3 Requests that require it can be authenticated with [an OAuth token](https://tools.ietf.org/html/rfc6749), the `_pleroma_key` cookie, or [HTTP Basic Authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization).
5 Request parameters can be passed via [query strings](https://en.wikipedia.org/wiki/Query_string) or as [form data](https://www.w3.org/TR/html401/interact/forms.html). Files must be uploaded as `multipart/form-data`.
7 ## `/api/pleroma/emoji`
8 ### Lists the custom emoji on that server.
10 * Authentication: not required
20 "image_url": "/finmoji/128px/girlpower-128.png"
26 "image_url": "/finmoji/128px/education-128.png"
32 "image_url": "/finmoji/128px/finnishlove-128.png"
36 * Note: Same data as Mastodon API’s `/api/v1/custom_emojis` but in a different format
38 ## `/api/pleroma/follow_import`
39 ### Imports your follows, for example from a Mastodon CSV file.
41 * Authentication: required
43 * `list`: STRING or FILE containing a whitespace-separated list of accounts to follow
44 * Response: HTTP 200 on success, 500 on error
45 * Note: Users that can't be followed are silently skipped.
47 ## `/api/pleroma/captcha`
50 * Authentication: not required
52 * Response: Provider specific JSON, the only guaranteed parameter is `type`
53 * Example response: `{"type": "kocaptcha", "token": "whatever", "url": "https://captcha.kotobank.ch/endpoint"}`
55 ## `/api/pleroma/delete_account`
58 * Authentication: required
60 * `password`: user's password
61 * Response: JSON. Returns `{"status": "success"}` if the deletion was successful, `{"error": "[error message]"}` otherwise
62 * Example response: `{"error": "Invalid password."}`
64 ## `/api/pleroma/disable_account`
65 ### Disable an account
67 * Authentication: required
69 * `password`: user's password
70 * Response: JSON. Returns `{"status": "success"}` if the account was successfully disabled, `{"error": "[error message]"}` otherwise
71 * Example response: `{"error": "Invalid password."}`
73 ## `/api/pleroma/accounts/mfa`
74 #### Gets current MFA settings
76 * Authentication: required
77 * OAuth scope: `read:security`
78 * Response: JSON. Returns `{"enabled": "false", "totp": false }`
80 ## `/api/pleroma/accounts/mfa/setup/totp`
81 #### Pre-setup the MFA/TOTP method
83 * Authentication: required
84 * OAuth scope: `write:security`
85 * Response: JSON. Returns `{"key": [secret_key], "provisioning_uri": "[qr code uri]" }` when successful, otherwise returns HTTP 422 `{"error": "error_msg"}`
87 ## `/api/pleroma/accounts/mfa/confirm/totp`
88 #### Confirms & enables MFA/TOTP support for user account.
90 * Authentication: required
91 * OAuth scope: `write:security`
93 * `password`: user's password
94 * `code`: token from TOTP App
95 * Response: JSON. Returns `{}` if the enable was successful, HTTP 422 `{"error": "[error message]"}` otherwise
98 ## `/api/pleroma/accounts/mfa/totp`
99 #### Disables MFA/TOTP method for user account.
101 * Authentication: required
102 * OAuth scope: `write:security`
104 * `password`: user's password
105 * Response: JSON. Returns `{}` if the disable was successful, HTTP 422 `{"error": "[error message]"}` otherwise
106 * Example response: `{"error": "Invalid password."}`
108 ## `/api/pleroma/accounts/mfa/backup_codes`
109 #### Generstes backup codes MFA for user account.
111 * Authentication: required
112 * OAuth scope: `write:security`
113 * Response: JSON. Returns `{"codes": codes}`when successful, otherwise HTTP 422 `{"error": "[error message]"}`
115 ## `/api/pleroma/admin/`
116 See [Admin-API](admin_api.md)
118 ## `/api/v1/pleroma/notifications/read`
119 ### Mark notifications as read
121 * Authentication: required
122 * Params (mutually exclusive):
123 * `id`: a single notification id to read
124 * `max_id`: read all notifications up to this id
125 * Response: Notification entity/Array of Notification entities that were read. In case of `max_id`, only the first 80 read notifications will be returned.
127 ## `/api/v1/pleroma/accounts/:id/subscribe`
128 ### Subscribe to receive notifications for all statuses posted by a user
130 * Authentication: required
132 * `id`: account id to subscribe to
133 * Response: JSON, returns a mastodon relationship object on success, otherwise returns `{"error": "error_msg"}`
139 "followed_by": false,
142 "muting_notifications": false,
145 "domain_blocking": false,
146 "showing_reblogs": true,
151 ## `/api/v1/pleroma/accounts/:id/unsubscribe`
152 ### Unsubscribe to stop receiving notifications from user statuses
154 * Authentication: required
156 * `id`: account id to unsubscribe from
157 * Response: JSON, returns a mastodon relationship object on success, otherwise returns `{"error": "error_msg"}`
163 "followed_by": false,
166 "muting_notifications": false,
167 "subscribing": false,
169 "domain_blocking": false,
170 "showing_reblogs": true,
175 ## `/api/v1/pleroma/accounts/:id/favourites`
176 ### Returns favorites timeline of any user
178 * Authentication: not required
180 * `id`: the id of the account for whom to return results
181 * `limit`: optional, the number of records to retrieve
182 * `since_id`: optional, returns results that are more recent than the specified id
183 * `max_id`: optional, returns results that are older than the specified id
184 * Response: JSON, returns a list of Mastodon Status entities on success, otherwise returns `{"error": "error_msg"}`
190 "id": "9hptFmUF3ztxYh3Svg",
191 "url": "https://pleroma.example.org/users/nick2",
195 "application": {"name": "Web", "website": null},
198 "content": "This is :moominmamma: note 0",
199 "created_at": "2019-04-15T15:42:15.000Z",
202 "favourites_count": 1,
203 "id": "9hptFmVJ02khbzYJaS",
204 "in_reply_to_account_id": null,
205 "in_reply_to_id": null,
207 "media_attachments": [],
212 "content": {"text/plain": "This is :moominmamma: note 0"},
213 "conversation_id": 13679,
215 "spoiler_text": {"text/plain": "2hu"}
222 "spoiler_text": "2hu",
223 "tags": [{"name": "2hu", "url": "/tag/2hu"}],
224 "uri": "https://pleroma.example.org/objects/198ed2a1-7912-4482-b559-244a0369e984",
225 "url": "https://pleroma.example.org/notice/9hptFmVJ02khbzYJaS",
226 "visibility": "public"
231 ## `/api/v1/pleroma/accounts/update_*`
232 ### Set and clear account avatar, banner, and background
234 - PATCH `/api/v1/pleroma/accounts/update_avatar`: Set/clear user avatar image
235 - PATCH `/api/v1/pleroma/accounts/update_banner`: Set/clear user banner image
236 - PATCH `/api/v1/pleroma/accounts/update_background`: Set/clear user background image
238 ## `/api/v1/pleroma/accounts/confirmation_resend`
239 ### Resend confirmation email
242 * `email`: email of that needs to be verified
243 * Authentication: not required
244 * Response: 204 No Content
246 ## `/api/v1/pleroma/mascot`
247 ### Gets user mascot image
249 * Authentication: required
251 * Response: JSON. Returns a mastodon media attachment entity.
256 "url": "https://pleroma.example.org/media/abcdefg.png",
259 "mime_type": "image/png"
264 ### Updates user mascot image
266 * Authentication: required
268 * `file`: Multipart image
269 * Response: JSON. Returns a mastodon media attachment entity
270 when successful, otherwise returns HTTP 415 `{"error": "error_msg"}`
275 "url": "https://pleroma.example.org/media/abcdefg.png",
278 "mime_type": "image/png"
282 * Note: Behaves exactly the same as `POST /api/v1/upload`.
283 Can only accept images - any attempt to upload non-image files will be met with `HTTP 415 Unsupported Media Type`.
285 ## `/api/pleroma/notification_settings`
286 ### Updates user notification settings
288 * Authentication: required
290 * `block_from_strangers`: BOOLEAN field, blocks notifications from accounts you do not follow
291 * `hide_notification_contents`: BOOLEAN field. When set to true, it removes the contents of a message from the push notification.
292 * Response: JSON. Returns `{"status": "success"}` if the update was successful, otherwise returns `{"error": "error_msg"}`
294 ## `/api/pleroma/healthcheck`
295 ### Healthcheck endpoint with additional system data.
297 * Authentication: not required
299 * Response: JSON, statuses (200 - healthy, 503 unhealthy).
303 "pool_size": 0, # database connection pool
304 "active": 0, # active processes
305 "idle": 0, # idle processes
306 "memory_used": 0.00, # Memory used
307 "healthy": true, # Instance state
308 "job_queue_stats": {} # Job queue stats
312 ## `/api/pleroma/change_email`
313 ### Change account email
315 * Authentication: required
317 * `password`: user's password
319 * Response: JSON. Returns `{"status": "success"}` if the change was successful, `{"error": "[error message]"}` otherwise
320 * Note: Currently, Mastodon has no API for changing email. If they add it in future it might be incompatible with Pleroma.
322 # Pleroma Conversations
324 Pleroma Conversations have the same general structure that Mastodon Conversations have. The behavior differs in the following ways when using these endpoints:
326 1. Pleroma Conversations never add or remove recipients, unless explicitly changed by the user.
327 2. Pleroma Conversations statuses can be requested by Conversation id.
328 3. Pleroma Conversations can be replied to.
330 Conversations have the additional field `recipients` under the `pleroma` key. This holds a list of all the accounts that will receive a message in this conversation.
332 The status posting endpoint takes an additional parameter, `in_reply_to_conversation_id`, which, when set, will set the visiblity to direct and address only the people who are the recipients of that Conversation.
334 âš Conversation IDs can be found in direct messages with the `pleroma.direct_conversation_id` key, do not confuse it with `pleroma.conversation_id`.
336 ## `GET /api/v1/pleroma/conversations/:id/statuses`
337 ### Timeline for a given conversation
339 * Authentication: required
340 * Params: Like other timelines
341 * Response: JSON, statuses (200 - healthy, 503 unhealthy).
343 ## `GET /api/v1/pleroma/conversations/:id`
344 ### The conversation with the given ID.
346 * Authentication: required
348 * Response: JSON, statuses (200 - healthy, 503 unhealthy).
350 ## `PATCH /api/v1/pleroma/conversations/:id`
351 ### Update a conversation. Used to change the set of recipients.
353 * Authentication: required
355 * `recipients`: A list of ids of users that should receive posts to this conversation. This will replace the current list of recipients, so submit the full list. The owner of owner of the conversation will always be part of the set of recipients, though.
356 * Response: JSON, statuses (200 - healthy, 503 unhealthy)
358 ## `POST /api/v1/pleroma/conversations/read`
359 ### Marks all user's conversations as read.
361 * Authentication: required
363 * Response: JSON, returns a list of Mastodon Conversation entities that were marked as read (200 - healthy, 503 unhealthy).
365 ## `GET /api/pleroma/emoji/packs/import`
366 ### Imports packs from filesystem
368 * Authentication: required
370 * Response: JSON, returns a list of imported packs.
372 ## `GET /api/pleroma/emoji/packs/remote`
373 ### Make request to another instance for packs list
375 * Authentication: required
377 * `url`: url of the instance to get packs from
378 * Response: JSON with the pack list, hashmap with pack name and pack contents
380 ## `POST /api/pleroma/emoji/packs/download`
381 ### Download pack from another instance
383 * Authentication: required
385 * `url`: url of the instance to download from
386 * `name`: pack to download from that instance
387 * `as`: (*optional*) name how to save pack
388 * Response: JSON, "ok" with 200 status if the pack was downloaded, or 500 if there were
389 errors downloading the pack
391 ## `POST /api/pleroma/emoji/packs/:name`
392 ### Creates an empty pack
394 * Authentication: required
396 * Response: JSON, "ok" and 200 status or 409 if the pack with that name already exists
398 ## `PATCH /api/pleroma/emoji/packs/:name`
399 ### Updates (replaces) pack metadata
401 * Authentication: required
403 * `metadata`: metadata to replace the old one
404 * `license`: Pack license
405 * `homepage`: Pack home page url
406 * `description`: Pack description
407 * `fallback-src`: Fallback url to download pack from
408 * `fallback-src-sha256`: SHA256 encoded for fallback pack archive
409 * `share-files`: is pack allowed for sharing (boolean)
410 * Response: JSON, updated "metadata" section of the pack and 200 status or 400 if there was a
411 problem with the new metadata (the error is specified in the "error" part of the response JSON)
413 ## `DELETE /api/pleroma/emoji/packs/:name`
414 ### Delete a custom emoji pack
416 * Authentication: required
418 * Response: JSON, "ok" and 200 status or 500 if there was an error deleting the pack
420 ## `POST /api/pleroma/emoji/packs/:name/files`
421 ### Add new file to the pack
423 * Authentication: required
425 * `file`: file needs to be uploaded with the multipart request or link to remote file.
426 * `shortcode`: (*optional*) shortcode for new emoji, must be unique for all emoji. If not sended, shortcode will be taken from original filename.
427 * `filename`: (*optional*) new emoji file name. If not specified will be taken from original filename.
428 * Response: JSON, list of files for updated pack (hashmap -> shortcode => filename) with status 200, either error status with error message.
430 ## `PATCH /api/pleroma/emoji/packs/:name/files`
431 ### Update emoji file from pack
433 * Authentication: required
435 * `shortcode`: emoji file shortcode
436 * `new_shortcode`: new emoji file shortcode
437 * `new_filename`: new filename for emoji file
438 * `force`: (*optional*) with true value to overwrite existing emoji with new shortcode
439 * Response: JSON, list with updated files for updated pack (hashmap -> shortcode => filename) with status 200, either error status with error message.
441 ## `DELETE /api/pleroma/emoji/packs/:name/files`
442 ### Delete emoji file from pack
444 * Authentication: required
446 * `shortcode`: emoji file shortcode
447 * Response: JSON, list with updated files for updated pack (hashmap -> shortcode => filename) with status 200, either error status with error message.
449 ## `GET /api/pleroma/emoji/packs`
451 ### Lists local custom emoji packs
454 * Authentication: not required
456 * `page`: page number for packs (default 1)
457 * `page_size`: page size for packs (default 50)
458 * Response: `packs` key with JSON hashmap of pack name to pack contents and `count` key for count of packs.
463 "pack_name": {...}, // pack contents
466 "count": 0 // packs count
470 ## `GET /api/pleroma/emoji/packs/:name`
472 ### Get pack.json for the pack
475 * Authentication: not required
477 * `page`: page number for files (default 1)
478 * `page_size`: page size for files (default 30)
479 * Response: JSON, pack json with `files`, `files_count` and `pack` keys with 200 status or 404 if the pack does not exist.
484 "files_count": 0, // emoji count in pack
489 ## `GET /api/pleroma/emoji/packs/:name/archive`
490 ### Requests a local pack archive from the instance
492 * Authentication: not required
494 * Response: the archive of the pack with a 200 status code, 403 if the pack is not set as shared,
495 404 if the pack does not exist
497 ## `GET /api/v1/pleroma/accounts/:id/scrobbles`
498 ### Requests a list of current and recent Listen activities for an account
500 * Authentication: not required
502 * Response: An array of media metadata entities.
509 "title": "Some Title",
510 "artist": "Some Artist",
511 "album": "Some Album",
513 "created_at": "2019-09-28T12:40:45.000Z"
518 ## `POST /api/v1/pleroma/scrobble`
519 ### Creates a new Listen activity for an account
521 * Authentication: required
523 * `title`: the title of the media playing
524 * `album`: the album of the media playing [optional]
525 * `artist`: the artist of the media playing [optional]
526 * `length`: the length of the media playing [optional]
527 * Response: the newly created media metadata entity representing the Listen activity
531 Emoji reactions work a lot like favourites do. They make it possible to react to a post with a single emoji character. To detect the presence of this feature, you can check `pleroma_emoji_reactions` entry in the features list of nodeinfo.
533 ## `PUT /api/v1/pleroma/statuses/:id/reactions/:emoji`
534 ### React to a post with a unicode emoji
536 * Authentication: required
537 * Params: `emoji`: A single character unicode emoji
538 * Response: JSON, the status.
540 ## `DELETE /api/v1/pleroma/statuses/:id/reactions/:emoji`
541 ### Remove a reaction to a post with a unicode emoji
543 * Authentication: required
544 * Params: `emoji`: A single character unicode emoji
545 * Response: JSON, the status.
547 ## `GET /api/v1/pleroma/statuses/:id/reactions`
548 ### Get an object of emoji to account mappings with accounts that reacted to the post
550 * Authentication: optional
552 * Response: JSON, a list of emoji/account list tuples, sorted by emoji insertion date, in ascending order, e.g, the first emoji in the list is the oldest.
556 {"name": "😀", "count": 2, "me": true, "accounts": [{"id" => "xyz.."...}, {"id" => "zyx..."}]},
557 {"name": "☕", "count": 1, "me": false, "accounts": [{"id" => "abc..."}]}
561 ## `GET /api/v1/pleroma/statuses/:id/reactions/:emoji`
562 ### Get an object of emoji to account mappings with accounts that reacted to the post for a specific emoji
564 * Authentication: optional
566 * Response: JSON, a list of emoji/account list tuples
570 {"name": "😀", "count": 2, "me": true, "accounts": [{"id" => "xyz.."...}, {"id" => "zyx..."}]}
576 Set and delete ActivityPub aliases for follower move.
578 ## `POST /api/v1/pleroma/accounts/ap_aliases`
579 ### Add account aliases
581 * Authentication: required
583 * `aliases`: array of ActivityPub IDs to add
584 * Response: JSON, the user's account
586 ## `DELETE /api/v1/pleroma/accounts/ap_aliases`
587 ### Delete account aliases
589 * Authentication: required
591 * `aliases`: array of ActivityPub IDs to delete
592 * Response: JSON, the user's account