signed in within the last period). Returns the number of feeds queued for regeneration. RBAC: requires Jobs.Manage ## Admin Groups Administrative endpoints for Groups management ### Search for groups - [GET /api/v1/admin/groups/search](https://docs.wellesley.social/openapi/admin-groups/paths/~1api~1v1~1admin~1groups~1search/get.md): Administrative search for groups with multiple filter criteria. Filters include member user/account linkage, group name, domain, privacy, visibility, and join mode. Returns groups regardless of visibility/privacy. RBAC: - requires ANY of Users.Read, Users.Manage ### Get all groups where specified user has at least one of the specified roles - [GET /api/v1/admin/groups/user/{userId}](https://docs.wellesley.social/openapi/admin-groups/paths/~1api~1v1~1admin~1groups~1user~1%7Buserid%7D/get.md): RBAC: - requires ANY of Users.Read, Users.Manage ### Get groups that were created by the specified account (any user from the account is the owner) - [GET /api/v1/admin/groups/{accountId}](https://docs.wellesley.social/openapi/admin-groups/paths/~1api~1v1~1admin~1groups~1%7Baccountid%7D/get.md): RBAC: - requires ANY of Users.Read, Users.Manage ### Get group's forum categories (admin) - [GET /api/v1/admin/groups/{groupId}/categories](https://docs.wellesley.social/openapi/admin-groups/paths/~1api~1v1~1admin~1groups~1%7Bgroupid%7D~1categories/get.md): RBAC: - requires ANY of Users.Read, Users.Manage ### Get all channels for a group (admin) - [GET /api/v1/admin/groups/{groupId}/channels](https://docs.wellesley.social/openapi/admin-groups/paths/~1api~1v1~1admin~1groups~1%7Bgroupid%7D~1channels/get.md): RBAC: - requires ANY of Users.Read, Users.Manage ### Get group events (admin) - [GET /api/v1/admin/groups/{groupId}/events](https://docs.wellesley.social/openapi/admin-groups/paths/~1api~1v1~1admin~1groups~1%7Bgroupid%7D~1events/get.md): RBAC: - requires ANY of Users.Read, Users.Manage ## Admin Posts Administrative endpoints for managing posts. Provides moderation capabilities to delete posts that violate community guidelines or are part of reported content. ### Delete posts - [POST /api/v1/admin/posts/delete](https://docs.wellesley.social/openapi/admin-posts/paths/~1api~1v1~1admin~1posts~1delete/post.md): Deletes posts for moderation purposes. Can delete a single post by its ID or all posts associated with a report. The deletion is permanent and includes creating audit logs and report notes. When deleting via reportId, all posts referenced in the report are deleted and the report is marked as actioned. RBAC: requires Reports.Manage ## Admin Remote Link Service Configure a remote link preview service provider for fetching rich link previews ### Get current remote link preview service configuration - [GET /api/v1/admin/link-service](https://docs.wellesley.social/openapi/admin-remote-link-service/paths/~1api~1v1~1admin~1link-service/get.md): Returns the configured remote link preview service base URL if set; otherwise null. RBAC: requires AdminSettings.Manage ### Configure remote link preview service - [POST /api/v1/admin/link-service/configure](https://docs.wellesley.social/openapi/admin-remote-link-service/paths/~1api~1v1~1admin~1link-service~1configure/post.md): Validates the provided base URL, checks provider capabilities at /provider_info, and saves configuration RBAC: requires AdminSettings.Manage ## Admin Reports Administrative endpoints for managing user reports and moderation. Provides tools for reviewing, assigning, resolving, and annotating reports about users, posts, and groups. Supports workflow management with assignment, notes, and resolution tracking. ### Remove posts from all reports and auto-close empty reports - [POST /api/v1/admin/reports/delete-posts](https://docs.wellesley.social/openapi/admin-reports/paths/~1api~1v1~1admin~1reports~1delete-posts/post.md): Removes specified posts from all reports that reference them. If a report no longer has any posts after removal, it is automatically closed/resolved. This is typically used after deleting reported content. Returns the count of reports that were auto-closed. The current user is recorded as having taken action on auto-closed reports. RBAC: requires Reports.Manage ### List moderation reports with filtering - [GET /api/v1/admin/reports/list](https://docs.wellesley.social/openapi/admin-reports/paths/~1api~1v1~1admin~1reports~1list/get.md): Retrieves a paginated list of moderation reports. Can filter by reported user, reported post, group context, or resolution status. Supports pagination for large result sets. Reports include details about the reporter, target content, assigned moderator, and any notes. RBAC: requires Reports.Manage ### Get specific report details - [GET /api/v1/admin/reports/{reportId}](https://docs.wellesley.social/openapi/admin-reports/paths/~1api~1v1~1admin~1reports~1%7Breportid%7D/get.md): Retrieves complete details of a specific moderation report including the reporter, target content (users/posts), assigned moderator, resolution status, and all associated notes. Use this to review a report before taking action. RBAC: requires Reports.Manage ### Add moderation note to report - [POST /api/v1/admin/reports/{reportId}/add-note](https://docs.wellesley.social/openapi/admin-reports/paths/~1api~1v1~1admin~1reports~1%7Breportid%7D~1add-note/post.md): Adds an internal moderation note to the report. Notes are used to document investigation findings, actions taken, or communication between moderators. Each note is timestamped and attributed to the adding moderator. Notes are visible only to moderators and not to the reporter or reported user. RBAC: requires Reports.Manage ### Assign report to yourself - [POST /api/v1/admin/reports/{reportId}/assign-to-self](https://docs.wellesley.social/openapi/admin-reports/paths/~1api~1v1~1admin~1reports~1%7Breportid%7D~1assign-to-self/post.md): Assigns the current user as the moderator responsible for handling this report. This helps coordinate moderation efforts by showing other moderators that someone is actively investigating this report. Updates the assignedToUserId field. RBAC: requires Reports.Manage ### Permanently delete a report - [DELETE /api/v1/admin/reports/{reportId}/delete](https://docs.wellesley.social/openapi/admin-reports/paths/~1api~1v1~1admin~1reports~1%7Breportid%7D~1delete/delete.md): Permanently removes a report from the system. This should only be used for invalid or spam reports. For legitimate reports that have been addressed, use the resolve endpoint instead to maintain moderation history. This action cannot be undone. RBAC: requires Reports.Manage ### Remove moderation note from report - [POST /api/v1/admin/reports/{reportId}/remove-note](https://docs.wellesley.social/openapi/admin-reports/paths/~1api~1v1~1admin~1reports~1%7Breportid%7D~1remove-note/post.md): Removes a specific moderation note from the report by its index position. Use this to correct mistakes or remove outdated information. Notes are zero-indexed, so the first note has index 0. Only valid indices are accepted. RBAC: requires Reports.Manage ### Reopen a resolved report - [POST /api/v1/admin/reports/{reportId}/reopen](https://docs.wellesley.social/openapi/admin-reports/paths/~1api~1v1~1admin~1reports~1%7Breportid%7D~1reopen/post.md): Reopens a previously resolved report for further investigation. This clears the resolution status and allows the report to be reassigned and worked on again. Useful when initial resolution was insufficient or new information becomes available. RBAC: requires Reports.Manage ### Mark report as resolved - [POST /api/v1/admin/reports/{reportId}/resolve](https://docs.wellesley.social/openapi/admin-reports/paths/~1api~1v1~1admin~1reports~1%7Breportid%7D~1resolve/post.md): Marks a report as resolved/closed, indicating that action has been taken. The current user is recorded as the moderator who resolved the report. This updates the actionTakenAt timestamp and actionTakenByUserId fields. RBAC: requires Reports.Manage ### Unassign report from any moderator - [POST /api/v1/admin/reports/{reportId}/unassign](https://docs.wellesley.social/openapi/admin-reports/paths/~1api~1v1~1admin~1reports~1%7Breportid%7D~1unassign/post.md): Removes the assignment of this report from any moderator, making it available for other moderators to claim. Use when unable to complete investigation or when transferring to another moderator. Clears the assignedToUserId field. RBAC: requires Reports.Manage ## Admin Signup Requests Administrative endpoints for managing user signup requests. Provides tools for reviewing, approving, rejecting, and managing signup requests in moderation queue. Supports workflow for manual account approval when enabled. ### Approve a signup request - [PUT /api/v1/admin/signup_requests/approve/{hash}](https://docs.wellesley.social/openapi/admin-signup-requests/paths/~1api~1v1~1admin~1signup_requests~1approve~1%7Bhash%7D/put.md): Approves a pending signup request and creates the user account. Sends a welcome email to the user upon successful account creation. If username conflicts occur, sends an alternative email prompting the user to choose a different username. If email/phone conflicts occur, the request is deleted as the user likely already has an account. The operation is logged for audit purposes. RBAC: requires Signups.Manage ### Delete a signup request - [DELETE /api/v1/admin/signup_requests/delete/{hash}](https://docs.wellesley.social/openapi/admin-signup-requests/paths/~1api~1v1~1admin~1signup_requests~1delete~1%7Bhash%7D/delete.md): Permanently removes a signup request from the system without notifying the user. Use this for cleaning up invalid, duplicate, or spam requests. Unlike rejection, this does not send any notification to the applicant. The request cannot be recovered after deletion. RBAC: requires Signups.Manage ### List pending signup requests - [GET /api/v1/admin/signup_requests/list](https://docs.wellesley.social/openapi/admin-signup-requests/paths/~1api~1v1~1admin~1signup_requests~1list/get.md): Retrieves a paginated list of signup requests awaiting admin approval. Can filter by email address, request hash, or originating IP address. Results are sorted by creation date (newest first) by default. Only shows requests at the ADMIN approval step. RBAC: - requires ANY of Signups.Read, Signups.Manage ### Reject a signup request - [PUT /api/v1/admin/signup_requests/reject/{hash}](https://docs.wellesley.social/openapi/admin-signup-requests/paths/~1api~1v1~1admin~1signup_requests~1reject~1%7Bhash%7D/put.md): Rejects a pending signup request and permanently removes it from the queue. Sends a rejection email to the applicant with an optional reason for the rejection. This action is final and the user would need to submit a new signup request. The rejection is logged for audit purposes. RBAC: requires Signups.Manage ## Admin Uploads Administrative endpoints for managing file uploads and media storage. Provides tools for monitoring user storage usage, searching uploaded files, and managing upload processing jobs. Supports queue management for async upload processing workflows. ### List upload processing jobs in queue - [GET /api/v1/admin/uploads/jobs/queue/{queueName}](https://docs.wellesley.social/openapi/admin-uploads/paths/~1api~1v1~1admin~1uploads~1jobs~1queue~1%7Bqueuename%7D/get.md): Retrieves upload processing jobs from a specific queue (submitted, in_progress, or completed). Used to monitor the status of async upload processing tasks such as image resizing, video encoding, or thumbnail generation. Supports filtering by upload type and sorting by various fields like submission time or processing duration. RBAC: requires Uploads.Read ### Get upload job queue summaries - [GET /api/v1/admin/uploads/jobs/summary](https://docs.wellesley.social/openapi/admin-uploads/paths/~1api~1v1~1admin~1uploads~1jobs~1summary/get.md): Retrieves summary statistics for all upload processing queues, showing counts of jobs in submitted, in-progress, and completed states. Provides a high-level overview of the upload processing system's current workload and performance. Useful for monitoring system health and identifying processing bottlenecks. RBAC: requires Uploads.Read ### Search user uploads with filters - [GET /api/v1/admin/uploads/search](https://docs.wellesley.social/openapi/admin-uploads/paths/~1api~1v1~1admin~1uploads~1search/get.md): Searches and retrieves uploads for a specific user with optional filtering by upload type (IMAGE, VIDEO, AUDIO, DOCUMENT) and tags (Avatar, Header, Post, etc.). Supports pagination for large result sets. Returns upload metadata including file information, processing status, and associated tags. RBAC: requires Uploads.Read ### Get user storage information - [GET /api/v1/admin/uploads/storage/{userId}](https://docs.wellesley.social/openapi/admin-uploads/paths/~1api~1v1~1admin~1uploads~1storage~1%7Buserid%7D/get.md): Retrieves detailed storage usage information for a specific user, including total storage used, file counts by type, and storage limits. Useful for monitoring user storage consumption and enforcing quotas. RBAC: requires Uploads.Read ## Aliases Endpoints for managing previous usernames and username aliases ### List of aliases - [GET /api/v1/user-alias](https://docs.wellesley.social/openapi/aliases/paths/~1api~1v1~1user-alias/get.md) ### Remove alias - [DELETE /api/v1/user-alias](https://docs.wellesley.social/openapi/aliases/paths/~1api~1v1~1user-alias/delete.md) ### Create alias - [POST /api/v1/user-alias](https://docs.wellesley.social/openapi/aliases/paths/~1api~1v1~1user-alias/post.md) ## Application Data Endpoints for managing application-specific data storage. Provides a flexible key-value storage system for applications to store custom data associated with users, groups, or the platform. Supports tagging, filtering, and ownership-based access control. ### Query application data with filters - [GET /api/v1/apps/{appId}/data](https://docs.wellesley.social/openapi/application-data/paths/~1api~1v1~1apps~1%7Bappid%7D~1data/get.md): Retrieves application data entries based on filter criteria. Can filter by data type, tags (multiple tags are AND-ed), and owner. The user must have read permissions for the specified owner if filtering by owner. Returns all matching entries for the application. Without filters, returns all data the user has permission to access. ### Create new application data entry - [POST /api/v1/apps/{appId}/data](https://docs.wellesley.social/openapi/application-data/paths/~1api~1v1~1apps~1%7Bappid%7D~1data/post.md): Creates a new data entry for the specified application. The data can be owned by a user, group, user within a group context, or the platform itself. Ownership determines access permissions. The data structure is flexible, supporting any JSON content with optional type categorization and tags for filtering. ### Update existing application data - [PUT /api/v1/apps/{appId}/data/{id}](https://docs.wellesley.social/openapi/application-data/paths/~1api~1v1~1apps~1%7Bappid%7D~1data~1%7Bid%7D/put.md): Updates an existing data entry for the application. The user must have manage permissions for the data owner (user/group). The ownership cannot be changed during update - the new ownerId must match the existing one. Updates the data content, type, and tags while preserving ownership. ### Delete application data entry - [DELETE /api/v1/apps/{appId}/data/{id}](https://docs.wellesley.social/openapi/application-data/paths/~1api~1v1~1apps~1%7Bappid%7D~1data~1%7Bid%7D/delete.md): Permanently deletes a data entry from the application storage. The user must have manage permissions for the data owner. This operation cannot be undone. All associated metadata including tags and type information is also removed. ## Applications Endpoints for serving and routing platform applications to users ### Install a new application from ZIP file - [POST /api/v1/apps](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps/post.md): Uploads and installs a new application from a ZIP archive. The application is created in a disabled state by default unless the 'enable' parameter is set to true. RBAC: requires Apps.Manage ### List globally available applications - [GET /api/v1/apps](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps/get.md): Returns a list of applications available at the global entry point. These applications are accessible to all users. ### List all enabled applications - [GET /api/v1/apps/enabled](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1enabled/get.md): Returns a list of all currently enabled applications on the platform. Only applications in enabled state are returned. No authentication required. ### List all installed applications - [GET /api/v1/apps/installed](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1installed/get.md): Returns a list of all installed applications on the platform, including both enabled and disabled applications. No authentication required. ### List user's available applications - [GET /api/v1/apps/user](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1user/get.md): Returns a list of applications available to the authenticated user, including both globally available and user-specific applications. ### Remove application from user's list - [DELETE /api/v1/apps/user/{appId}](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1user~1%7Bappid%7D/delete.md): Removes the specified application from the authenticated user's personal application list. ### Add application to user's list - [PUT /api/v1/apps/user/{appId}](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1user~1%7Bappid%7D/put.md): Adds the specified application to the authenticated user's personal application list, making it available in their user-specific context. ### Update an existing application from ZIP file - [PUT /api/v1/apps/{appId}](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1%7Bappid%7D/put.md): Updates an existing application by uploading a new ZIP archive. The application manifest in the ZIP must match the existing application ID. RBAC: requires Apps.Manage ### Get application details by ID - [GET /api/v1/apps/{appId}](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1%7Bappid%7D/get.md): Returns the complete application definition including manifest, routes, and configuration for the specified application ID. ### Delete an application - [DELETE /api/v1/apps/{appId}](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1%7Bappid%7D/delete.md): Permanently deletes an application from the platform. The application cannot be deleted if it's set as default for any routes. This operation is irreversible. RBAC: requires Apps.Manage ### Set application as platform default - [PUT /api/v1/apps/{appId}/default](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1%7Bappid%7D~1default/put.md): Sets the specified application as the default handler for its declared routes at the platform level. This affects all users who haven't set their own defaults. RBAC: requires Apps.Manage ### Disable an application - [PUT /api/v1/apps/{appId}/disable](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1%7Bappid%7D~1disable/put.md): Disables an enabled application, removing its routes and functionality from user access. The application cannot be disabled if it's set as default for any routes. RBAC: requires Apps.Manage ### Enable an application - [PUT /api/v1/apps/{appId}/enable](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1%7Bappid%7D~1enable/put.md): Enables a disabled application, making its routes and functionality available to users. The application must not already be enabled. RBAC: requires Apps.Manage ### Get application with usage statistics - [GET /api/v1/apps/{appId}/stats](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1%7Bappid%7D~1stats/get.md): Returns the application definition along with usage statistics including install count, active users, and other metrics. ### Set application as user's default - [PUT /api/v1/apps/{appId}/user-default](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1%7Bappid%7D~1user-default/put.md): Sets the specified application as the default handler for its declared routes for the authenticated user. This overrides platform-level defaults for this user. ### Remove user's default application - [DELETE /api/v1/apps/{appId}/user-default](https://docs.wellesley.social/openapi/applications/paths/~1api~1v1~1apps~1%7Bappid%7D~1user-default/delete.md): Removes the user's default application setting for the specified application's routes, reverting to platform defaults. ## Blocks User blocking functionality for preventing interaction with specific users. Blocking a user prevents them from following you, seeing your posts, or interacting with your content. Block operations are federated to remote servers when blocking remote users. ### List of blocked users - [GET /api/v1/block](https://docs.wellesley.social/openapi/blocks/paths/~1api~1v1~1block/get.md): Returns a paginated list of all users that the authenticated user has blocked. Results are ordered by block date (most recent first) and include user profile information. ### List of users who blocked you - [GET /api/v1/block/by](https://docs.wellesley.social/openapi/blocks/paths/~1api~1v1~1block~1by/get.md): Returns a paginated list of users who have blocked the authenticated user. This information helps understand why certain interactions may be restricted. Results are ordered by block date and include basic user information. ### Unblock previously blocked user - [DELETE /api/v1/block/{userId}](https://docs.wellesley.social/openapi/blocks/paths/~1api~1v1~1block~1%7Buserid%7D/delete.md): Removes a block on a user, allowing interactions to resume. For remote users, sends an Undo Block activity via ActivityPub. The user must currently be blocked for this operation to succeed. ### Block specific user - [POST /api/v1/block/{userId}](https://docs.wellesley.social/openapi/blocks/paths/~1api~1v1~1block~1%7Buserid%7D/post.md): Blocks a user, preventing all interactions between you and the blocked user. This action automatically unfollows both users from each other, removes any reposts, and removes any existing mute. For remote users, sends a Block activity via ActivityPub. Cannot block yourself. ## Categories Endpoints for managing forum-specific categories ### List all categories in a forum - [GET /api/v1/groups/{groupId}/categories](https://docs.wellesley.social/openapi/categories/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1categories/get.md): Returns a paginated list of all categories within the specified forum. Categories organize forum discussions into topics. ### Create a new forum category - [POST /api/v1/groups/{groupId}/categories](https://docs.wellesley.social/openapi/categories/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1categories/post.md): Creates a new category within a forum. Categories organize forum discussions into topics. RBAC: requires GroupForum.Manage ### Get forum category by name - [GET /api/v1/groups/{groupId}/categories/name/{categoryName}](https://docs.wellesley.social/openapi/categories/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1categories~1name~1%7Bcategoryname%7D/get.md): Retrieves a specific category within a forum by its unique name identifier. ### Check if category name is already in use - [GET /api/v1/groups/{groupId}/categories/namecheck/{categoryName}](https://docs.wellesley.social/openapi/categories/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1categories~1namecheck~1%7Bcategoryname%7D/get.md): Validates category name availability within the forum during creation. Returns whether the name is already taken within the group's forum. Requires GroupForum.Manage permission. RBAC: requires GroupForum.Manage ### Update an existing category - [PUT /api/v1/groups/{groupId}/categories/{categoryId}](https://docs.wellesley.social/openapi/categories/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1categories~1%7Bcategoryid%7D/put.md): Updates category properties including name, description, allowed tags, and metadata. Only authenticated users with appropriate permissions can update categories. RBAC: requires GroupForum.Manage ### Get category details by ID - [GET /api/v1/groups/{groupId}/categories/{categoryId}](https://docs.wellesley.social/openapi/categories/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1categories~1%7Bcategoryid%7D/get.md): Retrieves detailed information about a specific category including its name, description, allowed tags, and metadata. Public access allowed. ### Delete a forum category - [DELETE /api/v1/groups/{groupId}/categories/{categoryId}](https://docs.wellesley.social/openapi/categories/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1categories~1%7Bcategoryid%7D/delete.md): Permanently deletes a category from a forum. Cannot delete the last category in a forum - at least one category must remain. Requires authentication and appropriate permissions. RBAC: requires GroupForum.Manage ## Domain Blocks Public API for listing domains blocked by this instance. Visibility and reason details are controlled by platform settings. ### List blocked domains (Public) - [GET /api/v1/domain-block](https://docs.wellesley.social/openapi/domain-blocks/paths/~1api~1v1~1domain-block/get.md): Returns the list of blocked domains with sensitive fields removed. Actual visibility and whether reasons are shown depend on instance settings. ## Domain-blocks Endpoints for managing user-level domain blocks to filter content from specific servers ### List of blocked domains for the user - [GET /api/v1/user-domain-block](https://docs.wellesley.social/openapi/domain-blocks/paths/~1api~1v1~1user-domain-block/get.md) ### Unblock previously blocked domain - [DELETE /api/v1/user-domain-block/{domain}](https://docs.wellesley.social/openapi/domain-blocks/paths/~1api~1v1~1user-domain-block~1%7Bdomain%7D/delete.md) ### Block specific domain - [POST /api/v1/user-domain-block/{domain}](https://docs.wellesley.social/openapi/domain-blocks/paths/~1api~1v1~1user-domain-block~1%7Bdomain%7D/post.md): Block a domain to: * hide all public posts from it * hide all notifications from it * remove all followers from it * prevent following new users from it (but does not remove existing follows) ## Drafts Endpoints for creating, reading, updating, and deleting drafts, as well as publishing them to posts ### Get all drafts for the current user - [GET /api/v1/drafts](https://docs.wellesley.social/openapi/drafts/paths/~1api~1v1~1drafts/get.md): Returns a list of all drafts created by the authenticated user, sorted by last modification date. ### Create a new draft - [POST /api/v1/drafts](https://docs.wellesley.social/openapi/drafts/paths/~1api~1v1~1drafts/post.md): Creates a new draft that can be saved and published later. Drafts can be associated with users, groups, or categories, and can be linked to existing posts for editing. ### Get all drafts for a specific owner - [GET /api/v1/drafts/owner/{ownerId}](https://docs.wellesley.social/openapi/drafts/paths/~1api~1v1~1drafts~1owner~1%7Bownerid%7D/get.md): Returns all drafts associated with a specific owner (user or category). Only drafts owned by the authenticated user are returned. ### Get a draft for a specific post - [GET /api/v1/drafts/post/{postId}](https://docs.wellesley.social/openapi/drafts/paths/~1api~1v1~1drafts~1post~1%7Bpostid%7D/get.md): Retrieves a draft associated with a specific post ID. Used for editing existing posts. Only the draft owner can access it. ### Update an existing draft - [PUT /api/v1/drafts/{draftId}](https://docs.wellesley.social/openapi/drafts/paths/~1api~1v1~1drafts~1%7Bdraftid%7D/put.md): Updates the content, title, privacy settings, or tags of an existing draft. Only the draft owner can update it. ### Get a draft by ID - [GET /api/v1/drafts/{draftId}](https://docs.wellesley.social/openapi/drafts/paths/~1api~1v1~1drafts~1%7Bdraftid%7D/get.md): Retrieves a specific draft by its unique identifier. Only the draft owner can access it. ### Delete a draft - [DELETE /api/v1/drafts/{draftId}](https://docs.wellesley.social/openapi/drafts/paths/~1api~1v1~1drafts~1%7Bdraftid%7D/delete.md): Permanently deletes a draft. Only the draft owner can delete it. This action cannot be undone. ### Publish a draft as a post - [POST /api/v1/drafts/{draftId}/publish](https://docs.wellesley.social/openapi/drafts/paths/~1api~1v1~1drafts~1%7Bdraftid%7D~1publish/post.md): Publishes a draft, converting it into a public post. The draft is deleted after successful publication. Only the draft owner can publish it. ## Email Email address management for user accounts. Provides secure email change workflow with verification codes, password confirmation, and notification system. All email changes require authentication and are logged for security. ### Confirm and complete email change - [POST /api/v1/accounts/email/change/confirm](https://docs.wellesley.social/openapi/email/paths/~1api~1v1~1accounts~1email~1change~1confirm/post.md): Completes the email change process by verifying the confirmation code. Updates the account's email address upon successful verification. Sends confirmation to the new email address. Invalidates all existing tokens except the current session for security. The change is logged in the audit trail. ### Request email address change - [POST /api/v1/accounts/email/change/request](https://docs.wellesley.social/openapi/email/paths/~1api~1v1~1accounts~1email~1change~1request/post.md): Initiates email change process for the authenticated account. Requires current password verification for security. Sends notification to current email and verification code to new email. The new email must not already be registered. Includes IP address and geolocation in notification for security awareness. ### Resend email verification code - [PUT /api/v1/accounts/email/change/resend-code](https://docs.wellesley.social/openapi/email/paths/~1api~1v1~1accounts~1email~1change~1resend-code/put.md): Resends the verification code to the new email address for a pending email change. Use when the initial code was not received or has expired. Rate limited to prevent abuse. Requires an active email change request. ## Emoji Custom emoji management system for the platform. Supports creating, uploading, importing/exporting, searching, and deleting custom emojis. Emojis are automatically resized and optimized. Admin-only operations require Emojis.Manage permission. ### Get emojis by shortcodes or categories - [GET /api/v1/custom_emojis](https://docs.wellesley.social/openapi/emoji/paths/~1api~1v1~1custom_emojis/get.md): Retrieves emojis by exact shortcodes and/or by exact categories from cache. Multiple values can be requested in a single call using comma separation. If both parameters are provided, the union of results is returned. Returns paginated response with items (current page results), total (count matching filter), and totalItems (total emojis in system). ### Delete emojis - [DELETE /api/v1/custom_emojis](https://docs.wellesley.social/openapi/emoji/paths/~1api~1v1~1custom_emojis/delete.md): Deletes custom emojis by shortcode or category. Can delete multiple emojis at once using comma-separated values. Either shortcode or category must be provided. Returns the count of deleted emojis. Requires Emojis.Manage permission (admin only). RBAC: requires Emojis.Manage ### Create emoji from URL - [POST /api/v1/custom_emojis](https://docs.wellesley.social/openapi/emoji/paths/~1api~1v1~1custom_emojis/post.md): Creates a custom emoji by downloading from provided URLs. The emoji file is downloaded, processed, and stored locally. Supports overwriting existing emojis with the same shortcode. Can specify category, visibility, and domain for federated emojis. Requires Emojis.Manage permission (admin only). RBAC: requires Emojis.Manage ### List custom emoji categories - [GET /api/v1/custom_emojis/categories](https://docs.wellesley.social/openapi/emoji/paths/~1api~1v1~1custom_emojis~1categories/get.md): Returns distinct non-empty categories. Supports optional query and pagination. RBAC: requires Emojis.Manage ### Export emojis to ZIP - [GET /api/v1/custom_emojis/export](https://docs.wellesley.social/openapi/emoji/paths/~1api~1v1~1custom_emojis~1export/get.md): Exports emojis from a specific category as a ZIP archive. The ZIP contains all emoji files from the specified category. Useful for backup or migration purposes. Returns 404 if no emojis found in the category. Requires Emojis.Manage permission (admin only). RBAC: requires Emojis.Manage ### Bulk import emojis from ZIP - [POST /api/v1/custom_emojis/import](https://docs.wellesley.social/openapi/emoji/paths/~1api~1v1~1custom_emojis~1import/post.md): Imports multiple emojis from a ZIP archive. Filenames (without extension) become emoji shortcodes. All imported emojis share the same category and visibility settings. Images are automatically resized to 128x128 if larger. Animated GIFs are preserved with static versions generated. Supports batch overwriting of existing emojis. Requires Emojis.Manage permission (admin only). RBAC: requires Emojis.Manage ### Bulk import emojis from ZIP upload - [POST /api/v1/custom_emojis/import/upload](https://docs.wellesley.social/openapi/emoji/paths/~1api~1v1~1custom_emojis~1import~1upload/post.md): Imports multiple emojis from a ZIP archive that was previously uploaded via /uploads. Filenames (without extension) become emoji shortcodes. All imported emojis share the same category and visibility settings. Images are automatically resized to 128x128 if larger. Animated GIFs are preserved with static versions generated. Supports batch overwriting of existing emojis. RBAC: requires Emojis.Manage ### Search emojis by partial shortcode or category - [GET /api/v1/custom_emojis/search](https://docs.wellesley.social/openapi/emoji/paths/~1api~1v1~1custom_emojis~1search/get.md): Searches for emojis whose shortcodes or categories contain provided substrings. Useful for autocomplete functionality. Multiple searches can be performed in one request by passing comma-separated values. If no parameters provided, returns all emojis from cache. Returns paginated response with items (current page results), total (count matching filter), and totalItems (total emojis in system). ### Upload emoji from existing upload - [POST /api/v1/custom_emojis/upload](https://docs.wellesley.social/openapi/emoji/paths/~1api~1v1~1custom_emojis~1upload/post.md): Processes an existing upload (created via /uploads) as a custom emoji. Clients must first create an upload and PUT the file to the returned URL, then call this endpoint with the uploadId. RBAC: requires Emojis.Manage ### Partially update emoji metadata - [PATCH /api/v1/custom_emojis/{shortcode}](https://docs.wellesley.social/openapi/emoji/paths/~1api~1v1~1custom_emojis~1%7Bshortcode%7D/patch.md): Updates emoji metadata fields without requiring file upload. Supports updating category, visibility and domain. Requires Emojis.Manage permission. RBAC: requires Emojis.Manage ## Events Endpoints for creating, retrieving, and managing events and attendees ### Get public events or user-specific events - [GET /api/v1/events](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events/get.md): Returns public events for unauthenticated users, or events for a specific user/owner for authenticated users. Supports filtering by organizer or owner. ### Create a new event - [POST /api/v1/events](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events/post.md): Creates a new event with specified details including title, description, date/time, location, and privacy settings. The authenticated user becomes the event organizer. ### Export group's public calendar - [GET /api/v1/events/calendar/g/{groupname}.ics](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1calendar~1g~1%7Bgroupname%7D.ics/get.md): Exports a group's public events as an ICS (iCalendar) file. Only available if the group has enabled public calendar export in their settings. ### Export private calendar - [GET /api/v1/events/calendar/p/{id}.ics](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1calendar~1p~1%7Bid%7D.ics/get.md): Exports a user's or group's private calendar using a unique private ID. Includes both public and private events based on settings. ### Export user's public calendar - [GET /api/v1/events/calendar/u/{username}.ics](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1calendar~1u~1%7Busername%7D.ics/get.md): Exports a user's public events as an ICS (iCalendar) file. Only available if the user has enabled public calendar export in their settings. ### Get events from followed users - [GET /api/v1/events/following](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1following/get.md): Returns events organized by users that the authenticated user follows. Supports pagination and optional translations. ### Get authenticated user's events - [GET /api/v1/events/my](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1my/get.md): Returns events for the authenticated user with various filtering options including past events, organized events, and events pending response. ### Get event calendar settings - [GET /api/v1/events/settings](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1settings/get.md): Retrieves calendar export settings for the authenticated user or a specified group, including public/private calendar visibility and export options. ### Regenerate private calendar ID - [POST /api/v1/events/settings/regeneratePrivateId](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1settings~1regenerateprivateid/post.md): Generates a new unique ID for the private calendar URL. This invalidates the previous private calendar link. ### Update event calendar settings - [POST /api/v1/events/settings/update](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1settings~1update/post.md): Updates calendar export settings including public/private calendar visibility, detail level, and export scope. ### Update event details - [PUT /api/v1/events/{eventId}](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D/put.md): Updates an existing event's information including title, description, date/time, location, and privacy settings. Only the event organizer can update the event. ### Get event details by ID - [GET /api/v1/events/{eventId}](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D/get.md): Retrieves detailed information about a specific event including attendee status, statistics, and optional translations. ### Delete an event - [DELETE /api/v1/events/{eventId}](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D/delete.md): Soft deletes an event, marking it as cancelled. The event is not permanently removed and can still be viewed as deleted. Only the event organizer can delete the event. ### Export event as ICS file - [GET /api/v1/events/{eventId}.ics](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D.ics/get.md): Exports a single event in ICS (iCalendar) format for import into calendar applications. ### Accept private event invitation - [POST /api/v1/events/{eventId}/accept](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1accept/post.md): Accepts an invitation to a private event, confirming attendance. Only invited users can accept. ### Get private event attendees - [GET /api/v1/events/{eventId}/attendees](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1attendees/get.md): Returns the list of attendees for a private event along with their response statuses (accepted, tentative, rejected, pending). ### Remove user from private event - [DELETE /api/v1/events/{eventId}/attendees/{userId}](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1attendees~1%7Buserid%7D/delete.md): Revokes a user's invitation or removes them from a private event. Only the event organizer can remove attendees. ### Invite user to private event - [POST /api/v1/events/{eventId}/attendees/{userId}](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1attendees~1%7Buserid%7D/post.md): Sends an invitation to a specific user for a private event. Only the event organizer can invite attendees. ### Cancel a scheduled event - [POST /api/v1/events/{eventId}/cancel](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1cancel/post.md): Cancels a scheduled event, notifying all attendees. The event remains visible but marked as cancelled. Only the event organizer can cancel. ### Express interest in an event - [POST /api/v1/events/{eventId}/interested](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1interested/post.md): Marks the authenticated user as interested in a public event. Cannot be used for private events. Returns updated event statistics. ### Join a public event - [POST /api/v1/events/{eventId}/join](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1join/post.md): Confirms attendance for a public event. Cannot be used for private events which require invitations. Returns updated event statistics. ### Leave or revoke interest in event - [DELETE /api/v1/events/{eventId}/joinOrInterested](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1joinorinterested/delete.md): Removes the authenticated user's interest or participation in a public event. Cannot be used for private events. Returns updated event statistics. ### Tentatively accept private event - [POST /api/v1/events/{eventId}/maybe](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1maybe/post.md): Responds 'maybe' to a private event invitation, indicating tentative attendance. Only invited users can respond. ### Get mutual event attendees - [GET /api/v1/events/{eventId}/mutual](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1mutual/get.md): Returns a list of users who are both attending the specified public event and are followed by the authenticated user. ### Reject private event invitation - [POST /api/v1/events/{eventId}/reject](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1reject/post.md): Declines an invitation to a private event. Only invited users can reject invitations. ### Translate event content - [POST /api/v1/events/{eventId}/translate](https://docs.wellesley.social/openapi/events/paths/~1api~1v1~1events~1%7Beventid%7D~1translate/post.md): Translates event title and description to the specified language. Translation is cached for future requests. ## Follow User follow relationship management. Handles following/unfollowing users, managing follow requests, and querying follower/followee relationships. Supports both local and remote (federated) users with ActivityPub protocol integration. ### List mutual connections - [GET /api/v1/users/connections](https://docs.wellesley.social/openapi/follow/paths/~1api~1v1~1users~1connections/get.md): Returns users who have a mutual (bidirectional) follow relationship with the authenticated user. Both users follow each other. Can filter by connection status. By default returns only ACCEPTED mutual connections. Useful for finding close connections or friends. ### Follow a user - [POST /api/v1/users/follow/{username}](https://docs.wellesley.social/openapi/follow/paths/~1api~1v1~1users~1follow~1%7Busername%7D/post.md): Initiates a follow relationship with a local or remote user. For remote users, specify the domain parameter or include it in the username (user@domain). Supports mutual follows (bidirectional connections) when mutual=true. Checks for blocks and self-follows. Remote follows are sent via ActivityPub. Local follows may auto-accept based on user settings. ### Accept follow request - [POST /api/v1/users/follow/{username}/accept](https://docs.wellesley.social/openapi/follow/paths/~1api~1v1~1users~1follow~1%7Busername%7D~1accept/post.md): Accepts a pending follow request from another user. Changes follow status from PENDING to ACCEPTED. Checks for blocks before accepting. Sends Accept activity to remote followers via ActivityPub. Only the followee can accept their own follow requests. ### Reset follow request to pending - [POST /api/v1/users/follow/{username}/pend](https://docs.wellesley.social/openapi/follow/paths/~1api~1v1~1users~1follow~1%7Busername%7D~1pend/post.md): Resets a previously accepted or rejected follow request back to PENDING status. Useful when reconsidering a follow decision. The request can then be accepted or rejected again. Only affects the local follow status, not remote ActivityPub state. ### Reject follow request - [POST /api/v1/users/follow/{username}/reject](https://docs.wellesley.social/openapi/follow/paths/~1api~1v1~1users~1follow~1%7Busername%7D~1reject/post.md): Rejects a pending follow request from another user. Changes follow status from PENDING to REJECTED. Sends Reject activity to remote followers via ActivityPub. The follower can retry following after rejection. Only the followee can reject their own follow requests. ### Unfollow a user - [POST /api/v1/users/follow/{username}/undo](https://docs.wellesley.social/openapi/follow/paths/~1api~1v1~1users~1follow~1%7Busername%7D~1undo/post.md): Removes a follow relationship with a local or remote user. For remote users, specify the domain parameter or include it in the username. If mutual=true, removes bidirectional connection. Sends Undo Follow activity to remote users via ActivityPub. Returns error if no follow relationship exists. ### List users you follow - [GET /api/v1/users/followees](https://docs.wellesley.social/openapi/follow/paths/~1api~1v1~1users~1followees/get.md): Returns a paginated list of users that the authenticated user follows. Can filter by follow status (ACCEPTED, PENDING, REJECTED) or return all statuses. By default returns only ACCEPTED followees. Includes both local and remote users. ### List followers - [GET /api/v1/users/followers](https://docs.wellesley.social/openapi/follow/paths/~1api~1v1~1users~1followers/get.md): Returns a paginated list of users who follow the authenticated user. Can filter by follow status (ACCEPTED, PENDING, REJECTED) or return all statuses. By default returns only ACCEPTED followers. Includes both local and remote followers. ### Get relationships with users - [GET /api/v1/users/relationships](https://docs.wellesley.social/openapi/follow/paths/~1api~1v1~1users~1relationships/get.md): Returns relationship status between the authenticated user and specified target users. Shows following/followed status and optionally blocked/muted/notes. Returns a map of user IDs to relationship objects. If no relationship exists for a user ID, it's omitted from the response. Useful for bulk checking relationship status. ## Forums Endpoints for managing discussion forums, including creation, retrieval, and deletion ### Update forum settings - [PUT /api/v1/groups/{groupId}/forum](https://docs.wellesley.social/openapi/forums/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1forum/put.md): Updates forum configuration including visibility, policy, and metadata. Requires authentication and appropriate permissions. RBAC: requires GroupForum.Manage ### Get group's forum - [GET /api/v1/groups/{groupId}/forum](https://docs.wellesley.social/openapi/forums/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1forum/get.md): Retrieves detailed information about a specific forum including its visibility settings, policy, and metadata. If the group doesn't have a forum, automatically creates a new forum with default categories. Visible according to Group settings. ### Delete a forum - [DELETE /api/v1/groups/{groupId}/forum](https://docs.wellesley.social/openapi/forums/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1forum/delete.md): Permanently deletes a forum and all its associated data. This action is irreversible. Requires authentication and owner permissions. RBAC: requires GroupForum.Manage ### Permanently delete a forum - [DELETE /api/v1/groups/{groupId}/forum/hard](https://docs.wellesley.social/openapi/forums/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1forum~1hard/delete.md): Permanently deletes a forum and all its associated categories. Requires authentication and forum management permissions. Administrative operation. RBAC: requires GroupData.Manage ### Get forum statistics - [GET /api/v1/groups/{groupId}/forum/stats](https://docs.wellesley.social/openapi/forums/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1forum~1stats/get.md): Returns statistics for the forum including number of categories and tags ### List all forum tags - [GET /api/v1/groups/{groupId}/forum/tags](https://docs.wellesley.social/openapi/forums/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1forum~1tags/get.md): Returns a paginated list of all tags used within the specified forum, sorted by usage frequency. ### Search forum tags for autocompletion - [GET /api/v1/groups/{groupId}/forum/tags/search](https://docs.wellesley.social/openapi/forums/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1forum~1tags~1search/get.md): Searches for tags within a forum by prefix, primarily used for tag autocompletion in user interfaces. Returns matching tags sorted by usage frequency. ## Geo Endpoints for geographic location lookup and timezone services ### Get address from coordinates - [GET /api/v1/geo](https://docs.wellesley.social/openapi/geo/paths/~1api~1v1~1geo/get.md): Performs reverse geocoding to convert latitude and longitude coordinates into a human-readable address. Requires authentication. ## Group Applications Endpoints for managing applications available to groups, including listing, adding, and removing group-specific applications ### List all group applications - [GET /api/v1/groups/apps](https://docs.wellesley.social/openapi/group-applications/paths/~1api~1v1~1groups~1apps/get.md): Returns a list of all applications available at the group entry point. These applications can be installed by any group. Requires authentication and appropriate permissions. ### List applications for a specific group - [GET /api/v1/groups/{groupId}/apps](https://docs.wellesley.social/openapi/group-applications/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1apps/get.md): Returns a list of applications available to the specified group. Only group members can view the group's applications. ### Remove application from group - [DELETE /api/v1/groups/{groupId}/apps/{appId}](https://docs.wellesley.social/openapi/group-applications/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1apps~1%7Bappid%7D/delete.md): Removes an application from the specified group's application list. ### Add application to group - [PUT /api/v1/groups/{groupId}/apps/{appId}](https://docs.wellesley.social/openapi/group-applications/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1apps~1%7Bappid%7D/put.md): Adds an application to the specified group's application list, making it available for group members. ## Group Channels API endpoints for managing channels within groups. Channels are specialized accounts that enable organized content distribution within groups. They support hierarchical organization with main and default channels, privacy controls inherited from parent groups, and both scoped (group-specific) and global usernames for discovery. Group administrators manage channels while members can follow them. ### List all group channels - [GET /api/v1/groups/{groupId}/channels](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels/get.md): Retrieves a complete list of all channels within the specified group. Requires group membership to access. Returns both public and private channels visible to the authenticated user. The response includes channel metadata such as privacy settings, default status, and whether each channel is designated as the main channel. Channels are returned in creation order. RBAC: requires GroupChannels.Read ### Create a new group channel - [POST /api/v1/groups/{groupId}/channels](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels/post.md): Creates a new channel within the specified group. Requires group administrator privileges. The channel's privacy is constrained by the parent group's privacy settings (private groups can only have private channels). The first channel created is automatically designated as both main and default. Channels can have both scoped usernames (group-specific) and optional global usernames (platform-wide). Note: Avatar and header images must be set via the update endpoint after channel creation. RBAC: requires GroupChannels.Manage ### List default channels - [GET /api/v1/groups/{groupId}/channels/default](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels~1default/get.md): Retrieves all channels designated as default for the specified group. Default channels are automatically followed by new members upon joining. Requires group membership to access. Returns an empty array if no default channels are configured. The response includes full channel information including privacy settings and follow status. RBAC: requires GroupChannels.Read ### Get group channel by scoped username - [GET /api/v1/groups/{groupId}/channels/lookup](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels~1lookup/get.md): Retrieves a channel using its group-scoped username (slug). Useful for accessing channels without global usernames. Private channels and channels inside private groups require membership and otherwise return 404. ### Retrieve main channel - [GET /api/v1/groups/{groupId}/channels/main](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels~1main/get.md): Retrieves the designated main channel for the specified group. Access control is based on both group and channel privacy settings. Public groups with public main channels are accessible to everyone. Private groups or private channels require group membership. Returns 404 if no main channel is designated or if access is denied due to privacy settings. ### Check if channel username is already in use - [GET /api/v1/groups/{groupId}/channels/namecheck/{channelUsername}](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels~1namecheck~1%7Bchannelusername%7D/get.md): Used for inline validation during channel creation. Scoped to the group. Returns a result object indicating whether the username is taken within the specified group. RBAC: requires GroupChannels.Manage ### List public channels - [GET /api/v1/groups/{groupId}/channels/public](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels~1public/get.md): Retrieves all public channels from a public group. This endpoint is accessible to everyone, including non-members and unauthenticated users, but only works for public groups. Private groups will return an error regardless of their channels' privacy settings. Useful for discovery and browsing group content before joining. Channels with global usernames are included with their platform-wide identifiers. ### Update an existing group channel - [PUT /api/v1/groups/{groupId}/channels/{channelId}](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels~1%7Bchannelid%7D/put.md): Modifies properties of an existing channel. Requires group administrator privileges. Only included fields are updated; null fields preserve existing values. Privacy changes are constrained by the parent group's privacy (cannot make a channel public in a private group). Changes to default status affect auto-follow behavior for new members. RBAC: requires GroupChannels.Manage ### Get group channel by id - [GET /api/v1/groups/{groupId}/channels/{channelId}](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels~1%7Bchannelid%7D/get.md): Retrieves a channel within the current group by its identifier. Access to private channels (or channels in private groups) is restricted to group members; outsiders receive a 404. ### Delete a group channel - [DELETE /api/v1/groups/{groupId}/channels/{channelId}](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels~1%7Bchannelid%7D/delete.md): Removes the specified channel from the group. Requires group administrator privileges. The channel is marked as deleted immediately and background workers handle cleanup of posts, media, and follower relationships. RBAC: requires GroupChannels.Manage ### Update channel default status - [PUT /api/v1/groups/{groupId}/channels/{channelId}/default](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels~1%7Bchannelid%7D~1default/put.md): Toggles whether a channel is designated as a default channel. Requires group administrator privileges. Default channels are automatically followed by new group members upon joining. Multiple channels can be marked as default. This setting helps onboard new members by ensuring they receive content from essential channels immediately. RBAC: requires GroupChannels.Manage ### Designate channel as main - [PUT /api/v1/groups/{groupId}/channels/{channelId}/main](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels~1%7Bchannelid%7D~1main/put.md): Sets the specified channel as the main channel for the group. Requires group administrator privileges. Only one channel can be designated as main per group. The main channel serves as the primary communication channel and is prominently displayed in group interfaces. Any existing main channel designation is automatically removed. RBAC: requires GroupChannels.Manage ### Assign or update global username - [PUT /api/v1/groups/{groupId}/channels/{channelId}/username](https://docs.wellesley.social/openapi/group-channels/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1channels~1%7Bchannelid%7D~1username/put.md): Assigns, updates, or removes a global username for a public channel. Requires group administrator privileges. Global usernames provide platform-wide discovery and must be unique across the entire system. Only public channels in public groups can have global usernames. Setting the username to null removes any existing global username assignment. RBAC: requires GroupChannels.Manage ## Group Member Settings Endpoints for managing member-specific settings within groups. These settings are personal to each group member and affect their individual experience within the group. Members can only access and modify their own settings within groups they belong to. ### Update member's personal settings for a group - [PUT /api/v1/groups/{groupId}/member-settings](https://docs.wellesley.social/openapi/group-member-settings/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1member-settings/put.md): Updates one or more of the current member's personal settings within the specified group. Multiple settings can be updated in a single request. Complete setting objects must be provided - partial updates of individual settings are not supported. Members can only update their own settings and must be active members of the group. Changes take effect immediately. ### Get member's personal settings for a group - [GET /api/v1/groups/{groupId}/member-settings](https://docs.wellesley.social/openapi/group-member-settings/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1member-settings/get.md): Retrieves the current member's personal settings within the specified group. Returns a JSON object with setting keys mapped to their values. Members can only access their own settings and must be active members of the group. Settings control member-specific preferences like notification preferences, display options, and personal configurations within the group context. ### Delete member's personal settings for a group - [DELETE /api/v1/groups/{groupId}/member-settings](https://docs.wellesley.social/openapi/group-member-settings/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1member-settings/delete.md): Deletes one or more of the current member's personal settings within the specified group, reverting them to default values. Multiple settings can be deleted in a single request. Members can only delete their own settings and must be active members of the group. After deletion, the settings will use system or group defaults. ## Group Members API endpoints for managing group membership. Provides functionality to add, update, and remove members from groups, as well as retrieve membership information. Supports both local and federated groups through ActivityPub protocol. Access control is enforced based on group privacy settings and user permissions. ### Get current user's group memberships - [GET /api/v1/groups](https://docs.wellesley.social/openapi/group-members/paths/~1api~1v1~1groups/get.md): Retrieves all groups that the currently authenticated user is a member of. Returns both public and private groups since the user is requesting their own memberships. Returns full Group objects with complete group details. Results are paginated. This is a convenience endpoint equivalent to calling /groups/member/{userId}/groups with your own user ID. ### Get groups owned by current user - [GET /api/v1/groups/account](https://docs.wellesley.social/openapi/group-members/paths/~1api~1v1~1groups~1account/get.md): Retrieves all groups that were created by the currently authenticated user account. This returns groups where the user is the owner/administrator, not just a member. A single user account can own and manage multiple groups. Returns full Group objects with complete group details including private groups owned by the user. Results are paginated. ### Get group memberships for a specific user - [GET /api/v1/groups/member/{userId}](https://docs.wellesley.social/openapi/group-members/paths/~1api~1v1~1groups~1member~1%7Buserid%7D/get.md): Retrieves all group memberships for the specified user. Privacy rules apply: requesting your own memberships returns all groups (public and private), while requesting another user's memberships returns only their public group memberships. Results are paginated. ### Get groups that a user is a member of - [GET /api/v1/groups/member/{userId}/groups](https://docs.wellesley.social/openapi/group-members/paths/~1api~1v1~1groups~1member~1%7Buserid%7D~1groups/get.md): Retrieves all groups where the specified user is a member. Privacy rules apply: requesting your own groups returns all groups (public and private), while requesting another user's groups returns only their public group memberships. Returns full Group objects rather than membership records. Results are paginated. ### Get all members of a group - [GET /api/v1/groups/{groupId}/members](https://docs.wellesley.social/openapi/group-members/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1members/get.md): Retrieves the list of all members in the specified group as GroupMember objects. Public groups are accessible to all authenticated users, Private groups accessible to members only. Supports sorting by join time, posts, or relationship to current user. Supports role filtering and pagination. ### Add a new member to a group - [POST /api/v1/groups/{groupId}/members](https://docs.wellesley.social/openapi/group-members/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1members/post.md): Adds a user as a member of the specified group. For local groups, the membership is created immediately. For federated groups, an ActivityPub message is sent to the remote server. The requesting user must have GroupMembers.Manage permission for the target group. The groupId is provided in the URL path. RBAC: requires GroupMembers.Manage ### Update an existing group member - [PUT /api/v1/groups/{groupId}/members/{memberId}](https://docs.wellesley.social/openapi/group-members/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1members~1%7Bmemberid%7D/put.md): Updates the role, status, or metadata of an existing group member. For local groups, the update is applied immediately. For federated groups, an ActivityPub message is sent to the remote server to request the update. Requires GroupMembers.Manage permission for the target group. RBAC: requires GroupMembers.Manage ### Remove a member from a group - [DELETE /api/v1/groups/{groupId}/members/{memberId}](https://docs.wellesley.social/openapi/group-members/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1members~1%7Bmemberid%7D/delete.md): Removes the specified user from the group. For local groups, the membership is deleted immediately. For federated groups, an ActivityPub message is sent to request removal. Requires GroupMembers.Manage permission. An optional reason can be provided for audit logging. RBAC: requires GroupMembers.Manage ### Leave a group - [DELETE /api/v1/groups/{groupId}/membership](https://docs.wellesley.social/openapi/group-members/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1membership/delete.md): Removes the authenticated user from the group. User's posts/comments remain but permissions are revoked. Can rejoin later with fresh membership. ### Get current user's membership in a group - [GET /api/v1/groups/{groupId}/membership](https://docs.wellesley.social/openapi/group-members/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1membership/get.md): Returns the membership object for the authenticated user in the specified group. Works for all membership statuses including pending/invited members. ### Get group members as User objects - [GET /api/v1/groups/{groupId}/users](https://docs.wellesley.social/openapi/group-members/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1users/get.md): Retrieves the list of all members in the specified group. Public groups are accessible to all authenticated users, Private groups accessible to members only. Supports sorting by join time, posts, or relationship to current user. Supports role filtering and pagination. ## Group Questions API endpoints for managing group entry questions. Groups can require prospective members to answer questions before joining. Questions support multiple types (text, single choice, multiple choice) and are used to screen members when the group's join mode is set to QUESTIONS. Answers are validated and generate a token that can be used during the join process. ### Get all questions for a group - [GET /api/v1/groups/{groupId}/questions](https://docs.wellesley.social/openapi/group-questions/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1questions/get.md): Retrieves the complete list of questions that prospective members must answer when joining the group. Questions are returned in order based on their ordering value (lowest first). This endpoint is not accessible for groups with INVITE_ONLY join mode. Authentication is required to prevent question harvesting. ### Create a new group question - [POST /api/v1/groups/{groupId}/questions](https://docs.wellesley.social/openapi/group-questions/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1questions/post.md): Adds a new question that prospective members must answer when joining the group. Requires GroupQuestions.Manage permission. Questions can be of type TEXT (free-form answer), SINGLE_CHOICE (one option), or MULTIPLE_CHOICE (multiple options). For choice questions, provide the available options in the choices array. The creation is tracked in the audit log. RBAC: requires GroupQuestions.Manage ### Submit answers to group entry questions - [POST /api/v1/groups/{groupId}/questions/answers](https://docs.wellesley.social/openapi/group-questions/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1questions~1answers/post.md): Submits answers to all required group questions as part of the join process. Returns a token that must be provided when calling the join endpoint. The group must have questions enabled (joinQuestions.show = true) and the user must not already be a member. Answers are validated against the current questions and stored for review by group administrators. The token expires after a configured period. ### Update an existing group question - [PUT /api/v1/groups/{groupId}/questions/{questionId}](https://docs.wellesley.social/openapi/group-questions/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1questions~1%7Bquestionid%7D/put.md): Modifies an existing question's text, type, choices, or ordering. Requires GroupQuestions.Manage permission. When changing question type, ensure the choices array is appropriate (empty for TEXT, populated for SINGLE_CHOICE/MULTIPLE_CHOICE). All fields must be provided in the update. Changes are tracked in the audit log for compliance. RBAC: requires GroupQuestions.Manage ### Delete a group question - [DELETE /api/v1/groups/{groupId}/questions/{questionId}](https://docs.wellesley.social/openapi/group-questions/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1questions~1%7Bquestionid%7D/delete.md): Permanently removes a question from the group's entry requirements. Requires GroupQuestions.Manage permission. This action cannot be undone. Any existing answers to this question are preserved for audit purposes but will not be evaluated for new join requests. The deletion is recorded in the audit log. RBAC: requires GroupQuestions.Manage ## Group Reports Group-scoped moderation reports. Allows group admins to review and resolve reports targeting their channels, forums, and events without global moderator access. ### Remove posts from all reports and auto-close empty reports - [POST /api/v1/groups/{groupId}/reports/delete-posts](https://docs.wellesley.social/openapi/group-reports/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1reports~1delete-posts/post.md): Removes specified posts from all reports that reference them. If a report no longer has any posts after removal, it is automatically closed/resolved. This is typically used after deleting reported content. Returns the count of reports that were auto-closed. The current user is recorded as having taken action on auto-closed reports. RBAC: requires GroupReports.Manage ### List group moderation reports - [GET /api/v1/groups/{groupId}/reports/list](https://docs.wellesley.social/openapi/group-reports/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1reports~1list/get.md): Returns the reports scoped to the current group. Supports filtering by reported user, post, and resolution status. Only members with GroupReports.Read or Manage can access this list. RBAC: - requires ANY of GroupReports.Read, GroupReports.Manage ### View specific group report - [GET /api/v1/groups/{groupId}/reports/{reportId}](https://docs.wellesley.social/openapi/group-reports/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1reports~1%7Breportid%7D/get.md): Returns the full details for a single report within the current group scope. RBAC: - requires ANY of GroupReports.Read, GroupReports.Manage ### Add note to group report - [POST /api/v1/groups/{groupId}/reports/{reportId}/add-note](https://docs.wellesley.social/openapi/group-reports/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1reports~1%7Breportid%7D~1add-note/post.md): Appends a moderation note to the report for internal collaboration. RBAC: requires GroupReports.Manage ### Remove note from group report - [POST /api/v1/groups/{groupId}/reports/{reportId}/remove-note](https://docs.wellesley.social/openapi/group-reports/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1reports~1%7Breportid%7D~1remove-note/post.md): Removes a moderation note by index. RBAC: requires GroupReports.Manage ### Reopen a resolved group report - [POST /api/v1/groups/{groupId}/reports/{reportId}/reopen](https://docs.wellesley.social/openapi/group-reports/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1reports~1%7Breportid%7D~1reopen/post.md): Clears resolution state so the report can be handled again. RBAC: requires GroupReports.Manage ### Resolve a group report - [POST /api/v1/groups/{groupId}/reports/{reportId}/resolve](https://docs.wellesley.social/openapi/group-reports/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1reports~1%7Breportid%7D~1resolve/post.md): Marks the report as resolved by the current moderator. RBAC: requires GroupReports.Manage ## Group Rules API endpoints for managing community rules within groups. Rules define the expected conduct and content policies that members must follow. Each rule consists of text (the rule itself), a hint (explanation or context), and an ordering value for display sequence. Rules are scoped to specific groups and can be managed by users with appropriate permissions. ### Get all rules for a group - [GET /api/v1/groups/{groupId}/rules](https://docs.wellesley.social/openapi/group-rules/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1rules/get.md): Retrieves the complete list of rules for a specific group. Rules are returned in order based on their ordering value (lowest first). This endpoint is publicly accessible as group rules should be visible to potential members before joining. Each rule includes its text content, explanatory hint, and display ordering. ### Create a new group rule - [POST /api/v1/groups/{groupId}/rules](https://docs.wellesley.social/openapi/group-rules/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1rules/post.md): Creates a new rule for the specified group. Requires GroupSettings.Manage permission. The rule will be assigned a unique ID and added to the group's rule list. Rules are used to establish community guidelines and expected behavior. An audit log entry is created for this action. RBAC: requires GroupSettings.Manage ### Reorder multiple group rules - [POST /api/v1/groups/{groupId}/rules/reorder](https://docs.wellesley.social/openapi/group-rules/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1rules~1reorder/post.md): Batch updates the display ordering of multiple rules within a group. This endpoint allows efficient reordering of rules without individual API calls. Requires GroupSettings.Manage permission. Each reordering operation is tracked in the audit log. Rules not included in the request maintain their current ordering. Returns all group rules with updated ordering values. RBAC: requires GroupSettings.Manage ### Delete a group rule - [DELETE /api/v1/groups/{groupId}/rules/{id}](https://docs.wellesley.social/openapi/group-rules/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1rules~1%7Bid%7D/delete.md): Permanently removes a rule from the group. Requires GroupSettings.Manage permission. This action cannot be undone. The deletion is recorded in the audit log. Returns 404 if the rule doesn't exist or doesn't belong to the specified group. RBAC: requires GroupSettings.Manage ### Update an existing group rule - [PUT /api/v1/groups/{groupId}/rules/{ruleId}](https://docs.wellesley.social/openapi/group-rules/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1rules~1%7Bruleid%7D/put.md): Modifies an existing rule's text, hint, or ordering. Requires GroupSettings.Manage permission. The entire rule content must be provided in the update request. Changes are tracked in the audit log for compliance and moderation purposes. Returns 404 if the rule doesn't exist. RBAC: requires GroupSettings.Manage ## Group Settings Endpoints for managing group-specific settings and configuration options. These endpoints allow authorized group members to view, update, and delete settings that control group behavior, features, and customization options. ### Update group settings - [PUT /api/v1/groups/{groupId}/settings](https://docs.wellesley.social/openapi/group-settings/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1settings/put.md): Update multiple group settings in a single operation. Each setting must be provided as a complete object with all required fields. Partial updates are not supported to ensure data consistency and prevent configuration errors. RBAC: requires GroupSettings.Manage ### Get group settings - [GET /api/v1/groups/{groupId}/settings](https://docs.wellesley.social/openapi/group-settings/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1settings/get.md): Retrieve specific group settings by their keys. Returns a JSON object mapping setting names to their configured values. Only settings that the authenticated user has permission to read will be included in the response. ### Delete group settings - [DELETE /api/v1/groups/{groupId}/settings](https://docs.wellesley.social/openapi/group-settings/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1settings/delete.md): Remove specific group settings by their keys. This operation will permanently delete the specified settings and revert them to their default values. Use with caution as deleted settings cannot be recovered. RBAC: requires GroupSettings.Manage ## Groups API endpoints for managing groups within the Wellesley platform. Groups are community spaces that can be public or private, support forums, and have their own membership and permission systems. Groups can be federated via ActivityPub for cross-instance communication. ### Create a new group - [POST /api/v1/groups](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups/post.md): Creates a new group owned by the currently authenticated user. The user becomes the group owner with full administrative privileges. The group name must be unique across the platform. A forum is automatically created for the group with default categories. ### Get all user's groups with comprehensive sorting - [GET /api/v1/groups/my-groups](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1my-groups/get.md): Returns user's groups in order: 1) pinned by pin number, 2) owned unpinned by creation date, 3) member unpinned by creation date ### Get group by name - [GET /api/v1/groups/name/{groupname}](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1name~1%7Bgroupname%7D/get.md): Retrieves a group using its unique name (slug). The group name is case-insensitive and must follow username validation rules (alphanumeric, underscores, hyphens). This is useful for human-readable URLs. ### Check if group name is already in use - [GET /api/v1/groups/namecheck/{groupname}](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1namecheck~1%7Bgroupname%7D/get.md): Used for inline validation during group creation. Checks all local groups regardless of privacy settings. Returns a result object indicating whether the username is taken. Publicly accessible to allow group name validation during signup. ### Get user's pinned groups - [GET /api/v1/groups/pinned](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1pinned/get.md): Retrieve all groups pinned by the current user, ordered by pin number ### Search groups by name - [GET /api/v1/groups/search](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1search/get.md): Searches for groups whose names contain the specified substring. The search is case-insensitive. If no substring is provided or it's empty, returns all visible groups. Results respect settings - only returns if group is public && visible or user is a member. Results are paginated. ### Get mutual groups with another user - [GET /api/v1/groups/users/{userId}/mutual](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1users~1%7Buserid%7D~1mutual/get.md): Retrieves groups that both the current user and the specified user are members of. Only returns groups where both users have active memberships (MEMBER status). Useful for finding common communities and shared interests between users. ### Update group information - [PUT /api/v1/groups/{groupId}](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1%7Bgroupid%7D/put.md): Updates the group's basic information including name, display name, description, and privacy settings. Requires GroupData.Manage permission. The group owner and administrators can perform this operation. Changes to privacy settings may affect member access and visibility. RBAC: requires GroupData.Manage ### Get group by ID - [GET /api/v1/groups/{groupId}](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1%7Bgroupid%7D/get.md): Retrieves detailed information about a specific group. Returns full group data including metadata, settings, and upload references. Hidden groups return 404 for non-members to maintain privacy. ### Delete a group - [DELETE /api/v1/groups/{groupId}](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1%7Bgroupid%7D/delete.md): Permanently deletes a group and all associated data including memberships, roles, and forum content. This operation is irreversible. RBAC: requires Group.Delete ### Update group branding - [PUT /api/v1/groups/{groupId}/branding](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1branding/put.md): Updates the visual branding elements of a group including color theme, banner image, and avatar. Color must be in HEX format. Banner and avatar are references to previously uploaded media. Setting banner or avatar to null removes them. Requires group ownership or admin privileges. RBAC: requires GroupSettings.Manage ### Join a group - [POST /api/v1/groups/{groupId}/join](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1join/post.md): Request to join a group. The behavior depends on the group's join mode: OPEN groups accept members immediately with MEMBER role, APPROVAL groups create a PENDING membership requiring admin approval, and INVITE_ONLY groups require an invitation. Groups may also have entry questions that require a valid answerToken from completing the group's questionnaire. Users cannot join a group they're already a member of. ### Cancel group join request - [DELETE /api/v1/groups/{groupId}/join](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1join/delete.md): Cancel a join request for a group. This allows users to withdraw their request to join a group that requires approval. Only the user who made the original join request can cancel it. ### List join requests for a group - [GET /api/v1/groups/{groupId}/join-requests](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1join-requests/get.md): Get a list of join requests for a group with optional filtering by status, username, and date range. Only group admins can access this endpoint RBAC: requires GroupMembers.Manage ### Reject a join request - [DELETE /api/v1/groups/{groupId}/join-requests/{groupJoinRequestId}](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1join-requests~1%7Bgroupjoinrequestid%7D/delete.md): Reject a user's join request for a group. This removes the request without creating a membership. Only group admins can reject join requests. RBAC: requires GroupMembers.Manage ### Approve a join request - [PUT /api/v1/groups/{groupId}/join-requests/{groupJoinRequestId}](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1join-requests~1%7Bgroupjoinrequestid%7D/put.md): Approve a join request for a group. This converts the request into an active group membership with MEMBER role. Only group admins can approve join requests. RBAC: requires GroupMembers.Manage ### Unpin a group - [DELETE /api/v1/groups/{groupId}/pin](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1pin/delete.md): Remove pin from a group. User must be a member of the group. ### Pin a group - [PUT /api/v1/groups/{groupId}/pin](https://docs.wellesley.social/openapi/groups/paths/~1api~1v1~1groups~1%7Bgroupid%7D~1pin/put.md): Pin a group with optional pin number. User must be a member of the group ## Import Endpoints for importing data from other platforms including followers, blocks, and mutes ### List user's import jobs - [GET /api/v1/import](https://docs.wellesley.social/openapi/import/paths/~1api~1v1~1import/get.md): Returns a list of all import jobs created by the authenticated user, including their current status and results. ### Import data from CSV file - [POST /api/v1/import](https://docs.wellesley.social/openapi/import/paths/~1api~1v1~1import/post.md): Uploads and processes a CSV file for bulk import of data such as followers, blocks, or mutes from other platforms. The import is processed asynchronously after upload. ### Start import processing - [POST /api/v1/import/start/{id}](https://docs.wellesley.social/openapi/import/paths/~1api~1v1~1import~1start~1%7Bid%7D/post.md): Begins processing a previously uploaded import job. The import must be in PENDING state to be started. ### Get import job details - [GET /api/v1/import/{id}](https://docs.wellesley.social/openapi/import/paths/~1api~1v1~1import~1%7Bid%7D/get.md): Retrieves the current status and details of a specific import job, including processing progress and any errors. ## Instance Server instance information and configuration. Provides metadata about the server, compatible domains, supported languages, timezones, and countries. All endpoints are publicly accessible without authentication. ### Get instance information - [GET /api/v1/instance](https://docs.wellesley.social/openapi/instance/paths/~1api~1v1~1instance/get.md): Returns comprehensive server instance metadata including domain, version, build information, registration configuration, and server rules. Useful for clients to understand server capabilities and requirements. ### Get country information - [GET /api/v1/instance/countries](https://docs.wellesley.social/openapi/instance/paths/~1api~1v1~1instance~1countries/get.md): Returns country data including names (common/official/native), flags, and phone codes. Data is cached in Redis with 7-day TTL and fetched from external API if not cached. Falls back to local file if API is unavailable. Used for country selection in user profiles and phone number validation. ### Search compatible federated domains - [GET /api/v1/instance/domains](https://docs.wellesley.social/openapi/instance/paths/~1api~1v1~1instance~1domains/get.md): Returns a list of federated server domains compatible with specified software. Filters domains by prefix matching for autocomplete functionality. Useful for discovering servers running specific ActivityPub software (Mastodon, Pleroma, etc.). Results are cached for performance. ### Get extended server description - [GET /api/v1/instance/extended_description](https://docs.wellesley.social/openapi/instance/paths/~1api~1v1~1instance~1extended_description/get.md): Returns detailed 'about' information for this server instance. Includes formatted HTML content describing the server's purpose and policies. Content is admin-configurable (feature pending implementation). ### Get supported languages - [GET /api/v1/instance/supported_languages](https://docs.wellesley.social/openapi/instance/paths/~1api~1v1~1instance~1supported_languages/get.md): Returns all languages supported by the platform for content and UI translation. Each language includes its ISO code and native name. Used for language selection in user preferences and content language detection. Languages are used by the translation API for multi-language support. ### Get supported timezones - [GET /api/v1/instance/timezones](https://docs.wellesley.social/openapi/instance/paths/~1api~1v1~1instance~1timezones/get.md): Returns a comprehensive list of all supported timezones with metadata. Includes timezone abbreviations, UTC offsets, DST information, and display text. Used for user timezone selection in profile settings. ## Invites Endpoints for sending and managing user invitations ### Send invitation to a user for an entity - [POST /api/v1/users/invite](https://docs.wellesley.social/openapi/invites/paths/~1api~1v1~1users~1invite/post.md): Invites a local or remote user to join a local or remote entity (such as a group). For remote users or entities, include the domain in the username (e.g., user@domain.com). The invitation must be explicitly accepted or rejected by the invitee. ### Accept an invitation - [POST /api/v1/users/invite/accept](https://docs.wellesley.social/openapi/invites/paths/~1api~1v1~1users~1invite~1accept/post.md): Accepts a received invitation to join an entity. This confirms the invitee's willingness to join the entity (such as a group). The invitation must be in pending status to be accepted. ### List entities user was invited to - [GET /api/v1/users/invite/invitee/entities](https://docs.wellesley.social/openapi/invites/paths/~1api~1v1~1users~1invite~1invitee~1entities/get.md): Returns all entities (such as groups) that the authenticated user has been invited to join. Can be filtered by invitation status. ### List entities from specific inviter - [GET /api/v1/users/invite/invitee/entities/{inviterUser}](https://docs.wellesley.social/openapi/invites/paths/~1api~1v1~1users~1invite~1invitee~1entities~1%7Binviteruser%7D/get.md): Returns entities that a specific inviter has invited the authenticated user to join. Can be filtered by invitation status. ### List users who sent invitations - [GET /api/v1/users/invite/invitee/inviters](https://docs.wellesley.social/openapi/invites/paths/~1api~1v1~1users~1invite~1invitee~1inviters/get.md): Returns a list of users who have sent invitations to the authenticated user. Can be filtered by invitation status (pending, accepted, or rejected). ### List inviters for a specific entity - [GET /api/v1/users/invite/invitee/inviters/{entityUser}](https://docs.wellesley.social/openapi/invites/paths/~1api~1v1~1users~1invite~1invitee~1inviters~1%7Bentityuser%7D/get.md): Returns users who have invited the authenticated user to a specific entity (such as a group). Can be filtered by invitation status. ### List entities inviter has invited to - [GET /api/v1/users/invite/inviter/entities](https://docs.wellesley.social/openapi/invites/paths/~1api~1v1~1users~1invite~1inviter~1entities/get.md): Returns all entities that the authenticated user (as inviter) has invited other users to join. Can be filtered by invitation status. ### List users invited by the authenticated user - [GET /api/v1/users/invite/inviter/invitees](https://docs.wellesley.social/openapi/invites/paths/~1api~1v1~1users~1invite~1inviter~1invitees/get.md): Returns all users that the authenticated user has invited to any entity. Can be filtered by invitation status. ### List invitees for specific entity - [GET /api/v1/users/invite/inviter/invitees/{entityUser}](https://docs.wellesley.social/openapi/invites/paths/~1api~1v1~1users~1invite~1inviter~1invitees~1%7Bentityuser%7D/get.md): Returns users that the authenticated user has invited to a specific entity (such as a group). Can be filtered by invitation status. ### Reject an invitation - [POST /api/v1/users/invite/reject](https://docs.wellesley.social/openapi/invites/paths/~1api~1v1~1users~1invite~1reject/post.md): Rejects a received invitation to join an entity. This declines the invitation and updates its status to rejected. The invitation must be in pending status to be rejected. ### Revoke an invitation - [POST /api/v1/users/invite/undo](https://docs.wellesley.social/openapi/invites/paths/~1api~1v1~1users~1invite~1undo/post.md): Revokes a previously sent invitation to a user for an entity. This removes the pending invitation and prevents the user from accepting it. For remote users, include the domain in the username. ## Jobs Endpoints for monitoring and managing background job queues, including statistics, job listings, and queue monitoring ### List all job types - [GET /api/v1/jobs/list-jobs](https://docs.wellesley.social/openapi/jobs/paths/~1api~1v1~1jobs~1list-jobs/get.md): Returns a list of all available job types in the system. Supports pagination. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get statistics for a specific queue - [GET /api/v1/jobs/list-stats](https://docs.wellesley.social/openapi/jobs/paths/~1api~1v1~1jobs~1list-stats/get.md): Returns detailed statistics for a specific job queue including counts of finished, failed, active, submitted, and retry jobs. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get statistics for all queues - [GET /api/v1/jobs/list-stats-all](https://docs.wellesley.social/openapi/jobs/paths/~1api~1v1~1jobs~1list-stats-all/get.md): Returns aggregated statistics across all job queues including counts of finished, failed, active, submitted, scheduled, and retry jobs. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### List jobs by status in a queue - [GET /api/v1/jobs/lists](https://docs.wellesley.social/openapi/jobs/paths/~1api~1v1~1jobs~1lists/get.md): Returns a paginated list of jobs with a specific status (finished, failed, active, submitted, retries, schedule) from a specific queue. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get overall job statistics - [GET /api/v1/jobs/stats](https://docs.wellesley.social/openapi/jobs/paths/~1api~1v1~1jobs~1stats/get.md): Returns aggregated statistics for all finished and failed jobs across all queues. Requires Jobs.Read or Jobs.Manage permission. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ### Get daily job statistics - [GET /api/v1/jobs/stats-per-day](https://docs.wellesley.social/openapi/jobs/paths/~1api~1v1~1jobs~1stats-per-day/get.md): Returns job statistics broken down by day for the specified number of past days. Can be filtered by queue or aggregated across all queues. RBAC: - requires ANY of Jobs.Read, Jobs.Manage ## Link Preview Link preview generation service for extracting and caching URL metadata. Provides rich preview cards with title, description, image, and other metadata for embedding in posts and messages. Supports OpenGraph and Twitter Card protocols. ### Generate link preview - [GET /api/v1/links](https://docs.wellesley.social/openapi/link-preview/paths/~1api~1v1~1links/get.md): Fetches and returns metadata for a given URL to create a rich preview card. Extracts title, description, image, author, and other OpenGraph/Twitter Card metadata. Results are cached for performance. Returns error if URL is unreachable or has no metadata. The URL must be properly formatted and accessible. ## Lists Endpoints for managing user lists for organizing and grouping followed accounts ### Get authenticated user's lists - [GET /api/v1/lists](https://docs.wellesley.social/openapi/lists/paths/~1api~1v1~1lists/get.md): Returns all lists created by the authenticated user for organizing followed accounts. ### Create a new list - [POST /api/v1/lists](https://docs.wellesley.social/openapi/lists/paths/~1api~1v1~1lists/post.md): Creates a new list for organizing followed accounts. Lists can be public or private. ### Update list properties - [PUT /api/v1/lists/{listId}](https://docs.wellesley.social/openapi/lists/paths/~1api~1v1~1lists~1%7Blistid%7D/put.md): Updates the name, privacy setting, or other properties of an existing list. Only the list owner can update it. ### Get list details by ID - [GET /api/v1/lists/{listId}](https://docs.wellesley.social/openapi/lists/paths/~1api~1v1~1lists~1%7Blistid%7D/get.md): Retrieves details of a specific list including its name, privacy setting, and metadata. Private lists can only be accessed by their owner. ### Delete a list - [DELETE /api/v1/lists/{listId}](https://docs.wellesley.social/openapi/lists/paths/~1api~1v1~1lists~1%7Blistid%7D/delete.md): Permanently deletes a list and removes all user associations. Only the list owner can delete it. ### Get users in a list - [GET /api/v1/lists/{listId}/users](https://docs.wellesley.social/openapi/lists/paths/~1api~1v1~1lists~1%7Blistid%7D~1users/get.md): Returns all users that have been added to a specific list. Private lists can only be accessed by their owner. ### Remove user from list - [DELETE /api/v1/lists/{listId}/users/{userId}](https://docs.wellesley.social/openapi/lists/paths/~1api~1v1~1lists~1%7Blistid%7D~1users~1%7Buserid%7D/delete.md): Removes a user from a list. Only the list owner can remove users. ### Add user to list - [POST /api/v1/lists/{listId}/users/{userId}](https://docs.wellesley.social/openapi/lists/paths/~1api~1v1~1lists~1%7Blistid%7D~1users~1%7Buserid%7D/post.md): Adds a user to a list for organization and filtering purposes. Only followed users can be added to lists. Only the list owner can add users. ## Logins Endpoints for managing user login methods including email, password, and phone authentication ### Request to add email/password to account - [POST /api/v1/accounts/logins/add-email-password](https://docs.wellesley.social/openapi/logins/paths/~1api~1v1~1accounts~1logins~1add-email-password/post.md): Initiates the process of adding email and password authentication to an existing account. A confirmation code will be sent to the provided email address. ### Confirm email/password addition - [POST /api/v1/accounts/logins/add-email-password/confirm](https://docs.wellesley.social/openapi/logins/paths/~1api~1v1~1accounts~1logins~1add-email-password~1confirm/post.md): Confirms the addition of email/password authentication by verifying the confirmation code sent to the email. ### Resend email confirmation code - [PUT /api/v1/accounts/logins/add-email-password/resend-code](https://docs.wellesley.social/openapi/logins/paths/~1api~1v1~1accounts~1logins~1add-email-password~1resend-code/put.md): Resends the confirmation code to the pending email address when adding email/password authentication. ### Add phone number to account - [POST /api/v1/accounts/logins/add-phone](https://docs.wellesley.social/openapi/logins/paths/~1api~1v1~1accounts~1logins~1add-phone/post.md): Adds phone number authentication to the account. If no code is provided, initiates SMS verification. If code is provided, confirms the phone number. ### Remove email/password from account - [DELETE /api/v1/accounts/logins/remove-email-password](https://docs.wellesley.social/openapi/logins/paths/~1api~1v1~1accounts~1logins~1remove-email-password/delete.md): Removes email and password authentication method from the account. Cannot be removed if it's the last remaining login method. ### Remove phone number from account - [DELETE /api/v1/accounts/logins/remove-phone](https://docs.wellesley.social/openapi/logins/paths/~1api~1v1~1accounts~1logins~1remove-phone/delete.md): Removes phone number authentication from the account. Cannot be removed if it's the last remaining login method. ## Metrics Endpoints for retrieving metrics and analytics data from the events stream ### Get metrics for a specified time period - [GET /api/v1/metrics](https://docs.wellesley.social/openapi/metrics/paths/~1api~1v1~1metrics/get.md): Retrieves metrics data for the events stream within a specified time period. Supports both predefined periods (last day/week/month) and custom date ranges. RBAC: - requires ANY of Federation.Read, Federation.Manage ### Get current server totals - [GET /api/v1/metrics/totals](https://docs.wellesley.social/openapi/metrics/paths/~1api~1v1~1metrics~1totals/get.md): Returns the current total counts of users and posts on the server. RBAC: - requires ANY of Federation.Read, Federation.Manage ## Mutes Endpoints for managing user mutes to hide content from specific users ### List all muted users - [GET /api/v1/mute](https://docs.wellesley.social/openapi/mutes/paths/~1api~1v1~1mute/get.md): Returns a paginated list of all users currently muted by the authenticated user. ### Unmute a previously muted user - [DELETE /api/v1/mute/{userId}](https://docs.wellesley.social/openapi/mutes/paths/~1api~1v1~1mute~1%7Buserid%7D/delete.md): Removes the mute on a specific user, allowing their content to appear again in timelines and notifications. ### Mute a specific user - [POST /api/v1/mute/{userId}](https://docs.wellesley.social/openapi/mutes/paths/~1api~1v1~1mute~1%7Buserid%7D/post.md): Hides all content from a specific user. Can optionally set an expiration time for the mute. Muted users' posts will not appear in timelines or notifications. ## Notes Endpoints for managing personal notes about other users ### Set or update note for a user - [PUT /api/v1/notes](https://docs.wellesley.social/openapi/notes/paths/~1api~1v1~1notes/put.md): Creates or updates a personal note about another user. These notes are private and only visible to the authenticated user who created them. ### Get notes for multiple users - [GET /api/v1/notes](https://docs.wellesley.social/openapi/notes/paths/~1api~1v1~1notes/get.md): Retrieves personal notes the authenticated user has created about specified users. Returns notes for multiple users in a single request. ### Delete note for a user - [DELETE /api/v1/notes/{userId}](https://docs.wellesley.social/openapi/notes/paths/~1api~1v1~1notes~1%7Buserid%7D/delete.md): Permanently deletes a personal note about a specific user. ## Notifications Endpoints for managing user notifications including retrieving, counting, and marking notifications as read or unread ### Returns user's notifications - [GET /api/v1/notifications](https://docs.wellesley.social/openapi/notifications/paths/~1api~1v1~1notifications/get.md): Retrieves the user's notifications with filtering options for types, excludeTypes and status ### Returns notifications count - [GET /api/v1/notifications/count](https://docs.wellesley.social/openapi/notifications/paths/~1api~1v1~1notifications~1count/get.md): Gets the count of user's notifications with filtering options for types, excludeTypes and status ### Mark all notifications as read/unread - [POST /api/v1/notifications/mark-all](https://docs.wellesley.social/openapi/notifications/paths/~1api~1v1~1notifications~1mark-all/post.md): Updates the status of all notifications for the authenticated user to either read or unread ### Returns user's notification by id - [GET /api/v1/notifications/{id}](https://docs.wellesley.social/openapi/notifications/paths/~1api~1v1~1notifications~1%7Bid%7D/get.md): Retrieves a specific notification by its ID for the authenticated user ### Mark notification as read/unread by id - [POST /api/v1/notifications/{id}/mark](https://docs.wellesley.social/openapi/notifications/paths/~1api~1v1~1notifications~1%7Bid%7D~1mark/post.md): Updates the status of a specific notification to either read or unread ## Passkeys Passkey (WebAuthn) registration and authentication ### List registered passkeys - [GET /api/v1/passkeys](https://docs.wellesley.social/openapi/passkeys/paths/~1api~1v1~1passkeys/get.md): Returns passkey credentials for current selected user ### Begin passkey authentication - [GET /api/v1/passkeys/begin-auth](https://docs.wellesley.social/openapi/passkeys/paths/~1api~1v1~1passkeys~1begin-auth/get.md): Generates and returns WebAuthn assertion (request) options. The server will set cookies to maintain the authentication challenge context. Optionally restrict by username. ### Begin passkey registration - [GET /api/v1/passkeys/begin-register](https://docs.wellesley.social/openapi/passkeys/paths/~1api~1v1~1passkeys~1begin-register/get.md): Generates and returns WebAuthn creation options for the current user. The server will set cookies to maintain the registration challenge context. ### Finish passkey authentication - [POST /api/v1/passkeys/finish-auth](https://docs.wellesley.social/openapi/passkeys/paths/~1api~1v1~1passkeys~1finish-auth/post.md): Verifies the authenticator assertion against the stored challenge and returns a session token on success. ### Finish passkey registration - [POST /api/v1/passkeys/finish-register](https://docs.wellesley.social/openapi/passkeys/paths/~1api~1v1~1passkeys~1finish-register/post.md): Validates the authenticator attestation response against the stored challenge and persists the new credential. ### Remove a registered passkey - [DELETE /api/v1/passkeys/{credentialId}](https://docs.wellesley.social/openapi/passkeys/paths/~1api~1v1~1passkeys~1%7Bcredentialid%7D/delete.md): Deletes a credential by id. Cannot remove last remaining login method. ## Password Endpoints for password management including changing, resetting, and recovering passwords ### Changes password - [POST /api/v1/accounts/password/change/confirm](https://docs.wellesley.social/openapi/password/paths/~1api~1v1~1accounts~1password~1change~1confirm/post.md): Changes password for current user ### Requests password change - [POST /api/v1/accounts/password/change/request](https://docs.wellesley.social/openapi/password/paths/~1api~1v1~1accounts~1password~1change~1request/post.md): Requests password change for current user ### Resends confirmation code to confirm new password for authenticated user - [PUT /api/v1/accounts/password/change/resend-code](https://docs.wellesley.social/openapi/password/paths/~1api~1v1~1accounts~1password~1change~1resend-code/put.md): Resends confirmation code to confirm new password for current user ### Recovers password - [POST /api/v1/accounts/password/recover](https://docs.wellesley.social/openapi/password/paths/~1api~1v1~1accounts~1password~1recover/post.md): Recovers password for current user ### Changes password for an UN-authorized user - [POST /api/v1/accounts/password/recover/change](https://docs.wellesley.social/openapi/password/paths/~1api~1v1~1accounts~1password~1recover~1change/post.md) ### Validates confirmation code for password change - [POST /api/v1/accounts/password/recover/check-code](https://docs.wellesley.social/openapi/password/paths/~1api~1v1~1accounts~1password~1recover~1check-code/post.md) ## Pins Endpoints for pinning posts to profiles and retrieving pinned posts ### Get user's pinned posts - [GET /api/v1/posts/pins](https://docs.wellesley.social/openapi/pins/paths/~1api~1v1~1posts~1pins/get.md): Returns a list of all posts the authenticated user has pinned to their profile. Can optionally filter to show only top-level posts or include replies. ### Unpin a post from profile - [DELETE /api/v1/posts/pins/{postId}](https://docs.wellesley.social/openapi/pins/paths/~1api~1v1~1posts~1pins~1%7Bpostid%7D/delete.md): Removes a previously pinned post from the authenticated user's profile. ### Pin a post to profile - [POST /api/v1/posts/pins/{postId}](https://docs.wellesley.social/openapi/pins/paths/~1api~1v1~1posts~1pins~1%7Bpostid%7D/post.md): Pins a post to the authenticated user's profile. Only own posts can be pinned, and there is a limit on the number of pinned posts. Direct messages and reposts cannot be pinned. ## Platform Data Endpoints for managing platform-wide and group-specific data storage. Unlike application data, this provides direct data management not tied to specific applications. Supports flexible ownership models including platform-level, group-level, and user-level data with appropriate access controls. ### Query platform data with filters - [GET /api/v1/data](https://docs.wellesley.social/openapi/platform-data/paths/~1api~1v1~1data/get.md): Retrieves platform-level data entries based on filter criteria. Can filter by type, tags (multiple tags are AND-ed), and owner. When filtering by owner, requires Data.Manage permission for that owner. Returns all matching entries not tied to any specific application. Without filters, returns all platform data the user has permission to access. ### Create new platform data entry - [POST /api/v1/data](https://docs.wellesley.social/openapi/platform-data/paths/~1api~1v1~1data/post.md): Creates a new data entry at the platform level, not associated with any specific application. The data can be owned by users, groups, or the platform itself. Requires Data.Manage permission for the specified owner. Supports flexible JSON content with optional type categorization and tags. ### Update existing platform data - [PUT /api/v1/data/{id}](https://docs.wellesley.social/openapi/platform-data/paths/~1api~1v1~1data~1%7Bid%7D/put.md): Updates an existing platform-level data entry. Requires Data.Manage permission for the data owner. The ownership cannot be changed - the new ownerId must match the existing one. Updates the content, type, and tags while preserving the original ownership. ### Delete platform data entry - [DELETE /api/v1/data/{id}](https://docs.wellesley.social/openapi/platform-data/paths/~1api~1v1~1data~1%7Bid%7D/delete.md): Permanently deletes a platform-level data entry. Requires Data.Manage permission for the data owner. This operation is irreversible and removes all associated metadata including type and tags. Use with caution as deleted data cannot be recovered. ## Platform Settings Endpoints for managing platform-wide settings and configuration options. These endpoints control server-level settings that affect the entire platform, including features, limits, security policies, and default behaviors for all users and groups. ### Update platform settings - [PUT /api/v1/settings](https://docs.wellesley.social/openapi/platform-settings/paths/~1api~1v1~1settings/put.md): Update multiple platform-wide settings in a single operation. Each setting must be provided as a complete object with all required fields. Partial updates are not supported to ensure system stability and prevent configuration errors. ### Get platform settings - [GET /api/v1/settings](https://docs.wellesley.social/openapi/platform-settings/paths/~1api~1v1~1settings/get.md): Retrieve specific platform-wide settings by their keys. Returns a JSON object mapping setting names to their configured values. Some settings may be publicly accessible while others require administrative permissions. ### Delete platform settings - [DELETE /api/v1/settings](https://docs.wellesley.social/openapi/platform-settings/paths/~1api~1v1~1settings/delete.md): Remove specific platform settings by their keys. This operation will permanently delete the specified settings and revert them to their system default values. Use extreme caution as this affects the entire platform. ### List setting keys - [GET /api/v1/settings/names](https://docs.wellesley.social/openapi/platform-settings/paths/~1api~1v1~1settings~1names/get.md): Return a list of fully-qualified setting key names for the requested settings type. ## Polls Endpoints for interacting with polls, including voting and retrieving results ### Refresh poll results - [POST /api/v1/polls/{pollId}/refresh](https://docs.wellesley.social/openapi/polls/paths/~1api~1v1~1polls~1%7Bpollid%7D~1refresh/post.md): Refreshes poll results from the remote server if the poll is from a federated instance and the results may be stale. Returns the updated poll with current vote counts. ### Vote in a poll - [POST /api/v1/polls/{pollId}/vote](https://docs.wellesley.social/openapi/polls/paths/~1api~1v1~1polls~1%7Bpollid%7D~1vote/post.md): Submit vote(s) for a poll. Multiple choices can be selected if the poll allows it. Users cannot vote in their own polls or vote multiple times. ## Posts Endpoints for creating, reading, updating, and deleting posts, as well as managing comments, likes, bookmarks, and reposts ### Get posts feed - [GET /api/v1/posts](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts/get.md): Returns posts based on various filters. For authenticated users, shows their personalized feed. For unauthenticated users, shows public posts only. Supports filtering by user, owner, tags, lists, bookmarks, and more. Can include comments, translations, and various metadata. ### Create a new post - [POST /api/v1/posts](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts/post.md): Creates a new post with text content. Can be a regular post, article, or other post type. Posts can be public, unlisted, followers-only, or direct messages. Sensitive content requires a content warning. The post is automatically distributed to followers and federated instances. ### Get home feed - [GET /api/v1/posts/feeds/following](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1feeds~1following/get.md): Returns the home feed showing posts from accounts the current user follows. This is the main timeline feed. Supports caching for performance, with fallback to database if cache is empty or regenerating. Can include follow status, bookmarks, and translations. ### Get public posts feed - [GET /api/v1/posts/feeds/public](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1feeds~1public/get.md): Returns a feed of public posts visible to everyone. Can be filtered by owner type, local vs federated posts, and whether to include reposts. Supports various metadata inclusions like follow status, bookmarks, translations, and trends. Also called Discover Feed. ### Get home feed - [GET /api/v1/posts/following](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1following/get.md): Returns the home feed showing posts from accounts the current user follows. This is the main timeline feed. Supports caching for performance, with fallback to database if cache is empty or regenerating. Can include follow status, bookmarks, and translations. ### Get liked posts - [GET /api/v1/posts/liked](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1liked/get.md): Returns all posts that the currently authenticated user has liked. Can be filtered by owner type to show only posts from users, groups, categories, or events. ### Convert markdown to HTML - [PUT /api/v1/posts/markdown2html](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1markdown2html/put.md): Converts markdown formatted text to HTML for preview purposes. Supports standard markdown syntax and returns properly formatted HTML. Useful for previewing how markdown content will appear when rendered in posts or articles. ### Get posts with mentions - [GET /api/v1/posts/mentioned](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1mentioned/get.md): Returns all posts where the currently authenticated user was mentioned. Can be filtered by owner type and privacy level (e.g., to show only direct messages where mentioned). ### Get current user's posts - [GET /api/v1/posts/my](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1my/get.md): Returns all posts created by the currently authenticated user. Can filter for reposts only or bookmarked posts only. Optionally includes comments and bookmark status. ### Get public posts feed - [GET /api/v1/posts/public](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1public/get.md): Returns a feed of public posts visible to everyone. Can be filtered by owner type, local vs federated posts, and whether to include reposts. Supports various metadata inclusions like follow status, bookmarks, translations, and trends. ### Get user's replies - [GET /api/v1/posts/replies](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1replies/get.md): Returns posts that a user has replied to, along with their replies. Shows the original post as the parent with the user's reply nested within it. Useful for viewing a user's conversation participation. ### Get Subscribes - [GET /api/v1/posts/subscribe](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1subscribe/get.md) ### Update post content - [PUT /api/v1/posts/{postId}](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D/put.md): Updates an existing post's content, privacy settings, or metadata. Only the post author can update their own posts. Cannot update comments through this endpoint. Sensitive content must include a content warning. ### Get post by ID - [GET /api/v1/posts/{postId}](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D/get.md): Retrieves a specific post by its ID. Can optionally include comments with configurable depth levels, parent posts for comments, bookmarks, translations, trends, and repost information. Supports building comment trees with specified depth limits. ### Delete a post - [DELETE /api/v1/posts/{postId}](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D/delete.md): Permanently deletes a post. Only the post author can delete their own posts. This action removes the post from all timelines and sends deletion notifications to federated instances. ### Remove bookmark - [DELETE /api/v1/posts/{postId}/bookmark](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1bookmark/delete.md): Removes a post from the authenticated user's bookmarks. Fails if the post was not previously bookmarked. This action is private and does not notify the post author. ### Bookmark a post - [POST /api/v1/posts/{postId}/bookmark](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1bookmark/post.md): Adds a post to the authenticated user's bookmarks for later reading. Bookmarks are private and not visible to other users or the post author. Each post can only be bookmarked once per user. ### Get post comments - [GET /api/v1/posts/{postId}/comments](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1comments/get.md): Retrieves all comments for a specific post. Supports pagination and configurable comment depth levels. Returns an empty list if comments are disabled for the post. Comments are organized in a tree structure based on their reply relationships. ### Create a comment - [POST /api/v1/posts/{postId}/comments](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1comments/post.md): Creates a new comment on a post. Comments can be nested replies to other comments. The authenticated user becomes the comment author. Comments inherit visibility from their parent post. ### Update a comment - [PUT /api/v1/posts/{postId}/comments/{commentId}](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1comments~1%7Bcommentid%7D/put.md): Updates an existing comment's content. Only the comment author can update their own comments. The comment must belong to the specified post. Maintains the comment's position in the thread hierarchy. ### Delete a comment - [DELETE /api/v1/posts/{postId}/comments/{commentId}](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1comments~1%7Bcommentid%7D/delete.md): Permanently deletes a comment from a post. Only the comment author can delete their own comments. The comment must belong to the specified post. Child comments may be affected depending on the platform's threading model. ### Detach repost from original - [POST /api/v1/posts/{postId}/detach](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1detach/post.md): Allows the original post author to detach a repost or quote from their post. This breaks the connection between the repost and the original, typically used when the repost violates the author's wishes or contains inappropriate commentary. ### Downvote a post - [POST /api/v1/posts/{postId}/downvote](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1downvote/post.md): Add a negative vote to a post ### View edit history of a post - [GET /api/v1/posts/{postId}/edits](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1edits/get.md): Retrieves the complete edit history of a post, showing all versions from creation to current state. Each edit includes the text, media, mentions, and timestamp of the change. Useful for transparency and tracking post modifications over time. ### Get post likes - [GET /api/v1/posts/{postId}/likes](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1likes/get.md): Returns a list of users who have liked a specific post. Can include follow relationship status between the viewer and the liking users. Supports pagination for posts with many likes. ### Unlike a post - [DELETE /api/v1/posts/{postId}/likes](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1likes/delete.md): Removes the authenticated user's like from a post. Returns the new total number of likes. Sends unlike notifications and federates the activity. Fails if the post was not previously liked. ### Like a post - [POST /api/v1/posts/{postId}/likes](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1likes/post.md): Adds a like to a post from the authenticated user. Each user can only like a post once. Returns the new total number of likes. Sends like notifications to the post author and federates the activity. ### Refresh the preview card for a post - [POST /api/v1/posts/{postId}/refresh-card](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1refresh-card/post.md): Regenerates the link preview card for a post that contains URLs. Only the post author can refresh the card. This is useful when the linked content has changed and you want to update the preview information. ### Undo a repost - [DELETE /api/v1/posts/{postId}/repost](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1repost/delete.md): Removes your repost or quote of a specific post. This deletes the repost from your timeline and notifies the original author. Only your own reposts can be undone. ### Repost or quote another post - [POST /api/v1/posts/{postId}/repost](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1repost/post.md): Creates a repost (boost) or quote post of someone else's content. Regular reposts simply share the original post, while quotes add your own commentary. Only public posts and public follow-posts can be reposted. You cannot repost a repost. ### Get post reposts - [GET /api/v1/posts/{postId}/reposts](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1reposts/get.md): Returns a list of users who have reposted or quoted a specific post. Can filter by repost type (regular repost vs quote). Includes follow relationship status and supports deduplication of multiple reposts by the same user. ### Subscribe to post notifications - [POST /api/v1/posts/{postId}/subscribe](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1subscribe/post.md): Subscribes the authenticated user to receive notifications for new activity on a post (new comments, edits, etc.). Users cannot subscribe to their own posts as they already receive notifications by default. ### Unsubscribe from post - [DELETE /api/v1/posts/{postId}/subscribe](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1subscribe/delete.md): Removes the subscription for post notifications. The user will no longer receive notifications about new activity on this post. Does not affect notifications already received. ### Track post view - [POST /api/v1/posts/{postId}/track-view](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1track-view/post.md): Records that a user has viewed this post. Used for analytics and engagement metrics. Works for both authenticated and unauthenticated users. ### Translate post content - [POST /api/v1/posts/{postId}/translate](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1translate/post.md): Translates the text content of a post to the specified target language. Can return either plain text or HTML formatted translation. Uses automatic translation services to provide the translation. ### Upvote a post - [POST /api/v1/posts/{postId}/upvote](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1upvote/post.md): Add a positive vote to a post ### Get post votes - [GET /api/v1/posts/{postId}/votes](https://docs.wellesley.social/openapi/posts/paths/~1api~1v1~1posts~1%7Bpostid%7D~1votes/get.md): Returns a summary of votes for a post ## RBAC Endpoints for retrieving Role-Based Access Control (RBAC) configurations and managing roles, resources, permissions and role-to-user assignments. Scoped Role Definition (`RBACRole`): - Represents roles within the RBAC system. - Each role has a unique `roleId`, a `name`, an optional `description`, and a `scope`. - The `scope` defines the domain or area in which the role is valid. - The `scope` can be Global (hardcoded), currently the only one is "System" - The `scope` also can be dynamic, currently we use Group Ids, like "gr_05hxcvk1hjexere4pvtrj0hggt" - Roles come with assigned permissions (`RBACPermissions`) that define what actions the role can perform on system resources. - Metadata such as `createdAt` and `updatedAt` timestamps track the role's lifecycle events. Permissions** (`RBACPermissions`): - Encapsulates resource-specific access controls. - Each permission object specifies the `resource` (e.g., "user", "document") and an associated list of allowed `RBACAccess` types. - `RBACAccess` enumerates the supported actions: `Read`, `Add`, `Modify`, `Delete`. Role Assignments to Actors (`RBACActorRole`): - Maps actors (e.g., users, services) to specific roles. - Tracks the association through `actorId` (representing the unique entity being assigned) and `roleId` (specific role ID). - Includes timestamps to record when the assignment was created or updated. ### Retrieves all RBAC-guarded resources and their access lists - [GET /api/v1/rbac](https://docs.wellesley.social/openapi/rbac/paths/~1api~1v1~1rbac/get.md) ### Retrieves permissions for the specified actor within a scope - [GET /api/v1/rbac/actors/{actorId}/permissions](https://docs.wellesley.social/openapi/rbac/paths/~1api~1v1~1rbac~1actors~1%7Bactorid%7D~1permissions/get.md): Retrieves all permissions assigned to an actor within a specified scope. If no scope is provided, assumes GlobalScope ### Retrieves roles for the specified actor within the specified scope - [GET /api/v1/rbac/actors/{actorId}/roles](https://docs.wellesley.social/openapi/rbac/paths/~1api~1v1~1rbac~1actors~1%7Bactorid%7D~1roles/get.md): Retrieves all roles assigned to the specified actor within the specified scope. If no scope is specified, assumes the GlobalScope RBAC: requires Roles.Read ### Update the specified role - [PUT /api/v1/rbac/roles/{roleId}](https://docs.wellesley.social/openapi/rbac/paths/~1api~1v1~1rbac~1roles~1%7Broleid%7D/put.md): RBAC: requires Roles.Manage ### Retrieves all roles defined within the specified scope - [GET /api/v1/rbac/scopes/{scope}/roles](https://docs.wellesley.social/openapi/rbac/paths/~1api~1v1~1rbac~1scopes~1%7Bscope%7D~1roles/get.md): RBAC: requires Roles.Read ### Create a new role within the specified scope - [POST /api/v1/rbac/scopes/{scope}/roles](https://docs.wellesley.social/openapi/rbac/paths/~1api~1v1~1rbac~1scopes~1%7Bscope%7D~1roles/post.md): Creates a new role with specified permissions within the specified scope. RBAC: requires Roles.Manage ### Delete the specified role from the specified scope - [DELETE /api/v1/rbac/scopes/{scope}/roles/{roleName}](https://docs.wellesley.social/openapi/rbac/paths/~1api~1v1~1rbac~1scopes~1%7Bscope%7D~1roles~1%7Brolename%7D/delete.md): RBAC: requires Roles.Manage ### Retrieves the description and the access list for the specified resource - [GET /api/v1/rbac/{resource}](https://docs.wellesley.social/openapi/rbac/paths/~1api~1v1~1rbac~1%7Bresource%7D/get.md) ## Remote collections API to retrieve followers and following collections for remote users. ### Get remote user's followers - [GET /api/v1/users/remote/{userNameFull}/followers](https://docs.wellesley.social/openapi/remote-collections/paths/~1api~1v1~1users~1remote~1%7Busernamefull%7D~1followers/get.md): Retrieves the follower collection of a remote federated user. Fetches the followers from the remote server using ActivityPub protocol. Supports pagination through offset and limit parameters. Only works for remote users, not local users. ### Get remote user's following - [GET /api/v1/users/remote/{userNameFull}/following](https://docs.wellesley.social/openapi/remote-collections/paths/~1api~1v1~1users~1remote~1%7Busernamefull%7D~1following/get.md): Retrieves the following collection of a remote federated user. Fetches the list of accounts that the remote user follows from their home server using ActivityPub protocol. Supports pagination through offset and limit parameters. Only works for remote users, not local users. ## Reports Endpoints for reporting content and managing content reports ### Report a post or a user to instance moderators - [POST /api/v1/reports](https://docs.wellesley.social/openapi/reports/paths/~1api~1v1~1reports/post.md) ## Rules Endpoints for managing platform rules that govern user conduct and content policies ### Update existing rule - [PUT /api/v1/rules](https://docs.wellesley.social/openapi/rules/paths/~1api~1v1~1rules/put.md): Modifies an existing platform rule with updated text, hint, or ordering RBAC: requires Rules.Manage ### Get all rules - [GET /api/v1/rules](https://docs.wellesley.social/openapi/rules/paths/~1api~1v1~1rules/get.md): Retrieves the complete list of platform rules that users must follow ### Create rules - [POST /api/v1/rules](https://docs.wellesley.social/openapi/rules/paths/~1api~1v1~1rules/post.md): Creates a new platform rule with text content, hint explanation, and ordering priority RBAC: requires Rules.Manage ### Reorder rules - [POST /api/v1/rules/reorder](https://docs.wellesley.social/openapi/rules/paths/~1api~1v1~1rules~1reorder/post.md): Updates the ordering of multiple rules at once RBAC: requires Rules.Manage ### Delete existing rule - [DELETE /api/v1/rules/{id}](https://docs.wellesley.social/openapi/rules/paths/~1api~1v1~1rules~1%7Bid%7D/delete.md): Permanently removes a platform rule by its ID RBAC: requires Rules.Manage ## Search Endpoints for searching across users, posts, and tags with various filtering options ### Search across public post, users, tags. No auth required - [GET /api/v1/search](https://docs.wellesley.social/openapi/search/paths/~1api~1v1~1search/get.md): Performs a search query across different content types with support for URL resolution, username lookups, and various filtering options ## Sessions Endpoints for managing user authentication sessions and device logins ### Deletes all account sessions except current - [DELETE /api/v1/sessions/all](https://docs.wellesley.social/openapi/sessions/paths/~1api~1v1~1sessions~1all/delete.md) ### Returns a list of all sessions - [GET /api/v1/sessions/list](https://docs.wellesley.social/openapi/sessions/paths/~1api~1v1~1sessions~1list/get.md) ### Revokes all account sessions except current - [PUT /api/v1/sessions/revoke/all](https://docs.wellesley.social/openapi/sessions/paths/~1api~1v1~1sessions~1revoke~1all/put.md) ### Revokes a session - [PUT /api/v1/sessions/revoke/{sessionKey}](https://docs.wellesley.social/openapi/sessions/paths/~1api~1v1~1sessions~1revoke~1%7Bsessionkey%7D/put.md) ### Deletes a session - [DELETE /api/v1/sessions/{sessionKey}](https://docs.wellesley.social/openapi/sessions/paths/~1api~1v1~1sessions~1%7Bsessionkey%7D/delete.md) ## SignupInviteLinks Manage signup invite links ### List invite links for current user - [GET /api/v1/users/invite-links](https://docs.wellesley.social/openapi/signupinvitelinks/paths/~1api~1v1~1users~1invite-links/get.md) ### Create a new signup invite link - [POST /api/v1/users/invite-links](https://docs.wellesley.social/openapi/signupinvitelinks/paths/~1api~1v1~1users~1invite-links/post.md) ### Deactivate an invite link - [PUT /api/v1/users/invite-links/deactivate/{code}](https://docs.wellesley.social/openapi/signupinvitelinks/paths/~1api~1v1~1users~1invite-links~1deactivate~1%7Bcode%7D/put.md) ## Tags Endpoints for managing hashtags, including following, featuring, and retrieving tag information ### Get list of featured tags - [GET /api/v1/tags/featured](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1featured/get.md) ### Remove from featured tags by name - [DELETE /api/v1/tags/featured/{name}](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1featured~1%7Bname%7D/delete.md) ### Feature tag by name - [POST /api/v1/tags/featured/{name}](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1featured~1%7Bname%7D/post.md) ### Follow tag by name - [POST /api/v1/tags/follow/{name}](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1follow~1%7Bname%7D/post.md) ### Get list of followed tags - [GET /api/v1/tags/followed](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1followed/get.md) ### Trending - [GET /api/v1/tags/trending](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1trending/get.md) ### Unfollow tag by name - [POST /api/v1/tags/unfollow/{name}](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1unfollow~1%7Bname%7D/post.md) ### Get tag by name - [GET /api/v1/tags/{name}](https://docs.wellesley.social/openapi/tags/paths/~1api~1v1~1tags~1%7Bname%7D/get.md) ## Tags v2 Scoped tags search, policy lists and reports ### Overwrite black/whitelist - [PUT /api/v1/tags/list](https://docs.wellesley.social/openapi/tags-v2/paths/~1api~1v1~1tags~1list/put.md): Bulk overwrite list entries for a scope RBAC: - requires ANY of Data.Manage, GroupData.Manage ### Add to black/whitelist - [PATCH /api/v1/tags/list](https://docs.wellesley.social/openapi/tags-v2/paths/~1api~1v1~1tags~1list/patch.md): Add entries. For blacklist, soft flag toggles hard/soft. RBAC: - requires ANY of Data.Manage, GroupData.Manage ### Get black/whitelist for a scope - [GET /api/v1/tags/list](https://docs.wellesley.social/openapi/tags-v2/paths/~1api~1v1~1tags~1list/get.md): Returns array of tag names in black/whitelist. 'soft' applies only to blacklist. RBAC: - requires ANY of Data.Read, GroupData.Manage ### Remove from black/whitelist - [DELETE /api/v1/tags/list](https://docs.wellesley.social/openapi/tags-v2/paths/~1api~1v1~1tags~1list/delete.md): Remove entries. For blacklist, soft must be specified to remove from that list. RBAC: - requires ANY of Data.Manage, GroupData.Manage ### Set policy mode - [PUT /api/v1/tags/policy](https://docs.wellesley.social/openapi/tags-v2/paths/~1api~1v1~1tags~1policy/put.md): Set scope policy to 'whitelist' or 'blacklist'. RBAC: - requires ANY of Data.Manage, GroupData.Manage ### Get policy mode - [GET /api/v1/tags/policy](https://docs.wellesley.social/openapi/tags-v2/paths/~1api~1v1~1tags~1policy/get.md): Returns 'whitelist' or 'blacklist' for scope. Defaults to 'blacklist' if unset. RBAC: - requires ANY of Data.Read, GroupData.Manage ### Report a tag - [POST /api/v1/tags/report](https://docs.wellesley.social/openapi/tags-v2/paths/~1api~1v1~1tags~1report/post.md): Creates a tag report in a scope. ### List tag reports in a scope - [GET /api/v1/tags/reports](https://docs.wellesley.social/openapi/tags-v2/paths/~1api~1v1~1tags~1reports/get.md): RBAC: - requires ANY of Data.Read, GroupData.Manage ### Search tags by prefix - [GET /api/v1/tags/search](https://docs.wellesley.social/openapi/tags-v2/paths/~1api~1v1~1tags~1search/get.md): Returns tag names matching partial name. Scope is optional. ## Translation Endpoints for translating text between languages ### Translate - [POST /api/v1/translate/text](https://docs.wellesley.social/openapi/translation/paths/~1api~1v1~1translate~1text/post.md) ## Uploads Endpoints for uploading, retrieving, and managing media files ### Create upload - [POST /api/v1/uploads](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads/post.md): Create upload based on input data ### Delete multiple uploads by id - [POST /api/v1/uploads/batch](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1batch/post.md): Delete multiple upload by id ### List uploads based on input data - [POST /api/v1/uploads/list](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1list/post.md): List uploads based on input data ### Search uploads based on input data - [GET /api/v1/uploads/search](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1search/get.md) ### Get posts, avatars and headers for specified upload ids - [GET /api/v1/uploads/usages](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1usages/get.md) ### Get upload by id - [GET /api/v1/uploads/{id}](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1%7Bid%7D/get.md): Gets upload by id ### Delete upload by id - [DELETE /api/v1/uploads/{id}](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1%7Bid%7D/delete.md): Delete upload by id ### Rewrite upload meta with new data - [POST /api/v1/uploads/{id}/meta](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1%7Bid%7D~1meta/post.md): Rewrite upload meta with new data ### Patch upload meta with data - [PUT /api/v1/uploads/{id}/meta](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1%7Bid%7D~1meta/put.md): Patch upload meta with new data ### Rewrite upload privacy settings - [POST /api/v1/uploads/{id}/privacy](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1%7Bid%7D~1privacy/post.md): Rewrite upload privacy settings ### Rewrite upload tags with new data - [POST /api/v1/uploads/{id}/tags](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1%7Bid%7D~1tags/post.md): Rewrite upload tags with new data ### Patch upload tags with data - [PUT /api/v1/uploads/{id}/tags](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1%7Bid%7D~1tags/put.md): Patch upload tags with new data ### This route is responsible for updating video preview - [POST /api/v1/uploads/{id}/thumbnail](https://docs.wellesley.social/openapi/uploads/paths/~1api~1v1~1uploads~1%7Bid%7D~1thumbnail/post.md): To update upload video preview you should specify exactly the second of the video you want to create preview from ## User Devices APIs for managing user devices for push notifications ### Register or update a device for push notifications - [PUT /api/v1/devices](https://docs.wellesley.social/openapi/user-devices/paths/~1api~1v1~1devices/put.md) ### Get all registered devices for the current user - [GET /api/v1/devices](https://docs.wellesley.social/openapi/user-devices/paths/~1api~1v1~1devices/get.md) ### Delete all registered devices for the current user - [DELETE /api/v1/devices/all](https://docs.wellesley.social/openapi/user-devices/paths/~1api~1v1~1devices~1all/delete.md) ### Delete a registered device for the current user - [DELETE /api/v1/devices/{deviceId}](https://docs.wellesley.social/openapi/user-devices/paths/~1api~1v1~1devices~1%7Bdeviceid%7D/delete.md) ## User Settings Endpoints for managing user-specific settings and preferences. These endpoints allow authenticated users to view, update, and delete their personal settings that control their account behavior, interface preferences, privacy options, and feature customizations. ### Update user settings - [PUT /api/v1/settings/user](https://docs.wellesley.social/openapi/user-settings/paths/~1api~1v1~1settings~1user/put.md): Update multiple user settings in a single operation for the authenticated user. Each setting must be provided as a complete object with all required fields. Partial updates are not supported to ensure data consistency and prevent preference corruption. ### Get user settings - [GET /api/v1/settings/user](https://docs.wellesley.social/openapi/user-settings/paths/~1api~1v1~1settings~1user/get.md): Retrieve specific user settings by their keys for the authenticated user. Returns a JSON object mapping setting names to their configured values. Only settings belonging to the current user are accessible through this endpoint. ### Delete user settings - [DELETE /api/v1/settings/user](https://docs.wellesley.social/openapi/user-settings/paths/~1api~1v1~1settings~1user/delete.md): Remove specific user settings by their keys for the authenticated user. This operation will permanently delete the specified settings and revert them to their default values. Deleted preferences cannot be recovered. ## Users Endpoints for managing user profiles, including creation, retrieval, updates, and moderation ### Delete user - [DELETE /api/v1/users](https://docs.wellesley.social/openapi/users/paths/~1api~1v1~1users/delete.md) ### Create new user for the account - [POST /api/v1/users](https://docs.wellesley.social/openapi/users/paths/~1api~1v1~1users/post.md): User's profile required fields: username, displayName, applicationId ### Get user by username - [GET /api/v1/users](https://docs.wellesley.social/openapi/users/paths/~1api~1v1~1users/get.md) ### Check if username is already taken - [GET /api/v1/users/check](https://docs.wellesley.social/openapi/users/paths/~1api~1v1~1users~1check/get.md) ### Get list of username changes - [GET /api/v1/users/rename-history](https://docs.wellesley.social/openapi/users/paths/~1api~1v1~1users~1rename-history/get.md) ### Update user's profile - [PUT /api/v1/users/{userId}](https://docs.wellesley.social/openapi/users/paths/~1api~1v1~1users~1%7Buserid%7D/put.md): User's profile includes: displayName, username, summary, avatarId, headerId ### Get user by userId - [GET /api/v1/users/{userId}](https://docs.wellesley.social/openapi/users/paths/~1api~1v1~1users~1%7Buserid%7D/get.md) ### Users which follow the given account - [GET /api/v1/users/{userId}/followers](https://docs.wellesley.social/openapi/users/paths/~1api~1v1~1users~1%7Buserid%7D~1followers/get.md) ### Users which the given account follows - [GET /api/v1/users/{userId}/following](https://docs.wellesley.social/openapi/users/paths/~1api~1v1~1users~1%7Buserid%7D~1following/get.md) ### Update user avatar and header - [PUT /api/v1/users/{userId}/media](https://docs.wellesley.social/openapi/users/paths/~1api~1v1~1users~1%7Buserid%7D~1media/put.md) ## phone Phone management ### Confirm authentication with phone number - [POST /api/v1/accounts/phone/change/confirm/auth](https://docs.wellesley.social/openapi/phone/paths/~1api~1v1~1accounts~1phone~1change~1confirm~1auth/post.md): Step 2. Validate the provided authentication code. After 3 failed attempts, the current user session will be invalidated. ### Change phone number for authenticated user - [POST /api/v1/accounts/phone/change/confirm/new-phone](https://docs.wellesley.social/openapi/phone/paths/~1api~1v1~1accounts~1phone~1change~1confirm~1new-phone/post.md): Step 4. Validate the new verification code. Upon successful verification, the user's phone number will be updated to the newly verified number. ### Request a new phone number - [POST /api/v1/accounts/phone/change/new-phone](https://docs.wellesley.social/openapi/phone/paths/~1api~1v1~1accounts~1phone~1change~1new-phone/post.md): Step 3. Request a new phone number from the user. Verification code will be sent via SMS to that number. ### Request phone number change for authenticated user - [PUT /api/v1/accounts/phone/change/request](https://docs.wellesley.social/openapi/phone/paths/~1api~1v1~1accounts~1phone~1change~1request/put.md): Step 1. Request an authentication code to be sent via SMS to the user's original phone number. ### Resend code to check authentication with phone number - [PUT /api/v1/accounts/phone/change/resend-code/auth](https://docs.wellesley.social/openapi/phone/paths/~1api~1v1~1accounts~1phone~1change~1resend-code~1auth/put.md) ### Resend code to confirm new phone number - [PUT /api/v1/accounts/phone/change/resend-code/new-phone](https://docs.wellesley.social/openapi/phone/paths/~1api~1v1~1accounts~1phone~1change~1resend-code~1new-phone/put.md) ## Fasp Resource ### Clear - [POST /api/v1/fasp/clear](https://docs.wellesley.social/openapi/fasp-resource/paths/~1api~1v1~1fasp~1clear/post.md): RBAC: requires Federation.Manage ### Registration - [POST /api/v1/fasp/registration](https://docs.wellesley.social/openapi/fasp-resource/paths/~1api~1v1~1fasp~1registration/post.md): RBAC: requires Federation.Manage ### Capabilities - [POST /api/v1/fasp/{providerId}/capabilities](https://docs.wellesley.social/openapi/fasp-resource/paths/~1api~1v1~1fasp~1%7Bproviderid%7D~1capabilities/post.md): RBAC: requires Federation.Manage ### Debug Call - [POST /api/v1/fasp/{providerId}/debug-call](https://docs.wellesley.social/openapi/fasp-resource/paths/~1api~1v1~1fasp~1%7Bproviderid%7D~1debug-call/post.md): RBAC: requires Federation.Manage ### Registration Finish Page - [GET /api/v1/fasp/{providerId}/registration-finish](https://docs.wellesley.social/openapi/fasp-resource/paths/~1api~1v1~1fasp~1%7Bproviderid%7D~1registration-finish/get.md): RBAC: requires Federation.Manage ### Registration Finish - [POST /api/v1/fasp/{providerId}/registration-finish](https://docs.wellesley.social/openapi/fasp-resource/paths/~1api~1v1~1fasp~1%7Bproviderid%7D~1registration-finish/post.md): RBAC: requires Federation.Manage ### Request Backfill - [POST /api/v1/fasp/{providerId}/request_backfill](https://docs.wellesley.social/openapi/fasp-resource/paths/~1api~1v1~1fasp~1%7Bproviderid%7D~1request_backfill/post.md): RBAC: requires Federation.Manage ## Debug Resource ### List - [GET /api/v1/fasp/debug/v0/callback/callbacks](https://docs.wellesley.social/openapi/debug-resource/paths/~1api~1v1~1fasp~1debug~1v0~1callback~1callbacks/get.md) ### Destroy - [DELETE /api/v1/fasp/debug/v0/callback/callbacks/{id}](https://docs.wellesley.social/openapi/debug-resource/paths/~1api~1v1~1fasp~1debug~1v0~1callback~1callbacks~1%7Bid%7D/delete.md) ## Trends Resource ### Links - [GET /api/v1/trends/links](https://docs.wellesley.social/openapi/trends-resource/paths/~1api~1v1~1trends~1links/get.md) ### Posts - [GET /api/v1/trends/posts](https://docs.wellesley.social/openapi/trends-resource/paths/~1api~1v1~1trends~1posts/get.md) ### Tags - [GET /api/v1/trends/tags](https://docs.wellesley.social/openapi/trends-resource/paths/~1api~1v1~1trends~1tags/get.md) ## Test Authenticated Controller ### Authenticated With Rbac - [GET /test-authenticated/authenticated-with-rbac](https://docs.wellesley.social/openapi/test-authenticated-controller/paths/~1test-authenticated~1authenticated-with-rbac/get.md) ### Method Authenticated - [GET /test-authenticated/method-authenticated](https://docs.wellesley.social/openapi/test-authenticated-controller/paths/~1test-authenticated~1method-authenticated/get.md) ## Test Class Auth Controller ### Inherit Class Auth - [GET /test-class-auth/inherit](https://docs.wellesley.social/openapi/test-class-auth-controller/paths/~1test-class-auth~1inherit/get.md) ### Override Class Auth - [GET /test-class-auth/override](https://docs.wellesley.social/openapi/test-class-auth-controller/paths/~1test-class-auth~1override/get.md) ### Public Override Auth - [GET /test-class-auth/public-override](https://docs.wellesley.social/openapi/test-class-auth-controller/paths/~1test-class-auth~1public-override/get.md) ## Test Class Authenticated Controller ### Authenticated With Permit All - [GET /test-class-authenticated/authenticated-with-permit-all](https://docs.wellesley.social/openapi/test-class-authenticated-controller/paths/~1test-class-authenticated~1authenticated-with-permit-all/get.md) ### Inherit Authenticated - [GET /test-class-authenticated/inherit-authenticated](https://docs.wellesley.social/openapi/test-class-authenticated-controller/paths/~1test-class-authenticated~1inherit-authenticated/get.md) ## Test Class Permit All Controller ### Inherit Permit All - [GET /test-class-permit-all/inherit-permit-all](https://docs.wellesley.social/openapi/test-class-permit-all-controller/paths/~1test-class-permit-all~1inherit-permit-all/get.md) ### Method Overrides Class Permit All - [GET /test-class-permit-all/method-overrides-class-permit-all](https://docs.wellesley.social/openapi/test-class-permit-all-controller/paths/~1test-class-permit-all~1method-overrides-class-permit-all/get.md) ## Test Permit All Controller ### Method Permit All - [GET /test-permit-all/method-permit-all](https://docs.wellesley.social/openapi/test-permit-all-controller/paths/~1test-permit-all~1method-permit-all/get.md) ### Permit All Overrides Allow - [GET /test-permit-all/permit-all-overrides-allow](https://docs.wellesley.social/openapi/test-permit-all-controller/paths/~1test-permit-all~1permit-all-overrides-allow/get.md) ### Permit All Overrides Allow Any - [GET /test-permit-all/permit-all-overrides-allow-any](https://docs.wellesley.social/openapi/test-permit-all-controller/paths/~1test-permit-all~1permit-all-overrides-allow-any/get.md) ## Test Authorization Controller ### Admin Only Endpoint - [GET /test/admin-only](https://docs.wellesley.social/openapi/test-authorization-controller/paths/~1test~1admin-only/get.md) ### Admin Delete Everything - [POST /test/business/admin-delete-everything](https://docs.wellesley.social/openapi/test-authorization-controller/paths/~1test~1business~1admin-delete-everything/post.md) ### Basic Read Access - [GET /test/business/basic-read-access](https://docs.wellesley.social/openapi/test-authorization-controller/paths/~1test~1business~1basic-read-access/get.md) ### Delete User And Group - [POST /test/business/delete-user-and-group](https://docs.wellesley.social/openapi/test-authorization-controller/paths/~1test~1business~1delete-user-and-group/post.md) ### Full Admin Action - [POST /test/business/full-admin-action](https://docs.wellesley.social/openapi/test-authorization-controller/paths/~1test~1business~1full-admin-action/post.md) ### High Privilege Any - [GET /test/business/high-privilege-any](https://docs.wellesley.social/openapi/test-authorization-controller/paths/~1test~1business~1high-privilege-any/get.md) ### View Reports Only - [GET /test/business/reports-only](https://docs.wellesley.social/openapi/test-authorization-controller/paths/~1test~1business~1reports-only/get.md) ### View User Or Group Members - [GET /test/business/view-user-or-groups](https://docs.wellesley.social/openapi/test-authorization-controller/paths/~1test~1business~1view-user-or-groups/get.md) ### Get Cache Stats - [GET /test/cache-stats](https://docs.wellesley.social/openapi/test-authorization-controller/paths/~1test~1cache-stats/get.md) ### Clear Cache - [POST /test/clear-cache](https://docs.wellesley.social/openapi/test-authorization-controller/paths/~1test~1clear-cache/post.md) ### Get Config - [GET /test/config](https://docs.wellesley.social/openapi/test-authorization-controller/paths/~1test~1config/get.md) ### Public Endpoint - [GET /test/public](https://docs.wellesley.social/openapi/test-authorization-controller/paths/~1test~1public/get.md) ### Get Roles - [GET /test/roles](https://docs.wellesley.social/openapi/test-authorization-controller/paths/~1test~1roles/get.md) ### Create Role - [POST /test/roles](https://docs.wellesley.social/openapi/test-authorization-controller/paths/~1test~1roles/post.md) ## Quarkus Test Resource For Transaction ### Ok - [POST /test_transaction/ok](https://docs.wellesley.social/openapi/quarkus-test-resource-for-transaction/paths/~1test_transaction~1ok/post.md)