API Reference

Users

User profile, account, and identity endpoints.

Lists users for the management UI with role and active-ban context.

Authentication

Admin session.

Modes: logged-in user, API key

API key: users:read

Permissions or Scopes

view_users

Request Headers

HeaderValueDescription
Cookiesession=<session_cookie>Session cookie set by the login flow.
AuthorizationBearer prapi_your_keyPreferred API-key header. Never send API keys in URLs.
x-api-keyprapi_your_keyAlternative API-key header.
x-api-tokenprapi_your_keyLegacy API-key header kept for backward compatibility.

Parameters

NameInRequiredDescription
pagequeryNoPage number for paginated results.
pageSizequeryNoRequested page size where supported by the endpoint.
searchqueryNoUsername, display name, email, provider ID, or user ID search.
roleIdqueryNoRepeatable role filter.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/users"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/users', {
  method: 'GET',
  headers: {
    "Authorization": "Bearer prapi_your_key"
  },
});
const data = await response.json();

Python

import requests

headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.get('https://playroom.date/api/users', headers=headers)
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "users": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

Request

GET /api/users?page=1&pageSize=20

curl Equivalent

curl "https://playroom.date/api/users?page=1&pageSize=20"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "users": []
  },
  "error": null
}

Fetches one user profile with fields allowed for the caller.

Authentication

Session.

Modes: logged-in user, API key

API key: users:read

Permissions or Scopes

self or view_users

Request Headers

HeaderValueDescription
AuthorizationBearer prapi_your_keyPreferred API-key header. Never send API keys in URLs.
x-api-keyprapi_your_keyAlternative API-key header.
x-api-tokenprapi_your_keyLegacy API-key header kept for backward compatibility.

Parameters

NameInRequiredDescription
idpathYesUser ID.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/users/resource_id"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/users/resource_id', {
  method: 'GET',
  headers: {
    "Authorization": "Bearer prapi_your_key"
  },
});
const data = await response.json();

Python

import requests

headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.get('https://playroom.date/api/users/resource_id', headers=headers)
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "user": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

Request

GET /api/users/

curl Equivalent

curl "https://playroom.date/api/users/"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "user": []
  },
  "error": null
}

Returns the current user profile and linked account state.

Authentication

Session.

Modes: logged-in user, API key

API key: users:read

Permissions or Scopes

current user

Request Headers

HeaderValueDescription
AuthorizationBearer prapi_your_keyPreferred API-key header. Never send API keys in URLs.
x-api-keyprapi_your_keyAlternative API-key header.
x-api-tokenprapi_your_keyLegacy API-key header kept for backward compatibility.

Parameters

NameInRequiredDescription
No path, query, or body parameters.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/users/profile"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/users/profile', {
  method: 'GET',
  headers: {
    "Authorization": "Bearer prapi_your_key"
  },
});
const data = await response.json();

Python

import requests

headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.get('https://playroom.date/api/users/profile', headers=headers)
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "profile": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

This request has no editable path, query, or body fields.

Request

GET /api/users/profile

curl Equivalent

curl "https://playroom.date/api/users/profile"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "profile": []
  },
  "error": null
}

Updates current user profile fields or email/password action fields.

Authentication

Session + CSRF.

Modes: logged-in user, API key

API key: users:write

Permissions or Scopes

current user

Request Headers

HeaderValueDescription
Cookiesession=<session_cookie>Session cookie set by the login flow.
x-csrf-token<csrfToken>Required for mutating session-authenticated requests.
Content-Typeapplication/jsonRequired when sending a JSON body.
AuthorizationBearer prapi_your_keyPreferred API-key header. Never send API keys in URLs.
x-api-keyprapi_your_keyAlternative API-key header.
x-api-tokenprapi_your_keyLegacy API-key header kept for backward compatibility.

Parameters

NameInRequiredDescription
actionqueryNoOptional profile sub-action.
displayNamebodyNoUpdated display name.
dateOfBirthbodyNoUpdated YYYY-MM-DD date of birth.
genderbodyNoUpdated gender.
sexualitybodyNoUpdated sexuality.
aboutMebodyNoUpdated profile bio.
newEmailbodyNoRequired when action=email.
currentPasswordbodyNoRequired when action=password.
newPasswordbodyNoRequired when action=password.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -X PUT -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"displayName":"example-displayName","dateOfBirth":"example-dateOfBirth","gender":"","sexuality":"","aboutMe":"example-aboutMe","newEmail":"example-newEmail","currentPassword":"password123","newPassword":"password123"}' "https://playroom.date/api/users/profile"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/users/profile', {
  method: 'PUT',
  headers: {
    "Authorization": "Bearer prapi_your_key",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "displayName": "example-displayName",
    "dateOfBirth": "example-dateOfBirth",
    "gender": "",
    "sexuality": "",
    "aboutMe": "example-aboutMe",
    "newEmail": "example-newEmail",
    "currentPassword": "password123",
    "newPassword": "password123"
  }),
});
const data = await response.json();

Python

import requests

headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.put('https://playroom.date/api/users/profile', headers=headers, json={"displayName": "example-displayName", "dateOfBirth": "example-dateOfBirth", "gender": "", "sexuality": "", "aboutMe": "example-aboutMe", "newEmail": "example-newEmail", "currentPassword": "password123", "newPassword": "password123"})
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "profile": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

Request

PUT /api/users/profile

Request Payload

{}

curl Equivalent

curl -X PUT -H "Content-Type: application/json" -d '{}' "https://playroom.date/api/users/profile"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "profile": []
  },
  "error": null
}

Staff endpoint for updating managed profile fields and verification state.

Authentication

Admin session + CSRF.

Modes: logged-in user, API key

API key: users:write

Permissions or Scopes

view_users plus edit_account, edit_identity, or verify_user_emails depending on fields

Request Headers

HeaderValueDescription
Cookiesession=<session_cookie>Session cookie set by the login flow.
x-csrf-token<csrfToken>Required for mutating session-authenticated requests.
Content-Typeapplication/jsonRequired when sending a JSON body.
AuthorizationBearer prapi_your_keyPreferred API-key header. Never send API keys in URLs.
x-api-keyprapi_your_keyAlternative API-key header.
x-api-tokenprapi_your_keyLegacy API-key header kept for backward compatibility.

Parameters

NameInRequiredDescription
userIdbodyYesUser ID to manage.
emailVerifiedbodyNoUpdated email verification state.
usernamebodyNoUpdated username.
emailbodyNoUpdated email address.
displayNamebodyNoUpdated display name.
dateOfBirthbodyNoUpdated YYYY-MM-DD date of birth.
genderbodyNoUpdated gender.
sexualitybodyNoUpdated sexuality.
aboutMebodyNoUpdated profile bio.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -X PUT -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"userId":"user_id","emailVerified":true,"username":"example-username","email":"user@example.com","displayName":"example-displayName","dateOfBirth":"example-dateOfBirth","gender":"","sexuality":"","aboutMe":"example-aboutMe"}' "https://playroom.date/api/users/manage"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/users/manage', {
  method: 'PUT',
  headers: {
    "Authorization": "Bearer prapi_your_key",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "userId": "user_id",
    "emailVerified": true,
    "username": "example-username",
    "email": "user@example.com",
    "displayName": "example-displayName",
    "dateOfBirth": "example-dateOfBirth",
    "gender": "",
    "sexuality": "",
    "aboutMe": "example-aboutMe"
  }),
});
const data = await response.json();

Python

import requests

headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.put('https://playroom.date/api/users/manage', headers=headers, json={"userId": "user_id", "emailVerified": True, "username": "example-username", "email": "user@example.com", "displayName": "example-displayName", "dateOfBirth": "example-dateOfBirth", "gender": "", "sexuality": "", "aboutMe": "example-aboutMe"})
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "user": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

Request

PUT /api/users/manage

Request Payload

{
  "userId": ""
}

curl Equivalent

curl -X PUT -H "Content-Type: application/json" -d '{"userId":""}' "https://playroom.date/api/users/manage"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "user": []
  },
  "error": null
}

Staff endpoint for deleting or anonymizing a user according to deletion policy.

Authentication

Admin session + CSRF.

Modes: logged-in user, API key

API key: users:write

Permissions or Scopes

delete_users

Request Headers

HeaderValueDescription
Cookiesession=<session_cookie>Session cookie set by the login flow.
x-csrf-token<csrfToken>Required for mutating session-authenticated requests.
Content-Typeapplication/jsonRequired when sending a JSON body.
AuthorizationBearer prapi_your_keyPreferred API-key header. Never send API keys in URLs.
x-api-keyprapi_your_keyAlternative API-key header.
x-api-tokenprapi_your_keyLegacy API-key header kept for backward compatibility.

Parameters

NameInRequiredDescription
userIdbodyYesUser ID to delete.
forcebodyNoForce deletion where supported.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -X DELETE -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"userId":"user_id","force":true}' "https://playroom.date/api/users/manage"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/users/manage', {
  method: 'DELETE',
  headers: {
    "Authorization": "Bearer prapi_your_key",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "userId": "user_id",
    "force": true
  }),
});
const data = await response.json();

Python

import requests

headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.delete('https://playroom.date/api/users/manage', headers=headers, json={"userId": "user_id", "force": True})
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "user": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

Request

DELETE /api/users/manage

Request Payload

{
  "userId": ""
}

curl Equivalent

curl -X DELETE -H "Content-Type: application/json" -d '{"userId":""}' "https://playroom.date/api/users/manage"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "user": []
  },
  "error": null
}

Lists roles for a target user and assignable role metadata.

Authentication

Admin session.

Modes: logged-in user, API key

API key: staff:read

Permissions or Scopes

assign_roles

Request Headers

HeaderValueDescription
Cookiesession=<session_cookie>Session cookie set by the login flow.
AuthorizationBearer prapi_your_keyPreferred API-key header. Never send API keys in URLs.
x-api-keyprapi_your_keyAlternative API-key header.
x-api-tokenprapi_your_keyLegacy API-key header kept for backward compatibility.

Parameters

NameInRequiredDescription
No path, query, or body parameters.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/users/roles"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/users/roles', {
  method: 'GET',
  headers: {
    "Authorization": "Bearer prapi_your_key"
  },
});
const data = await response.json();

Python

import requests

headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.get('https://playroom.date/api/users/roles', headers=headers)
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "roles": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

This request has no editable path, query, or body fields.

Request

GET /api/users/roles

curl Equivalent

curl "https://playroom.date/api/users/roles"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "roles": []
  },
  "error": null
}

Assigns a role to a user after hierarchy checks.

Authentication

Admin session + CSRF.

Modes: logged-in user, API key

API key: staff:write

Permissions or Scopes

assign_roles

Request Headers

HeaderValueDescription
Cookiesession=<session_cookie>Session cookie set by the login flow.
x-csrf-token<csrfToken>Required for mutating session-authenticated requests.
Content-Typeapplication/jsonRequired when sending a JSON body.
AuthorizationBearer prapi_your_keyPreferred API-key header. Never send API keys in URLs.
x-api-keyprapi_your_keyAlternative API-key header.
x-api-tokenprapi_your_keyLegacy API-key header kept for backward compatibility.

Parameters

NameInRequiredDescription
userIdbodyYesUser ID.
roleIdbodyYesRole ID to assign.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -X POST -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"userId":"user_id","roleId":"role_id"}' "https://playroom.date/api/users/roles"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/users/roles', {
  method: 'POST',
  headers: {
    "Authorization": "Bearer prapi_your_key",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "userId": "user_id",
    "roleId": "role_id"
  }),
});
const data = await response.json();

Python

import requests

headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.post('https://playroom.date/api/users/roles', headers=headers, json={"userId": "user_id", "roleId": "role_id"})
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "role": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

Request

POST /api/users/roles

Request Payload

{
  "userId": "",
  "roleId": ""
}

curl Equivalent

curl -X POST -H "Content-Type: application/json" -d '{"userId":"","roleId":""}' "https://playroom.date/api/users/roles"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "role": []
  },
  "error": null
}

Replaces or updates role assignments according to hierarchy rules.

Authentication

Admin session + CSRF.

Modes: logged-in user, API key

API key: staff:write

Permissions or Scopes

assign_roles

Request Headers

HeaderValueDescription
Cookiesession=<session_cookie>Session cookie set by the login flow.
x-csrf-token<csrfToken>Required for mutating session-authenticated requests.
Content-Typeapplication/jsonRequired when sending a JSON body.
AuthorizationBearer prapi_your_keyPreferred API-key header. Never send API keys in URLs.
x-api-keyprapi_your_keyAlternative API-key header.
x-api-tokenprapi_your_keyLegacy API-key header kept for backward compatibility.

Parameters

NameInRequiredDescription
userIdbodyYesUser ID.
roleIdsbodyYesComplete role ID list.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -X PUT -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"userId":"user_id","roleIds":[]}' "https://playroom.date/api/users/roles"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/users/roles', {
  method: 'PUT',
  headers: {
    "Authorization": "Bearer prapi_your_key",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "userId": "user_id",
    "roleIds": []
  }),
});
const data = await response.json();

Python

import requests

headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.put('https://playroom.date/api/users/roles', headers=headers, json={"userId": "user_id", "roleIds": []})
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "roles": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

Request

PUT /api/users/roles

Request Payload

{
  "userId": "",
  "roleIds": []
}

curl Equivalent

curl -X PUT -H "Content-Type: application/json" -d '{"userId":"","roleIds":[]}' "https://playroom.date/api/users/roles"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "roles": []
  },
  "error": null
}

Removes a role from a user after hierarchy checks.

Authentication

Admin session + CSRF.

Modes: logged-in user, API key

API key: staff:write

Permissions or Scopes

assign_roles

Request Headers

HeaderValueDescription
Cookiesession=<session_cookie>Session cookie set by the login flow.
x-csrf-token<csrfToken>Required for mutating session-authenticated requests.
Content-Typeapplication/jsonRequired when sending a JSON body.
AuthorizationBearer prapi_your_keyPreferred API-key header. Never send API keys in URLs.
x-api-keyprapi_your_keyAlternative API-key header.
x-api-tokenprapi_your_keyLegacy API-key header kept for backward compatibility.

Parameters

NameInRequiredDescription
userIdbodyYesUser ID.
roleIdbodyYesRole ID to remove.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -X DELETE -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"userId":"user_id","roleId":"role_id"}' "https://playroom.date/api/users/roles"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/users/roles', {
  method: 'DELETE',
  headers: {
    "Authorization": "Bearer prapi_your_key",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "userId": "user_id",
    "roleId": "role_id"
  }),
});
const data = await response.json();

Python

import requests

headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.delete('https://playroom.date/api/users/roles', headers=headers, json={"userId": "user_id", "roleId": "role_id"})
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "role": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

Request

DELETE /api/users/roles

Request Payload

{
  "userId": "",
  "roleId": ""
}

curl Equivalent

curl -X DELETE -H "Content-Type: application/json" -d '{"userId":"","roleId":""}' "https://playroom.date/api/users/roles"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "role": []
  },
  "error": null
}

Returns suspected alternate account clusters for moderation review. Updating a review outcome requires review_alts.

Authentication

Admin session.

Modes: logged-in user, API key

API key: staff:read

Permissions or Scopes

view_alts

Request Headers

HeaderValueDescription
Cookiesession=<session_cookie>Session cookie set by the login flow.
AuthorizationBearer prapi_your_keyPreferred API-key header. Never send API keys in URLs.
x-api-keyprapi_your_keyAlternative API-key header.
x-api-tokenprapi_your_keyLegacy API-key header kept for backward compatibility.

Parameters

NameInRequiredDescription
No path, query, or body parameters.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/users/alts"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/users/alts', {
  method: 'GET',
  headers: {
    "Authorization": "Bearer prapi_your_key"
  },
});
const data = await response.json();

Python

import requests

headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.get('https://playroom.date/api/users/alts', headers=headers)
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "alts": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

This request has no editable path, query, or body fields.

Request

GET /api/users/alts

curl Equivalent

curl "https://playroom.date/api/users/alts"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "alts": []
  },
  "error": null
}

Returns ban/punishment information for a user context.

Authentication

Session.

Modes: logged-in user, API key

API key: bans:read

Permissions or Scopes

self or view_bans

Request Headers

HeaderValueDescription
AuthorizationBearer prapi_your_keyPreferred API-key header. Never send API keys in URLs.
x-api-keyprapi_your_keyAlternative API-key header.
x-api-tokenprapi_your_keyLegacy API-key header kept for backward compatibility.

Parameters

NameInRequiredDescription
No path, query, or body parameters.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -H "Authorization: Bearer prapi_your_key" "https://playroom.date/api/users/punishments"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/users/punishments', {
  method: 'GET',
  headers: {
    "Authorization": "Bearer prapi_your_key"
  },
});
const data = await response.json();

Python

import requests

headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.get('https://playroom.date/api/users/punishments', headers=headers)
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "punishments": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

This request has no editable path, query, or body fields.

Request

GET /api/users/punishments

curl Equivalent

curl "https://playroom.date/api/users/punishments"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "punishments": []
  },
  "error": null
}

Starts the current user account deletion lifecycle.

Authentication

Session + CSRF.

Modes: logged-in user

Permissions or Scopes

current user

Request Headers

HeaderValueDescription
Cookiesession=<session_cookie>Session cookie set by the login flow.
x-csrf-token<csrfToken>Required for mutating session-authenticated requests.
Content-Typeapplication/jsonRequired when sending a JSON body.

Parameters

NameInRequiredDescription
No path, query, or body parameters.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -X DELETE "https://playroom.date/api/users/delete"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/users/delete', {
  method: 'DELETE',
});
const data = await response.json();

Python

import requests

headers = {}
response = requests.delete('https://playroom.date/api/users/delete', headers=headers)
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "deletion": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

No executable auth mode is available for this browser session.

This request has no editable path, query, or body fields.

Request

DELETE /api/users/delete

curl Equivalent

curl -X DELETE "https://playroom.date/api/users/delete"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "deletion": []
  },
  "error": null
}

Cancels a pending current-user account deletion request.

Authentication

Session + CSRF.

Modes: logged-in user

Permissions or Scopes

current user

Request Headers

HeaderValueDescription
Cookiesession=<session_cookie>Session cookie set by the login flow.
x-csrf-token<csrfToken>Required for mutating session-authenticated requests.
Content-Typeapplication/jsonRequired when sending a JSON body.

Parameters

NameInRequiredDescription
No path, query, or body parameters.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -X PATCH "https://playroom.date/api/users/delete"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/users/delete', {
  method: 'PATCH',
});
const data = await response.json();

Python

import requests

headers = {}
response = requests.patch('https://playroom.date/api/users/delete', headers=headers)
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "deletion": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

No executable auth mode is available for this browser session.

This request has no editable path, query, or body fields.

Request

PATCH /api/users/delete

curl Equivalent

curl -X PATCH "https://playroom.date/api/users/delete"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "deletion": []
  },
  "error": null
}

Permanently erases a soft-deleted user after explicit confirmation.

Authentication

Admin session + CSRF.

Modes: logged-in user, API key

API key: users:write

Permissions or Scopes

delete_users

Request Headers

HeaderValueDescription
Cookiesession=<session_cookie>Session cookie set by the login flow.
x-csrf-token<csrfToken>Required for mutating session-authenticated requests.
Content-Typeapplication/jsonRequired when sending a JSON body.
AuthorizationBearer prapi_your_keyPreferred API-key header. Never send API keys in URLs.
x-api-keyprapi_your_keyAlternative API-key header.
x-api-tokenprapi_your_keyLegacy API-key header kept for backward compatibility.

Parameters

NameInRequiredDescription
userIdbodyYesDeleted user ID to erase.

Validation

  • Request parameters and JSON payloads are validated server-side.
  • Mutating session-authenticated requests require CSRF validation.
  • Permission checks run before privileged data is returned or modified.

Errors

400 Invalid input, missing parameters, or validation failure.

401 Authentication is missing or invalid.

403 The authenticated principal lacks the required permission or scope.

404 The requested resource was not found.

500 Unexpected server error.

Rate Limits

No endpoint-specific public rate limit is documented. Authentication and abuse controls still apply.

Examples and Try It

Request examples, sample output, and the live tester below apply only to this endpoint.

cURL

curl -X POST -H "Authorization: Bearer prapi_your_key" -H "Content-Type: application/json" -d '{"userId":"user_id"}' "https://playroom.date/api/users/erase"

JavaScript / TypeScript

const response = await fetch('https://playroom.date/api/users/erase', {
  method: 'POST',
  headers: {
    "Authorization": "Bearer prapi_your_key",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "userId": "user_id"
  }),
});
const data = await response.json();

Python

import requests

headers = {"Authorization": "Bearer prapi_your_key"}
response = requests.post('https://playroom.date/api/users/erase', headers=headers, json={"userId": "user_id"})
print(response.json())

Example Output

{
  "success": true,
  "data": {
    "deletion": []
  },
  "error": null
}

Try It

Checking sign-in state...

Auth: No authentication

Request

POST /api/users/erase

Request Payload

{
  "userId": ""
}

curl Equivalent

curl -X POST -H "Content-Type: application/json" -d '{"userId":""}' "https://playroom.date/api/users/erase"
Sample Response

Sample Response Body

{
  "success": true,
  "data": {
    "deletion": []
  },
  "error": null
}