API Reference

Applications

Application submission and staff review APIs.

Lists application definitions or submissions visible to the current user.

Authentication

Session.

Modes: logged-in user, API key

API key: applications:read

Permissions or Scopes

current user, manage_applications, or define_applications

Request Headers

HeaderValueDescription
AuthorizationBearer prapi_your_keyPreferred API-key header. Never send API keys in URLs.
x-api-keyprapi_your_keyAlternative API-key header.
x-api-tokenprapi_your_keyLegacy API-key header kept for backward compatibility.

Parameters

NameInRequiredDescription
No path, query, or body parameters.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/applications"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/applications', {
  method: 'GET',
  headers: {
    "Authorization": "Bearer prapi_your_key"
  },
});
const data = await response.json();

Python

import requests

headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.get('https://playroom.date/api/applications', headers=headers)
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "applications": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

This request has no editable path, query, or body fields.

Request

GET /api/applications

curl Equivalent

curl "https://playroom.date/api/applications"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "applications": []
  },
  "error": null
}

Creates an application submission for the current user.

Authentication

Session + CSRF or actor-linked API key.

Modes: logged-in user, API key

API key: applications:write

Permissions or Scopes

current user

Request Headers

HeaderValueDescription
Cookiesession=<session_cookie>Session cookie set by the login flow.
x-csrf-token<csrfToken>Required for mutating session-authenticated requests.
Content-Typeapplication/jsonRequired when sending a JSON body.
AuthorizationBearer prapi_your_keyPreferred API-key header. Never send API keys in URLs.
x-api-keyprapi_your_keyAlternative API-key header.
x-api-tokenprapi_your_keyLegacy API-key header kept for backward compatibility.

Parameters

NameInRequiredDescription
applicationIdbodyYesApplication definition ID.
responsesbodyYesResponse map keyed by application field ID.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -X POST -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"applicationId":"application_id","responses":{}}' "https://playroom.date/api/applications"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/applications', {
  method: 'POST',
  headers: {
    "Authorization": "Bearer prapi_your_key",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "applicationId": "application_id",
    "responses": {}
  }),
});
const data = await response.json();

Python

import requests

headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.post('https://playroom.date/api/applications', headers=headers, json={"applicationId": "application_id", "responses": {}})
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "submission": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

Request

POST /api/applications

Request Payload

{
  "applicationId": "",
  "responses": {}
}

curl Equivalent

curl -X POST -H "Content-Type: application/json" -d '{"applicationId":"","responses":{}}' "https://playroom.date/api/applications"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "submission": []
  },
  "error": null
}

Lists application definitions for the admin editor.

Authentication

Admin session.

Modes: logged-in user, API key

API key: applications:read

Permissions or Scopes

define_applications or manage_applications

Request Headers

HeaderValueDescription
Cookiesession=<session_cookie>Session cookie set by the login flow.
AuthorizationBearer prapi_your_keyPreferred API-key header. Never send API keys in URLs.
x-api-keyprapi_your_keyAlternative API-key header.
x-api-tokenprapi_your_keyLegacy API-key header kept for backward compatibility.

Parameters

NameInRequiredDescription
No path, query, or body parameters.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/admin/applications"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/admin/applications', {
  method: 'GET',
  headers: {
    "Authorization": "Bearer prapi_your_key"
  },
});
const data = await response.json();

Python

import requests

headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.get('https://playroom.date/api/admin/applications', headers=headers)
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "applications": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

This request has no editable path, query, or body fields.

Request

GET /api/admin/applications

curl Equivalent

curl "https://playroom.date/api/admin/applications"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "applications": []
  },
  "error": null
}

Creates an application definition.

Authentication

Admin session + CSRF.

Modes: logged-in user, API key

API key: applications:write

Permissions or Scopes

define_applications

Request Headers

HeaderValueDescription
Cookiesession=<session_cookie>Session cookie set by the login flow.
x-csrf-token<csrfToken>Required for mutating session-authenticated requests.
Content-Typeapplication/jsonRequired when sending a JSON body.
AuthorizationBearer prapi_your_keyPreferred API-key header. Never send API keys in URLs.
x-api-keyprapi_your_keyAlternative API-key header.
x-api-tokenprapi_your_keyLegacy API-key header kept for backward compatibility.

Parameters

NameInRequiredDescription
namebodyYesApplication name.
descriptionbodyNoApplication description.
fieldsbodyYesApplication field schema array.
hiddenbodyNoWhether this application is hidden.
isActivebodyNoWhether this application accepts submissions.
imageUrlbodyNoOptional image URL.
approvalRoleIdsbodyNoApproval role IDs.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -X POST -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"name":"example-name","description":"example-description","fields":[{"id":"field_1","label":"Question","type":"text","required":true}],"hidden":true,"isActive":true,"imageUrl":"example-imageUrl","approvalRoleIds":[]}' "https://playroom.date/api/admin/applications"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/admin/applications', {
  method: 'POST',
  headers: {
    "Authorization": "Bearer prapi_your_key",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "name": "example-name",
    "description": "example-description",
    "fields": [
      {
        "id": "field_1",
        "label": "Question",
        "type": "text",
        "required": true
      }
    ],
    "hidden": true,
    "isActive": true,
    "imageUrl": "example-imageUrl",
    "approvalRoleIds": []
  }),
});
const data = await response.json();

Python

import requests

headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.post('https://playroom.date/api/admin/applications', headers=headers, json={"name": "example-name", "description": "example-description", "fields": [{"id": "field_1", "label": "Question", "type": "text", "required": True}], "hidden": True, "isActive": True, "imageUrl": "example-imageUrl", "approvalRoleIds": []})
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "application": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

Request

POST /api/admin/applications

Request Payload

{
  "name": "",
  "fields": [
    {
      "id": "field_1",
      "label": "Question",
      "type": "text",
      "required": true
    }
  ],
  "approvalRoleIds": []
}

curl Equivalent

curl -X POST -H "Content-Type: application/json" -d '{"name":"","fields":[{"id":"field_1","label":"Question","type":"text","required":true}],"approvalRoleIds":[]}' "https://playroom.date/api/admin/applications"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "application": []
  },
  "error": null
}

Updates an application definition.

Authentication

Admin session + CSRF.

Modes: logged-in user, API key

API key: applications:write

Permissions or Scopes

define_applications

Request Headers

HeaderValueDescription
Cookiesession=<session_cookie>Session cookie set by the login flow.
x-csrf-token<csrfToken>Required for mutating session-authenticated requests.
Content-Typeapplication/jsonRequired when sending a JSON body.
AuthorizationBearer prapi_your_keyPreferred API-key header. Never send API keys in URLs.
x-api-keyprapi_your_keyAlternative API-key header.
x-api-tokenprapi_your_keyLegacy API-key header kept for backward compatibility.

Parameters

NameInRequiredDescription
applicationIdbodyYesApplication definition ID.
namebodyYesApplication name.
descriptionbodyNoApplication description.
fieldsbodyYesApplication field schema array.
hiddenbodyNoWhether this application is hidden.
isActivebodyNoWhether this application accepts submissions.
imageUrlbodyNoOptional image URL.
approvalRoleIdsbodyNoApproval role IDs.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -X PUT -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"applicationId":"application_id","name":"example-name","description":"example-description","fields":[{"id":"field_1","label":"Question","type":"text","required":true}],"hidden":true,"isActive":true,"imageUrl":"example-imageUrl","approvalRoleIds":[]}' "https://playroom.date/api/admin/applications"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/admin/applications', {
  method: 'PUT',
  headers: {
    "Authorization": "Bearer prapi_your_key",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "applicationId": "application_id",
    "name": "example-name",
    "description": "example-description",
    "fields": [
      {
        "id": "field_1",
        "label": "Question",
        "type": "text",
        "required": true
      }
    ],
    "hidden": true,
    "isActive": true,
    "imageUrl": "example-imageUrl",
    "approvalRoleIds": []
  }),
});
const data = await response.json();

Python

import requests

headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.put('https://playroom.date/api/admin/applications', headers=headers, json={"applicationId": "application_id", "name": "example-name", "description": "example-description", "fields": [{"id": "field_1", "label": "Question", "type": "text", "required": True}], "hidden": True, "isActive": True, "imageUrl": "example-imageUrl", "approvalRoleIds": []})
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "application": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

Request

PUT /api/admin/applications

Request Payload

{
  "applicationId": "",
  "name": "",
  "fields": [
    {
      "id": "field_1",
      "label": "Question",
      "type": "text",
      "required": true
    }
  ],
  "approvalRoleIds": []
}

curl Equivalent

curl -X PUT -H "Content-Type: application/json" -d '{"applicationId":"","name":"","fields":[{"id":"field_1","label":"Question","type":"text","required":true}],"approvalRoleIds":[]}' "https://playroom.date/api/admin/applications"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "application": []
  },
  "error": null
}

Deletes an application definition.

Authentication

Admin session + CSRF.

Modes: logged-in user, API key

API key: applications:write

Permissions or Scopes

define_applications

Request Headers

HeaderValueDescription
Cookiesession=<session_cookie>Session cookie set by the login flow.
x-csrf-token<csrfToken>Required for mutating session-authenticated requests.
Content-Typeapplication/jsonRequired when sending a JSON body.
AuthorizationBearer prapi_your_keyPreferred API-key header. Never send API keys in URLs.
x-api-keyprapi_your_keyAlternative API-key header.
x-api-tokenprapi_your_keyLegacy API-key header kept for backward compatibility.

Parameters

NameInRequiredDescription
applicationIdqueryYesApplication definition ID to delete.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -X DELETE -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/admin/applications?applicationId=application_id"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/admin/applications?applicationId=application_id', {
  method: 'DELETE',
  headers: {
    "Authorization": "Bearer prapi_your_key"
  },
});
const data = await response.json();

Python

import requests

headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.delete('https://playroom.date/api/admin/applications?applicationId=application_id', headers=headers)
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "application": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

Request

DELETE /api/admin/applications

curl Equivalent

curl -X DELETE "https://playroom.date/api/admin/applications"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "application": []
  },
  "error": null
}

Legacy/helper route for deleting application definitions.

Authentication

Admin session + CSRF.

Modes: logged-in user, API key

API key: applications:write

Permissions or Scopes

define_applications

Request Headers

HeaderValueDescription
Cookiesession=<session_cookie>Session cookie set by the login flow.
x-csrf-token<csrfToken>Required for mutating session-authenticated requests.
Content-Typeapplication/jsonRequired when sending a JSON body.
AuthorizationBearer prapi_your_keyPreferred API-key header. Never send API keys in URLs.
x-api-keyprapi_your_keyAlternative API-key header.
x-api-tokenprapi_your_keyLegacy API-key header kept for backward compatibility.

Parameters

NameInRequiredDescription
applicationIdbodyYesApplication definition ID to delete.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -X DELETE -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"applicationId":"application_id"}' "https://playroom.date/api/admin/applications/delete"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/admin/applications/delete', {
  method: 'DELETE',
  headers: {
    "Authorization": "Bearer prapi_your_key",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "applicationId": "application_id"
  }),
});
const data = await response.json();

Python

import requests

headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.delete('https://playroom.date/api/admin/applications/delete', headers=headers, json={"applicationId": "application_id"})
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "application": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

Request

DELETE /api/admin/applications/delete

Request Payload

{
  "applicationId": ""
}

curl Equivalent

curl -X DELETE -H "Content-Type: application/json" -d '{"applicationId":""}' "https://playroom.date/api/admin/applications/delete"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "application": []
  },
  "error": null
}

Lists application submissions requiring staff review.

Authentication

Admin session.

Modes: logged-in user, API key

API key: applications:read

Permissions or Scopes

manage_applications

Request Headers

HeaderValueDescription
Cookiesession=<session_cookie>Session cookie set by the login flow.
AuthorizationBearer prapi_your_keyPreferred API-key header. Never send API keys in URLs.
x-api-keyprapi_your_keyAlternative API-key header.
x-api-tokenprapi_your_keyLegacy API-key header kept for backward compatibility.

Parameters

NameInRequiredDescription
No path, query, or body parameters.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/admin/applications/review"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/admin/applications/review', {
  method: 'GET',
  headers: {
    "Authorization": "Bearer prapi_your_key"
  },
});
const data = await response.json();

Python

import requests

headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.get('https://playroom.date/api/admin/applications/review', headers=headers)
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "submissions": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

This request has no editable path, query, or body fields.

Request

GET /api/admin/applications/review

curl Equivalent

curl "https://playroom.date/api/admin/applications/review"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "submissions": []
  },
  "error": null
}

Approves, rejects, or responds to an application submission.

Authentication

Admin session + CSRF.

Modes: logged-in user, API key

API key: applications:write

Permissions or Scopes

manage_applications

Request Headers

HeaderValueDescription
Cookiesession=<session_cookie>Session cookie set by the login flow.
x-csrf-token<csrfToken>Required for mutating session-authenticated requests.
Content-Typeapplication/jsonRequired when sending a JSON body.
AuthorizationBearer prapi_your_keyPreferred API-key header. Never send API keys in URLs.
x-api-keyprapi_your_keyAlternative API-key header.
x-api-tokenprapi_your_keyLegacy API-key header kept for backward compatibility.

Parameters

NameInRequiredDescription
submissionIdbodyYesSubmission ID to review.
statusbodyYesReview decision.
feedbackbodyNoOptional reviewer feedback.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -X POST -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"submissionId":"submission_id","status":"Approved","feedback":"example-feedback"}' "https://playroom.date/api/admin/applications/review"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/admin/applications/review', {
  method: 'POST',
  headers: {
    "Authorization": "Bearer prapi_your_key",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "submissionId": "submission_id",
    "status": "Approved",
    "feedback": "example-feedback"
  }),
});
const data = await response.json();

Python

import requests

headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.post('https://playroom.date/api/admin/applications/review', headers=headers, json={"submissionId": "submission_id", "status": "Approved", "feedback": "example-feedback"})
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "submission": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

Request

POST /api/admin/applications/review

Request Payload

{
  "submissionId": "",
  "status": "Approved"
}

curl Equivalent

curl -X POST -H "Content-Type: application/json" -d '{"submissionId":"","status":"Approved"}' "https://playroom.date/api/admin/applications/review"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "submission": []
  },
  "error": null
}