Merge branch '2074-streaming-api-oauth-scopes-validation' into 'develop'
[akkoma] / docs / API / pleroma_api.md
1 # Pleroma API
2
3 Requests that require it can be authenticated with [an OAuth token](https://tools.ietf.org/html/rfc6749), the `_pleroma_key` cookie, or [HTTP Basic Authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization).
4
5 Request parameters can be passed via [query strings](https://en.wikipedia.org/wiki/Query_string) or as [form data](https://www.w3.org/TR/html401/interact/forms.html). Files must be uploaded as `multipart/form-data`.
6
7 ## `/api/pleroma/emoji`
8 ### Lists the custom emoji on that server.
9 * Method: `GET`
10 * Authentication: not required
11 * Params: none
12 * Response: JSON
13 * Example response:
14 ```json
15 {
16 "girlpower": {
17 "tags": [
18 "Finmoji"
19 ],
20 "image_url": "/finmoji/128px/girlpower-128.png"
21 },
22 "education": {
23 "tags": [
24 "Finmoji"
25 ],
26 "image_url": "/finmoji/128px/education-128.png"
27 },
28 "finnishlove": {
29 "tags": [
30 "Finmoji"
31 ],
32 "image_url": "/finmoji/128px/finnishlove-128.png"
33 }
34 }
35 ```
36 * Note: Same data as Mastodon API’s `/api/v1/custom_emojis` but in a different format
37
38 ## `/api/pleroma/follow_import`
39 ### Imports your follows, for example from a Mastodon CSV file.
40 * Method: `POST`
41 * Authentication: required
42 * Params:
43 * `list`: STRING or FILE containing a whitespace-separated list of accounts to follow
44 * Response: HTTP 200 on success, 500 on error
45 * Note: Users that can't be followed are silently skipped.
46
47 ## `/api/pleroma/blocks_import`
48 ### Imports your blocks.
49 * Method: `POST`
50 * Authentication: required
51 * Params:
52 * `list`: STRING or FILE containing a whitespace-separated list of accounts to block
53 * Response: HTTP 200 on success, 500 on error
54
55 ## `/api/pleroma/mutes_import`
56 ### Imports your mutes.
57 * Method: `POST`
58 * Authentication: required
59 * Params:
60 * `list`: STRING or FILE containing a whitespace-separated list of accounts to mute
61 * Response: HTTP 200 on success, 500 on error
62
63 ## `/api/pleroma/captcha`
64 ### Get a new captcha
65 * Method: `GET`
66 * Authentication: not required
67 * Params: none
68 * Response: Provider specific JSON, the only guaranteed parameter is `type`
69 * Example response: `{"type": "kocaptcha", "token": "whatever", "url": "https://captcha.kotobank.ch/endpoint", "seconds_valid": 300}`
70
71 ## `/api/pleroma/delete_account`
72 ### Delete an account
73 * Method `POST`
74 * Authentication: required
75 * Params:
76 * `password`: user's password
77 * Response: JSON. Returns `{"status": "success"}` if the deletion was successful, `{"error": "[error message]"}` otherwise
78 * Example response: `{"error": "Invalid password."}`
79
80 ## `/api/pleroma/disable_account`
81 ### Disable an account
82 * Method `POST`
83 * Authentication: required
84 * Params:
85 * `password`: user's password
86 * Response: JSON. Returns `{"status": "success"}` if the account was successfully disabled, `{"error": "[error message]"}` otherwise
87 * Example response: `{"error": "Invalid password."}`
88
89 ## `/api/pleroma/accounts/mfa`
90 #### Gets current MFA settings
91 * method: `GET`
92 * Authentication: required
93 * OAuth scope: `read:security`
94 * Response: JSON. Returns `{"enabled": "false", "totp": false }`
95
96 ## `/api/pleroma/accounts/mfa/setup/totp`
97 #### Pre-setup the MFA/TOTP method
98 * method: `GET`
99 * Authentication: required
100 * OAuth scope: `write:security`
101 * Response: JSON. Returns `{"key": [secret_key], "provisioning_uri": "[qr code uri]" }` when successful, otherwise returns HTTP 422 `{"error": "error_msg"}`
102
103 ## `/api/pleroma/accounts/mfa/confirm/totp`
104 #### Confirms & enables MFA/TOTP support for user account.
105 * method: `POST`
106 * Authentication: required
107 * OAuth scope: `write:security`
108 * Params:
109 * `password`: user's password
110 * `code`: token from TOTP App
111 * Response: JSON. Returns `{}` if the enable was successful, HTTP 422 `{"error": "[error message]"}` otherwise
112
113
114 ## `/api/pleroma/accounts/mfa/totp`
115 #### Disables MFA/TOTP method for user account.
116 * method: `DELETE`
117 * Authentication: required
118 * OAuth scope: `write:security`
119 * Params:
120 * `password`: user's password
121 * Response: JSON. Returns `{}` if the disable was successful, HTTP 422 `{"error": "[error message]"}` otherwise
122 * Example response: `{"error": "Invalid password."}`
123
124 ## `/api/pleroma/accounts/mfa/backup_codes`
125 #### Generstes backup codes MFA for user account.
126 * method: `GET`
127 * Authentication: required
128 * OAuth scope: `write:security`
129 * Response: JSON. Returns `{"codes": codes}`when successful, otherwise HTTP 422 `{"error": "[error message]"}`
130
131 ## `/api/pleroma/admin/`
132 See [Admin-API](admin_api.md)
133
134 ## `/api/v1/pleroma/notifications/read`
135 ### Mark notifications as read
136 * Method `POST`
137 * Authentication: required
138 * Params (mutually exclusive):
139 * `id`: a single notification id to read
140 * `max_id`: read all notifications up to this id
141 * Response: Notification entity/Array of Notification entities that were read. In case of `max_id`, only the first 80 read notifications will be returned.
142
143 ## `/api/v1/pleroma/accounts/:id/subscribe`
144 ### Subscribe to receive notifications for all statuses posted by a user
145 * Method `POST`
146 * Authentication: required
147 * Params:
148 * `id`: account id to subscribe to
149 * Response: JSON, returns a mastodon relationship object on success, otherwise returns `{"error": "error_msg"}`
150 * Example response:
151 ```json
152 {
153 "id": "abcdefg",
154 "following": true,
155 "followed_by": false,
156 "blocking": false,
157 "muting": false,
158 "muting_notifications": false,
159 "subscribing": true,
160 "requested": false,
161 "domain_blocking": false,
162 "showing_reblogs": true,
163 "endorsed": false
164 }
165 ```
166
167 ## `/api/v1/pleroma/accounts/:id/unsubscribe`
168 ### Unsubscribe to stop receiving notifications from user statuses
169 * Method `POST`
170 * Authentication: required
171 * Params:
172 * `id`: account id to unsubscribe from
173 * Response: JSON, returns a mastodon relationship object on success, otherwise returns `{"error": "error_msg"}`
174 * Example response:
175 ```json
176 {
177 "id": "abcdefg",
178 "following": true,
179 "followed_by": false,
180 "blocking": false,
181 "muting": false,
182 "muting_notifications": false,
183 "subscribing": false,
184 "requested": false,
185 "domain_blocking": false,
186 "showing_reblogs": true,
187 "endorsed": false
188 }
189 ```
190
191 ## `/api/v1/pleroma/accounts/:id/favourites`
192 ### Returns favorites timeline of any user
193 * Method `GET`
194 * Authentication: not required
195 * Params:
196 * `id`: the id of the account for whom to return results
197 * `limit`: optional, the number of records to retrieve
198 * `since_id`: optional, returns results that are more recent than the specified id
199 * `max_id`: optional, returns results that are older than the specified id
200 * Response: JSON, returns a list of Mastodon Status entities on success, otherwise returns `{"error": "error_msg"}`
201 * Example response:
202 ```json
203 [
204 {
205 "account": {
206 "id": "9hptFmUF3ztxYh3Svg",
207 "url": "https://pleroma.example.org/users/nick2",
208 "username": "nick2",
209 ...
210 },
211 "application": {"name": "Web", "website": null},
212 "bookmarked": false,
213 "card": null,
214 "content": "This is :moominmamma: note 0",
215 "created_at": "2019-04-15T15:42:15.000Z",
216 "emojis": [],
217 "favourited": false,
218 "favourites_count": 1,
219 "id": "9hptFmVJ02khbzYJaS",
220 "in_reply_to_account_id": null,
221 "in_reply_to_id": null,
222 "language": null,
223 "media_attachments": [],
224 "mentions": [],
225 "muted": false,
226 "pinned": false,
227 "pleroma": {
228 "content": {"text/plain": "This is :moominmamma: note 0"},
229 "conversation_id": 13679,
230 "local": true,
231 "spoiler_text": {"text/plain": "2hu"}
232 },
233 "reblog": null,
234 "reblogged": false,
235 "reblogs_count": 0,
236 "replies_count": 0,
237 "sensitive": false,
238 "spoiler_text": "2hu",
239 "tags": [{"name": "2hu", "url": "/tag/2hu"}],
240 "uri": "https://pleroma.example.org/objects/198ed2a1-7912-4482-b559-244a0369e984",
241 "url": "https://pleroma.example.org/notice/9hptFmVJ02khbzYJaS",
242 "visibility": "public"
243 }
244 ]
245 ```
246
247 ## `/api/v1/pleroma/accounts/update_*`
248 ### Set and clear account avatar, banner, and background
249
250 - PATCH `/api/v1/pleroma/accounts/update_avatar`: Set/clear user avatar image
251 - PATCH `/api/v1/pleroma/accounts/update_banner`: Set/clear user banner image
252 - PATCH `/api/v1/pleroma/accounts/update_background`: Set/clear user background image
253
254 ## `/api/v1/pleroma/accounts/confirmation_resend`
255 ### Resend confirmation email
256 * Method `POST`
257 * Params:
258 * `email`: email of that needs to be verified
259 * Authentication: not required
260 * Response: 204 No Content
261
262 ## `/api/v1/pleroma/mascot`
263 ### Gets user mascot image
264 * Method `GET`
265 * Authentication: required
266
267 * Response: JSON. Returns a mastodon media attachment entity.
268 * Example response:
269 ```json
270 {
271 "id": "abcdefg",
272 "url": "https://pleroma.example.org/media/abcdefg.png",
273 "type": "image",
274 "pleroma": {
275 "mime_type": "image/png"
276 }
277 }
278 ```
279
280 ### Updates user mascot image
281 * Method `PUT`
282 * Authentication: required
283 * Params:
284 * `file`: Multipart image
285 * Response: JSON. Returns a mastodon media attachment entity
286 when successful, otherwise returns HTTP 415 `{"error": "error_msg"}`
287 * Example response:
288 ```json
289 {
290 "id": "abcdefg",
291 "url": "https://pleroma.example.org/media/abcdefg.png",
292 "type": "image",
293 "pleroma": {
294 "mime_type": "image/png"
295 }
296 }
297 ```
298 * Note: Behaves exactly the same as `POST /api/v1/upload`.
299 Can only accept images - any attempt to upload non-image files will be met with `HTTP 415 Unsupported Media Type`.
300
301 ## `/api/pleroma/notification_settings`
302 ### Updates user notification settings
303 * Method `PUT`
304 * Authentication: required
305 * Params:
306 * `block_from_strangers`: BOOLEAN field, blocks notifications from accounts you do not follow
307 * `hide_notification_contents`: BOOLEAN field. When set to true, it removes the contents of a message from the push notification.
308 * Response: JSON. Returns `{"status": "success"}` if the update was successful, otherwise returns `{"error": "error_msg"}`
309
310 ## `/api/pleroma/healthcheck`
311 ### Healthcheck endpoint with additional system data.
312 * Method `GET`
313 * Authentication: not required
314 * Params: none
315 * Response: JSON, statuses (200 - healthy, 503 unhealthy).
316 * Example response:
317 ```json
318 {
319 "pool_size": 0, # database connection pool
320 "active": 0, # active processes
321 "idle": 0, # idle processes
322 "memory_used": 0.00, # Memory used
323 "healthy": true, # Instance state
324 "job_queue_stats": {} # Job queue stats
325 }
326 ```
327
328 ## `/api/pleroma/change_email`
329 ### Change account email
330 * Method `POST`
331 * Authentication: required
332 * Params:
333 * `password`: user's password
334 * `email`: new email
335 * Response: JSON. Returns `{"status": "success"}` if the change was successful, `{"error": "[error message]"}` otherwise
336 * Note: Currently, Mastodon has no API for changing email. If they add it in future it might be incompatible with Pleroma.
337
338 # Pleroma Conversations
339
340 Pleroma Conversations have the same general structure that Mastodon Conversations have. The behavior differs in the following ways when using these endpoints:
341
342 1. Pleroma Conversations never add or remove recipients, unless explicitly changed by the user.
343 2. Pleroma Conversations statuses can be requested by Conversation id.
344 3. Pleroma Conversations can be replied to.
345
346 Conversations have the additional field `recipients` under the `pleroma` key. This holds a list of all the accounts that will receive a message in this conversation.
347
348 The status posting endpoint takes an additional parameter, `in_reply_to_conversation_id`, which, when set, will set the visiblity to direct and address only the people who are the recipients of that Conversation.
349
350 âš  Conversation IDs can be found in direct messages with the `pleroma.direct_conversation_id` key, do not confuse it with `pleroma.conversation_id`.
351
352 ## `GET /api/v1/pleroma/conversations/:id/statuses`
353 ### Timeline for a given conversation
354 * Method `GET`
355 * Authentication: required
356 * Params: Like other timelines
357 * Response: JSON, statuses (200 - healthy, 503 unhealthy).
358
359 ## `GET /api/v1/pleroma/conversations/:id`
360 ### The conversation with the given ID.
361 * Method `GET`
362 * Authentication: required
363 * Params: None
364 * Response: JSON, statuses (200 - healthy, 503 unhealthy).
365
366 ## `PATCH /api/v1/pleroma/conversations/:id`
367 ### Update a conversation. Used to change the set of recipients.
368 * Method `PATCH`
369 * Authentication: required
370 * Params:
371 * `recipients`: A list of ids of users that should receive posts to this conversation. This will replace the current list of recipients, so submit the full list. The owner of owner of the conversation will always be part of the set of recipients, though.
372 * Response: JSON, statuses (200 - healthy, 503 unhealthy)
373
374 ## `POST /api/v1/pleroma/conversations/read`
375 ### Marks all user's conversations as read.
376 * Method `POST`
377 * Authentication: required
378 * Params: None
379 * Response: JSON, returns a list of Mastodon Conversation entities that were marked as read (200 - healthy, 503 unhealthy).
380
381 ## `GET /api/pleroma/emoji/packs/import`
382 ### Imports packs from filesystem
383 * Method `GET`
384 * Authentication: required
385 * Params: None
386 * Response: JSON, returns a list of imported packs.
387
388 ## `GET /api/pleroma/emoji/packs/remote`
389 ### Make request to another instance for packs list
390 * Method `GET`
391 * Authentication: required
392 * Params:
393 * `url`: url of the instance to get packs from
394 * Response: JSON with the pack list, hashmap with pack name and pack contents
395
396 ## `POST /api/pleroma/emoji/packs/download`
397 ### Download pack from another instance
398 * Method `POST`
399 * Authentication: required
400 * Params:
401 * `url`: url of the instance to download from
402 * `name`: pack to download from that instance
403 * `as`: (*optional*) name how to save pack
404 * Response: JSON, "ok" with 200 status if the pack was downloaded, or 500 if there were
405 errors downloading the pack
406
407 ## `POST /api/pleroma/emoji/packs/:name`
408 ### Creates an empty pack
409 * Method `POST`
410 * Authentication: required
411 * Params: None
412 * Response: JSON, "ok" and 200 status or 409 if the pack with that name already exists
413
414 ## `PATCH /api/pleroma/emoji/packs/:name`
415 ### Updates (replaces) pack metadata
416 * Method `PATCH`
417 * Authentication: required
418 * Params:
419 * `metadata`: metadata to replace the old one
420 * `license`: Pack license
421 * `homepage`: Pack home page url
422 * `description`: Pack description
423 * `fallback-src`: Fallback url to download pack from
424 * `fallback-src-sha256`: SHA256 encoded for fallback pack archive
425 * `share-files`: is pack allowed for sharing (boolean)
426 * Response: JSON, updated "metadata" section of the pack and 200 status or 400 if there was a
427 problem with the new metadata (the error is specified in the "error" part of the response JSON)
428
429 ## `DELETE /api/pleroma/emoji/packs/:name`
430 ### Delete a custom emoji pack
431 * Method `DELETE`
432 * Authentication: required
433 * Params: None
434 * Response: JSON, "ok" and 200 status or 500 if there was an error deleting the pack
435
436 ## `POST /api/pleroma/emoji/packs/:name/files`
437 ### Add new file to the pack
438 * Method `POST`
439 * Authentication: required
440 * Params:
441 * `file`: file needs to be uploaded with the multipart request or link to remote file.
442 * `shortcode`: (*optional*) shortcode for new emoji, must be unique for all emoji. If not sended, shortcode will be taken from original filename.
443 * `filename`: (*optional*) new emoji file name. If not specified will be taken from original filename.
444 * Response: JSON, list of files for updated pack (hashmap -> shortcode => filename) with status 200, either error status with error message.
445
446 ## `PATCH /api/pleroma/emoji/packs/:name/files`
447 ### Update emoji file from pack
448 * Method `PATCH`
449 * Authentication: required
450 * Params:
451 * `shortcode`: emoji file shortcode
452 * `new_shortcode`: new emoji file shortcode
453 * `new_filename`: new filename for emoji file
454 * `force`: (*optional*) with true value to overwrite existing emoji with new shortcode
455 * Response: JSON, list with updated files for updated pack (hashmap -> shortcode => filename) with status 200, either error status with error message.
456
457 ## `DELETE /api/pleroma/emoji/packs/:name/files`
458 ### Delete emoji file from pack
459 * Method `DELETE`
460 * Authentication: required
461 * Params:
462 * `shortcode`: emoji file shortcode
463 * Response: JSON, list with updated files for updated pack (hashmap -> shortcode => filename) with status 200, either error status with error message.
464
465 ## `GET /api/pleroma/emoji/packs`
466
467 ### Lists local custom emoji packs
468
469 * Method `GET`
470 * Authentication: not required
471 * Params:
472 * `page`: page number for packs (default 1)
473 * `page_size`: page size for packs (default 50)
474 * Response: `packs` key with JSON hashmap of pack name to pack contents and `count` key for count of packs.
475
476 ```json
477 {
478 "packs": {
479 "pack_name": {...}, // pack contents
480 ...
481 },
482 "count": 0 // packs count
483 }
484 ```
485
486 ## `GET /api/pleroma/emoji/packs/:name`
487
488 ### Get pack.json for the pack
489
490 * Method `GET`
491 * Authentication: not required
492 * Params:
493 * `page`: page number for files (default 1)
494 * `page_size`: page size for files (default 30)
495 * Response: JSON, pack json with `files`, `files_count` and `pack` keys with 200 status or 404 if the pack does not exist.
496
497 ```json
498 {
499 "files": {...},
500 "files_count": 0, // emoji count in pack
501 "pack": {...}
502 }
503 ```
504
505 ## `GET /api/pleroma/emoji/packs/:name/archive`
506 ### Requests a local pack archive from the instance
507 * Method `GET`
508 * Authentication: not required
509 * Params: None
510 * Response: the archive of the pack with a 200 status code, 403 if the pack is not set as shared,
511 404 if the pack does not exist
512
513 ## `GET /api/v1/pleroma/accounts/:id/scrobbles`
514 ### Requests a list of current and recent Listen activities for an account
515 * Method `GET`
516 * Authentication: not required
517 * Params: None
518 * Response: An array of media metadata entities.
519 * Example response:
520 ```json
521 [
522 {
523 "account": {...},
524 "id": "1234",
525 "title": "Some Title",
526 "artist": "Some Artist",
527 "album": "Some Album",
528 "length": 180000,
529 "created_at": "2019-09-28T12:40:45.000Z"
530 }
531 ]
532 ```
533
534 ## `POST /api/v1/pleroma/scrobble`
535 ### Creates a new Listen activity for an account
536 * Method `POST`
537 * Authentication: required
538 * Params:
539 * `title`: the title of the media playing
540 * `album`: the album of the media playing [optional]
541 * `artist`: the artist of the media playing [optional]
542 * `length`: the length of the media playing [optional]
543 * Response: the newly created media metadata entity representing the Listen activity
544
545 # Emoji Reactions
546
547 Emoji reactions work a lot like favourites do. They make it possible to react to a post with a single emoji character. To detect the presence of this feature, you can check `pleroma_emoji_reactions` entry in the features list of nodeinfo.
548
549 ## `PUT /api/v1/pleroma/statuses/:id/reactions/:emoji`
550 ### React to a post with a unicode emoji
551 * Method: `PUT`
552 * Authentication: required
553 * Params: `emoji`: A single character unicode emoji
554 * Response: JSON, the status.
555
556 ## `DELETE /api/v1/pleroma/statuses/:id/reactions/:emoji`
557 ### Remove a reaction to a post with a unicode emoji
558 * Method: `DELETE`
559 * Authentication: required
560 * Params: `emoji`: A single character unicode emoji
561 * Response: JSON, the status.
562
563 ## `GET /api/v1/pleroma/statuses/:id/reactions`
564 ### Get an object of emoji to account mappings with accounts that reacted to the post
565 * Method: `GET`
566 * Authentication: optional
567 * Params: None
568 * Response: JSON, a list of emoji/account list tuples, sorted by emoji insertion date, in ascending order, e.g, the first emoji in the list is the oldest.
569 * Example Response:
570 ```json
571 [
572 {"name": "😀", "count": 2, "me": true, "accounts": [{"id" => "xyz.."...}, {"id" => "zyx..."}]},
573 {"name": "☕", "count": 1, "me": false, "accounts": [{"id" => "abc..."}]}
574 ]
575 ```
576
577 ## `GET /api/v1/pleroma/statuses/:id/reactions/:emoji`
578 ### Get an object of emoji to account mappings with accounts that reacted to the post for a specific emoji
579 * Method: `GET`
580 * Authentication: optional
581 * Params: None
582 * Response: JSON, a list of emoji/account list tuples
583 * Example Response:
584 ```json
585 [
586 {"name": "😀", "count": 2, "me": true, "accounts": [{"id" => "xyz.."...}, {"id" => "zyx..."}]}
587 ]
588 ```