# Admin Accounts

Administrative endpoints for account and user management. Provides comprehensive tools for managing user accounts, including creation, deletion, role assignment, password management, state changes, and user impersonation for bot accounts.

## Retrieve account information by ID

 - [GET /api/v1/admin/account/{accountId}](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1account~1%7Baccountid%7D/get.md): Fetches comprehensive details about an account including its associated users. Returns account metadata (email, creation date) and all users linked to this account. Most accounts have a single user, but the system supports multiple users per account.

RBAC: requires Users.Manage

## Change email address for an account

 - [PUT /api/v1/admin/change/email](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1change~1email/put.md): Administratively updates the email address for a user account. Can identify the user by username or user ID. The new email must be valid and unique in the system. This operation is logged for audit purposes and the change takes effect immediately.

RBAC: requires Users.Manage

## Change password for an account

 - [PUT /api/v1/admin/change/password](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1change~1password/put.md): Administratively resets the password for a user account. Can identify the user by username or user ID. The new password should meet security requirements. This operation is logged for audit purposes and does not require knowing the current password.

RBAC: requires Users.Manage

## Assign role to a user

 - [PUT /api/v1/admin/change/role/assign](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1change~1role~1assign/put.md): Assigns a role to a user by username or id

RBAC: requires Users.Manage

## Revoke role from a user

 - [PUT /api/v1/admin/change/role/revoke](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1change~1role~1revoke/put.md): Revokes a role from a user by username or id. Admin cannot be revoked if it's the last one.

RBAC: requires Users.Manage

## Create a new account with initial user

 - [POST /api/v1/admin/create-account](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1create-account/post.md): Creates a new account with an initial user profile. The account will have a unique email and the user will have a unique username. This endpoint validates that the username is not reserved, the username doesn't already exist, and the email is not already registered. Returns the created account with its associated user information.

RBAC: requires Users.Manage

## Create a new user under an existing account

 - [POST /api/v1/admin/create-user](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1create-user/post.md): Creates a new user profile under an existing account. The user will have a unique username within the account's domain. This endpoint validates that the username is not reserved, the username doesn't already exist, and the associated account exists. Returns the created user information.

RBAC: requires Users.Manage

## Delete an account with all associated users

 - [DELETE /api/v1/admin/delete](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1delete/delete.md): Permanently deletes an account and all its associated users. Can identify the account by email address, account ID, or username. This operation notifies followers on remote servers about the deletion and marks all associated content appropriately. This action is irreversible. Administrators cannot delete their own account through this endpoint.

RBAC: requires Users.Manage

## Delete a user

 - [DELETE /api/v1/admin/delete-user](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1delete-user/delete.md): Permanently deletes a user profile. Can identify the user by username or user ID. This operation notifies followers on remote servers about the deletion and marks all associated content appropriately. This action is irreversible. Administrators cannot delete their own user profile through this endpoint.

RBAC: requires Users.Manage

## Impersonate a user

 - [GET /api/v1/admin/impersonate](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1impersonate/get.md): Allows a service to impersonate a user by their username. This will return a token that can be used to act on behalf the user's account. Only bots can be impersonated, not regular users.

RBAC:
- requires ALL of Users.Manage, Users.Impersonate

## Permanently purge an account from the system

 - [DELETE /api/v1/admin/purge](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1purge/delete.md): Force-deletes an account and all associated data, even if previously soft-deleted. This operation bypasses normal deletion safeguards and completely removes all traces of the account from the system. Use with extreme caution as this action is irreversible and cannot be recovered. Administrators cannot purge their own account.

RBAC: requires Users.Manage

## Regenerate cryptographic keys for a user

 - [POST /api/v1/admin/regenerate-keys](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1regenerate-keys/post.md): Regenerates the Ed25519 cryptographic keys for a specified user. This is used for federation security and ActivityPub signatures. Can identify the user by username or user ID. The old keys are invalidated and new keys are generated immediately. Remote servers will be notified of the key change through federation protocols.

RBAC: requires Users.Manage

## Regenerate cryptographic keys for all users

 - [POST /api/v1/admin/regenerate-keys-all](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1regenerate-keys-all/post.md): Initiates a background job to regenerate Ed25519 cryptographic keys for all users in the system. This is typically used for security updates or key rotation policies. The operation runs asynchronously and processes users in batches. Returns a job ID that can be used to track progress. Default batch size is used unless specified.

RBAC: requires Users.Manage

## Release a username for reuse

 - [POST /api/v1/admin/release-username](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1release-username/post.md): Administratively releases a username, making it available for new user registrations. This is typically used after account deletions or username changes to free up desirable usernames. The operation immediately makes the username available in the system.

RBAC: requires Users.Manage

## Search for users

 - [GET /api/v1/admin/search](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1search/get.md): Performs an administrative search for users with multiple filter criteria. Can search by user ID, account ID, username, domain, display name, state, email, IP address, country, or role. Supports mixed search across username, display name, and email simultaneously. Results include detailed user information and support pagination and sorting. IP addresses are matched exactly, and country codes should use ISO 3166-1 alpha-2 format.

RBAC: requires Users.Manage

## Update user moderation state

 - [POST /api/v1/admin/user/change-state](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1user~1change-state/post.md): Changes the moderation state of a user (e.g., ACTIVE, SUSPENDED, LIMITED). This affects what actions the user can perform on the platform. When suspending a user, their content may be hidden and followers on remote servers are notified. When unsuspending, the user's content is restored and remote servers are updated. Administrators cannot change their own state. Changes are logged for audit purposes and can be linked to moderation reports.

RBAC: requires Users.Manage

## Bulk update user moderation states

 - [POST /api/v1/admin/user/change-state-bulk](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1user~1change-state-bulk/post.md): Changes the moderation state for multiple users in a single optimized operation. Performs one bulk DB update, submits jobs in batches for users transitioning to or from SUSPENDED, and distributes updates without per-user queries.

RBAC: requires Users.Manage

## Retrieve detailed user information by ID

 - [GET /api/v1/admin/user/{userId}](https://docs.wellesley.social/openapi/admin-accounts/paths/~1api~1v1~1admin~1user~1%7Buserid%7D/get.md): Fetches comprehensive details about a specific user including their account association, profile information, roles, state, statistics, and activity data. Requires either Users.Read or Users.Manage permission.

RBAC:
- requires ALL of Users.Manage
- requires ANY of Users.Read, Users.Manage