API Reference

Authentication

How API keys are issued, scoped, and sent with requests.

API Keys

API keys are issued manually by site administrators/webmasters and cannot be created through the user dashboard. Contact a webmaster to request API access.

Keys are scoped to specific capabilities, can be limited to approved IP addresses, and may restrict which fields are returned. Treat keys like passwords: do not commit them, paste them into public tickets, or expose them in browser URLs.

Header Format

Send API keys in a request header. The bearer format is preferred.

Authorization Header

Authorization: Bearer prapi_your_key

Alternative Header

x-api-key: prapi_your_key

Legacy Header

x-api-token: prapi_your_key

Security Notes

Use the smallest scope required for the integration.

Prefer server-to-server requests. Avoid embedding keys in client-side applications.

Never put API keys in query strings. Query strings can be stored in browser history, logs, analytics, and proxy traces.

Rotate a key with a webmaster if it is exposed or no longer needed.

Returns authentication-provider availability or auth route status used by login/register UI.

Authentication

Public or session depending on current cookies.

Modes: public, logged-in user

Permissions or Scopes

none

Request Headers

HeaderValueDescription
No special headers.

Parameters

NameInRequiredDescription
No path, query, or body parameters.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl "https://playroom.date/api/auth"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/auth', {
  method: 'GET',
});
const data = await response.json();

Python

import requests

headers = {}
response = requests.get('https://playroom.date/api/auth', headers=headers)
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "auth": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

This request has no editable path, query, or body fields.

Request

GET /api/auth

curl Equivalent

curl "https://playroom.date/api/auth"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "auth": []
  },
  "error": null
}

Processes credential authentication actions for the web application.

Authentication

Public request that creates a session on success.

Modes: public, logged-in user

Permissions or Scopes

none

Request Headers

HeaderValueDescription
Content-Typeapplication/jsonJSON body with login/register action data.

Parameters

NameInRequiredDescription
actionqueryNoAuthentication action.
emailbodyYesEmail address.
passwordbodyYesPassword, at least 8 characters.
usernamebodyNoRequired when action is register.
displayNamebodyNoOptional display name for registration.
dateOfBirthbodyNoRequired YYYY-MM-DD date when action is register.
genderbodyNoOptional registration gender field.

Validation

  • Email, username, password, and profile fields are validated with auth schemas.
  • Rate limiting applies to credential attempts.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

Credential attempts use application rate limiting.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -X POST -H "Content-Type: application/json" -d '{"email":"user@example.com","password":"password123","username":"example-username","displayName":"example-displayName","dateOfBirth":"example-dateOfBirth","gender":"Female"}' "https://playroom.date/api/auth"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/auth', {
  method: 'POST',
  headers: {
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "email": "user@example.com",
    "password": "password123",
    "username": "example-username",
    "displayName": "example-displayName",
    "dateOfBirth": "example-dateOfBirth",
    "gender": "Female"
  }),
});
const data = await response.json();

Python

import requests

headers = {}
response = requests.post('https://playroom.date/api/auth', headers=headers, json={"email": "user@example.com", "password": "password123", "username": "example-username", "displayName": "example-displayName", "dateOfBirth": "example-dateOfBirth", "gender": "Female"})
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "session": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

Request

POST /api/auth?action=login

Request Payload

{
  "email": "",
  "password": "",
  "gender": "Female"
}

curl Equivalent

curl -X POST -H "Content-Type: application/json" -d '{"email":"","password":"","gender":"Female"}' "https://playroom.date/api/auth?action=login"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "session": []
  },
  "error": null
}

Creates an OAuth state and returns provider redirect information for Discord or Fluxer.

Authentication

Public.

Modes: public

Permissions or Scopes

none

Request Headers

HeaderValueDescription
Content-Typeapplication/jsonJSON body with provider and redirect context.

Parameters

NameInRequiredDescription
providerbodyYesOAuth provider to initialize.
dateOfBirthbodyNoRequired for OAuth signup context, YYYY-MM-DD.
genderbodyNoRequired for OAuth signup context.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -X POST -H "Content-Type: application/json" -d '{"provider":"discord","dateOfBirth":"example-dateOfBirth","gender":"Female"}' "https://playroom.date/api/auth/init"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/auth/init', {
  method: 'POST',
  headers: {
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "provider": "discord",
    "dateOfBirth": "example-dateOfBirth",
    "gender": "Female"
  }),
});
const data = await response.json();

Python

import requests

headers = {}
response = requests.post('https://playroom.date/api/auth/init', headers=headers, json={"provider": "discord", "dateOfBirth": "example-dateOfBirth", "gender": "Female"})
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "oauth": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

Request

POST /api/auth/init

Request Payload

{
  "provider": "discord",
  "gender": "Female"
}

curl Equivalent

curl -X POST -H "Content-Type: application/json" -d '{"provider":"discord","gender":"Female"}' "https://playroom.date/api/auth/init"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "oauth": []
  },
  "error": null
}

OAuth callback endpoint that exchanges a Discord code, creates or updates the account, and sets a session cookie.

Authentication

Public OAuth callback with signed state validation.

Modes: public

Permissions or Scopes

none

Request Headers

HeaderValueDescription
No special headers.

Parameters

NameInRequiredDescription
codequeryYesOAuth authorization code.
statequeryYesSigned OAuth state.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl "https://playroom.date/api/auth/callback/discord?code=example-code&state=example-state"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/auth/callback/discord?code=example-code&state=example-state', {
  method: 'GET',
});
const data = await response.json();

Python

import requests

headers = {}
response = requests.get('https://playroom.date/api/auth/callback/discord?code=example-code&state=example-state', headers=headers)
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "redirect": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

Request

GET /api/auth/callback/discord

curl Equivalent

curl "https://playroom.date/api/auth/callback/discord"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "redirect": []
  },
  "error": null
}

OAuth callback endpoint that exchanges a Fluxer code, creates or updates the account, and sets a session cookie.

Authentication

Public OAuth callback with signed state validation.

Modes: public

Permissions or Scopes

none

Request Headers

HeaderValueDescription
No special headers.

Parameters

NameInRequiredDescription
codequeryYesOAuth authorization code.
statequeryYesSigned OAuth state.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl "https://playroom.date/api/auth/callback/fluxer?code=example-code&state=example-state"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/auth/callback/fluxer?code=example-code&state=example-state', {
  method: 'GET',
});
const data = await response.json();

Python

import requests

headers = {}
response = requests.get('https://playroom.date/api/auth/callback/fluxer?code=example-code&state=example-state', headers=headers)
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "redirect": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

Request

GET /api/auth/callback/fluxer

curl Equivalent

curl "https://playroom.date/api/auth/callback/fluxer"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "redirect": []
  },
  "error": null
}

Returns the current session user, permissions, moderation flags, and CSRF token for authenticated UI requests.

Authentication

Session cookie.

Modes: logged-in user

Permissions or Scopes

current user

Request Headers

HeaderValueDescription
Cookiesession=<session_cookie>Session cookie set by the login flow.

Parameters

NameInRequiredDescription
No path, query, or body parameters.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl "https://playroom.date/api/auth/session"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/auth/session', {
  method: 'GET',
});
const data = await response.json();

Python

import requests

headers = {}
response = requests.get('https://playroom.date/api/auth/session', headers=headers)
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "user": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

No executable auth mode is available for this browser session.

This request has no editable path, query, or body fields.

Request

GET /api/auth/session

curl Equivalent

curl "https://playroom.date/api/auth/session"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "user": []
  },
  "error": null
}

Revokes the current session and clears the session cookie.

Authentication

Session cookie + CSRF.

Modes: logged-in user

Permissions or Scopes

current user

Request Headers

HeaderValueDescription
Cookiesession=<session_cookie>Session cookie set by the login flow.
x-csrf-token<csrfToken>Required for mutating session-authenticated requests.
Content-Typeapplication/jsonRequired when sending a JSON body.

Parameters

NameInRequiredDescription
No path, query, or body parameters.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -X POST "https://playroom.date/api/auth/logout"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/auth/logout', {
  method: 'POST',
});
const data = await response.json();

Python

import requests

headers = {}
response = requests.post('https://playroom.date/api/auth/logout', headers=headers)
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "logout": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

No executable auth mode is available for this browser session.

This request has no editable path, query, or body fields.

Request

POST /api/auth/logout

curl Equivalent

curl -X POST "https://playroom.date/api/auth/logout"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "logout": []
  },
  "error": null
}

Starts or completes the password reset flow depending on request action/body.

Authentication

Public reset token flow.

Modes: public

Permissions or Scopes

none

Request Headers

HeaderValueDescription
Content-Typeapplication/jsonJSON body with reset action data.

Parameters

NameInRequiredDescription
actionqueryNoPassword reset action.
emailbodyNoRequired for action=request.
tokenbodyNoRequired for action=complete.
passwordbodyNoRequired for action=complete.

Validation

  • Email and new password fields are validated.
  • Reset tokens are hashed server-side and expire.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

Password reset requests are rate limited by security helpers and mail policy.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -X POST -H "Content-Type: application/json" -d '{"email":"user@example.com","token":"example-token","password":"password123"}' "https://playroom.date/api/auth/password-reset"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/auth/password-reset', {
  method: 'POST',
  headers: {
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "email": "user@example.com",
    "token": "example-token",
    "password": "password123"
  }),
});
const data = await response.json();

Python

import requests

headers = {}
response = requests.post('https://playroom.date/api/auth/password-reset', headers=headers, json={"email": "user@example.com", "token": "example-token", "password": "password123"})
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "passwordReset": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

Request

POST /api/auth/password-reset?action=request

Request Payload

{}

curl Equivalent

curl -X POST -H "Content-Type: application/json" -d '{}' "https://playroom.date/api/auth/password-reset?action=request"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "passwordReset": []
  },
  "error": null
}

Sends a new email verification message for the current account when verification is required.

Authentication

Session cookie + CSRF.

Modes: logged-in user

Permissions or Scopes

current user

Request Headers

HeaderValueDescription
Cookiesession=<session_cookie>Session cookie set by the login flow.
x-csrf-token<csrfToken>Required for mutating session-authenticated requests.
Content-Typeapplication/jsonRequired when sending a JSON body.

Parameters

NameInRequiredDescription
No path, query, or body parameters.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -X POST "https://playroom.date/api/auth/resend-verification"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/auth/resend-verification', {
  method: 'POST',
});
const data = await response.json();

Python

import requests

headers = {}
response = requests.post('https://playroom.date/api/auth/resend-verification', headers=headers)
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "verification": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

No executable auth mode is available for this browser session.

This request has no editable path, query, or body fields.

Request

POST /api/auth/resend-verification

curl Equivalent

curl -X POST "https://playroom.date/api/auth/resend-verification"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "verification": []
  },
  "error": null
}

Consumes an email verification token and marks the account email as verified.

Authentication

Public signed token in query string.

Modes: public

Permissions or Scopes

none

Request Headers

HeaderValueDescription
No special headers.

Parameters

NameInRequiredDescription
tokenqueryYesEmail verification token.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl "https://playroom.date/api/auth/verify-email?token=example-token"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/auth/verify-email?token=example-token', {
  method: 'GET',
});
const data = await response.json();

Python

import requests

headers = {}
response = requests.get('https://playroom.date/api/auth/verify-email?token=example-token', headers=headers)
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "verification": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

Request

GET /api/auth/verify-email

curl Equivalent

curl "https://playroom.date/api/auth/verify-email"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "verification": []
  },
  "error": null
}