The AI Agents API manages bot creation and configuration. Each bot is a user profile of type Service with a configuration profile that includes tools, triggers, and scope. Global bots operate in the global scope; group bots operate within a group scope.
Wellesley Platform API (1.0)
Wellesley is a decentralized social platform built on top of ActivityPub. It operates as a federation of independent servers that exchange data using standard ActivityPub messages alongside custom extensions. The platform strives for Mastodon compatibility while introducing additional capabilities such as Groups, Forums, rich media, AI agents, and fine-grained access control.
This API provides full access to the platform's functionality including user and account management, posting and feeds, group creation and moderation, notifications, real-time streaming, search, federated content delivery, AI agent configuration, and platform administration. Most endpoints accept and return JSON. Pagination follows cursor-based patterns using Link headers.
Authentication: Endpoints that require authentication expect an Authorization header with a valid access token. Unauthenticated requests to protected endpoints will receive a 401 response.
RBAC (Role-Based Access Control): Some endpoints are protected by RBAC permissions. When an endpoint description mentions "RBAC: requires ...", the caller must hold the listed permission(s) in addition to being authenticated. Requests that lack the required permissions will receive a 403 response. RBAC permissions are scoped to resources (e.g., Group, Post, User) and actions (e.g., Read, Write, Moderate), and are assigned through roles.
Download OpenAPI description
Languages
Servers
Mock server
https://docs.wellesley.social/_mock/openapi
Simple setup, all in one. Digital Ocean
https://dust.allroads.social
Simple setup, db is separate. Digital Ocean
https://meteor.allroads.social
Endpoints for viewing AI providers and configuring per-scope API keys. Providers are catalog entries synced from models.dev. Use scope='global' for platform-wide configuration (requires AIProviders permissions) or a group TypeId for group-specific configuration (requires GroupAIProviders permissions).
Operations
Administrative endpoints for account and user management. Provides comprehensive tools for managing user accounts, including creation, deletion, role assignment, password management, state changes, and user impersonation for bot accounts. Requires Users.Manage permission unless otherwise noted on individual endpoints.
Operations
Administrative APIs for managing domain blocks. Provides endpoints to block specific domains with different severity levels (SUSPEND, LIMIT, NOOP), update existing blocks, unblock domains, and list currently blocked domains. Domain blocks prevent or limit federation with specified domains. Write operations require Federation.Manage permission; read operations require Federation.Read or Federation.Manage permission.
Operations
Administrative endpoints for managing domain allowlists. When domain allowlisting is enabled, only domains in this list can federate with the instance. Write operations require Federation.Manage permission; read operations require Federation.Read or Federation.Manage permission.
Operations
Administrative endpoints for managing the email domain allowlist used during user registration. When enabled, only email addresses from allowed domains can sign up. Write operations require AdminSettings.Manage permission; read operations require AdminSettings.Read or AdminSettings.Manage permission.
Operations
Administrative endpoints for managing FASP (Fediverse Auxiliary Service Provider) provider registrations and default capability assignments. Allows accepting, declining, and blocking providers, as well as configuring which provider is the default for each capability. Read operations require Federation.Read or Federation.Manage permission; write operations require Federation.Manage permission.
Operations
Administrative endpoints for monitoring and managing federation with other ActivityPub instances. Provides metrics on connected domains, user counts, post statistics, and federation health monitoring including sliding window performance metrics for inbox processing. Requires Federation.Read or Federation.Manage permission.
Operations
Administrative endpoints for configuring a remote link preview service provider. This service fetches rich link previews (title, description, image) for URLs shared in posts. The provider must support the 'link_preview' FASP capability. Requires AdminSettings.Manage permission.
Operations
Administrative endpoints for managing user signup requests. Provides tools for reviewing, approving, rejecting, and managing signup requests in the moderation queue. Supports workflow for manual account approval when enabled. Read operations require Signups.Read or Signups.Manage permission; write operations require Signups.Manage permission.
Operations
Administrative endpoints for managing file uploads and media storage. Provides tools for monitoring user storage usage, searching uploaded files, and managing upload processing jobs. Supports queue management for async upload processing workflows. Requires Uploads.Read permission.
Operations
Endpoints for managing forum categories within groups. Categories organize forum discussions into topics, allowing structured content browsing. Each forum must have at least one category. Most management operations require the GroupForum.Manage RBAC permission (group admin/moderator). Read operations are accessible according to group visibility settings.
Operations
Administrative endpoints for managing vector embeddings used in AI-powered features such as semantic search and content recommendations. Provides tools for enabling/disabling embeddings, configuring the embedding model, estimating costs, and managing batch recalculation jobs. Requires AdminSettings.Manage permission.
Operations
Administration endpoints for managing FASP (Fediverse Auxiliary Service Provider) registrations and capabilities. Handles the FASP registration workflow: providers register via POST, admins confirm registration, and capabilities are activated or deactivated. Also provides debug and backfill request tools. The registration endpoint is publicly accessible; all other endpoints require the Federation.Manage RBAC permission.
Operations
FASP (Fediverse Auxiliary Service Provider) data sharing endpoints implementing the FASP data sharing protocol v0. Allows FASP providers to subscribe to content lifecycle events and trends, request backfills of historical data, and manage their subscriptions. All requests are authenticated using FASP Ed25519 HTTP signature verification, not user authentication. Not intended to be called directly by client applications.
Debug endpoints for FASP (Fediverse Auxiliary Service Provider) integration testing. Allows FASP providers to submit debug callback responses and administrators to view and manage callback logs. The POST endpoint uses FASP Ed25519 HTTP signature authentication; the GET and DELETE endpoints are currently unauthenticated and intended for admin use only.
Endpoints for managing discussion forums within groups. Each group can have one forum that organizes discussions into categories and tags. Forums are auto-created on first access if the group does not already have one. Management operations (update, delete) require the GroupForum.Manage RBAC permission (group admin/moderator). Read operations follow group visibility settings.
Operations
Endpoints for managing applications available to groups. Applications are installable modules that extend group functionality. Group admins can add or remove applications from their groups. The global apps list shows all available applications at the GROUP entry point, while per-group lists show only applications installed for that specific group. Management operations require the GroupApps.Manage RBAC permission.
Operations
API endpoints for managing channels within groups. Channels are specialized accounts that enable organized content distribution within groups. They support hierarchical organization with primary and auto-subscribe channels, privacy controls inherited from parent groups, and both scoped (group-specific) and global usernames for discovery. Group admins manage channels while members follow.
Operations
API endpoints for managing group invitations. Group owners and admins can invite users to join their groups. Invitees can accept or reject invitations. Creating invitations requires the GroupMembers.Invite RBAC permission. Accepting, rejecting, and viewing personal invitations require standard authentication.
Operations
API endpoints for group join workflows. Users can request to join a group, and group admins can approve or reject join requests. Join behavior depends on the group's join mode: OPEN (instant), APPROVAL (requires admin approval), or INVITE_ONLY (requires invitation). Groups may also have entry questions that must be answered before joining. Admin operations (listing, approving, rejecting requests) require the GroupMembers.Manage RBAC permission. All endpoints require authentication.
Operations
API endpoints for managing group membership. Provides functionality to add, update, and remove members from groups, as well as retrieve membership information. Supports both local and federated groups through ActivityPub protocol. Access control is enforced based on group privacy settings and user permissions.
Operations
API endpoints for managing group entry questions. Groups can require prospective members to answer questions before joining. Questions support multiple types (text, single choice, multiple choice) and are used to screen members when the group's join mode is set to QUESTIONS. Answers are validated and generate a token that can be used during the join process.
Operations
API endpoints for managing community rules within groups. Rules define the expected conduct and content policies that members must follow. Each rule consists of text (the rule itself), a hint (explanation or context), and an ordering value for display sequence. Rules are scoped to specific groups and can be managed by users with appropriate permissions.
Operations
Request
Creates a new group owned by the currently authenticated user. The user becomes the group owner with full administrative privileges. The group name must be unique across the platform. A forum is automatically created for the group with default categories.
Security
header
- PUBLIC - Open Content. Content and membership are viewable by anyone.
- PRIVATE - Members-Only Content. Outsiders cannot see posts or members unless they join.
Enum"PUBLIC""PRIVATE"
- VISIBLE - The group is listed openly. It shows up in search results or directory listings, no matter if it's privacy is PUBLIC or PRIVATE.
- UNLISTED - The group does not appear in public lists or searches but is accessible via direct link.
- HIDDEN - The group is completely hidden and invite-only. Shared links will return 404 for non-members.
Enum"VISIBLE""UNLISTED""HIDDEN"
- OPEN - Anyone can join the group immediately without approval.
- APPROVAL - User requests must be approved by a group admin or moderator.
- INVITE_ONLY - Only users with an invitation from a member can join.
Enum"OPEN""APPROVAL""INVITE_ONLY"
Unique group name used in URLs. Must be alphanumeric with underscores/hyphens, 3-30 characters.
Human-readable display name for the group. Can contain spaces and special characters.
Detailed description of the group's purpose and activities. Supports markdown formatting.
The type/category of the group (ORGANIZATION, COMMUNITY, PROJECT, etc.)
Enum"CHANNEL""INTEREST_GROUP""ORGANIZATION"
- Mock serverhttps://docs.wellesley.social/_mock/openapi/api/v1/groups
- Simple setup, all in one. Digital Oceanhttps://dust.allroads.social/api/v1/groups
- Simple setup, db is separate. Digital Oceanhttps://meteor.allroads.social/api/v1/groups
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X POST \
https://docs.wellesley.social/_mock/openapi/api/v1/groups \
-H 'Authorization: YOUR_API_KEY_HERE' \
-H 'Content-Type: application/json' \
-d '{
"privacy": "PUBLIC",
"visibility": "VISIBLE",
"joinMode": "OPEN",
"bannerId": "us_01hxcvk1hjexere4pvtrj0ymqq",
"avatarId": "us_01hxcvk1hjexere4pvtrj0ymqq",
"location": {
"geo": {
"latitude": 0.1,
"longitude": 0.1,
"altitude": 0.1,
"accuracy": 0.1,
"verticalAccuracy": 0.1,
"speed": 0.1,
"bearing": 0.1,
"timestamp": 0
},
"name": "string",
"autoUpdate": true,
"show": true
},
"timezone": {
"ianaTimezone": "string",
"autoUpdate": true,
"show": true
},
"name": "string",
"displayName": "string",
"description": "string",
"fields": {
"property1": {
"value": "string",
"verifiedAt": "2022-03-10T16:15:50Z"
},
"property2": {
"value": "string",
"verifiedAt": "2022-03-10T16:15:50Z"
}
},
"meta": {
"color": "string"
},
"type": "CHANNEL",
"secret": true
}'Successfully created the new group
group metadata including color
- PUBLIC - Open Content. Content and membership are viewable by anyone.
- PRIVATE - Members-Only Content. Outsiders cannot see posts or members unless they join.
Enum"PUBLIC""PRIVATE"
- VISIBLE - The group is listed openly. It shows up in search results or directory listings, no matter if it's privacy is PUBLIC or PRIVATE.
- UNLISTED - The group does not appear in public lists or searches but is accessible via direct link.
- HIDDEN - The group is completely hidden and invite-only. Shared links will return 404 for non-members.
Enum"VISIBLE""UNLISTED""HIDDEN"
- OPEN - Anyone can join the group immediately without approval.
- APPROVAL - User requests must be approved by a group admin or moderator.
- INVITE_ONLY - Only users with an invitation from a member can join.
Enum"OPEN""APPROVAL""INVITE_ONLY"
Whether the current viewer can manage this group (owner, admin, or moderator)
ID of the forum associated with this group
Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
Response
application/json
{ "stats": { "posts": 0, "postsLast24h": 0, "comments": 0, "totalStorageBytes": 0, "avgPostsPerDay": 0.1, "avgBytesPerDay": 0.1, "members": 0, "totalEvents": 0 }, "meta": { "color": "string" }, "privacy": "PUBLIC", "visibility": "VISIBLE", "joinMode": "OPEN", "location": { "geo": { … }, "name": "string", "autoUpdate": true, "show": true }, "timezone": { "ianaTimezone": "string", "autoUpdate": true, "show": true }, "isMember": true, "pin": 0, "canManage": true, "isOwner": true, "roles": [ "string" ], "groupId": "us_01hxcvk1hjexere4pvtrj0ymqq", "groupName": "string", "domain": "string", "local": true, "displayName": "string", "summary": "string", "uri": "http://example.com", "publicKey": "string", "forumId": "us_01hxcvk1hjexere4pvtrj0ymqq", "fields": { "property1": { … }, "property2": { … } }, "type": "CHANNEL", "membersUrl": "string", "banner": { "uploadId": "up_kjhwieuy2387928371", "uploaderId": "us_97234khddqdkuhqwij", "ownerId": "us_97234khddqdkuhqwij", "attachedToId": "pt_97234khddqdkuhqwij", "uploadType": "video", "meta": { … }, "size": 0, "files": [ … ], "tags": [ … ], "error": "string", "cached": true, "logs": "string", "remote": true, "createdAt": "2022-03-10T16:15:50Z", "updatedAt": "2022-03-10T16:15:50Z" }, "avatar": { "uploadId": "up_kjhwieuy2387928371", "uploaderId": "us_97234khddqdkuhqwij", "ownerId": "us_97234khddqdkuhqwij", "attachedToId": "pt_97234khddqdkuhqwij", "uploadType": "video", "meta": { … }, "size": 0, "files": [ … ], "tags": [ … ], "error": "string", "cached": true, "logs": "string", "remote": true, "createdAt": "2022-03-10T16:15:50Z", "updatedAt": "2022-03-10T16:15:50Z" }, "deletedAt": "2022-03-10T16:15:50Z", "createdAt": "2022-03-10T16:15:50Z", "updatedAt": "2022-03-10T16:15:50Z", "refreshedAt": "2022-03-10T16:15:50Z", "secret": true }
Request
Returns user's groups in order: 1) pinned by pin number, 2) owned unpinned by creation date, 3) member unpinned by creation date. Each group includes viewer context: isMember (always true), pin (if pinned), and canManage.
Security
header
- Mock serverhttps://docs.wellesley.social/_mock/openapi/api/v1/groups/my-groups
- Simple setup, all in one. Digital Oceanhttps://dust.allroads.social/api/v1/groups/my-groups
- Simple setup, db is separate. Digital Oceanhttps://meteor.allroads.social/api/v1/groups/my-groups
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X GET \
'https://docs.wellesley.social/_mock/openapi/api/v1/groups/my-groups?lastId=%3FlastId%3D%24{data.last%28%29.id}&limit=0&offset=0&sortBy=string&sortOrder=string&untilId=%3FuntilId%3D%24{data.first%28%29.id}' \
-H 'Authorization: YOUR_API_KEY_HERE'List of user's groups with sorting information and viewer context
group metadata including color
- PUBLIC - Open Content. Content and membership are viewable by anyone.
- PRIVATE - Members-Only Content. Outsiders cannot see posts or members unless they join.
Enum"PUBLIC""PRIVATE"
- VISIBLE - The group is listed openly. It shows up in search results or directory listings, no matter if it's privacy is PUBLIC or PRIVATE.
- UNLISTED - The group does not appear in public lists or searches but is accessible via direct link.
- HIDDEN - The group is completely hidden and invite-only. Shared links will return 404 for non-members.
Enum"VISIBLE""UNLISTED""HIDDEN"
- OPEN - Anyone can join the group immediately without approval.
- APPROVAL - User requests must be approved by a group admin or moderator.
- INVITE_ONLY - Only users with an invitation from a member can join.
Enum"OPEN""APPROVAL""INVITE_ONLY"
Whether the current viewer can manage this group (owner, admin, or moderator)
ID of the forum associated with this group
Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
Response
application/json
[ { "stats": { … }, "meta": { … }, "privacy": "PUBLIC", "visibility": "VISIBLE", "joinMode": "OPEN", "location": { … }, "timezone": { … }, "isMember": true, "pin": 0, "canManage": true, "isOwner": true, "roles": [ … ], "groupId": "us_01hxcvk1hjexere4pvtrj0ymqq", "groupName": "string", "domain": "string", "local": true, "displayName": "string", "summary": "string", "uri": "http://example.com", "publicKey": "string", "forumId": "us_01hxcvk1hjexere4pvtrj0ymqq", "fields": { … }, "type": "CHANNEL", "membersUrl": "string", "banner": { … }, "avatar": { … }, "deletedAt": "2022-03-10T16:15:50Z", "createdAt": "2022-03-10T16:15:50Z", "updatedAt": "2022-03-10T16:15:50Z", "refreshedAt": "2022-03-10T16:15:50Z", "secret": true } ]
Request
Retrieves a group using its unique name (slug). The group name is case-insensitive and must follow username validation rules (alphanumeric, underscores, hyphens). This endpoint is publicly accessible (@PermitAll) and is useful for human-readable URLs. Stats visibility is controlled by group settings.
- Mock serverhttps://docs.wellesley.social/_mock/openapi/api/v1/groups/name/{groupname}
- Simple setup, all in one. Digital Oceanhttps://dust.allroads.social/api/v1/groups/name/{groupname}
- Simple setup, db is separate. Digital Oceanhttps://meteor.allroads.social/api/v1/groups/name/{groupname}
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X GET \
https://docs.wellesley.social/_mock/openapi/api/v1/groups/name/wine-loversGroup details retrieved successfully
group metadata including color
- PUBLIC - Open Content. Content and membership are viewable by anyone.
- PRIVATE - Members-Only Content. Outsiders cannot see posts or members unless they join.
Enum"PUBLIC""PRIVATE"
- VISIBLE - The group is listed openly. It shows up in search results or directory listings, no matter if it's privacy is PUBLIC or PRIVATE.
- UNLISTED - The group does not appear in public lists or searches but is accessible via direct link.
- HIDDEN - The group is completely hidden and invite-only. Shared links will return 404 for non-members.
Enum"VISIBLE""UNLISTED""HIDDEN"
- OPEN - Anyone can join the group immediately without approval.
- APPROVAL - User requests must be approved by a group admin or moderator.
- INVITE_ONLY - Only users with an invitation from a member can join.
Enum"OPEN""APPROVAL""INVITE_ONLY"
Whether the current viewer can manage this group (owner, admin, or moderator)
ID of the forum associated with this group
Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
Response
application/json
{ "stats": { "posts": 0, "postsLast24h": 0, "comments": 0, "totalStorageBytes": 0, "avgPostsPerDay": 0.1, "avgBytesPerDay": 0.1, "members": 0, "totalEvents": 0 }, "meta": { "color": "string" }, "privacy": "PUBLIC", "visibility": "VISIBLE", "joinMode": "OPEN", "location": { "geo": { … }, "name": "string", "autoUpdate": true, "show": true }, "timezone": { "ianaTimezone": "string", "autoUpdate": true, "show": true }, "isMember": true, "pin": 0, "canManage": true, "isOwner": true, "roles": [ "string" ], "groupId": "us_01hxcvk1hjexere4pvtrj0ymqq", "groupName": "string", "domain": "string", "local": true, "displayName": "string", "summary": "string", "uri": "http://example.com", "publicKey": "string", "forumId": "us_01hxcvk1hjexere4pvtrj0ymqq", "fields": { "property1": { … }, "property2": { … } }, "type": "CHANNEL", "membersUrl": "string", "banner": { "uploadId": "up_kjhwieuy2387928371", "uploaderId": "us_97234khddqdkuhqwij", "ownerId": "us_97234khddqdkuhqwij", "attachedToId": "pt_97234khddqdkuhqwij", "uploadType": "video", "meta": { … }, "size": 0, "files": [ … ], "tags": [ … ], "error": "string", "cached": true, "logs": "string", "remote": true, "createdAt": "2022-03-10T16:15:50Z", "updatedAt": "2022-03-10T16:15:50Z" }, "avatar": { "uploadId": "up_kjhwieuy2387928371", "uploaderId": "us_97234khddqdkuhqwij", "ownerId": "us_97234khddqdkuhqwij", "attachedToId": "pt_97234khddqdkuhqwij", "uploadType": "video", "meta": { … }, "size": 0, "files": [ … ], "tags": [ … ], "error": "string", "cached": true, "logs": "string", "remote": true, "createdAt": "2022-03-10T16:15:50Z", "updatedAt": "2022-03-10T16:15:50Z" }, "deletedAt": "2022-03-10T16:15:50Z", "createdAt": "2022-03-10T16:15:50Z", "updatedAt": "2022-03-10T16:15:50Z", "refreshedAt": "2022-03-10T16:15:50Z", "secret": true }
Request
Searches for groups whose names contain the specified substring. The search is case-insensitive. If no substring is provided or it's empty, returns all visible groups. Results respect visibility and membership: returns VISIBLE groups (public or private) and any groups the user is a member of if UNLISTED (HIDDEN groups never appear in search or listings). This endpoint is publicly accessible (@PermitAll). Results are paginated.
- Mock serverhttps://docs.wellesley.social/_mock/openapi/api/v1/groups/search
- Simple setup, all in one. Digital Oceanhttps://dust.allroads.social/api/v1/groups/search
- Simple setup, db is separate. Digital Oceanhttps://meteor.allroads.social/api/v1/groups/search
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X GET \
'https://docs.wellesley.social/_mock/openapi/api/v1/groups/search?lastId=%3FlastId%3D%24{data.last%28%29.id}&limit=0&offset=0&sortBy=string&sortOrder=string&substring=tech&untilId=%3FuntilId%3D%24{data.first%28%29.id}'List of matching groups
group metadata including color
- PUBLIC - Open Content. Content and membership are viewable by anyone.
- PRIVATE - Members-Only Content. Outsiders cannot see posts or members unless they join.
Enum"PUBLIC""PRIVATE"
- VISIBLE - The group is listed openly. It shows up in search results or directory listings, no matter if it's privacy is PUBLIC or PRIVATE.
- UNLISTED - The group does not appear in public lists or searches but is accessible via direct link.
- HIDDEN - The group is completely hidden and invite-only. Shared links will return 404 for non-members.
Enum"VISIBLE""UNLISTED""HIDDEN"
- OPEN - Anyone can join the group immediately without approval.
- APPROVAL - User requests must be approved by a group admin or moderator.
- INVITE_ONLY - Only users with an invitation from a member can join.
Enum"OPEN""APPROVAL""INVITE_ONLY"
Whether the current viewer can manage this group (owner, admin, or moderator)
ID of the forum associated with this group
Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
Response
application/json
[ { "stats": { … }, "meta": { … }, "privacy": "PUBLIC", "visibility": "VISIBLE", "joinMode": "OPEN", "location": { … }, "timezone": { … }, "isMember": true, "pin": 0, "canManage": true, "isOwner": true, "roles": [ … ], "groupId": "us_01hxcvk1hjexere4pvtrj0ymqq", "groupName": "string", "domain": "string", "local": true, "displayName": "string", "summary": "string", "uri": "http://example.com", "publicKey": "string", "forumId": "us_01hxcvk1hjexere4pvtrj0ymqq", "fields": { … }, "type": "CHANNEL", "membersUrl": "string", "banner": { … }, "avatar": { … }, "deletedAt": "2022-03-10T16:15:50Z", "createdAt": "2022-03-10T16:15:50Z", "updatedAt": "2022-03-10T16:15:50Z", "refreshedAt": "2022-03-10T16:15:50Z", "secret": true } ]
- Mock serverhttps://docs.wellesley.social/_mock/openapi/api/v1/groups/users/{userId}/mutual
- Simple setup, all in one. Digital Oceanhttps://dust.allroads.social/api/v1/groups/users/{userId}/mutual
- Simple setup, db is separate. Digital Oceanhttps://meteor.allroads.social/api/v1/groups/users/{userId}/mutual
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X GET \
https://docs.wellesley.social/_mock/openapi/api/v1/groups/users/us_01hz1f0kw36f82k9s4nzpc4s92n/mutual \
-H 'Authorization: YOUR_API_KEY_HERE'List of groups both users belong to
group metadata including color
- PUBLIC - Open Content. Content and membership are viewable by anyone.
- PRIVATE - Members-Only Content. Outsiders cannot see posts or members unless they join.
Enum"PUBLIC""PRIVATE"
- VISIBLE - The group is listed openly. It shows up in search results or directory listings, no matter if it's privacy is PUBLIC or PRIVATE.
- UNLISTED - The group does not appear in public lists or searches but is accessible via direct link.
- HIDDEN - The group is completely hidden and invite-only. Shared links will return 404 for non-members.
Enum"VISIBLE""UNLISTED""HIDDEN"
- OPEN - Anyone can join the group immediately without approval.
- APPROVAL - User requests must be approved by a group admin or moderator.
- INVITE_ONLY - Only users with an invitation from a member can join.
Enum"OPEN""APPROVAL""INVITE_ONLY"
Whether the current viewer can manage this group (owner, admin, or moderator)
ID of the forum associated with this group
Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
Response
application/json
[ { "stats": { … }, "meta": { … }, "privacy": "PUBLIC", "visibility": "VISIBLE", "joinMode": "OPEN", "location": { … }, "timezone": { … }, "isMember": true, "pin": 0, "canManage": true, "isOwner": true, "roles": [ … ], "groupId": "us_01hxcvk1hjexere4pvtrj0ymqq", "groupName": "string", "domain": "string", "local": true, "displayName": "string", "summary": "string", "uri": "http://example.com", "publicKey": "string", "forumId": "us_01hxcvk1hjexere4pvtrj0ymqq", "fields": { … }, "type": "CHANNEL", "membersUrl": "string", "banner": { … }, "avatar": { … }, "deletedAt": "2022-03-10T16:15:50Z", "createdAt": "2022-03-10T16:15:50Z", "updatedAt": "2022-03-10T16:15:50Z", "refreshedAt": "2022-03-10T16:15:50Z", "secret": true } ]
Request
Updates the group's basic information including name, display name, description, and privacy settings. Requires GroupData.Manage permission. The group owner and administrators can perform this operation. Changes to privacy settings may affect member access and visibility.
RBAC: requires GroupData.Manage
Security
header
New unique group name. This will update the group's URL. Must be unique across the platform. Null to keep existing name.
Updated display name for the group. This is what users see in the UI. Null to keep existing.
Custom fields for the group; processed like user's fields. Null to keep existing.
Group's last refresh timestamp. Null to keep existing.
Example: "2022-03-10T16:15:50Z"
- PUBLIC - Open Content. Content and membership are viewable by anyone.
- PRIVATE - Members-Only Content. Outsiders cannot see posts or members unless they join.
Enum"PUBLIC""PRIVATE"
- VISIBLE - The group is listed openly. It shows up in search results or directory listings, no matter if it's privacy is PUBLIC or PRIVATE.
- UNLISTED - The group does not appear in public lists or searches but is accessible via direct link.
- HIDDEN - The group is completely hidden and invite-only. Shared links will return 404 for non-members.
Enum"VISIBLE""UNLISTED""HIDDEN"
- OPEN - Anyone can join the group immediately without approval.
- APPROVAL - User requests must be approved by a group admin or moderator.
- INVITE_ONLY - Only users with an invitation from a member can join.
Enum"OPEN""APPROVAL""INVITE_ONLY"
Banner upload id. Null to keep existing.
Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
Avatar upload id. Null to keep existing.
Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
- Mock serverhttps://docs.wellesley.social/_mock/openapi/api/v1/groups/{groupId}
- Simple setup, all in one. Digital Oceanhttps://dust.allroads.social/api/v1/groups/{groupId}
- Simple setup, db is separate. Digital Oceanhttps://meteor.allroads.social/api/v1/groups/{groupId}
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X PUT \
https://docs.wellesley.social/_mock/openapi/api/v1/groups/gr_01hz1f0kw36f82k9s4nzpc4s33n \
-H 'Authorization: YOUR_API_KEY_HERE' \
-H 'Content-Type: application/json' \
-d '{
"name": "string",
"displayName": "string",
"description": "string",
"fields": {
"property1": {
"value": "string",
"verifiedAt": "2022-03-10T16:15:50Z"
},
"property2": {
"value": "string",
"verifiedAt": "2022-03-10T16:15:50Z"
}
},
"refreshedAt": "2022-03-10T16:15:50Z",
"meta": {
"color": "string"
},
"privacy": "PUBLIC",
"visibility": "VISIBLE",
"joinMode": "OPEN",
"bannerId": "us_01hxcvk1hjexere4pvtrj0ymqq",
"avatarId": "us_01hxcvk1hjexere4pvtrj0ymqq",
"location": {
"geo": {
"latitude": 0.1,
"longitude": 0.1,
"altitude": 0.1,
"accuracy": 0.1,
"verticalAccuracy": 0.1,
"speed": 0.1,
"bearing": 0.1,
"timestamp": 0
},
"name": "string",
"autoUpdate": true,
"show": true
},
"timezone": {
"ianaTimezone": "string",
"autoUpdate": true,
"show": true
}
}'Successfully updated the group
group metadata including color
- PUBLIC - Open Content. Content and membership are viewable by anyone.
- PRIVATE - Members-Only Content. Outsiders cannot see posts or members unless they join.
Enum"PUBLIC""PRIVATE"
- VISIBLE - The group is listed openly. It shows up in search results or directory listings, no matter if it's privacy is PUBLIC or PRIVATE.
- UNLISTED - The group does not appear in public lists or searches but is accessible via direct link.
- HIDDEN - The group is completely hidden and invite-only. Shared links will return 404 for non-members.
Enum"VISIBLE""UNLISTED""HIDDEN"
- OPEN - Anyone can join the group immediately without approval.
- APPROVAL - User requests must be approved by a group admin or moderator.
- INVITE_ONLY - Only users with an invitation from a member can join.
Enum"OPEN""APPROVAL""INVITE_ONLY"
Whether the current viewer can manage this group (owner, admin, or moderator)
ID of the forum associated with this group
Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
Response
application/json
{ "stats": { "posts": 0, "postsLast24h": 0, "comments": 0, "totalStorageBytes": 0, "avgPostsPerDay": 0.1, "avgBytesPerDay": 0.1, "members": 0, "totalEvents": 0 }, "meta": { "color": "string" }, "privacy": "PUBLIC", "visibility": "VISIBLE", "joinMode": "OPEN", "location": { "geo": { … }, "name": "string", "autoUpdate": true, "show": true }, "timezone": { "ianaTimezone": "string", "autoUpdate": true, "show": true }, "isMember": true, "pin": 0, "canManage": true, "isOwner": true, "roles": [ "string" ], "groupId": "us_01hxcvk1hjexere4pvtrj0ymqq", "groupName": "string", "domain": "string", "local": true, "displayName": "string", "summary": "string", "uri": "http://example.com", "publicKey": "string", "forumId": "us_01hxcvk1hjexere4pvtrj0ymqq", "fields": { "property1": { … }, "property2": { … } }, "type": "CHANNEL", "membersUrl": "string", "banner": { "uploadId": "up_kjhwieuy2387928371", "uploaderId": "us_97234khddqdkuhqwij", "ownerId": "us_97234khddqdkuhqwij", "attachedToId": "pt_97234khddqdkuhqwij", "uploadType": "video", "meta": { … }, "size": 0, "files": [ … ], "tags": [ … ], "error": "string", "cached": true, "logs": "string", "remote": true, "createdAt": "2022-03-10T16:15:50Z", "updatedAt": "2022-03-10T16:15:50Z" }, "avatar": { "uploadId": "up_kjhwieuy2387928371", "uploaderId": "us_97234khddqdkuhqwij", "ownerId": "us_97234khddqdkuhqwij", "attachedToId": "pt_97234khddqdkuhqwij", "uploadType": "video", "meta": { … }, "size": 0, "files": [ … ], "tags": [ … ], "error": "string", "cached": true, "logs": "string", "remote": true, "createdAt": "2022-03-10T16:15:50Z", "updatedAt": "2022-03-10T16:15:50Z" }, "deletedAt": "2022-03-10T16:15:50Z", "createdAt": "2022-03-10T16:15:50Z", "updatedAt": "2022-03-10T16:15:50Z", "refreshedAt": "2022-03-10T16:15:50Z", "secret": true }
Request
Retrieves detailed information about a specific group including metadata, settings, and upload references. Accessible for public groups without membership. Hidden groups return 404 for non-members to maintain privacy. Includes real-time statistics. Stats visibility is controlled by group settings.
Security
header
- Mock serverhttps://docs.wellesley.social/_mock/openapi/api/v1/groups/{groupId}
- Simple setup, all in one. Digital Oceanhttps://dust.allroads.social/api/v1/groups/{groupId}
- Simple setup, db is separate. Digital Oceanhttps://meteor.allroads.social/api/v1/groups/{groupId}
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X GET \
https://docs.wellesley.social/_mock/openapi/api/v1/groups/gr_01hz1f0kw36f82k9s4nzpc4s33n \
-H 'Authorization: YOUR_API_KEY_HERE'Group details retrieved successfully
group metadata including color
- PUBLIC - Open Content. Content and membership are viewable by anyone.
- PRIVATE - Members-Only Content. Outsiders cannot see posts or members unless they join.
Enum"PUBLIC""PRIVATE"
- VISIBLE - The group is listed openly. It shows up in search results or directory listings, no matter if it's privacy is PUBLIC or PRIVATE.
- UNLISTED - The group does not appear in public lists or searches but is accessible via direct link.
- HIDDEN - The group is completely hidden and invite-only. Shared links will return 404 for non-members.
Enum"VISIBLE""UNLISTED""HIDDEN"
- OPEN - Anyone can join the group immediately without approval.
- APPROVAL - User requests must be approved by a group admin or moderator.
- INVITE_ONLY - Only users with an invitation from a member can join.
Enum"OPEN""APPROVAL""INVITE_ONLY"
Whether the current viewer can manage this group (owner, admin, or moderator)
ID of the forum associated with this group
Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
Response
application/json
{ "stats": { "posts": 0, "postsLast24h": 0, "comments": 0, "totalStorageBytes": 0, "avgPostsPerDay": 0.1, "avgBytesPerDay": 0.1, "members": 0, "totalEvents": 0 }, "meta": { "color": "string" }, "privacy": "PUBLIC", "visibility": "VISIBLE", "joinMode": "OPEN", "location": { "geo": { … }, "name": "string", "autoUpdate": true, "show": true }, "timezone": { "ianaTimezone": "string", "autoUpdate": true, "show": true }, "isMember": true, "pin": 0, "canManage": true, "isOwner": true, "roles": [ "string" ], "groupId": "us_01hxcvk1hjexere4pvtrj0ymqq", "groupName": "string", "domain": "string", "local": true, "displayName": "string", "summary": "string", "uri": "http://example.com", "publicKey": "string", "forumId": "us_01hxcvk1hjexere4pvtrj0ymqq", "fields": { "property1": { … }, "property2": { … } }, "type": "CHANNEL", "membersUrl": "string", "banner": { "uploadId": "up_kjhwieuy2387928371", "uploaderId": "us_97234khddqdkuhqwij", "ownerId": "us_97234khddqdkuhqwij", "attachedToId": "pt_97234khddqdkuhqwij", "uploadType": "video", "meta": { … }, "size": 0, "files": [ … ], "tags": [ … ], "error": "string", "cached": true, "logs": "string", "remote": true, "createdAt": "2022-03-10T16:15:50Z", "updatedAt": "2022-03-10T16:15:50Z" }, "avatar": { "uploadId": "up_kjhwieuy2387928371", "uploaderId": "us_97234khddqdkuhqwij", "ownerId": "us_97234khddqdkuhqwij", "attachedToId": "pt_97234khddqdkuhqwij", "uploadType": "video", "meta": { … }, "size": 0, "files": [ … ], "tags": [ … ], "error": "string", "cached": true, "logs": "string", "remote": true, "createdAt": "2022-03-10T16:15:50Z", "updatedAt": "2022-03-10T16:15:50Z" }, "deletedAt": "2022-03-10T16:15:50Z", "createdAt": "2022-03-10T16:15:50Z", "updatedAt": "2022-03-10T16:15:50Z", "refreshedAt": "2022-03-10T16:15:50Z", "secret": true }
Request
Permanently deletes a group and all associated data including memberships, roles, and forum content. This operation is irreversible. Requires the Group.Delete RBAC permission (typically group owner). The deletion is federated via ActivityPub to notify remote instances.
RBAC: requires Group.Delete
Security
header
- Mock serverhttps://docs.wellesley.social/_mock/openapi/api/v1/groups/{groupId}
- Simple setup, all in one. Digital Oceanhttps://dust.allroads.social/api/v1/groups/{groupId}
- Simple setup, db is separate. Digital Oceanhttps://meteor.allroads.social/api/v1/groups/{groupId}
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X DELETE \
https://docs.wellesley.social/_mock/openapi/api/v1/groups/gr_01hz1f0kw36f82k9s4nzpc4s33n \
-H 'Authorization: YOUR_API_KEY_HERE'Request
Updates the visual branding elements of a group including color theme, banner image, and avatar. Color must be in HEX format. Banner and avatar are references to previously uploaded media. Setting banner or avatar to null removes them. Requires the GroupSettings.Manage RBAC permission (group admin).
RBAC: requires GroupSettings.Manage
Security
header
Theme color for the group in 6-character HEX format with # prefix. Used for UI theming. Null to keep existing color.
Example: "#FF5733"
Upload ID of the banner image. Must be a previously uploaded image. Null to keep existing banner.
Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
- Mock serverhttps://docs.wellesley.social/_mock/openapi/api/v1/groups/{groupId}/branding
- Simple setup, all in one. Digital Oceanhttps://dust.allroads.social/api/v1/groups/{groupId}/branding
- Simple setup, db is separate. Digital Oceanhttps://meteor.allroads.social/api/v1/groups/{groupId}/branding
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X PUT \
https://docs.wellesley.social/_mock/openapi/api/v1/groups/gr_01hz1f0kw36f82k9s4nzpc4s33n/branding \
-H 'Authorization: YOUR_API_KEY_HERE' \
-H 'Content-Type: application/json' \
-d '{
"color": "#FF5733",
"bannerId": "up_01hz1f0kw36f82k9s4nzpc4s92n",
"avatarId": "up_01hz1f0kw36f82k9s4nzpc4s92n"
}'Successfully updated group branding
group metadata including color
- PUBLIC - Open Content. Content and membership are viewable by anyone.
- PRIVATE - Members-Only Content. Outsiders cannot see posts or members unless they join.
Enum"PUBLIC""PRIVATE"
- VISIBLE - The group is listed openly. It shows up in search results or directory listings, no matter if it's privacy is PUBLIC or PRIVATE.
- UNLISTED - The group does not appear in public lists or searches but is accessible via direct link.
- HIDDEN - The group is completely hidden and invite-only. Shared links will return 404 for non-members.
Enum"VISIBLE""UNLISTED""HIDDEN"
- OPEN - Anyone can join the group immediately without approval.
- APPROVAL - User requests must be approved by a group admin or moderator.
- INVITE_ONLY - Only users with an invitation from a member can join.
Enum"OPEN""APPROVAL""INVITE_ONLY"
Whether the current viewer can manage this group (owner, admin, or moderator)
ID of the forum associated with this group
Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
Response
application/json
{ "stats": { "posts": 0, "postsLast24h": 0, "comments": 0, "totalStorageBytes": 0, "avgPostsPerDay": 0.1, "avgBytesPerDay": 0.1, "members": 0, "totalEvents": 0 }, "meta": { "color": "string" }, "privacy": "PUBLIC", "visibility": "VISIBLE", "joinMode": "OPEN", "location": { "geo": { … }, "name": "string", "autoUpdate": true, "show": true }, "timezone": { "ianaTimezone": "string", "autoUpdate": true, "show": true }, "isMember": true, "pin": 0, "canManage": true, "isOwner": true, "roles": [ "string" ], "groupId": "us_01hxcvk1hjexere4pvtrj0ymqq", "groupName": "string", "domain": "string", "local": true, "displayName": "string", "summary": "string", "uri": "http://example.com", "publicKey": "string", "forumId": "us_01hxcvk1hjexere4pvtrj0ymqq", "fields": { "property1": { … }, "property2": { … } }, "type": "CHANNEL", "membersUrl": "string", "banner": { "uploadId": "up_kjhwieuy2387928371", "uploaderId": "us_97234khddqdkuhqwij", "ownerId": "us_97234khddqdkuhqwij", "attachedToId": "pt_97234khddqdkuhqwij", "uploadType": "video", "meta": { … }, "size": 0, "files": [ … ], "tags": [ … ], "error": "string", "cached": true, "logs": "string", "remote": true, "createdAt": "2022-03-10T16:15:50Z", "updatedAt": "2022-03-10T16:15:50Z" }, "avatar": { "uploadId": "up_kjhwieuy2387928371", "uploaderId": "us_97234khddqdkuhqwij", "ownerId": "us_97234khddqdkuhqwij", "attachedToId": "pt_97234khddqdkuhqwij", "uploadType": "video", "meta": { … }, "size": 0, "files": [ … ], "tags": [ … ], "error": "string", "cached": true, "logs": "string", "remote": true, "createdAt": "2022-03-10T16:15:50Z", "updatedAt": "2022-03-10T16:15:50Z" }, "deletedAt": "2022-03-10T16:15:50Z", "createdAt": "2022-03-10T16:15:50Z", "updatedAt": "2022-03-10T16:15:50Z", "refreshedAt": "2022-03-10T16:15:50Z", "secret": true }
Request
Retrieves group details combined with the viewer's membership information. For remote (federated) groups, refreshes data from the remote server if stale.
The response includes:
- Full group information (same as GET /groups/{groupId})
- Viewer's membership state (MEMBER, PENDING_JOIN, PENDING_INVITE, or NONE)
- Related objects (membership details, join request, or pending invite)
This endpoint is useful for displaying group pages where the viewer's relationship to the group is relevant, such as showing Accept/Reject buttons for pending invites.
Security
header
- Mock serverhttps://docs.wellesley.social/_mock/openapi/api/v1/groups/{groupId}/details
- Simple setup, all in one. Digital Oceanhttps://dust.allroads.social/api/v1/groups/{groupId}/details
- Simple setup, db is separate. Digital Oceanhttps://meteor.allroads.social/api/v1/groups/{groupId}/details
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X GET \
https://docs.wellesley.social/_mock/openapi/api/v1/groups/gr_01hz1f0kw36f82k9s4nzpc4s33n/details \
-H 'Authorization: YOUR_API_KEY_HERE'Group details with membership info retrieved successfully
The group details
group metadata including color
- PUBLIC - Open Content. Content and membership are viewable by anyone.
- PRIVATE - Members-Only Content. Outsiders cannot see posts or members unless they join.
Enum"PUBLIC""PRIVATE"
- VISIBLE - The group is listed openly. It shows up in search results or directory listings, no matter if it's privacy is PUBLIC or PRIVATE.
- UNLISTED - The group does not appear in public lists or searches but is accessible via direct link.
- HIDDEN - The group is completely hidden and invite-only. Shared links will return 404 for non-members.
Enum"VISIBLE""UNLISTED""HIDDEN"
- OPEN - Anyone can join the group immediately without approval.
- APPROVAL - User requests must be approved by a group admin or moderator.
- INVITE_ONLY - Only users with an invitation from a member can join.
Enum"OPEN""APPROVAL""INVITE_ONLY"
Pin order number if group is pinned by viewer (null if not pinned)
Whether the current viewer can manage this group (owner, admin, or moderator)
Viewer's roles in this group. Only populated in admin endpoints.
ID of the forum associated with this group
Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
Viewer's membership state and related info
The current state of the user's relationship with the group
Enum"MEMBER""PENDING_JOIN""PENDING_INVITE""NONE"
The join request object, present if state is PENDING_JOIN
Response
application/json
{ "group": { "stats": { … }, "meta": { … }, "privacy": "PUBLIC", "visibility": "VISIBLE", "joinMode": "OPEN", "location": { … }, "timezone": { … }, "isMember": true, "pin": 0, "canManage": true, "isOwner": true, "roles": [ … ], "groupId": "us_01hxcvk1hjexere4pvtrj0ymqq", "groupName": "string", "domain": "string", "local": true, "displayName": "string", "summary": "string", "uri": "http://example.com", "publicKey": "string", "forumId": "us_01hxcvk1hjexere4pvtrj0ymqq", "fields": { … }, "type": "CHANNEL", "membersUrl": "string", "banner": { … }, "avatar": { … }, "deletedAt": "2022-03-10T16:15:50Z", "createdAt": "2022-03-10T16:15:50Z", "updatedAt": "2022-03-10T16:15:50Z", "refreshedAt": "2022-03-10T16:15:50Z", "secret": true }, "membershipInfo": { "state": "MEMBER", "member": { … }, "joinRequest": { … }, "invite": { … } } }
Request
Returns a merged feed of posts across channels in the group. Members with channel subscriptions see posts from subscribed channels only. Non-members or members without subscriptions see posts from all public channels. Post visibility otherwise follows the standard post privacy rules.
Security
header
Query
Get older records (records with IDs less than this value) Alias maxId/max_id
Example: lastId=?lastId=${data.last().id}
Only include posts from channels that have this app_meta namespace key (e.g. 'wellesley.group.forum' for forum categories)
Filter by channel kind: 'channel' for regular channels, 'category' for forum categories. Preferred over ownerAppMetaHas/ownerAppMetaLacks for kind-based filtering.
Enum"channel""category"
Get newer records (records with IDs greater than this value) Alias minId/min_id
Example: untilId=?untilId=${data.first().id}
- Mock serverhttps://docs.wellesley.social/_mock/openapi/api/v1/groups/{groupId}/feed
- Simple setup, all in one. Digital Oceanhttps://dust.allroads.social/api/v1/groups/{groupId}/feed
- Simple setup, db is separate. Digital Oceanhttps://meteor.allroads.social/api/v1/groups/{groupId}/feed
- curl
- JavaScript
- Node.js
- Python
- Java
- C#
- PHP
- Go
- Ruby
- R
- Payload
curl -i -X GET \
'https://docs.wellesley.social/_mock/openapi/api/v1/groups/gr_01hz1f0kw36f82k9s4nzpc4s33n/feed?includeBookmarkStatus=true&includeComments=true&includeFollowStatus=true&includePublisher=true&lastId=%3FlastId%3D%24{data.last%28%29.id}&limit=0&offset=0&ownerAppMetaHas=string&ownerAppMetaLacks=string&ownerChannelKind=channel&sortBy=string&sortOrder=string&untilId=%3FuntilId%3D%24{data.first%28%29.id}&withRepostedBy=true&withTranslation=true' \
-H 'Authorization: YOUR_API_KEY_HERE'OK
Privacy levels for posts:
- PUBLIC - post is visible to anyone, including people who are not logged in and those who do not follow the user. It appears in the public timelines (home, local, and federated).
- UNLISTED - post is visible to anyone who visits the user's profile, but it does not appear in public timelines. Only followers and those who visit the user's profile directly can see it.
- PRIVATE - post is only visible to the user's followers. It does not appear in public timelines or on the user's profile for non-followers.
- DIRECT - post is visible only to the mentioned users. It functions like a direct message and is not visible on public timelines, the user's profile, or to followers.
- FOLLOW_POST - comment only. Follow parent post visibility
- HIDDEN - post is visible only to the author. It is never federated on create/delete. Transitioning to a visible privacy sends
- Create for born-hidden posts and Update for re-unhide. Visible-to-HIDDEN is allowed only for personal root posts.
Enum"PUBLIC""UNLISTED""PRIVATE""DIRECT""FOLLOW_POST""HIDDEN"
Example: "PUBLIC"
Privacy levels for posts:
- PUBLIC - post is visible to anyone, including people who are not logged in and those who do not follow the user. It appears in the public timelines (home, local, and federated).
- UNLISTED - post is visible to anyone who visits the user's profile, but it does not appear in public timelines. Only followers and those who visit the user's profile directly can see it.
- PRIVATE - post is only visible to the user's followers. It does not appear in public timelines or on the user's profile for non-followers.
- DIRECT - post is visible only to the mentioned users. It functions like a direct message and is not visible on public timelines, the user's profile, or to followers.
- FOLLOW_POST - comment only. Follow parent post visibility
- HIDDEN - post is visible only to the author. It is never federated on create/delete. Transitioning to a visible privacy sends
- Create for born-hidden posts and Update for re-unhide. Visible-to-HIDDEN is allowed only for personal root posts.
Enum"PUBLIC""UNLISTED""PRIVATE""DIRECT""FOLLOW_POST""HIDDEN"
Example: "PUBLIC"
id of a post this one was reposted from
Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
Owner types for posts and drafts:
- USER - user's channel (personal or group channel)
- EVENT - event (personal or group)
- CATEGORY - forum category
** POST OWNER: **
- Personal channel
- userId = author
- ownerId = userId (Type.USER)
- ownerType = USER
- groupId = null
- Forum post
- userId = author
- ownerId = categoryId (Type.CATEGORY)
- ownerType = CATEGORY
- groupId = forum's groupId
- Personal event
- userId = author
- ownerId = eventId (Type.EVENT)
- ownerType = EVENT
- groupId = null
- Group channel
- userId = author
- ownerId = channel userId (Type.GROUP_CHANNEL, gc_ prefix)
- ownerType = USER
- groupId = groupId
- Group event
- userId = author
- ownerId = eventId (Type.EVENT)
- ownerType = EVENT
- groupId = groupId
Enum"USER""EVENT""CATEGORY"
Stats
Settings
settings.​hiddenFromstring or null
Privacy levels for posts:
- PUBLIC - post is visible to anyone, including people who are not logged in and those who do not follow the user. It appears in the public timelines (home, local, and federated).
- UNLISTED - post is visible to anyone who visits the user's profile, but it does not appear in public timelines. Only followers and those who visit the user's profile directly can see it.
- PRIVATE - post is only visible to the user's followers. It does not appear in public timelines or on the user's profile for non-followers.
- DIRECT - post is visible only to the mentioned users. It functions like a direct message and is not visible on public timelines, the user's profile, or to followers.
- FOLLOW_POST - comment only. Follow parent post visibility
- HIDDEN - post is visible only to the author. It is never federated on create/delete. Transitioning to a visible privacy sends
- Create for born-hidden posts and Update for re-unhide. Visible-to-HIDDEN is allowed only for personal root posts.
Enum"PUBLIC""UNLISTED""PRIVATE""DIRECT""FOLLOW_POST""HIDDEN"
Time when poll starts. Poll is valid from startedAt until expiresAt.
Example: "2022-03-10T16:15:50Z"
Preview card for any links in the post
Information about the website/provider
When the card data was fetched/created
Example: "2022-03-10T16:15:50Z"
Post media type. Default for Note is text/plain, for Article text/markdown
Enum"TEXT_PLAIN""MARKDOWN"
One of account's users. Can be multiple per account
Registration mode:
- REGULAR - just regular state
- SENSITIVE - all media attachments are flagged as sensitive, i.e. all user's posts should be marked as sensitive, old posts and all future ones.
- LIMITED - all user's old and future posts should be set maximum to followers only unless user set it to direct himself. non-followers should not be notified, i.e. if user mentions non-follower we do not create notification.
- SUSPENDED - User can login, but cannot do anything in his account except to read, cannot change anything, cannot create new posts or comments etc. All his posts are marked as deleted, but we do not delete them just yet. User is scheduled to be deleted in one month. During this month it is possible to restore it via admin.
Enum"REGULAR""SENSITIVE""LIMITED""SUSPENDED"
Entity type: USER, BOT, APPLICATION, GROUP_CHANNEL
Enum"USER""BOT""APPLICATION""GROUP_CHANNEL"
Group ID if this is a group channel, group user or category.
Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
- PUBLIC - Channel is visible to everyone and can be followed by anyone.
- PRIVATE - Channel is visible only to group members and can only be followed by group members.
Enum"PUBLIC""PRIVATE"
Types that an Actor can be assigned. Coincide with ActivityPub Actor types:
- APPLICATION: Apps will have this type
- GROUP: Interest Groups and Generic Groups wil have this type
- ORGANIZATION: Formal Organizations such as Companies, Institutions, etc. will have this type
- PERSON: Individual people will have this type
- SERVICE: Bots, Services, and other automated tools which are not also Apps will have this type
Enum"Application""Group""Organization""Person""Service"
Follow approval mode: AUTO_APPROVE, MANUALLY_APPROVES, or UNKNOWN
Enum"AUTO_APPROVE""MANUALLY_APPROVES""UNKNOWN"
User who physically uploaded this file. Null for platform-owned uploads (e.g., default covers). This is an audit/meta field — use ownerId for authorization.
Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
Entity that owns this upload (user, channel/group, category, or event). TypeID prefix indicates the owner type.
Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
Entity this upload is attached to (e.g., a post or event). NULL for standalone uploads like avatars, covers, or media library items.
Example: "us_01hxcvk1hjexere4pvtrj0ymqq"
Type of the upload
Enum"VIDEO""IMAGE""AUDIO""DOCUMENT""OTHER"
Example: "video"
List of all the files this upload has
true if this file is original, false if it is a derivative
File metadata. Contains optional values for width, height etc.
List of tags attached to upload
Items Enum"Post""Avatar""Header""Album""Emoji""Event"
Example: ["$post"]
Timestamp when the post was pinned/highlighted (from post_pins)
Example: "2022-03-10T16:15:50Z"
Original post of repost/quote (the post being reposted or quoted). Related to repostOf field.
Parent post for comments/replies. Related to replyTo (last element in path).
Publisher context for mixed-scope lists (e.g. search). Contains channel or group branding.
Whether this is a copy of a highlighted (pinned) reply (used to surface deep (2nd+ lvl) highlights under the root post).
Response
application/json
[ { "id": "us_01hxcvk1hjexere4pvtrj0ymqq", "uri": "http://example.com", "text": "string", "path": [ … ], "privacy": "PUBLIC", "effectivePrivacy": "PUBLIC", "kind": "Note", "software": "wellesley", "repostOf": "us_01hxcvk1hjexere4pvtrj0ymqq", "ownerId": "us_01hxcvk1hjexere4pvtrj0ymqq", "ownerType": "USER", "groupId": "us_01hxcvk1hjexere4pvtrj0ymqq", "title": "string", "summary": "string", "tags": [ … ], "mentions": [ … ], "stats": { … }, "settings": { … }, "lang": "BG", "poll": { … }, "card": { … }, "mediaType": "TEXT_PLAIN", "translations": { … }, "createdAt": "2022-03-10T16:15:50Z", "updatedAt": "2022-03-10T16:15:50Z", "author": { … }, "uploads": [ … ], "liked": true, "reposted": true, "quoted": true, "muted": true, "blocked": true, "visible": true, "pinned": true, "pinnedAt": "2022-03-10T16:15:50Z", "bookmarked": true, "subscribed": true, "edited": true, "deleted": true, "emojis": [ … ], "replies": [ … ], "repostedBy": [ … ], "originalPost": {}, "parent": {}, "votes": { … }, "publisher": { … }, "isHighlightCopy": true, "quoteApproval": { … }, "address": { … }, "replyTo": "us_01hxcvk1hjexere4pvtrj0ymqq", "conversationId": "us_01hxcvk1hjexere4pvtrj0ymqq" } ]
Login method management for authenticated accounts. Allows adding or removing email/password and phone number as authentication methods. Adding a login method requires email or SMS verification. Removing a method is blocked if it is the last remaining login identifier. All changes are audited. All endpoints require authentication.
Operations
User muting functionality for hiding content from specific users without blocking them. Muting a user hides their posts from your timelines and notifications, but does not prevent them from following you or interacting with your content. Mutes can be temporary (with an expiration duration) or permanent. All endpoints require authentication.
Operations
User notification management for retrieving, counting, and updating notification status. Notifications are generated by user interactions such as follows, mentions, reposts, and likes. Supports filtering by notification type and status (read/unread). All endpoints require authentication.
Operations
Password management endpoints for changing and recovering account passwords. Supports two flows: authenticated password change (requires current password and email confirmation) and unauthenticated password recovery (sends reset code to account email). All password changes invalidate other active sessions for security.
Operations
Phone number change management for authenticated users. Implements a secure 4-step phone change flow: (1) request change and receive SMS code on current phone, (2) verify current phone ownership, (3) submit new phone number and receive SMS code, (4) verify new phone number. All endpoints require authentication.
Operations
Endpoints for managing Pins (top-level posts) and Highlights (pinned replies). Top-level pins are shown first in the profile scope and are limited by admin setting Maximum number of pinned posts. Replies can be pinned as highlights under their root post. Pin and unpin actions are federated via ActivityPub.
Operations
Endpoints for managing platform-wide and group-specific data storage. Unlike application data, this provides direct data management not tied to specific applications. Supports flexible ownership models including platform-level, group-level, and user-level data with appropriate access controls.
Operations
Endpoints for creating, reading, updating, and deleting posts, as well as managing comments, likes, bookmarks, reposts, subscriptions, and votes. Most endpoints require authentication; read-only feed and post endpoints are accessible to guests via @PermitAll. Post mutations are federated via ActivityPub.
Operations
Endpoints for retrieving Role-Based Access Control (RBAC) configurations and managing roles, resources, permissions and role-to-user assignments. Scoped Role Definition (RBACRole):
- Represents roles within the RBAC system.
- Each role has a unique
roleId, aname, an optionaldescription, and ascope. - The
scopedefines the domain or area in which the role is valid. - The
scopecan be Global (hardcoded), currently the only one is "global" - The
scopealso can be dynamic, currently we use Group Ids, like "gr_05hxcvk1hjexere4pvtrj0hggt" - Roles come with assigned permissions (
RBACPermissions) that define what actions the role can perform on system resources. - Metadata such as
createdAtandupdatedAttimestamps track the role's lifecycle events.
Permissions (RBACPermissions):
- Encapsulates resource-specific access controls.
- Each permission object specifies the
resource(e.g., "user", "document") and an associated list of allowedRBACAccesstypes. RBACAccessenumerates the supported actions:Read,Add,Modify,Delete.
Role Assignments to Actors (RBACActorRole):
- Maps actors (e.g., users, services) to specific roles.
- Tracks the association through
actorId(representing the unique entity being assigned) androleId(specific role ID). - Includes timestamps to record when the assignment was created or updated.
Operations
API to retrieve followers and following collections for remote (federated) users. Fetches collection data from remote ActivityPub servers, resolves actor URIs to user profiles, and returns them in the local user format. Supports pagination via offset/limit parameters. All endpoints are publicly accessible (@PermitAll) and operate on remote users only -- local users are rejected.
Operations
Authentication session management endpoints. Allows users to view active sessions across devices, revoke individual sessions or all other sessions, and permanently delete session records. Sessions are tracked in both the database and Redis for real-time state synchronization. All endpoints require authentication. The current session cannot be revoked or deleted.
Operations
Endpoints for uploading, retrieving, and managing media files. The upload flow is two-step: first create an upload via POST to get an upload URL, then PUT the actual file content to that URL. Most endpoints require authentication. Class-level @RBACAuthorize requires authentication by default; public endpoints use @PermitAll.
Operations
User profile management endpoints. Handles user creation, retrieval by ID or username, profile updates, deletion, and social graph queries (followers/following). Supports both authenticated and guest access with varying levels of detail. Guest users receive basic profile data; authenticated users can access relationship statuses and full profiles.
Operations