API Reference
Staff
Staff and moderation administration endpoints.
Lists role definitions, permissions, and assignment metadata for the role manager.
Authentication
Admin session.
Modes: logged-in user, API key
API key: staff:read
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| No path, query, or body parameters. | |||
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/admin/roles"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/roles', {
method: 'GET',
headers: {
"Authorization": "Bearer prapi_your_key"
},
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.get('https://playroom.date/api/admin/roles', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"roles": []
},
"error": null
}Try It
Checking sign-in state...
This request has no editable path, query, or body fields.
Request
GET /api/admin/rolescurl Equivalent
curl "https://playroom.date/api/admin/roles"Sample Response Body
{
"success": true,
"data": {
"roles": []
},
"error": null
}Creates a role definition.
Authentication
Admin session + CSRF.
Modes: logged-in user, API key
API key: staff:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| name | body | Yes | Role name, 2-50 characters. |
| level | body | Yes | Role hierarchy level, 1-100. |
| color | body | No | Optional hex color, for example #5865f2. |
| enforceWhitelistedRoles | body | No | Whether assignment is limited to whitelisted roles. |
| assignableRoles | body | No | Role IDs this role may assign. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X POST -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"name":"example-name","level":1,"color":"example-color","enforceWhitelistedRoles":true,"assignableRoles":[]}' "https://playroom.date/api/admin/roles"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/roles', {
method: 'POST',
headers: {
"Authorization": "Bearer prapi_your_key",
"Content-Type": "application/json"
},
body: JSON.stringify({
"name": "example-name",
"level": 1,
"color": "example-color",
"enforceWhitelistedRoles": true,
"assignableRoles": []
}),
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.post('https://playroom.date/api/admin/roles', headers=headers, json={"name": "example-name", "level": 1, "color": "example-color", "enforceWhitelistedRoles": True, "assignableRoles": []})
print(response.json())Example Output
{
"success": true,
"data": {
"role": []
},
"error": null
}Try It
Checking sign-in state...
Request
POST /api/admin/rolesRequest Payload
{
"name": "",
"level": "",
"assignableRoles": []
}curl Equivalent
curl -X POST -H "Content-Type: application/json" -d '{"name":"","level":"","assignableRoles":[]}' "https://playroom.date/api/admin/roles"Sample Response Body
{
"success": true,
"data": {
"role": []
},
"error": null
}Updates role metadata, hierarchy, assignable roles, or permissions.
Authentication
Admin session + CSRF.
Modes: logged-in user, API key
API key: staff:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| roleId | body | Yes | Role ID to update. |
| name | body | No | Updated role name. |
| color | body | No | Updated hex color. |
| level | body | No | Updated role hierarchy level. |
| enforceWhitelistedRoles | body | No | Whether assignment is limited to whitelisted roles. |
| assignableRoles | body | No | Role IDs this role may assign. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X PUT -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"roleId":"role_id","name":"example-name","color":"example-color","level":1,"enforceWhitelistedRoles":true,"assignableRoles":[]}' "https://playroom.date/api/admin/roles"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/roles', {
method: 'PUT',
headers: {
"Authorization": "Bearer prapi_your_key",
"Content-Type": "application/json"
},
body: JSON.stringify({
"roleId": "role_id",
"name": "example-name",
"color": "example-color",
"level": 1,
"enforceWhitelistedRoles": true,
"assignableRoles": []
}),
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.put('https://playroom.date/api/admin/roles', headers=headers, json={"roleId": "role_id", "name": "example-name", "color": "example-color", "level": 1, "enforceWhitelistedRoles": True, "assignableRoles": []})
print(response.json())Example Output
{
"success": true,
"data": {
"role": []
},
"error": null
}Try It
Checking sign-in state...
Request
PUT /api/admin/rolesRequest Payload
{
"roleId": "",
"assignableRoles": []
}curl Equivalent
curl -X PUT -H "Content-Type: application/json" -d '{"roleId":"","assignableRoles":[]}' "https://playroom.date/api/admin/roles"Sample Response Body
{
"success": true,
"data": {
"role": []
},
"error": null
}Updates role ordering/hierarchy.
Authentication
Admin session + CSRF.
Modes: logged-in user, API key
API key: staff:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| orderedRoleIds | body | Yes | Role IDs in desired order. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X PATCH -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"orderedRoleIds":[]}' "https://playroom.date/api/admin/roles"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/roles', {
method: 'PATCH',
headers: {
"Authorization": "Bearer prapi_your_key",
"Content-Type": "application/json"
},
body: JSON.stringify({
"orderedRoleIds": []
}),
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.patch('https://playroom.date/api/admin/roles', headers=headers, json={"orderedRoleIds": []})
print(response.json())Example Output
{
"success": true,
"data": {
"roles": []
},
"error": null
}Try It
Checking sign-in state...
Request
PATCH /api/admin/rolesRequest Payload
{
"orderedRoleIds": []
}curl Equivalent
curl -X PATCH -H "Content-Type: application/json" -d '{"orderedRoleIds":[]}' "https://playroom.date/api/admin/roles"Sample Response Body
{
"success": true,
"data": {
"roles": []
},
"error": null
}Deletes a role definition when hierarchy rules allow it.
Authentication
Admin session + CSRF.
Modes: logged-in user, API key
API key: staff:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| roleId | body | Yes | Role ID to delete. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X DELETE -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"roleId":"role_id"}' "https://playroom.date/api/admin/roles"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/roles', {
method: 'DELETE',
headers: {
"Authorization": "Bearer prapi_your_key",
"Content-Type": "application/json"
},
body: JSON.stringify({
"roleId": "role_id"
}),
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.delete('https://playroom.date/api/admin/roles', headers=headers, json={"roleId": "role_id"})
print(response.json())Example Output
{
"success": true,
"data": {
"role": []
},
"error": null
}Try It
Checking sign-in state...
Request
DELETE /api/admin/rolesRequest Payload
{
"roleId": ""
}curl Equivalent
curl -X DELETE -H "Content-Type: application/json" -d '{"roleId":""}' "https://playroom.date/api/admin/roles"Sample Response Body
{
"success": true,
"data": {
"role": []
},
"error": null
}Lists permission definitions and dependencies.
Authentication
Admin session.
Modes: logged-in user, API key
API key: staff:read
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| No path, query, or body parameters. | |||
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/admin/permissions"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/permissions', {
method: 'GET',
headers: {
"Authorization": "Bearer prapi_your_key"
},
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.get('https://playroom.date/api/admin/permissions', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"permissions": []
},
"error": null
}Try It
Checking sign-in state...
This request has no editable path, query, or body fields.
Request
GET /api/admin/permissionscurl Equivalent
curl "https://playroom.date/api/admin/permissions"Sample Response Body
{
"success": true,
"data": {
"permissions": []
},
"error": null
}Replaces a role permission set after dependency validation.
Authentication
Admin session + CSRF.
Modes: logged-in user, API key
API key: staff:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| roleId | body | Yes | Role ID to update. |
| permissions | body | Yes | Complete permission list for the role. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X PUT -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"roleId":"role_id","permissions":[]}' "https://playroom.date/api/admin/permissions"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/permissions', {
method: 'PUT',
headers: {
"Authorization": "Bearer prapi_your_key",
"Content-Type": "application/json"
},
body: JSON.stringify({
"roleId": "role_id",
"permissions": []
}),
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.put('https://playroom.date/api/admin/permissions', headers=headers, json={"roleId": "role_id", "permissions": []})
print(response.json())Example Output
{
"success": true,
"data": {
"permissions": []
},
"error": null
}Try It
Checking sign-in state...
Request
PUT /api/admin/permissionsRequest Payload
{
"roleId": "",
"permissions": []
}curl Equivalent
curl -X PUT -H "Content-Type: application/json" -d '{"roleId":"","permissions":[]}' "https://playroom.date/api/admin/permissions"Sample Response Body
{
"success": true,
"data": {
"permissions": []
},
"error": null
}Lists configured communities and caller moderation access.
Authentication
Admin session.
Modes: logged-in user, API key
API key: staff:read
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| No path, query, or body parameters. | |||
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/admin/communities"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/communities', {
method: 'GET',
headers: {
"Authorization": "Bearer prapi_your_key"
},
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.get('https://playroom.date/api/admin/communities', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"communities": []
},
"error": null
}Try It
Checking sign-in state...
This request has no editable path, query, or body fields.
Request
GET /api/admin/communitiescurl Equivalent
curl "https://playroom.date/api/admin/communities"Sample Response Body
{
"success": true,
"data": {
"communities": []
},
"error": null
}Creates a community and its role/user access rules.
Authentication
Admin session + CSRF.
Modes: logged-in user, API key
API key: staff:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| name | body | Yes | Community name. |
| iconUrl | body | No | Optional icon URL. |
| isDefault | body | No | Whether this is the default community. |
| allowedRoleIds | body | No | Allowed role IDs. |
| allowedUserIds | body | No | Allowed user IDs. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X POST -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"name":"example-name","iconUrl":"example-iconUrl","isDefault":true,"allowedRoleIds":[],"allowedUserIds":[]}' "https://playroom.date/api/admin/communities"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/communities', {
method: 'POST',
headers: {
"Authorization": "Bearer prapi_your_key",
"Content-Type": "application/json"
},
body: JSON.stringify({
"name": "example-name",
"iconUrl": "example-iconUrl",
"isDefault": true,
"allowedRoleIds": [],
"allowedUserIds": []
}),
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.post('https://playroom.date/api/admin/communities', headers=headers, json={"name": "example-name", "iconUrl": "example-iconUrl", "isDefault": True, "allowedRoleIds": [], "allowedUserIds": []})
print(response.json())Example Output
{
"success": true,
"data": {
"community": []
},
"error": null
}Try It
Checking sign-in state...
Request
POST /api/admin/communitiesRequest Payload
{
"name": "",
"allowedRoleIds": [],
"allowedUserIds": []
}curl Equivalent
curl -X POST -H "Content-Type: application/json" -d '{"name":"","allowedRoleIds":[],"allowedUserIds":[]}' "https://playroom.date/api/admin/communities"Sample Response Body
{
"success": true,
"data": {
"community": []
},
"error": null
}Updates community metadata and allowlists.
Authentication
Admin session + CSRF.
Modes: logged-in user, API key
API key: staff:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| id | body | Yes | Community ID to update. |
| name | body | Yes | Community name. |
| iconUrl | body | No | Optional icon URL. |
| isDefault | body | No | Whether this is the default community. |
| allowedRoleIds | body | No | Allowed role IDs. |
| allowedUserIds | body | No | Allowed user IDs. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X PUT -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"id":"resource_id","name":"example-name","iconUrl":"example-iconUrl","isDefault":true,"allowedRoleIds":[],"allowedUserIds":[]}' "https://playroom.date/api/admin/communities"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/communities', {
method: 'PUT',
headers: {
"Authorization": "Bearer prapi_your_key",
"Content-Type": "application/json"
},
body: JSON.stringify({
"id": "resource_id",
"name": "example-name",
"iconUrl": "example-iconUrl",
"isDefault": true,
"allowedRoleIds": [],
"allowedUserIds": []
}),
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.put('https://playroom.date/api/admin/communities', headers=headers, json={"id": "resource_id", "name": "example-name", "iconUrl": "example-iconUrl", "isDefault": True, "allowedRoleIds": [], "allowedUserIds": []})
print(response.json())Example Output
{
"success": true,
"data": {
"community": []
},
"error": null
}Try It
Checking sign-in state...
Request
PUT /api/admin/communitiesRequest Payload
{
"id": "",
"name": "",
"allowedRoleIds": [],
"allowedUserIds": []
}curl Equivalent
curl -X PUT -H "Content-Type: application/json" -d '{"id":"","name":"","allowedRoleIds":[],"allowedUserIds":[]}' "https://playroom.date/api/admin/communities"Sample Response Body
{
"success": true,
"data": {
"community": []
},
"error": null
}Deletes a community configuration when allowed.
Authentication
Admin session + CSRF.
Modes: logged-in user, API key
API key: staff:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| id | body | Yes | Community ID to delete. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X DELETE -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"id":"resource_id"}' "https://playroom.date/api/admin/communities"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/communities', {
method: 'DELETE',
headers: {
"Authorization": "Bearer prapi_your_key",
"Content-Type": "application/json"
},
body: JSON.stringify({
"id": "resource_id"
}),
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.delete('https://playroom.date/api/admin/communities', headers=headers, json={"id": "resource_id"})
print(response.json())Example Output
{
"success": true,
"data": {
"community": []
},
"error": null
}Try It
Checking sign-in state...
Request
DELETE /api/admin/communitiesRequest Payload
{
"id": ""
}curl Equivalent
curl -X DELETE -H "Content-Type: application/json" -d '{"id":""}' "https://playroom.date/api/admin/communities"Sample Response Body
{
"success": true,
"data": {
"community": []
},
"error": null
}Searches users for community allowlist management.
Authentication
Admin session.
Modes: logged-in user, API key
API key: staff:read
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| q | query | Yes | Search query. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/admin/communities/user-search?q=example"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/communities/user-search?q=example', {
method: 'GET',
headers: {
"Authorization": "Bearer prapi_your_key"
},
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.get('https://playroom.date/api/admin/communities/user-search?q=example', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"users": []
},
"error": null
}Try It
Checking sign-in state...
Request
GET /api/admin/communities/user-searchcurl Equivalent
curl "https://playroom.date/api/admin/communities/user-search"Sample Response Body
{
"success": true,
"data": {
"users": []
},
"error": null
}Rebuilds suspected-alt clusters from stored identity signals.
Authentication
Admin session + CSRF or actor-linked API key.
Modes: logged-in user, API key
API key: staff:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| No path, query, or body parameters. | |||
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X POST -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/admin/recompute-alts"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/recompute-alts', {
method: 'POST',
headers: {
"Authorization": "Bearer prapi_your_key"
},
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.post('https://playroom.date/api/admin/recompute-alts', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"alts": []
},
"error": null
}Try It
Checking sign-in state...
This request has no editable path, query, or body fields.
Request
POST /api/admin/recompute-altscurl Equivalent
curl -X POST "https://playroom.date/api/admin/recompute-alts"Sample Response Body
{
"success": true,
"data": {
"alts": []
},
"error": null
}Sets or resets a user password from the admin panel.
Authentication
Admin session + CSRF or actor-linked API key.
Modes: logged-in user, API key
API key: users:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| userId | body | Yes | User ID. |
| newPassword | body | Yes | New password, at least 8 characters. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X POST -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"userId":"user_id","newPassword":"password123"}' "https://playroom.date/api/admin/users/set-password"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/users/set-password', {
method: 'POST',
headers: {
"Authorization": "Bearer prapi_your_key",
"Content-Type": "application/json"
},
body: JSON.stringify({
"userId": "user_id",
"newPassword": "password123"
}),
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.post('https://playroom.date/api/admin/users/set-password', headers=headers, json={"userId": "user_id", "newPassword": "password123"})
print(response.json())Example Output
{
"success": true,
"data": {
"user": []
},
"error": null
}Try It
Checking sign-in state...
Request
POST /api/admin/users/set-passwordRequest Payload
{
"userId": "",
"newPassword": ""
}curl Equivalent
curl -X POST -H "Content-Type: application/json" -d '{"userId":"","newPassword":""}' "https://playroom.date/api/admin/users/set-password"Sample Response Body
{
"success": true,
"data": {
"user": []
},
"error": null
}Lists soft-deleted or restored accounts with pagination and search.
Authentication
Admin session.
Modes: logged-in user, API key
API key: staff:read
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| page | query | No | Page number for paginated results. |
| pageSize | query | No | Requested page size where supported by the endpoint. |
| search | query | No | Username, email, account ID, or deletion reason search. |
| status | query | No | soft_deleted or restored. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/admin/removed-accounts"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/removed-accounts', {
method: 'GET',
headers: {
"Authorization": "Bearer prapi_your_key"
},
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.get('https://playroom.date/api/admin/removed-accounts', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"users": []
},
"error": null
}Try It
Checking sign-in state...
Request
GET /api/admin/removed-accounts?page=1&pageSize=20curl Equivalent
curl "https://playroom.date/api/admin/removed-accounts?page=1&pageSize=20"Sample Response Body
{
"success": true,
"data": {
"users": []
},
"error": null
}Restores a retained soft-deleted account.
Authentication
Admin session + CSRF.
Modes: logged-in user, API key
API key: staff:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| No path, query, or body parameters. | |||
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X PATCH -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/admin/removed-accounts"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/removed-accounts', {
method: 'PATCH',
headers: {
"Authorization": "Bearer prapi_your_key"
},
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.patch('https://playroom.date/api/admin/removed-accounts', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"user": []
},
"error": null
}Try It
Checking sign-in state...
This request has no editable path, query, or body fields.
Request
PATCH /api/admin/removed-accountscurl Equivalent
curl -X PATCH "https://playroom.date/api/admin/removed-accounts"Sample Response Body
{
"success": true,
"data": {
"user": []
},
"error": null
}Permanently erases a soft-deleted account after explicit confirmation.
Authentication
Admin session + CSRF.
Modes: logged-in user, API key
API key: staff:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| No path, query, or body parameters. | |||
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X DELETE -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/admin/removed-accounts"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/admin/removed-accounts', {
method: 'DELETE',
headers: {
"Authorization": "Bearer prapi_your_key"
},
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.delete('https://playroom.date/api/admin/removed-accounts', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"deletion": []
},
"error": null
}Try It
Checking sign-in state...
This request has no editable path, query, or body fields.
Request
DELETE /api/admin/removed-accountscurl Equivalent
curl -X DELETE "https://playroom.date/api/admin/removed-accounts"Sample Response Body
{
"success": true,
"data": {
"deletion": []
},
"error": null
}