API Reference
Applications
Application submission and staff review APIs.
Lists application definitions or submissions visible to the current user.
Authentication
Session.
Modes: logged-in user, API key
API key: applications:read
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| No path, query, or body parameters. | |||
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/applications"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/applications', {
method: 'GET',
headers: {
"Authorization": "Bearer prapi_your_key"
},
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.get('https://playroom.date/api/applications', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"applications": []
},
"error": null
}Try It
Checking sign-in state...
This request has no editable path, query, or body fields.
Request
GET /api/applicationscurl Equivalent
curl "https://playroom.date/api/applications"Sample Response Body
{
"success": true,
"data": {
"applications": []
},
"error": null
}Creates an application submission for the current user.
Authentication
Session + CSRF or actor-linked API key.
Modes: logged-in user, API key
API key: applications:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| applicationId | body | Yes | Application definition ID. |
| responses | body | Yes | Response map keyed by application field ID. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X POST -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"applicationId":"application_id","responses":{}}' "https://playroom.date/api/applications"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/applications', {
method: 'POST',
headers: {
"Authorization": "Bearer prapi_your_key",
"Content-Type": "application/json"
},
body: JSON.stringify({
"applicationId": "application_id",
"responses": {}
}),
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.post('https://playroom.date/api/applications', headers=headers, json={"applicationId": "application_id", "responses": {}})
print(response.json())Example Output
{
"success": true,
"data": {
"submission": []
},
"error": null
}Try It
Checking sign-in state...
Request
POST /api/applicationsRequest Payload
{
"applicationId": "",
"responses": {}
}curl Equivalent
curl -X POST -H "Content-Type: application/json" -d '{"applicationId":"","responses":{}}' "https://playroom.date/api/applications"Sample Response Body
{
"success": true,
"data": {
"submission": []
},
"error": null
}Lists application definitions for the admin editor.
Authentication
Admin session.
Modes: logged-in user, API key
API key: applications:read
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| No path, query, or body parameters. | |||
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/admin/applications"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/applications', {
method: 'GET',
headers: {
"Authorization": "Bearer prapi_your_key"
},
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.get('https://playroom.date/api/admin/applications', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"applications": []
},
"error": null
}Try It
Checking sign-in state...
This request has no editable path, query, or body fields.
Request
GET /api/admin/applicationscurl Equivalent
curl "https://playroom.date/api/admin/applications"Sample Response Body
{
"success": true,
"data": {
"applications": []
},
"error": null
}Creates an application definition.
Authentication
Admin session + CSRF.
Modes: logged-in user, API key
API key: applications:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| name | body | Yes | Application name. |
| description | body | No | Application description. |
| fields | body | Yes | Application field schema array. |
| hidden | body | No | Whether this application is hidden. |
| isActive | body | No | Whether this application accepts submissions. |
| imageUrl | body | No | Optional image URL. |
| approvalRoleIds | body | No | Approval role IDs. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X POST -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"name":"example-name","description":"example-description","fields":[{"id":"field_1","label":"Question","type":"text","required":true}],"hidden":true,"isActive":true,"imageUrl":"example-imageUrl","approvalRoleIds":[]}' "https://playroom.date/api/admin/applications"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/applications', {
method: 'POST',
headers: {
"Authorization": "Bearer prapi_your_key",
"Content-Type": "application/json"
},
body: JSON.stringify({
"name": "example-name",
"description": "example-description",
"fields": [
{
"id": "field_1",
"label": "Question",
"type": "text",
"required": true
}
],
"hidden": true,
"isActive": true,
"imageUrl": "example-imageUrl",
"approvalRoleIds": []
}),
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.post('https://playroom.date/api/admin/applications', headers=headers, json={"name": "example-name", "description": "example-description", "fields": [{"id": "field_1", "label": "Question", "type": "text", "required": True}], "hidden": True, "isActive": True, "imageUrl": "example-imageUrl", "approvalRoleIds": []})
print(response.json())Example Output
{
"success": true,
"data": {
"application": []
},
"error": null
}Try It
Checking sign-in state...
Request
POST /api/admin/applicationsRequest Payload
{
"name": "",
"fields": [
{
"id": "field_1",
"label": "Question",
"type": "text",
"required": true
}
],
"approvalRoleIds": []
}curl Equivalent
curl -X POST -H "Content-Type: application/json" -d '{"name":"","fields":[{"id":"field_1","label":"Question","type":"text","required":true}],"approvalRoleIds":[]}' "https://playroom.date/api/admin/applications"Sample Response Body
{
"success": true,
"data": {
"application": []
},
"error": null
}Updates an application definition.
Authentication
Admin session + CSRF.
Modes: logged-in user, API key
API key: applications:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| applicationId | body | Yes | Application definition ID. |
| name | body | Yes | Application name. |
| description | body | No | Application description. |
| fields | body | Yes | Application field schema array. |
| hidden | body | No | Whether this application is hidden. |
| isActive | body | No | Whether this application accepts submissions. |
| imageUrl | body | No | Optional image URL. |
| approvalRoleIds | body | No | Approval role IDs. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X PUT -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"applicationId":"application_id","name":"example-name","description":"example-description","fields":[{"id":"field_1","label":"Question","type":"text","required":true}],"hidden":true,"isActive":true,"imageUrl":"example-imageUrl","approvalRoleIds":[]}' "https://playroom.date/api/admin/applications"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/applications', {
method: 'PUT',
headers: {
"Authorization": "Bearer prapi_your_key",
"Content-Type": "application/json"
},
body: JSON.stringify({
"applicationId": "application_id",
"name": "example-name",
"description": "example-description",
"fields": [
{
"id": "field_1",
"label": "Question",
"type": "text",
"required": true
}
],
"hidden": true,
"isActive": true,
"imageUrl": "example-imageUrl",
"approvalRoleIds": []
}),
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.put('https://playroom.date/api/admin/applications', headers=headers, json={"applicationId": "application_id", "name": "example-name", "description": "example-description", "fields": [{"id": "field_1", "label": "Question", "type": "text", "required": True}], "hidden": True, "isActive": True, "imageUrl": "example-imageUrl", "approvalRoleIds": []})
print(response.json())Example Output
{
"success": true,
"data": {
"application": []
},
"error": null
}Try It
Checking sign-in state...
Request
PUT /api/admin/applicationsRequest Payload
{
"applicationId": "",
"name": "",
"fields": [
{
"id": "field_1",
"label": "Question",
"type": "text",
"required": true
}
],
"approvalRoleIds": []
}curl Equivalent
curl -X PUT -H "Content-Type: application/json" -d '{"applicationId":"","name":"","fields":[{"id":"field_1","label":"Question","type":"text","required":true}],"approvalRoleIds":[]}' "https://playroom.date/api/admin/applications"Sample Response Body
{
"success": true,
"data": {
"application": []
},
"error": null
}Deletes an application definition.
Authentication
Admin session + CSRF.
Modes: logged-in user, API key
API key: applications:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| applicationId | query | Yes | Application definition ID to delete. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X DELETE -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/admin/applications?applicationId=application_id"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/applications?applicationId=application_id', {
method: 'DELETE',
headers: {
"Authorization": "Bearer prapi_your_key"
},
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.delete('https://playroom.date/api/admin/applications?applicationId=application_id', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"application": []
},
"error": null
}Try It
Checking sign-in state...
Request
DELETE /api/admin/applicationscurl Equivalent
curl -X DELETE "https://playroom.date/api/admin/applications"Sample Response Body
{
"success": true,
"data": {
"application": []
},
"error": null
}Legacy/helper route for deleting application definitions.
Authentication
Admin session + CSRF.
Modes: logged-in user, API key
API key: applications:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| applicationId | body | Yes | Application definition ID to delete. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X DELETE -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"applicationId":"application_id"}' "https://playroom.date/api/admin/applications/delete"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/applications/delete', {
method: 'DELETE',
headers: {
"Authorization": "Bearer prapi_your_key",
"Content-Type": "application/json"
},
body: JSON.stringify({
"applicationId": "application_id"
}),
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.delete('https://playroom.date/api/admin/applications/delete', headers=headers, json={"applicationId": "application_id"})
print(response.json())Example Output
{
"success": true,
"data": {
"application": []
},
"error": null
}Try It
Checking sign-in state...
Request
DELETE /api/admin/applications/deleteRequest Payload
{
"applicationId": ""
}curl Equivalent
curl -X DELETE -H "Content-Type: application/json" -d '{"applicationId":""}' "https://playroom.date/api/admin/applications/delete"Sample Response Body
{
"success": true,
"data": {
"application": []
},
"error": null
}Lists application submissions requiring staff review.
Authentication
Admin session.
Modes: logged-in user, API key
API key: applications:read
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| No path, query, or body parameters. | |||
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/admin/applications/review"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/applications/review', {
method: 'GET',
headers: {
"Authorization": "Bearer prapi_your_key"
},
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.get('https://playroom.date/api/admin/applications/review', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"submissions": []
},
"error": null
}Try It
Checking sign-in state...
This request has no editable path, query, or body fields.
Request
GET /api/admin/applications/reviewcurl Equivalent
curl "https://playroom.date/api/admin/applications/review"Sample Response Body
{
"success": true,
"data": {
"submissions": []
},
"error": null
}Approves, rejects, or responds to an application submission.
Authentication
Admin session + CSRF.
Modes: logged-in user, API key
API key: applications:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| submissionId | body | Yes | Submission ID to review. |
| status | body | Yes | Review decision. |
| feedback | body | No | Optional reviewer feedback. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X POST -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"submissionId":"submission_id","status":"Approved","feedback":"example-feedback"}' "https://playroom.date/api/admin/applications/review"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/applications/review', {
method: 'POST',
headers: {
"Authorization": "Bearer prapi_your_key",
"Content-Type": "application/json"
},
body: JSON.stringify({
"submissionId": "submission_id",
"status": "Approved",
"feedback": "example-feedback"
}),
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.post('https://playroom.date/api/admin/applications/review', headers=headers, json={"submissionId": "submission_id", "status": "Approved", "feedback": "example-feedback"})
print(response.json())Example Output
{
"success": true,
"data": {
"submission": []
},
"error": null
}Try It
Checking sign-in state...
Request
POST /api/admin/applications/reviewRequest Payload
{
"submissionId": "",
"status": "Approved"
}curl Equivalent
curl -X POST -H "Content-Type: application/json" -d '{"submissionId":"","status":"Approved"}' "https://playroom.date/api/admin/applications/review"Sample Response Body
{
"success": true,
"data": {
"submission": []
},
"error": null
}