API Reference
Authentication
How API keys are issued, scoped, and sent with requests.
API Keys
API keys are issued manually by site administrators/webmasters and cannot be created through the user dashboard. Contact a webmaster to request API access.
Keys are scoped to specific capabilities, can be limited to approved IP addresses, and may restrict which fields are returned. Treat keys like passwords: do not commit them, paste them into public tickets, or expose them in browser URLs.
Header Format
Send API keys in a request header. The bearer format is preferred.
Authorization Header
Authorization: Bearer prapi_your_keyAlternative Header
x-api-key: prapi_your_keyLegacy Header
x-api-token: prapi_your_keySecurity Notes
Use the smallest scope required for the integration.
Prefer server-to-server requests. Avoid embedding keys in client-side applications.
Never put API keys in query strings. Query strings can be stored in browser history, logs, analytics, and proxy traces.
Rotate a key with a webmaster if it is exposed or no longer needed.
Returns authentication-provider availability or auth route status used by login/register UI.
Authentication
Public or session depending on current cookies.
Modes: public, logged-in user
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| No special headers. | ||
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| No path, query, or body parameters. | |||
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl "https://playroom.date/api/auth"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/auth', {
method: 'GET',
});
const data = await response.json();Python
import requests
headers = {}
response = requests.get('https://playroom.date/api/auth', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"auth": []
},
"error": null
}Try It
Checking sign-in state...
This request has no editable path, query, or body fields.
Request
GET /api/authcurl Equivalent
curl "https://playroom.date/api/auth"Sample Response Body
{
"success": true,
"data": {
"auth": []
},
"error": null
}Processes credential authentication actions for the web application.
Authentication
Public request that creates a session on success.
Modes: public, logged-in user
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Content-Type | application/json | JSON body with login/register action data. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| action | query | No | Authentication action. |
| body | Yes | Email address. | |
| password | body | Yes | Password, at least 8 characters. |
| username | body | No | Required when action is register. |
| displayName | body | No | Optional display name for registration. |
| dateOfBirth | body | No | Required YYYY-MM-DD date when action is register. |
| gender | body | No | Optional registration gender field. |
Validation
- Email, username, password, and profile fields are validated with auth schemas.
- Rate limiting applies to credential attempts.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
Credential attempts use application rate limiting.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X POST -H "Content-Type: application/json" -d '{"email":"user@example.com","password":"password123","username":"example-username","displayName":"example-displayName","dateOfBirth":"example-dateOfBirth","gender":"Female"}' "https://playroom.date/api/auth"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/auth', {
method: 'POST',
headers: {
"Content-Type": "application/json"
},
body: JSON.stringify({
"email": "user@example.com",
"password": "password123",
"username": "example-username",
"displayName": "example-displayName",
"dateOfBirth": "example-dateOfBirth",
"gender": "Female"
}),
});
const data = await response.json();Python
import requests
headers = {}
response = requests.post('https://playroom.date/api/auth', headers=headers, json={"email": "user@example.com", "password": "password123", "username": "example-username", "displayName": "example-displayName", "dateOfBirth": "example-dateOfBirth", "gender": "Female"})
print(response.json())Example Output
{
"success": true,
"data": {
"session": []
},
"error": null
}Try It
Checking sign-in state...
Request
POST /api/auth?action=loginRequest Payload
{
"email": "",
"password": "",
"gender": "Female"
}curl Equivalent
curl -X POST -H "Content-Type: application/json" -d '{"email":"","password":"","gender":"Female"}' "https://playroom.date/api/auth?action=login"Sample Response Body
{
"success": true,
"data": {
"session": []
},
"error": null
}Creates an OAuth state and returns provider redirect information for Discord or Fluxer.
Authentication
Public.
Modes: public
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Content-Type | application/json | JSON body with provider and redirect context. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| provider | body | Yes | OAuth provider to initialize. |
| dateOfBirth | body | No | Required for OAuth signup context, YYYY-MM-DD. |
| gender | body | No | Required for OAuth signup context. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X POST -H "Content-Type: application/json" -d '{"provider":"discord","dateOfBirth":"example-dateOfBirth","gender":"Female"}' "https://playroom.date/api/auth/init"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/auth/init', {
method: 'POST',
headers: {
"Content-Type": "application/json"
},
body: JSON.stringify({
"provider": "discord",
"dateOfBirth": "example-dateOfBirth",
"gender": "Female"
}),
});
const data = await response.json();Python
import requests
headers = {}
response = requests.post('https://playroom.date/api/auth/init', headers=headers, json={"provider": "discord", "dateOfBirth": "example-dateOfBirth", "gender": "Female"})
print(response.json())Example Output
{
"success": true,
"data": {
"oauth": []
},
"error": null
}Try It
Checking sign-in state...
Request
POST /api/auth/initRequest Payload
{
"provider": "discord",
"gender": "Female"
}curl Equivalent
curl -X POST -H "Content-Type: application/json" -d '{"provider":"discord","gender":"Female"}' "https://playroom.date/api/auth/init"Sample Response Body
{
"success": true,
"data": {
"oauth": []
},
"error": null
}OAuth callback endpoint that exchanges a Discord code, creates or updates the account, and sets a session cookie.
Authentication
Public OAuth callback with signed state validation.
Modes: public
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| No special headers. | ||
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| code | query | Yes | OAuth authorization code. |
| state | query | Yes | Signed OAuth state. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl "https://playroom.date/api/auth/callback/discord?code=example-code&state=example-state"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/auth/callback/discord?code=example-code&state=example-state', {
method: 'GET',
});
const data = await response.json();Python
import requests
headers = {}
response = requests.get('https://playroom.date/api/auth/callback/discord?code=example-code&state=example-state', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"redirect": []
},
"error": null
}Try It
Checking sign-in state...
Request
GET /api/auth/callback/discordcurl Equivalent
curl "https://playroom.date/api/auth/callback/discord"Sample Response Body
{
"success": true,
"data": {
"redirect": []
},
"error": null
}OAuth callback endpoint that exchanges a Fluxer code, creates or updates the account, and sets a session cookie.
Authentication
Public OAuth callback with signed state validation.
Modes: public
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| No special headers. | ||
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| code | query | Yes | OAuth authorization code. |
| state | query | Yes | Signed OAuth state. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl "https://playroom.date/api/auth/callback/fluxer?code=example-code&state=example-state"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/auth/callback/fluxer?code=example-code&state=example-state', {
method: 'GET',
});
const data = await response.json();Python
import requests
headers = {}
response = requests.get('https://playroom.date/api/auth/callback/fluxer?code=example-code&state=example-state', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"redirect": []
},
"error": null
}Try It
Checking sign-in state...
Request
GET /api/auth/callback/fluxercurl Equivalent
curl "https://playroom.date/api/auth/callback/fluxer"Sample Response Body
{
"success": true,
"data": {
"redirect": []
},
"error": null
}Returns the current session user, permissions, moderation flags, and CSRF token for authenticated UI requests.
Authentication
Session cookie.
Modes: logged-in user
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| No path, query, or body parameters. | |||
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl "https://playroom.date/api/auth/session"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/auth/session', {
method: 'GET',
});
const data = await response.json();Python
import requests
headers = {}
response = requests.get('https://playroom.date/api/auth/session', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"user": []
},
"error": null
}Try It
Checking sign-in state...
No executable auth mode is available for this browser session.
This request has no editable path, query, or body fields.
Request
GET /api/auth/sessioncurl Equivalent
curl "https://playroom.date/api/auth/session"Sample Response Body
{
"success": true,
"data": {
"user": []
},
"error": null
}Revokes the current session and clears the session cookie.
Authentication
Session cookie + CSRF.
Modes: logged-in user
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| No path, query, or body parameters. | |||
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X POST "https://playroom.date/api/auth/logout"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/auth/logout', {
method: 'POST',
});
const data = await response.json();Python
import requests
headers = {}
response = requests.post('https://playroom.date/api/auth/logout', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"logout": []
},
"error": null
}Try It
Checking sign-in state...
No executable auth mode is available for this browser session.
This request has no editable path, query, or body fields.
Request
POST /api/auth/logoutcurl Equivalent
curl -X POST "https://playroom.date/api/auth/logout"Sample Response Body
{
"success": true,
"data": {
"logout": []
},
"error": null
}Starts or completes the password reset flow depending on request action/body.
Authentication
Public reset token flow.
Modes: public
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Content-Type | application/json | JSON body with reset action data. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| action | query | No | Password reset action. |
| body | No | Required for action=request. | |
| token | body | No | Required for action=complete. |
| password | body | No | Required for action=complete. |
Validation
- Email and new password fields are validated.
- Reset tokens are hashed server-side and expire.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
Password reset requests are rate limited by security helpers and mail policy.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X POST -H "Content-Type: application/json" -d '{"email":"user@example.com","token":"example-token","password":"password123"}' "https://playroom.date/api/auth/password-reset"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/auth/password-reset', {
method: 'POST',
headers: {
"Content-Type": "application/json"
},
body: JSON.stringify({
"email": "user@example.com",
"token": "example-token",
"password": "password123"
}),
});
const data = await response.json();Python
import requests
headers = {}
response = requests.post('https://playroom.date/api/auth/password-reset', headers=headers, json={"email": "user@example.com", "token": "example-token", "password": "password123"})
print(response.json())Example Output
{
"success": true,
"data": {
"passwordReset": []
},
"error": null
}Try It
Checking sign-in state...
Request
POST /api/auth/password-reset?action=requestRequest Payload
{}curl Equivalent
curl -X POST -H "Content-Type: application/json" -d '{}' "https://playroom.date/api/auth/password-reset?action=request"Sample Response Body
{
"success": true,
"data": {
"passwordReset": []
},
"error": null
}Sends a new email verification message for the current account when verification is required.
Authentication
Session cookie + CSRF.
Modes: logged-in user
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| No path, query, or body parameters. | |||
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X POST "https://playroom.date/api/auth/resend-verification"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/auth/resend-verification', {
method: 'POST',
});
const data = await response.json();Python
import requests
headers = {}
response = requests.post('https://playroom.date/api/auth/resend-verification', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"verification": []
},
"error": null
}Try It
Checking sign-in state...
No executable auth mode is available for this browser session.
This request has no editable path, query, or body fields.
Request
POST /api/auth/resend-verificationcurl Equivalent
curl -X POST "https://playroom.date/api/auth/resend-verification"Sample Response Body
{
"success": true,
"data": {
"verification": []
},
"error": null
}Consumes an email verification token and marks the account email as verified.
Authentication
Public signed token in query string.
Modes: public
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| No special headers. | ||
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| token | query | Yes | Email verification token. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl "https://playroom.date/api/auth/verify-email?token=example-token"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/auth/verify-email?token=example-token', {
method: 'GET',
});
const data = await response.json();Python
import requests
headers = {}
response = requests.get('https://playroom.date/api/auth/verify-email?token=example-token', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"verification": []
},
"error": null
}Try It
Checking sign-in state...
Request
GET /api/auth/verify-emailcurl Equivalent
curl "https://playroom.date/api/auth/verify-email"Sample Response Body
{
"success": true,
"data": {
"verification": []
},
"error": null
}