API Reference
Users
User profile, account, and identity endpoints.
Lists users for the management UI with role and active-ban context.
Authentication
Admin session.
Modes: logged-in user, API key
API key: users:read
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| page | query | No | Page number for paginated results. |
| pageSize | query | No | Requested page size where supported by the endpoint. |
| search | query | No | Username, display name, email, provider ID, or user ID search. |
| roleId | query | No | Repeatable role filter. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/users"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/users', {
method: 'GET',
headers: {
"Authorization": "Bearer prapi_your_key"
},
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.get('https://playroom.date/api/users', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"users": []
},
"error": null
}Try It
Checking sign-in state...
Request
GET /api/users?page=1&pageSize=20curl Equivalent
curl "https://playroom.date/api/users?page=1&pageSize=20"Sample Response Body
{
"success": true,
"data": {
"users": []
},
"error": null
}Fetches one user profile with fields allowed for the caller.
Authentication
Session.
Modes: logged-in user, API key
API key: users:read
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| id | path | Yes | User ID. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/users/resource_id"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/users/resource_id', {
method: 'GET',
headers: {
"Authorization": "Bearer prapi_your_key"
},
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.get('https://playroom.date/api/users/resource_id', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"user": []
},
"error": null
}Try It
Checking sign-in state...
Request
GET /api/users/curl Equivalent
curl "https://playroom.date/api/users/"Sample Response Body
{
"success": true,
"data": {
"user": []
},
"error": null
}Returns the current user profile and linked account state.
Authentication
Session.
Modes: logged-in user, API key
API key: users:read
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| No path, query, or body parameters. | |||
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/users/profile"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/users/profile', {
method: 'GET',
headers: {
"Authorization": "Bearer prapi_your_key"
},
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.get('https://playroom.date/api/users/profile', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"profile": []
},
"error": null
}Try It
Checking sign-in state...
This request has no editable path, query, or body fields.
Request
GET /api/users/profilecurl Equivalent
curl "https://playroom.date/api/users/profile"Sample Response Body
{
"success": true,
"data": {
"profile": []
},
"error": null
}Updates current user profile fields or email/password action fields.
Authentication
Session + CSRF.
Modes: logged-in user, API key
API key: users:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| action | query | No | Optional profile sub-action. |
| displayName | body | No | Updated display name. |
| dateOfBirth | body | No | Updated YYYY-MM-DD date of birth. |
| gender | body | No | Updated gender. |
| sexuality | body | No | Updated sexuality. |
| aboutMe | body | No | Updated profile bio. |
| newEmail | body | No | Required when action=email. |
| currentPassword | body | No | Required when action=password. |
| newPassword | body | No | Required when action=password. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X PUT -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"displayName":"example-displayName","dateOfBirth":"example-dateOfBirth","gender":"","sexuality":"","aboutMe":"example-aboutMe","newEmail":"example-newEmail","currentPassword":"password123","newPassword":"password123"}' "https://playroom.date/api/users/profile"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/users/profile', {
method: 'PUT',
headers: {
"Authorization": "Bearer prapi_your_key",
"Content-Type": "application/json"
},
body: JSON.stringify({
"displayName": "example-displayName",
"dateOfBirth": "example-dateOfBirth",
"gender": "",
"sexuality": "",
"aboutMe": "example-aboutMe",
"newEmail": "example-newEmail",
"currentPassword": "password123",
"newPassword": "password123"
}),
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.put('https://playroom.date/api/users/profile', headers=headers, json={"displayName": "example-displayName", "dateOfBirth": "example-dateOfBirth", "gender": "", "sexuality": "", "aboutMe": "example-aboutMe", "newEmail": "example-newEmail", "currentPassword": "password123", "newPassword": "password123"})
print(response.json())Example Output
{
"success": true,
"data": {
"profile": []
},
"error": null
}Try It
Checking sign-in state...
Request
PUT /api/users/profileRequest Payload
{}curl Equivalent
curl -X PUT -H "Content-Type: application/json" -d '{}' "https://playroom.date/api/users/profile"Sample Response Body
{
"success": true,
"data": {
"profile": []
},
"error": null
}Staff endpoint for updating managed profile fields and verification state.
Authentication
Admin session + CSRF.
Modes: logged-in user, API key
API key: users:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| userId | body | Yes | User ID to manage. |
| emailVerified | body | No | Updated email verification state. |
| username | body | No | Updated username. |
| body | No | Updated email address. | |
| displayName | body | No | Updated display name. |
| dateOfBirth | body | No | Updated YYYY-MM-DD date of birth. |
| gender | body | No | Updated gender. |
| sexuality | body | No | Updated sexuality. |
| aboutMe | body | No | Updated profile bio. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X PUT -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"userId":"user_id","emailVerified":true,"username":"example-username","email":"user@example.com","displayName":"example-displayName","dateOfBirth":"example-dateOfBirth","gender":"","sexuality":"","aboutMe":"example-aboutMe"}' "https://playroom.date/api/users/manage"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/users/manage', {
method: 'PUT',
headers: {
"Authorization": "Bearer prapi_your_key",
"Content-Type": "application/json"
},
body: JSON.stringify({
"userId": "user_id",
"emailVerified": true,
"username": "example-username",
"email": "user@example.com",
"displayName": "example-displayName",
"dateOfBirth": "example-dateOfBirth",
"gender": "",
"sexuality": "",
"aboutMe": "example-aboutMe"
}),
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.put('https://playroom.date/api/users/manage', headers=headers, json={"userId": "user_id", "emailVerified": True, "username": "example-username", "email": "user@example.com", "displayName": "example-displayName", "dateOfBirth": "example-dateOfBirth", "gender": "", "sexuality": "", "aboutMe": "example-aboutMe"})
print(response.json())Example Output
{
"success": true,
"data": {
"user": []
},
"error": null
}Try It
Checking sign-in state...
Request
PUT /api/users/manageRequest Payload
{
"userId": ""
}curl Equivalent
curl -X PUT -H "Content-Type: application/json" -d '{"userId":""}' "https://playroom.date/api/users/manage"Sample Response Body
{
"success": true,
"data": {
"user": []
},
"error": null
}Staff endpoint for deleting or anonymizing a user according to deletion policy.
Authentication
Admin session + CSRF.
Modes: logged-in user, API key
API key: users:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| userId | body | Yes | User ID to delete. |
| force | body | No | Force deletion where supported. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X DELETE -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"userId":"user_id","force":true}' "https://playroom.date/api/users/manage"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/users/manage', {
method: 'DELETE',
headers: {
"Authorization": "Bearer prapi_your_key",
"Content-Type": "application/json"
},
body: JSON.stringify({
"userId": "user_id",
"force": true
}),
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.delete('https://playroom.date/api/users/manage', headers=headers, json={"userId": "user_id", "force": True})
print(response.json())Example Output
{
"success": true,
"data": {
"user": []
},
"error": null
}Try It
Checking sign-in state...
Request
DELETE /api/users/manageRequest Payload
{
"userId": ""
}curl Equivalent
curl -X DELETE -H "Content-Type: application/json" -d '{"userId":""}' "https://playroom.date/api/users/manage"Sample Response Body
{
"success": true,
"data": {
"user": []
},
"error": null
}Lists roles for a target user and assignable role metadata.
Authentication
Admin session.
Modes: logged-in user, API key
API key: staff:read
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| No path, query, or body parameters. | |||
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/users/roles"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/users/roles', {
method: 'GET',
headers: {
"Authorization": "Bearer prapi_your_key"
},
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.get('https://playroom.date/api/users/roles', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"roles": []
},
"error": null
}Try It
Checking sign-in state...
This request has no editable path, query, or body fields.
Request
GET /api/users/rolescurl Equivalent
curl "https://playroom.date/api/users/roles"Sample Response Body
{
"success": true,
"data": {
"roles": []
},
"error": null
}Assigns a role to a user after hierarchy checks.
Authentication
Admin session + CSRF.
Modes: logged-in user, API key
API key: staff:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| userId | body | Yes | User ID. |
| roleId | body | Yes | Role ID to assign. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X POST -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"userId":"user_id","roleId":"role_id"}' "https://playroom.date/api/users/roles"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/users/roles', {
method: 'POST',
headers: {
"Authorization": "Bearer prapi_your_key",
"Content-Type": "application/json"
},
body: JSON.stringify({
"userId": "user_id",
"roleId": "role_id"
}),
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.post('https://playroom.date/api/users/roles', headers=headers, json={"userId": "user_id", "roleId": "role_id"})
print(response.json())Example Output
{
"success": true,
"data": {
"role": []
},
"error": null
}Try It
Checking sign-in state...
Request
POST /api/users/rolesRequest Payload
{
"userId": "",
"roleId": ""
}curl Equivalent
curl -X POST -H "Content-Type: application/json" -d '{"userId":"","roleId":""}' "https://playroom.date/api/users/roles"Sample Response Body
{
"success": true,
"data": {
"role": []
},
"error": null
}Replaces or updates role assignments according to hierarchy rules.
Authentication
Admin session + CSRF.
Modes: logged-in user, API key
API key: staff:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| userId | body | Yes | User ID. |
| roleIds | body | Yes | Complete role ID list. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X PUT -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"userId":"user_id","roleIds":[]}' "https://playroom.date/api/users/roles"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/users/roles', {
method: 'PUT',
headers: {
"Authorization": "Bearer prapi_your_key",
"Content-Type": "application/json"
},
body: JSON.stringify({
"userId": "user_id",
"roleIds": []
}),
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.put('https://playroom.date/api/users/roles', headers=headers, json={"userId": "user_id", "roleIds": []})
print(response.json())Example Output
{
"success": true,
"data": {
"roles": []
},
"error": null
}Try It
Checking sign-in state...
Request
PUT /api/users/rolesRequest Payload
{
"userId": "",
"roleIds": []
}curl Equivalent
curl -X PUT -H "Content-Type: application/json" -d '{"userId":"","roleIds":[]}' "https://playroom.date/api/users/roles"Sample Response Body
{
"success": true,
"data": {
"roles": []
},
"error": null
}Removes a role from a user after hierarchy checks.
Authentication
Admin session + CSRF.
Modes: logged-in user, API key
API key: staff:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| userId | body | Yes | User ID. |
| roleId | body | Yes | Role ID to remove. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X DELETE -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"userId":"user_id","roleId":"role_id"}' "https://playroom.date/api/users/roles"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/users/roles', {
method: 'DELETE',
headers: {
"Authorization": "Bearer prapi_your_key",
"Content-Type": "application/json"
},
body: JSON.stringify({
"userId": "user_id",
"roleId": "role_id"
}),
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.delete('https://playroom.date/api/users/roles', headers=headers, json={"userId": "user_id", "roleId": "role_id"})
print(response.json())Example Output
{
"success": true,
"data": {
"role": []
},
"error": null
}Try It
Checking sign-in state...
Request
DELETE /api/users/rolesRequest Payload
{
"userId": "",
"roleId": ""
}curl Equivalent
curl -X DELETE -H "Content-Type: application/json" -d '{"userId":"","roleId":""}' "https://playroom.date/api/users/roles"Sample Response Body
{
"success": true,
"data": {
"role": []
},
"error": null
}Returns suspected alternate account clusters for moderation review. Updating a review outcome requires review_alts.
Authentication
Admin session.
Modes: logged-in user, API key
API key: staff:read
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| No path, query, or body parameters. | |||
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/users/alts"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/users/alts', {
method: 'GET',
headers: {
"Authorization": "Bearer prapi_your_key"
},
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.get('https://playroom.date/api/users/alts', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"alts": []
},
"error": null
}Try It
Checking sign-in state...
This request has no editable path, query, or body fields.
Request
GET /api/users/altscurl Equivalent
curl "https://playroom.date/api/users/alts"Sample Response Body
{
"success": true,
"data": {
"alts": []
},
"error": null
}Returns ban/punishment information for a user context.
Authentication
Session.
Modes: logged-in user, API key
API key: bans:read
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| No path, query, or body parameters. | |||
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/users/punishments"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/users/punishments', {
method: 'GET',
headers: {
"Authorization": "Bearer prapi_your_key"
},
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.get('https://playroom.date/api/users/punishments', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"punishments": []
},
"error": null
}Try It
Checking sign-in state...
This request has no editable path, query, or body fields.
Request
GET /api/users/punishmentscurl Equivalent
curl "https://playroom.date/api/users/punishments"Sample Response Body
{
"success": true,
"data": {
"punishments": []
},
"error": null
}Starts the current user account deletion lifecycle.
Authentication
Session + CSRF.
Modes: logged-in user
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| No path, query, or body parameters. | |||
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X DELETE "https://playroom.date/api/users/delete"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/users/delete', {
method: 'DELETE',
});
const data = await response.json();Python
import requests
headers = {}
response = requests.delete('https://playroom.date/api/users/delete', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"deletion": []
},
"error": null
}Try It
Checking sign-in state...
No executable auth mode is available for this browser session.
This request has no editable path, query, or body fields.
Request
DELETE /api/users/deletecurl Equivalent
curl -X DELETE "https://playroom.date/api/users/delete"Sample Response Body
{
"success": true,
"data": {
"deletion": []
},
"error": null
}Cancels a pending current-user account deletion request.
Authentication
Session + CSRF.
Modes: logged-in user
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| No path, query, or body parameters. | |||
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X PATCH "https://playroom.date/api/users/delete"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/users/delete', {
method: 'PATCH',
});
const data = await response.json();Python
import requests
headers = {}
response = requests.patch('https://playroom.date/api/users/delete', headers=headers)
print(response.json())Example Output
{
"success": true,
"data": {
"deletion": []
},
"error": null
}Try It
Checking sign-in state...
No executable auth mode is available for this browser session.
This request has no editable path, query, or body fields.
Request
PATCH /api/users/deletecurl Equivalent
curl -X PATCH "https://playroom.date/api/users/delete"Sample Response Body
{
"success": true,
"data": {
"deletion": []
},
"error": null
}Permanently erases a soft-deleted user after explicit confirmation.
Authentication
Admin session + CSRF.
Modes: logged-in user, API key
API key: users:write
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
| Authorization | Bearer prapi_your_key | Preferred API-key header. Never send API keys in URLs. |
| x-api-key | prapi_your_key | Alternative API-key header. |
| x-api-token | prapi_your_key | Legacy API-key header kept for backward compatibility. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| userId | body | Yes | Deleted user ID to erase. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X POST -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"userId":"user_id"}' "https://playroom.date/api/users/erase"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/users/erase', {
method: 'POST',
headers: {
"Authorization": "Bearer prapi_your_key",
"Content-Type": "application/json"
},
body: JSON.stringify({
"userId": "user_id"
}),
});
const data = await response.json();Python
import requests
headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.post('https://playroom.date/api/users/erase', headers=headers, json={"userId": "user_id"})
print(response.json())Example Output
{
"success": true,
"data": {
"deletion": []
},
"error": null
}Try It
Checking sign-in state...
Request
POST /api/users/eraseRequest Payload
{
"userId": ""
}curl Equivalent
curl -X POST -H "Content-Type: application/json" -d '{"userId":""}' "https://playroom.date/api/users/erase"Sample Response Body
{
"success": true,
"data": {
"deletion": []
},
"error": null
}Unlinks a Discord or Fluxer provider account from the current user.
Authentication
Session + CSRF.
Modes: logged-in user
Permissions or Scopes
Request Headers
| Header | Value | Description |
|---|---|---|
| Cookie | session=<session_cookie> | Session cookie set by the login flow. |
| x-csrf-token | <csrfToken> | Required for mutating session-authenticated requests. |
| Content-Type | application/json | Required when sending a JSON body. |
Parameters
| Name | In | Required | Description |
|---|---|---|---|
| provider | body | Yes | Provider to unlink. |
Validation
- Request parameters and JSON payloads are validated server-side.
- Mutating session-authenticated requests require CSRF validation.
- Permission checks run before privileged data is returned or modified.
Errors
400 Invalid input, missing parameters, or validation failure.
401 Authentication is missing or invalid.
403 The authenticated principal lacks the required permission or scope.
404 The requested resource was not found.
500 Unexpected server error.
Rate Limits
No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.
Examples and Try It
Request examples, sample output, and the live tester below apply only to this endpoint.
cURL
curl -X POST -H "Content-Type: application/json" -d '{"provider":"discord"}' "https://playroom.date/api/users/unlink"JavaScript / TypeScript
const response = await fetch('https://playroom.date/api/users/unlink', {
method: 'POST',
headers: {
"Content-Type": "application/json"
},
body: JSON.stringify({
"provider": "discord"
}),
});
const data = await response.json();Python
import requests
headers = {}
response = requests.post('https://playroom.date/api/users/unlink', headers=headers, json={"provider": "discord"})
print(response.json())Example Output
{
"success": true,
"data": {
"account": []
},
"error": null
}Try It
Checking sign-in state...
No executable auth mode is available for this browser session.
Request
POST /api/users/unlinkRequest Payload
{
"provider": "discord"
}curl Equivalent
curl -X POST -H "Content-Type: application/json" -d '{"provider":"discord"}' "https://playroom.date/api/users/unlink"Sample Response Body
{
"success": true,
"data": {
"account": []
},
"error": null
}