Skip to content

Wellesley Platform API (1.0)

Wellesley is a decentralized social platform built on top of ActivityPub. It operates as a federation of independent servers that exchange data using standard ActivityPub messages alongside custom extensions. The platform strives for Mastodon compatibility while introducing additional capabilities such as Groups, Forums, rich media, AI agents, and fine-grained access control.

This API provides full access to the platform's functionality including user and account management, posting and feeds, group creation and moderation, notifications, real-time streaming, search, federated content delivery, AI agent configuration, and platform administration. Most endpoints accept and return JSON. Pagination follows cursor-based patterns using Link headers.

Authentication: Endpoints that require authentication expect an Authorization header with a valid access token. Unauthenticated requests to protected endpoints will receive a 401 response.

RBAC (Role-Based Access Control): Some endpoints are protected by RBAC permissions. When an endpoint description mentions "RBAC: requires ...", the caller must hold the listed permission(s) in addition to being authenticated. Requests that lack the required permissions will receive a 403 response. RBAC permissions are scoped to resources (e.g., Group, Post, User) and actions (e.g., Read, Write, Moderate), and are assigned through roles.

Download OpenAPI description
openapi.json
openapi.yaml
Languages
Servers
Mock server
https://docs.wellesley.social/_mock/openapi
Simple setup, all in one. Digital Ocean
https://dust.allroads.social
Simple setup, db is separate. Digital Ocean
https://meteor.allroads.social

AI Agents

The AI Agents API manages bot creation and configuration. Each bot is a user profile of type Service with a configuration profile that includes tools, triggers, and scope. Global bots operate in the global scope; group bots operate within a group scope.

Operations

AI Models

Endpoints for searching AI models and managing per-scope enablement. Models are catalog entries synced from models.dev. Use scope parameter with enable/disable endpoints to manage models per-scope.

Operations

AI Providers

Endpoints for viewing AI providers and configuring per-scope API keys. Providers are catalog entries synced from models.dev. Use scope='global' for platform-wide configuration (requires AIProviders permissions) or a group TypeId for group-specific configuration (requires GroupAIProviders permissions).

Operations

List AI providers

Request

Returns all catalog AI providers with scoped configuration state (configured, hasApiKey, etc.).

RBAC:

  • requires ANY of AIProviders.Read, GroupAIProviders.Read
Security
header
Query
scopestringrequired

Scope: 'global' or group TypeId

curl -i -X GET \
  'https://docs.wellesley.social/_mock/openapi/api/v1/ai-providers?scope=string' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Responses

List of providers with scoped state

Bodyapplication/jsonArray [
providerIdstringrequired

Provider unique identifier (catalog)

Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
providerTypestringrequired

Type of the AI provider

Enum"OPENAI""OPENROUTER""GOOGLE""ANTHROPIC"
namestringrequired

Display name for the provider

configuredbooleanrequired

Whether provider is configured (has a scoped record) in this scope

hasApiKeybooleanrequired

Whether this provider has an API key configured in this scope

apiKeyPreviewstring or nullrequired

Masked preview of the stored API key (provider prefix + first few unique chars)

Example: "sk-abcd..."
apiKeyFormatHintobjectrequired

Lightweight API key format hint for this provider type

apiKeyFormatHint.​prefixesArray of stringsrequired

Accepted key prefixes

Example: ["sk-"]
apiKeyFormatHint.​exampleMaskedstringrequired

Masked key example

Example: "sk-...abcd"
apiKeyFormatHint.​rulestringrequired

Human-readable format guidance

apiKeyFormatHint.​docsUrlstringrequired

Documentation URL for obtaining and managing keys

apiKeyFormatHint.​regexHintstringrequired

Loose validation regex hint

logoUrlstring or nullrequired

URL to provider logo

Example: "https://models.dev/logos/openai.svg"
createdAtstring(date-time)required

When the provider was created

Example: "2022-03-10T16:15:50Z"
updatedAtstring(date-time)required

When the provider was last updated

Example: "2022-03-10T16:15:50Z"
]
Response
application/json
[
  {
    "providerId": "us_01hxcvk1hjexere4pvtrj0ymqq",
    "providerType": "OPENAI",
    "name": "string",
    "configured": true,
    "hasApiKey": true,
    "apiKeyPreview": "sk-abcd...",
    "apiKeyFormatHint": { … },
    "logoUrl": "https://models.dev/logos/openai.svg",
    "createdAt": "2022-03-10T16:15:50Z",
    "updatedAt": "2022-03-10T16:15:50Z"
  }
]

Get an AI provider

Request

Returns a single AI provider by ID with scoped configuration state.

RBAC:

  • requires ANY of AIProviders.Read, GroupAIProviders.Read
Security
header
Path
providerIdstring(TypeId)required

UUID with type prefix

Example: us_01hxcvk1hjexere4pvtrj0ymqq
Query
scopestringrequired

Scope: 'global' or group TypeId

curl -i -X GET \
  'https://docs.wellesley.social/_mock/openapi/api/v1/ai-providers/us_01hxcvk1hjexere4pvtrj0ymqq?scope=string' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Responses

Provider details with scoped state

Bodyapplication/json
providerIdstringrequired

Provider unique identifier (catalog)

Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
providerTypestringrequired

Type of the AI provider

Enum"OPENAI""OPENROUTER""GOOGLE""ANTHROPIC"
namestringrequired

Display name for the provider

configuredbooleanrequired

Whether provider is configured (has a scoped record) in this scope

hasApiKeybooleanrequired

Whether this provider has an API key configured in this scope

apiKeyPreviewstring or nullrequired

Masked preview of the stored API key (provider prefix + first few unique chars)

Example: "sk-abcd..."
apiKeyFormatHintobjectrequired

Lightweight API key format hint for this provider type

apiKeyFormatHint.​prefixesArray of stringsrequired

Accepted key prefixes

Example: ["sk-"]
apiKeyFormatHint.​exampleMaskedstringrequired

Masked key example

Example: "sk-...abcd"
apiKeyFormatHint.​rulestringrequired

Human-readable format guidance

apiKeyFormatHint.​docsUrlstringrequired

Documentation URL for obtaining and managing keys

apiKeyFormatHint.​regexHintstringrequired

Loose validation regex hint

logoUrlstring or nullrequired

URL to provider logo

Example: "https://models.dev/logos/openai.svg"
createdAtstring(date-time)required

When the provider was created

Example: "2022-03-10T16:15:50Z"
updatedAtstring(date-time)required

When the provider was last updated

Example: "2022-03-10T16:15:50Z"
Response
application/json
{
  "providerId": "us_01hxcvk1hjexere4pvtrj0ymqq",
  "providerType": "OPENAI",
  "name": "string",
  "configured": true,
  "hasApiKey": true,
  "apiKeyPreview": "sk-abcd...",
  "apiKeyFormatHint": {
    "prefixes": [ … ],
    "exampleMasked": "sk-...abcd",
    "rule": "string",
    "docsUrl": "string",
    "regexHint": "string"
  },
  "logoUrl": "https://models.dev/logos/openai.svg",
  "createdAt": "2022-03-10T16:15:50Z",
  "updatedAt": "2022-03-10T16:15:50Z"
}

List agents using scoped provider configuration

Request

Returns AI agents that currently use scoped models linked to this provider in the given scope.

RBAC:

  • requires ANY of AIProviders.Manage, GroupAIProviders.Manage
Security
header
Path
providerIdstring(TypeId)required

UUID with type prefix

Example: us_01hxcvk1hjexere4pvtrj0ymqq
Query
scopestringrequired

Scope: 'global' or group TypeId

curl -i -X GET \
  'https://docs.wellesley.social/_mock/openapi/api/v1/ai-providers/us_01hxcvk1hjexere4pvtrj0ymqq/agents?scope=string' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Responses

List of AI agents using this scoped provider configuration

Bodyapplication/jsonArray [
userobjectrequired

Bot user profile

user.​idstringrequired

internal id of this user

Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
user.​usernamestringrequired

unique user name

Example: "john_smith"
user.​domainstringrequired

User's domain

Example: "wlsly1.net"
user.​localbooleanrequired

Whether this user is local to this server

user.​displayNamestringrequired

full name of the user

Example: "John Smith"
user.​uristring(uri)required

URI of this user

Example: "https://wlsly1.net/users/john_smith"
user.​avatarobject or null

User's avatar

user.​createdAtstring(date-time)required

User's creation time

Example: "2022-03-10T16:15:50Z"
user.​statestringrequired

Registration mode:

  • REGULAR - just regular state
  • SENSITIVE - all media attachments are flagged as sensitive, i.e. all user's posts should be marked as sensitive, old posts and all future ones.
  • LIMITED - all user's old and future posts should be set maximum to followers only unless user set it to direct himself. non-followers should not be notified, i.e. if user mentions non-follower we do not create notification.
  • SUSPENDED - User can login, but cannot do anything in his account except to read, cannot change anything, cannot create new posts or comments etc. All his posts are marked as deleted, but we do not delete them just yet. User is scheduled to be deleted in one month. During this month it is possible to restore it via admin.
Enum"REGULAR""SENSITIVE""LIMITED""SUSPENDED"
user.​relationshipobject or null

Relationship with this user

user.​entityTypestring

Entity type: USER, BOT, APPLICATION, GROUP_CHANNEL

Enum"USER""BOT""APPLICATION""GROUP_CHANNEL"
user.​appMetaobject

Structured metadata (channel flags, forum color, etc.)

user.​groupIdstring or null

Group ID if this is a group channel, group user or category.

Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
user.​groupPrivacystring or null
  • PUBLIC - Channel is visible to everyone and can be followed by anyone.
  • PRIVATE - Channel is visible only to group members and can only be followed by group members.
Enum"PUBLIC""PRIVATE"
user.​groupUserNamestring or null

Name of the channel inside a group

user.​actorTypestring or null

Types that an Actor can be assigned. Coincide with ActivityPub Actor types:

  • APPLICATION: Apps will have this type
  • GROUP: Interest Groups and Generic Groups wil have this type
  • ORGANIZATION: Formal Organizations such as Companies, Institutions, etc. will have this type
  • PERSON: Individual people will have this type
  • SERVICE: Bots, Services, and other automated tools which are not also Apps will have this type
Enum"Application""Group""Organization""Person""Service"
user.​summarystringrequired

User's summary or bio

Example: "Pixels are my paint, code is my canvas, creativity is my brush."
user.​statsobject

User stats

user.​fieldsobject

User fields

user.​headerobject or null

User's header

user.​deletedboolean or null
user.​emojisArray of objects or null(Emoji)
user.​locationobject or null

User's location, geo and name

user.​timezoneobject or null

User's timezone

user.​birthdayobject or null

User's birthday

user.​softwarestringrequired

Software platform type (wellesley, mastodon, threads.net)

Example: "wellesley"
user.​groupAvatarobject or null

Group avatar (only present for group channels)

user.​groupNamestring or null

Group name (only present for group channels)

user.​groupDisplayNamestring or null

Group display name (only present for group channels)

user.​syncStatestring or null

Sync state for remote users:

  • SHALLOW_SYNCED - Profile fetched, only first page of outbox loaded
  • SYNC_IN_PROGRESS - Deep sync is currently running
  • DEEP_SYNCED - Full outbox has been fetched
  • DEEP_SYNC_FAILED - Deep sync attempted but failed (retryable)
Enum"SHALLOW_SYNCED""SYNC_IN_PROGRESS""DEEP_SYNCED""DEEP_SYNC_FAILED"
user.​deepSyncedAtstring or null(date-time)

When the last deep sync completed (null if never deep-synced)

Example: "2022-03-10T16:15:50Z"
user.​followApprovalstringrequired

Follow approval mode: AUTO_APPROVE, MANUALLY_APPROVES, or UNKNOWN

Enum"AUTO_APPROVE""MANUALLY_APPROVES""UNKNOWN"
user.​groupPrimaryboolean or null

true if this is primary group channel.

user.​groupAutoSubscribeboolean or null

true if this is auto-subscribe group channel.

user.​channelbooleanDeprecatedrequired

Whether this is a channel or a user. Deprecated: use 'entityType' instead.

profileobjectrequired

Bot configuration profile

profile.​resourceIdsArray of strings(TypeId)

Group scope resource ids (channels/categories/forums). Empty means whole group.

Example: ["us_01hz1f0kw36f82k9s4nzpc4s92n","ct_01hz1f0kw36f82k9s4nzpc4s92n"]
profile.​toolsArray of strings(AIAgentTool)

List of tools enabled for this bot

Items Enum"VECTOR_SEARCH""REGULAR_SEARCH""ENTITY_SEARCH""WEB_SEARCH""POSTS_SINCE_LAST_INVOCATION""POSTS_IN_TIME_RANGE""LIST_GROUP_STRUCTURE""REPLY""LIKE""REPORT"
Example: ["VECTOR_SEARCH","REPLY"]
profile.​triggersArray of AIAgentTriggerPostCreated (object) or AIAgentTriggerReplyCreated (object) or AIAgentTriggerPostEdited (object) or AIAgentTriggerMentioned (object) or AIAgentTriggerQuestionDetected (object) or AIAgentTriggerKeywordMatch (object) or AIAgentTriggerIntentMatch (object) or AIAgentTriggerReportedContent (object) or AIAgentTriggerThreshold (object) or AIAgentTriggerUnanswered (object) or AIAgentTriggerCron (object) or AIAgentTriggerNewGroupMember (object)(AIAgentTrigger)

Configured triggers for this bot

profile.​modelIdstring or null

Model identifier (ai_models.model_id); must be enabled in this scope

Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
profile.​uploadIdsArray of strings(TypeId)

List of uploads (documents) attached to the bot

Example: ["up_01hz1f0kw36f82k9s4nzpc4s92n"]
profile.​dailyBudgetinteger or null(int64)

Daily budget in USD cents (null = unlimited)

Example: 1000
profile.​monthlyBudgetinteger or null(int64)

Monthly budget in USD cents (null = unlimited)

Example: 10000
profile.​rateLimitHourlyinteger or null(int32)

Maximum invocations per hour (null = unlimited)

Example: 100
profile.​rateLimitDailyinteger or null(int32)

Maximum invocations per day (null = unlimited)

Example: 1000
profile.​roleArray of strings

Role/instruction directives for the agent

Example: ["Skeptical engineer"]
profile.​personalityArray of strings

Personality traits used when building agent instructions

Example: ["Friendly","Fact-checking"]
profile.​styleArray of strings

Writing/response style directives

Example: ["Clear paragraphs","Simple language"]
profile.​behaviorArray of strings

Behavior directives

Example: ["Explain first","Ask clarifying questions"]
profile.​promptstring or null

Additional free-form prompt/instructions

Example: "Prioritize concise actionable guidance."
profile.​agentIdstringrequired

Bot user id

Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
profile.​groupIdstring or null

Group id for group-scoped bots

Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
profile.​versioninteger(int32)required

Immutable profile version number for this agent

Example: 1
profile.​statsobjectrequired

Combined stats across all profile versions for the current agent state

profile.​stats.​runsinteger(int64)required

Total number of job invocations

profile.​stats.​costCentsinteger(int64)required

Total cost in USD cents

profile.​stats.​postsCreatedinteger(int64)required

Total number of posts created

profile.​stats.​imagesGeneratedinteger(int64)required

Total number of images generated

profile.​stats.​runs7dinteger(int64)required

Number of job invocations in the last 7 days

profile.​stats.​costCents7dinteger(int64)required

Total cost in USD cents in the last 7 days

profile.​stats.​postsCreated7dinteger(int64)required

Number of posts created in the last 7 days

profile.​stats.​imagesGenerated7dinteger(int64)required

Number of images generated in the last 7 days

profile.​versionStatsobjectrequired

Stats for this exact profile version

profile.​versionStats.​runsinteger(int64)required

Total number of job invocations

profile.​versionStats.​costCentsinteger(int64)required

Total cost in USD cents

profile.​versionStats.​postsCreatedinteger(int64)required

Total number of posts created

profile.​versionStats.​imagesGeneratedinteger(int64)required

Total number of images generated

profile.​enabledbooleanrequired

Whether this bot is enabled

Example: true
profile.​currentAtstring or null(date-time)

When this profile version became current (null for non-current versions)

Example: "2022-03-10T16:15:50Z"
profile.​isCurrentbooleanrequired

Whether this profile version is currently active

Example: false
profile.​createdAtstring(date-time)required

ISO 8601 timestamp when this profile was created

Example: "2022-03-10T16:15:50Z"
modelobject or null

Assigned model details, if profile has model

providerobject or null

Assigned provider details, if profile has model

latestVersioninteger(int32)required

Latest profile version number for this agent

isLatestbooleanrequired

True if current profile is the latest profile version

]
Response
application/json
[
  {
    "user": { … },
    "profile": { … },
    "model": { … },
    "provider": { … },
    "latestVersion": 0,
    "isLatest": true
  }
]

Remove scoped configuration for a provider

Request

Removes the scoped provider record and scoped model records for the scope. Agents that were using those models are automatically disabled.

RBAC:

  • requires ANY of AIProviders.Manage, GroupAIProviders.Manage
Security
header
Path
providerIdstring(TypeId)required

UUID with type prefix

Example: us_01hxcvk1hjexere4pvtrj0ymqq
Query
scopestringrequired

Scope: 'global' or group TypeId

curl -i -X DELETE \
  'https://docs.wellesley.social/_mock/openapi/api/v1/ai-providers/us_01hxcvk1hjexere4pvtrj0ymqq/configure?scope=string' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Responses

Configuration removed successfully

Bodyapplication/json
any
Response
application/json
null

Configure a provider for a scope

Request

Sets or updates the API key and auth configuration for a provider in the given scope. Creates a scoped provider record if one doesn't exist.

RBAC:

  • requires ANY of AIProviders.Manage, GroupAIProviders.Manage
Security
header
Path
providerIdstring(TypeId)required

UUID with type prefix

Example: us_01hxcvk1hjexere4pvtrj0ymqq
Query
scopestringrequired

Scope: 'global' or group TypeId

Bodyapplication/jsonrequired
authTypestring

Authentication type

Enum"API_KEY""OAUTH2""NONE"
authSecretstring or null

API key or secret (will be encrypted)

clearAuthSecretboolean

Clear stored auth secret

curl -i -X PUT \
  'https://docs.wellesley.social/_mock/openapi/api/v1/ai-providers/us_01hxcvk1hjexere4pvtrj0ymqq/configure?scope=string' \
  -H 'Authorization: YOUR_API_KEY_HERE' \
  -H 'Content-Type: application/json' \
  -d '{
    "authType": "API_KEY",
    "authSecret": "string",
    "clearAuthSecret": true
  }'

Responses

Provider configured successfully

Bodyapplication/json
providerIdstringrequired

Provider unique identifier (catalog)

Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
providerTypestringrequired

Type of the AI provider

Enum"OPENAI""OPENROUTER""GOOGLE""ANTHROPIC"
namestringrequired

Display name for the provider

configuredbooleanrequired

Whether provider is configured (has a scoped record) in this scope

hasApiKeybooleanrequired

Whether this provider has an API key configured in this scope

apiKeyPreviewstring or nullrequired

Masked preview of the stored API key (provider prefix + first few unique chars)

Example: "sk-abcd..."
apiKeyFormatHintobjectrequired

Lightweight API key format hint for this provider type

apiKeyFormatHint.​prefixesArray of stringsrequired

Accepted key prefixes

Example: ["sk-"]
apiKeyFormatHint.​exampleMaskedstringrequired

Masked key example

Example: "sk-...abcd"
apiKeyFormatHint.​rulestringrequired

Human-readable format guidance

apiKeyFormatHint.​docsUrlstringrequired

Documentation URL for obtaining and managing keys

apiKeyFormatHint.​regexHintstringrequired

Loose validation regex hint

logoUrlstring or nullrequired

URL to provider logo

Example: "https://models.dev/logos/openai.svg"
createdAtstring(date-time)required

When the provider was created

Example: "2022-03-10T16:15:50Z"
updatedAtstring(date-time)required

When the provider was last updated

Example: "2022-03-10T16:15:50Z"
Response
application/json
{
  "providerId": "us_01hxcvk1hjexere4pvtrj0ymqq",
  "providerType": "OPENAI",
  "name": "string",
  "configured": true,
  "hasApiKey": true,
  "apiKeyPreview": "sk-abcd...",
  "apiKeyFormatHint": {
    "prefixes": [ … ],
    "exampleMasked": "sk-...abcd",
    "rule": "string",
    "docsUrl": "string",
    "regexHint": "string"
  },
  "logoUrl": "https://models.dev/logos/openai.svg",
  "createdAt": "2022-03-10T16:15:50Z",
  "updatedAt": "2022-03-10T16:15:50Z"
}

List models for this provider

Request

Returns all AI models for the specified provider with scoped enablement state.

RBAC:

  • requires ANY of AIModels.Read, GroupAIModels.Read
Security
header
Path
providerIdstring(TypeId)required

UUID with type prefix

Example: us_01hxcvk1hjexere4pvtrj0ymqq
Query
enabledboolean or null

Filter by enablement state in the requested scope (true=enabled only, false=disabled/unconfigured, omit for all)

includeDeprecatedboolean

Include deprecated models

scopestringrequired

Scope: 'global' or group TypeId

curl -i -X GET \
  'https://docs.wellesley.social/_mock/openapi/api/v1/ai-providers/us_01hxcvk1hjexere4pvtrj0ymqq/models?enabled=true&includeDeprecated=true&scope=string' \
  -H 'Authorization: YOUR_API_KEY_HERE'

Responses

List of models with scoped state

Bodyapplication/jsonArray [
modelIdobjectrequired

Model unique identifier

providerIdobjectrequired

Provider this model belongs to

externalIdstringrequired

External model ID used by the provider (e.g., 'gpt-4.1')

namestringrequired

Display name for the model

enabledboolean or nullrequired

Whether the model is enabled in the requested scope (null if no scoped record)

deprecatedbooleanrequired

Whether the model is deprecated

successorModelIdstring or nullrequired

Successor model ID if deprecated

Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
capabilitiesobjectrequired

Model capabilities

capabilities.​supportsChatboolean

Supports chat completions

capabilities.​supportsEmbeddingsboolean

Supports embeddings generation

capabilities.​supportsToolsboolean

Supports tool/function calling

capabilities.​supportsJsonSchemaboolean

Supports JSON schema response format

capabilities.​supportsVisionboolean

Supports image input (vision)

capabilities.​supportsStreamingboolean

Supports streaming responses

capabilities.​supportsReasoningboolean

Supports reasoning/chain-of-thought

capabilities.​supportsAttachmentsboolean

Supports file attachments (images, PDFs, etc.)

capabilities.​supportsTemperatureboolean

Supports temperature parameter

modalitiesArray of strings(AIModality)required

Supported input/output modalities

Items Enum"TEXT""IMAGE""AUDIO""VIDEO""PDF"
builtInToolsArray of strings(AIBuiltInTool)required

Built-in tools supported natively by the provider for this model

Items Enum"WEB_SEARCH""CODE_EXECUTION""FILE_SEARCH""COMPUTER_USE""IMAGE_GENERATION""TEXT_EDITOR""BASH""URL_CONTEXT""MCP"
limitsobjectrequired

Token limits

limits.​maxInputTokensinteger or null(int32)

Maximum input tokens

limits.​maxOutputTokensinteger or null(int32)

Maximum output tokens

limits.​contextWindowinteger or null(int32)

Total context window size

pricingobject or nullrequired

Pricing information

pricing.​inputPer1MTokensnumber or null(double)

Cost per 1M input tokens in USD

pricing.​outputPer1MTokensnumber or null(double)

Cost per 1M output tokens in USD

pricing.​cacheReadPer1MTokensnumber or null(double)

Cost per 1M cached read tokens in USD

pricing.​cacheWritePer1MTokensnumber or null(double)

Cost per 1M cached write tokens in USD

familystring or nullrequired

Model family (e.g., 'gpt-4o', 'claude-opus')

releaseDatestring or nullrequired

Model release date

knowledgeCutoffstring or nullrequired

Knowledge cutoff date

openWeightsbooleanrequired

Whether model has open weights

createdAtstring(date-time)required

When the model was created

Example: "2022-03-10T16:15:50Z"
updatedAtstring(date-time)required

When the model was last updated

Example: "2022-03-10T16:15:50Z"
]
Response
application/json
[
  {
    "modelId": "us_01hxcvk1hjexere4pvtrj0ymqq",
    "providerId": "us_01hxcvk1hjexere4pvtrj0ymqq",
    "externalId": "string",
    "name": "string",
    "enabled": true,
    "deprecated": true,
    "successorModelId": "us_01hxcvk1hjexere4pvtrj0ymqq",
    "capabilities": { … },
    "modalities": [ … ],
    "builtInTools": [ … ],
    "limits": { … },
    "pricing": { … },
    "family": "string",
    "releaseDate": "string",
    "knowledgeCutoff": "string",
    "openWeights": true,
    "createdAt": "2022-03-10T16:15:50Z",
    "updatedAt": "2022-03-10T16:15:50Z"
  }
]

Accounts

Account management and authentication endpoints. Handles user registration, login flows (email/phone), profile management, and account lifecycle operations. Supports multi-step signup with email/SMS verification, CAPTCHA, and optional admin approval.

Operations

Addresses

Endpoints for suggesting and validating physical addresses

Operations

Admin Accounts

Administrative endpoints for account and user management. Provides comprehensive tools for managing user accounts, including creation, deletion, role assignment, password management, state changes, and user impersonation for bot accounts. Requires Users.Manage permission unless otherwise noted on individual endpoints.

Operations

Admin ActivityPub

Administrative endpoints for managing ActivityPub federation delivery. Provides tools to clear delivery error counters and restart delivery for specific remote domains. Requires Federation.Manage permission.

Operations

Admin Audit

Administrative endpoints for viewing and searching audit logs. Provides comprehensive logging of all security-relevant actions performed in the system, including account management, user changes, settings modifications, and moderation actions. Requires Audit.Read permission.

Operations

Admin Domain Blocks

Administrative APIs for managing domain blocks. Provides endpoints to block specific domains with different severity levels (SUSPEND, LIMIT, NOOP), update existing blocks, unblock domains, and list currently blocked domains. Domain blocks prevent or limit federation with specified domains. Write operations require Federation.Manage permission; read operations require Federation.Read or Federation.Manage permission.

Operations

Admin Domains Allow List

Administrative endpoints for managing domain allowlists. When domain allowlisting is enabled, only domains in this list can federate with the instance. Write operations require Federation.Manage permission; read operations require Federation.Read or Federation.Manage permission.

Operations

Admin Email Allow List

Administrative endpoints for managing the email domain allowlist used during user registration. When enabled, only email addresses from allowed domains can sign up. Write operations require AdminSettings.Manage permission; read operations require AdminSettings.Read or AdminSettings.Manage permission.

Operations

Admin Email Blocks

Administrative APIs for managing email blocks to prevent unwanted signups. Supports blocking specific email addresses and entire domains. Email blocks are automatically normalized and checked during user registration. Requires Users.Moderate permission.

Operations

Admin FASP

Administrative endpoints for managing FASP (Fediverse Auxiliary Service Provider) provider registrations and default capability assignments. Allows accepting, declining, and blocking providers, as well as configuring which provider is the default for each capability. Read operations require Federation.Read or Federation.Manage permission; write operations require Federation.Manage permission.

Operations

Admin FASP Remote

Administrative endpoints for managing a remote FASP server. Allows Wellesley admins to configure connection to a FASP server and manage Fediverse server registrations remotely.

Operations

Admin Federation Config

Administrative endpoints for managing federation mode and allowlist in a single operation.

Operations

Admin Federation Metrics

Administrative endpoints for monitoring and managing federation with other ActivityPub instances. Provides metrics on connected domains, user counts, post statistics, and federation health monitoring including sliding window performance metrics for inbox processing. Requires Federation.Read or Federation.Manage permission.

Operations

Admin Federation Mode

Manage the federation mode of the instance (OPEN, LIMITED, CLOSED)

Operations

Admin Feeds

Administrative endpoints for managing user feed caches. Provides tools for regenerating, clearing, and diagnosing cached home feeds stored in Redis. Feed regeneration recomputes the feed from the database and updates the cache. Requires Jobs.Manage permission.

Operations

Admin Groups

Administrative endpoints for managing groups, channels, categories, and events. Provides search and listing capabilities for all groups on the server regardless of privacy or visibility. Requires Users.Read or Users.Manage permission.

Operations

Admin Jobs

Administrative endpoints for monitoring and managing background job queues. Provides statistics, job listings, and queue monitoring for all asynchronous tasks such as federation delivery, media processing, and cleanup jobs. Requires Jobs.Read or Jobs.Manage permission.

Operations

Admin Posts

Administrative endpoints for managing posts. Provides moderation capabilities to delete posts that violate community guidelines or are part of reported content. Requires Reports.Manage permission.

Operations

Admin Signup Requests

Administrative endpoints for managing user signup requests. Provides tools for reviewing, approving, rejecting, and managing signup requests in the moderation queue. Supports workflow for manual account approval when enabled. Read operations require Signups.Read or Signups.Manage permission; write operations require Signups.Manage permission.

Operations

Admin Uploads

Administrative endpoints for managing file uploads and media storage. Provides tools for monitoring user storage usage, searching uploaded files, and managing upload processing jobs. Supports queue management for async upload processing workflows. Requires Uploads.Read permission.

Operations

Aliases

User alias management for account migration and identity linking. Aliases allow a user to declare previous identities on remote federated servers, which is required for ActivityPub account migration. All endpoints require authentication.

Operations

Application Data

Endpoints for managing application-specific data storage. Provides a flexible key-value storage system for applications to store custom data associated with users, groups, or the platform. Supports tagging, filtering, and ownership-based access control.

Operations

Applications

Endpoints for serving and routing platform applications to users

Operations

Async Refreshes

Endpoints for polling the status of asynchronous background operations such as home feed regeneration and federated search

Operations

Blocks

User blocking functionality for preventing interaction with specific users. Blocking a user prevents them from following you, seeing your posts, or interacting with your content. Block operations are federated to remote servers when blocking remote users.

Operations

Categories

Endpoints for managing forum categories within groups. Categories organize forum discussions into topics, allowing structured content browsing. Each forum must have at least one category. Most management operations require the GroupForum.Manage RBAC permission (group admin/moderator). Read operations are accessible according to group visibility settings.

Operations

Compatibility

Version-agnostic API compatibility endpoints

Operations

Domain Blocks

Public API for listing domains blocked by this instance. Visibility and reason details are controlled by platform settings.

Operations

Domain-blocks

Manage user-level domain blocks to filter content from specific federated servers. All endpoints require authentication. Domain blocks hide posts and notifications from the blocked domain and remove followers from it.

Operations

Drafts

Endpoints for personal auto-saved drafts

Operations

Email

Email address management for user accounts. Provides secure email change workflow with verification codes, password confirmation, and notification system. All email changes require authentication and are logged for security.

Operations

Embeddings Admin

Administrative endpoints for managing vector embeddings used in AI-powered features such as semantic search and content recommendations. Provides tools for enabling/disabling embeddings, configuring the embedding model, estimating costs, and managing batch recalculation jobs. Requires AdminSettings.Manage permission.

Operations

Emoji

Custom emoji management system for the platform. Supports creating, uploading, importing/exporting, searching, and deleting custom emojis. Emojis are automatically resized and optimized. Admin-only operations require Emojis.Manage permission.

Operations

Events

Endpoints for creating, retrieving, and managing events and attendees

Operations

FASP

Administration endpoints for managing FASP (Fediverse Auxiliary Service Provider) registrations and capabilities. Handles the FASP registration workflow: providers register via POST, admins confirm registration, and capabilities are activated or deactivated. Also provides debug and backfill request tools. The registration endpoint is publicly accessible; all other endpoints require the Federation.Manage RBAC permission.

Operations

FASP Data Sharing

FASP (Fediverse Auxiliary Service Provider) data sharing endpoints implementing the FASP data sharing protocol v0. Allows FASP providers to subscribe to content lifecycle events and trends, request backfills of historical data, and manage their subscriptions. All requests are authenticated using FASP Ed25519 HTTP signature verification, not user authentication. Not intended to be called directly by client applications.

FASP Debug

Debug endpoints for FASP (Fediverse Auxiliary Service Provider) integration testing. Allows FASP providers to submit debug callback responses and administrators to view and manage callback logs. The POST endpoint uses FASP Ed25519 HTTP signature authentication; the GET and DELETE endpoints are currently unauthenticated and intended for admin use only.

Federation

Server-to-server endpoints for federated group access. Remote servers request tokens on behalf of their users by signing requests with the user's private key via HTTP Signatures. No standard authentication is required; requests are validated through cryptographic signatures.

Operations

Follow

User follow relationship management. Handles following/unfollowing users, managing follow requests, and querying follower/followee relationships. Supports both local and remote (federated) users with ActivityPub protocol integration.

Operations

Forums

Endpoints for managing discussion forums within groups. Each group can have one forum that organizes discussions into categories and tags. Forums are auto-created on first access if the group does not already have one. Management operations (update, delete) require the GroupForum.Manage RBAC permission (group admin/moderator). Read operations follow group visibility settings.

Operations

Geo

Endpoints for geographic location lookup and timezone services

Operations

Group Applications

Endpoints for managing applications available to groups. Applications are installable modules that extend group functionality. Group admins can add or remove applications from their groups. The global apps list shows all available applications at the GROUP entry point, while per-group lists show only applications installed for that specific group. Management operations require the GroupApps.Manage RBAC permission.

Operations

Group Blocks

Manage group-level user blocks

Operations

Group Channels

API endpoints for managing channels within groups. Channels are specialized accounts that enable organized content distribution within groups. They support hierarchical organization with primary and auto-subscribe channels, privacy controls inherited from parent groups, and both scoped (group-specific) and global usernames for discovery. Group admins manage channels while members follow.

Operations

Group Invitations

API endpoints for managing group invitations. Group owners and admins can invite users to join their groups. Invitees can accept or reject invitations. Creating invitations requires the GroupMembers.Invite RBAC permission. Accepting, rejecting, and viewing personal invitations require standard authentication.

Operations

Group Join

API endpoints for group join workflows. Users can request to join a group, and group admins can approve or reject join requests. Join behavior depends on the group's join mode: OPEN (instant), APPROVAL (requires admin approval), or INVITE_ONLY (requires invitation). Groups may also have entry questions that must be answered before joining. Admin operations (listing, approving, rejecting requests) require the GroupMembers.Manage RBAC permission. All endpoints require authentication.

Operations

Group Member Settings

Endpoints for managing member-specific settings within groups. These settings are personal to each group member and affect their individual experience within the group. Members can only access and modify their own settings within groups they belong to.

Operations

Group Members

API endpoints for managing group membership. Provides functionality to add, update, and remove members from groups, as well as retrieve membership information. Supports both local and federated groups through ActivityPub protocol. Access control is enforced based on group privacy settings and user permissions.

Operations

Group Pins

API endpoints for managing pinned groups. Users can pin groups they are a member of to keep them easily accessible. Pinned groups support custom ordering via pin numbers and appear first in the user's group list. All endpoints require authentication.

Operations

Group Questions

API endpoints for managing group entry questions. Groups can require prospective members to answer questions before joining. Questions support multiple types (text, single choice, multiple choice) and are used to screen members when the group's join mode is set to QUESTIONS. Answers are validated and generate a token that can be used during the join process.

Operations

Group Rules

API endpoints for managing community rules within groups. Rules define the expected conduct and content policies that members must follow. Each rule consists of text (the rule itself), a hint (explanation or context), and an ordering value for display sequence. Rules are scoped to specific groups and can be managed by users with appropriate permissions.

Operations

Group Settings

Endpoints for managing group-specific settings and configuration options. These endpoints allow authorized group members to view, update, and delete settings that control group behavior, features, and customization options.

Operations

Groups

API endpoints for managing groups within the Wellesley platform. Groups are community spaces that can be public or private, support forums, and have their own membership and permission systems. Groups can be federated via ActivityPub for cross-instance communication.

Operations

Import

Endpoints for importing data from other platforms including followers, blocks, and mutes

Operations

Instance

Server instance information and configuration. Provides metadata about the server, compatible domains, supported languages, timezones, and countries. All endpoints are publicly accessible without authentication.

Operations

Lists

User list management for organizing and grouping followed accounts. Lists allow users to curate collections of accounts for easier content consumption. Lists can be public or private. Only the list owner can modify their lists. All endpoints require authentication.

Operations

Logins

Login method management for authenticated accounts. Allows adding or removing email/password and phone number as authentication methods. Adding a login method requires email or SMS verification. Removing a method is blocked if it is the last remaining login identifier. All changes are audited. All endpoints require authentication.

Operations

Markdown

Markdown-to-HTML rendering service for post and article previews. Supports autolinking of hashtags, @mentions, and custom emoji. Requires authentication.

Operations

Metrics

Endpoints for retrieving metrics and analytics data from the events stream

Operations

Mutes

User muting functionality for hiding content from specific users without blocking them. Muting a user hides their posts from your timelines and notifications, but does not prevent them from following you or interacting with your content. Mutes can be temporary (with an expiration duration) or permanent. All endpoints require authentication.

Operations

Names

Unified API for validating name availability. Supports checking user/channel usernames, group names, and category names. Returns whether a name is reserved or already in use.

Operations

Notes

Manage personal notes about other users. Notes are private and only visible to the user who created them. All endpoints require authentication. Users cannot create notes about themselves.

Operations

Notifications

User notification management for retrieving, counting, and updating notification status. Notifications are generated by user interactions such as follows, mentions, reposts, and likes. Supports filtering by notification type and status (read/unread). All endpoints require authentication.

Operations

Passkeys

Passkey (WebAuthn) registration and authentication

Operations

Password

Password management endpoints for changing and recovering account passwords. Supports two flows: authenticated password change (requires current password and email confirmation) and unauthenticated password recovery (sends reset code to account email). All password changes invalidate other active sessions for security.

Operations

Phone

Phone number change management for authenticated users. Implements a secure 4-step phone change flow: (1) request change and receive SMS code on current phone, (2) verify current phone ownership, (3) submit new phone number and receive SMS code, (4) verify new phone number. All endpoints require authentication.

Operations

Pins

Endpoints for managing Pins (top-level posts) and Highlights (pinned replies). Top-level pins are shown first in the profile scope and are limited by admin setting Maximum number of pinned posts. Replies can be pinned as highlights under their root post. Pin and unpin actions are federated via ActivityPub.

Operations

Platform Data

Endpoints for managing platform-wide and group-specific data storage. Unlike application data, this provides direct data management not tied to specific applications. Supports flexible ownership models including platform-level, group-level, and user-level data with appropriate access controls.

Operations

Platform Settings

Endpoints for managing platform-wide settings and configuration options. These endpoints control server-level settings that affect the entire platform, including features, limits, security policies, and default behaviors for all users and groups.

Operations

Polls

Endpoints for interacting with polls attached to posts, including voting and refreshing results from federated instances. Requires authentication. Polls are created as part of a post via the Posts API.

Operations

Posts

Endpoints for creating, reading, updating, and deleting posts, as well as managing comments, likes, bookmarks, reposts, subscriptions, and votes. Most endpoints require authentication; read-only feed and post endpoints are accessible to guests via @PermitAll. Post mutations are federated via ActivityPub.

Operations

RBAC

Endpoints for retrieving Role-Based Access Control (RBAC) configurations and managing roles, resources, permissions and role-to-user assignments. Scoped Role Definition (RBACRole):

  • Represents roles within the RBAC system.
  • Each role has a unique roleId, a name, an optional description, and a scope.
  • The scope defines the domain or area in which the role is valid.
  • The scope can be Global (hardcoded), currently the only one is "global"
  • The scope also can be dynamic, currently we use Group Ids, like "gr_05hxcvk1hjexere4pvtrj0hggt"
  • Roles come with assigned permissions (RBACPermissions) that define what actions the role can perform on system resources.
  • Metadata such as createdAt and updatedAt timestamps track the role's lifecycle events.

Permissions (RBACPermissions):

  • Encapsulates resource-specific access controls.
  • Each permission object specifies the resource (e.g., "user", "document") and an associated list of allowed RBACAccess types.
  • RBACAccess enumerates the supported actions: Read, Add, Modify, Delete.

Role Assignments to Actors (RBACActorRole):

  • Maps actors (e.g., users, services) to specific roles.
  • Tracks the association through actorId (representing the unique entity being assigned) and roleId (specific role ID).
  • Includes timestamps to record when the assignment was created or updated.
Operations

Remote collections

API to retrieve followers and following collections for remote (federated) users. Fetches collection data from remote ActivityPub servers, resolves actor URIs to user profiles, and returns them in the local user format. Supports pagination via offset/limit parameters. All endpoints are publicly accessible (@PermitAll) and operate on remote users only -- local users are rejected.

Operations

Reports

Unified moderation endpoints for server and group reports. Pass scope= for group scope; omit scope for server scope.

Operations

Rules

Manage platform rules that govern user conduct and content policies. Retrieving rules is publicly accessible. Creating, updating, deleting, and reordering rules require authentication and the Rules.Manage RBAC permission. All write operations are logged in the audit trail.

Operations

Sessions

Authentication session management endpoints. Allows users to view active sessions across devices, revoke individual sessions or all other sessions, and permanently delete session records. Sessions are tracked in both the database and Redis for real-time state synchronization. All endpoints require authentication. The current session cannot be revoked or deleted.

Operations

Suggestions

Personalized follow suggestions for the authenticated user based on FASP recommendations. Excludes users already followed or pending follow requests, and users blocked by either side.

Operations

Tags

Endpoints for managing hashtags, including following, featuring, and retrieving tag information

Operations

Translation

Endpoints for translating text between languages

Operations

Uploads

Endpoints for uploading, retrieving, and managing media files. The upload flow is two-step: first create an upload via POST to get an upload URL, then PUT the actual file content to that URL. Most endpoints require authentication. Class-level @RBACAuthorize requires authentication by default; public endpoints use @PermitAll.

Operations

User Devices

Manage user device registrations for Web Push notifications. Allows registering, listing, and removing push notification subscriptions. All endpoints except VAPID public key retrieval require authentication.

Operations

User Settings

Endpoints for managing user-specific settings and preferences. These endpoints allow authenticated users to view, update, and delete their personal settings that control their account behavior, interface preferences, privacy options, and feature customizations.

Operations

Users

User profile management endpoints. Handles user creation, retrieval by ID or username, profile updates, deletion, and social graph queries (followers/following). Supports both authenticated and guest access with varying levels of detail. Guest users receive basic profile data; authenticated users can access relationship statuses and full profiles.

Operations

Authorize Interaction Resource

Operations

Platform routes

Operations