🎮 Interactive API Playground

Test all Flowless authentication endpoints with a fully interactive playground. Try requests directly from your browser!

📖 Live API Testing

All endpoints are interactive with real-time request/response testing. Change parameters, headers, and body content to see how the API responds.

� Quick Start

1. Select an endpoint from the list below
2. Fill in the required parameters
3. Click "Try it out" to send the request
4. View the response in real-time

---

v1.0.0

Flowless Authentication API

Download OpenAPI Document

JSON

Download OpenAPI Document

YAML

Complete authentication backend for modern applications. Flowless provides managed authentication with session management, social login, password reset, and more.

Contact

Pubflow Support/support@pubflow.com

Servers

https://your-instance.pubflow.comYour Flowless Instance

http://localhost:8787Local Development

---

Authentication

Core authentication endpoints for login, registration, and logout

Operations

POST/auth/loginPOST/auth/logoutPOST/auth/register/public

---

Login User

POST

/auth/login

Authenticate a user with email/username and password. Email is automatically converted to lowercase. Depending on account state and 2FA, this endpoint may return: (1) full session, (2) pending 2FA partial session, or (3) EMAIL_NOT_VERIFIED when AUTH.verify_registration=true and the account is not verified.

Request Body

application/json

{

  

"email": "user@example.com",

  

"password": "SecurePass123!"

}

Responses

Login processed - returns full session or pending 2FA partial session

Content-Type

application/json

{

  

"success": true,

  

"user": {

  

  

"id": "usr_123abc",

  

  

"email": "user@example.com",

  

  

"name": "John",

  

  

"last_name": "Doe",

  

  

"user_name": "johndoe",

  

  

"user_type": "customer",

  

  

"is_verified": true,

  

  

"two_factor": false

  

},

  

"sessionId": "ses_xyz789abc123",

  

"expiresAt": "2025-12-15T10:00:00Z"

}

POST

/auth/login

Playground

Server

Body

Samples

---

Logout User

POST

/auth/logout

Logout and invalidate the current session

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Responses

Logout successful

Content-Type

application/json

{

  

"success": true,

  

"message": "Logged out successfully"

}

POST

/auth/logout

Playground

Server

Authorization

SessionAuth

Samples

---

Register Public User

POST

/auth/register/public

Register a new user account publicly. Requires X-Bridge-Secret header for security. Email and user_name must be unique. Behavior depends on AUTH.verify_registration: when true, no session is created at registration and the user must verify email first; when false, the response includes sessionId and expiresAt immediately.

Authorizations

BridgeSecret

Bridge secret for backend integration

Type

API Key (header: X-Bridge-Secret)

Request Body

application/json

{

  

"email": "john@example.com",

  

"password": "SecurePass123!",

  

"name": "John",

  

"last_name": "Doe"

}

Responses

Registration successful

Content-Type

application/json

{

  

"success": true,

  

"message": "Registration successful. Please check your email to verify your account.",

  

"data": {

  

  

"user": {

  

  

  

"id": "usr_123abc",

  

  

  

"email": "user@example.com",

  

  

  

"name": "John",

  

  

  

"last_name": "Doe",

  

  

  

"user_type": "customer",

  

  

  

"is_verified": false,

  

  

  

"requiresVerification": true

  

  

}

  

}

}

POST

/auth/register/public

Playground

Server

Authorization

BridgeSecret

Body

Samples

---

User Profile

User profile management and updates

Operations

GET/auth/meGET/auth/user/mePUT/auth/user/mePOST/auth/upload/pictureDELETE/auth/upload/picture

---

Get Current User (Legacy)

GET

/auth/me

Legacy current-user endpoint. Uses session cookie/X-Session-ID and supports pending 2FA sessions. Prefer /auth/user/me for login-compatible response shape.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Responses

User/session resolved (legacy shape)

Content-Type

application/json

{

  

"success": true,

  

"data": {

  

  

"user": {

  

  

  

"id": "2EnYhxCK5JkA4yd0_jGB1",

  

  

  

"email": "samuelorecio@gmail.com",

  

  

  

"name": "Samuel",

  

  

  

"last_name": "Recio",

  

  

  

"user_name": "SamuelRecio",

  

  

  

"user_type": "admin",

  

  

  

"picture": "https://cloud.notside.com/pubflow/Samuel-Recio-CEO.jpg",

  

  

  

"is_verified": true,

  

  

  

"two_factor": true,

  

  

  

"lang": "es",

  

  

  

"metadata": {

  

  

  

},

  

  

  

"tmz": null,

  

  

  

"dob": null,

  

  

  

"display_name": null,

  

  

  

"first_time": true,

  

  

  

"gender": null

  

  

}

  

}

}

GET

/auth/me

Playground

Server

Authorization

SessionAuth

Samples

---

Get Current User

GET

/auth/user/me

Get current authenticated user/session state. This endpoint is strict and requires BOTH X-Bridge-Secret and a valid session (cookie or X-Session-ID). Returns login-compatible full session shape, or pending 2FA shape when the session is partial.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

+

BridgeSecret

Bridge secret for backend integration

Type

API Key (header: X-Bridge-Secret)

Responses

Current session resolved (full session or pending 2FA)

Content-Type

application/json

{

  

"success": true,

  

"user": {

  

  

"id": "usr_8f3k2m1q9",

  

  

"email": "user@example.com",

  

  

"name": "User",

  

  

"last_name": "Example",

  

  

"user_name": "userexample",

  

  

"user_type": "admin",

  

  

"picture": "https://cdn.example.com/profiles/user-example.jpg",

  

  

"is_verified": true,

  

  

"two_factor": true,

  

  

"lang": "es",

  

  

"metadata": {

  

  

},

  

  

"tmz": null,

  

  

"dob": null,

  

  

"display_name": null,

  

  

"first_time": false,

  

  

"gender": null

  

},

  

"sessionId": "ses_live_abc123xyz890",

  

"expiresAt": "2026-05-06T18:49:00.930Z"

}

GET

/auth/user/me

Playground

Server

Authorization

SessionAuth

BridgeSecret

Samples

---

Update User Profile

PUT

/auth/user/me

Update the authenticated user's profile information. This is the recommended endpoint for updating user data. All fields are optional - only provided fields will be updated.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Request Body

application/json

{

  

"name": "John",

  

"last_name": "Doe",

  

"user_name": "johndoe",

  

"phone": "+1234567890",

  

"dob": "1990-01-01",

  

"gender": "string",

  

"reference_id": "string",

  

"recovery_email": "string",

  

"tmz": "America/New_York",

  

"metadata": {

  

  

"additionalProperties": "string"

  

}

}

Responses

Profile updated successfully

Content-Type

application/json

{

  

"success": true,

  

"data": {

  

  

"user": {

  

  

  

"id": "usr_abc123",

  

  

  

"email": "user@example.com",

  

  

  

"name": "John",

  

  

  

"last_name": "Doe",

  

  

  

"user_name": "johndoe",

  

  

  

"user_type": "customer",

  

  

  

"picture": "https://storage.pubflow.com/users/usr_abc123/picture.jpg",

  

  

  

"phone": "+1234567890",

  

  

  

"is_verified": true,

  

  

  

"two_factor": false,

  

  

  

"created_at": "2025-12-07T10:00:00Z",

  

  

  

"updated_at": "2025-12-07T10:00:00Z"

  

  

}

  

}

}

PUT

/auth/user/me

Playground

Server

Authorization

SessionAuth

Body

Samples

---

Upload Profile Picture

POST

/auth/upload/picture

Upload or update user profile picture. Automatically deletes previous picture if exists. Supports image optimization and cloud storage.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Request Body

multipart/form-data

object

Image file (JPEG, PNG, WebP supported)

Format"binary"

Responses

Picture uploaded successfully

Content-Type

application/json

{

  

"success": true,

  

"data": {

  

  

"picture_url": "https://cdn.example.com/users/usr_123/picture.jpg",

  

  

"file_size": 45678,

  

  

"original_size": 123456,

  

  

"compression_ratio": "63%",

  

  

"method": "cloud_config"

  

},

  

"message": "Picture uploaded successfully",

  

"timestamp": "string"

}

POST

/auth/upload/picture

Playground

Server

Authorization

SessionAuth

Body

Samples

---

Delete Profile Picture

DELETE

/auth/upload/picture

Delete user's profile picture from cloud storage and database.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Responses

Picture deleted successfully

Content-Type

application/json

{

  

"success": true,

  

"message": "Picture deleted successfully"

}

DELETE

/auth/upload/picture

Playground

Server

Authorization

SessionAuth

Samples

---

Password Management

Password reset and change operations

Operations

POST/auth/password-reset/requestPOST/auth/password-reset/completePOST/auth/password-reset/validatePOST/auth/password-change/self

---

Request Password Reset

POST

/auth/password-reset/request

Request a password reset email

Request Body

application/json

{

  

"email": "user@example.com"

}

Responses

Password reset email sent

Content-Type

application/json

{

  

"success": true,

  

"message": "If your email is registered, you will receive password reset instructions."

}

POST

/auth/password-reset/request

Playground

Server

Body

Samples

---

Complete Password Reset

POST

/auth/password-reset/complete

Reset password using token from email

Request Body

application/json

{

  

"token": "reset_token_abc123",

  

"password": "NewSecurePass123!"

}

Responses

Password reset successful

Content-Type

application/json

{

  

"success": true,

  

"message": "Password reset successfully"

}

POST

/auth/password-reset/complete

Playground

Server

Body

Samples

---

Validate Password Reset Token

POST

/auth/password-reset/validate

Validate a password reset token before allowing password change. This endpoint checks if the token is valid and not expired.

Request Body

application/json

{

  

"token": "reset_abc123def456"

}

Responses

Token validation result

Content-Type

application/json

{

  

"valid": true,

  

"message": "Token is valid"

}

POST

/auth/password-reset/validate

Playground

Server

Body

Samples

---

Change Password

POST

/auth/password-change/self

Change password for authenticated user. Requires current password for security. New password must be at least 8 characters.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Request Body

application/json

{

  

"current_password": "OldPass123!",

  

"new_password": "NewPass123!"

}

Responses

Password changed successfully

Content-Type

application/json

{

  

"success": true,

  

"message": "Password updated successfully"

}

POST

/auth/password-change/self

Playground

Server

Authorization

SessionAuth

Body

Samples

---

Sessions

Operations

GET/auth/validationPOST/auth/bridge/validateGET/auth/session/current

---

Validate Session

GET

/auth/validation

Validate the current session and return user information. Session can be provided via X-Session-ID header or session_id cookie. If session is pending 2FA, returns requires_2fa and available_methods.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Responses

Session is valid or pending 2FA

Content-Type

application/json

{

  

"success": true,

  

"user": {

  

  

"id": "usr_123abc",

  

  

"email": "user@example.com",

  

  

"name": "John",

  

  

"last_name": "Doe",

  

  

"user_name": "johndoe",

  

  

"user_type": "customer",

  

  

"is_verified": true,

  

  

"two_factor": true

  

},

  

"session": {

  

  

"two_factor_verified": 1

  

}

}

GET

/auth/validation

Playground

Server

Authorization

SessionAuth

Samples

---

Validate Session (Bridge)

POST

/auth/bridge/validate

Validate a session token for bridge integration. Requires X-Bridge-Secret header. Session ID can be provided in JSON body, query parameter, or X-Session-ID header.

Authorizations

BridgeSecret

Bridge secret for backend integration

Type

API Key (header: X-Bridge-Secret)

Parameters

Query Parameters

session_id

Session ID as query parameter (alternative to body)

Type

string

Request Body

application/json

{

  

"session_id": "ses_xyz789abc123"

}

Responses

Session is valid - Returns user and session information

Content-Type

application/json

{

  

"success": true,

  

"user": {

  

  

"id": "usr_123abc",

  

  

"email": "user@example.com",

  

  

"name": "John",

  

  

"last_name": "Doe",

  

  

"user_name": "johndoe",

  

  

"user_type": "customer",

  

  

"picture": "string",

  

  

"phone": "string",

  

  

"is_verified": true,

  

  

"two_factor": false

  

},

  

"session": {

  

  

"id": "ses_xyz789",

  

  

"userId": "usr_123abc",

  

  

"expiresAt": "string",

  

  

"ipAddress": "192.168.1.1",

  

  

"userAgent": "string",

  

  

"lastUsedAt": "string",

  

  

"two_factor_verified": 1

  

},

  

"expires_at": "string",

  

"cached": true,

  

"cacheSource": "ultra",

  

"timestamp": "string"

}

POST

/auth/bridge/validate

Playground

Server

Authorization

BridgeSecret

Variables

Key

Value

session_id

Body

Samples

---

Get Current Session

GET

/auth/session/current

Resolve the current session state from the HTTP-only session cookie. Used by the frontend after a social OAuth callback in cookie mode to determine whether the user has a full session or a pending 2FA session, without the session token ever appearing in the URL.

Typical usage: After a social login redirect with ?social_login=success and no session_id in the URL, the frontend calls this endpoint with credentials: 'include' to get the session state.

Responses

Session resolved successfully

Content-Type

application/json

{

  

"success": true,

  

"sessionId": "ses_xyz789abc123",

  

"requires_2fa": false,

  

"user": {

  

  

"id": "usr_123abc",

  

  

"email": "user@example.com",

  

  

"name": "John"

  

},

  

"expiresAt": "2026-04-13T12:00:00.000Z"

}

GET

/auth/session/current

Playground

Samples

---

Token Auth

Operations

POST/auth/token/loginGET/auth/token/validatePOST/auth/token/validateGET/auth/token/verify

---

Create Verification Token

POST

/auth/token/login

Create a verification token for email or phone authentication. Sends a verification code via email or SMS. Requires X-Bridge-Secret header.

Authorizations

BridgeSecret

Bridge secret for backend integration

Type

API Key (header: X-Bridge-Secret)

Request Body

application/json

{

  

"identifier": "user@example.com",

  

"type": "email",

  

"redirect_url": "https://example.com/dashboard"

}

Responses

Verification token created and sent successfully

Content-Type

application/json

{

  

"success": true,

  

"message": "Verification email sent successfully",

  

"token_id": "tok_abc123"

}

POST

/auth/token/login

Playground

Server

Authorization

BridgeSecret

Body

Samples

---

Validate Token (GET)

GET

/auth/token/validate

Validate a verification token via query parameter and create a session. Requires X-Bridge-Secret header.

Authorizations

BridgeSecret

Bridge secret for backend integration

Type

API Key (header: X-Bridge-Secret)

Parameters

Query Parameters

token*

Verification token

Type

string

Required

Example"tok_abc123def456"

Responses

Token validated successfully

GET

/auth/token/validate

Playground

Server

Authorization

BridgeSecret

Variables

Key

Value

token*

Samples

---

Validate Token (POST)

POST

/auth/token/validate

Validate a verification token and create a session. Token can be provided in JSON body or query parameter. Requires X-Bridge-Secret header.

Authorizations

BridgeSecret

Bridge secret for backend integration

Type

API Key (header: X-Bridge-Secret)

Parameters

Query Parameters

token

Token as query parameter (alternative to body)

Type

string

Request Body

application/json

{

  

"token": "tok_abc123def456"

}

Responses

Token validated successfully - Returns user and session

Content-Type

application/json

{

  

"success": true,

  

"message": "Token validated successfully",

  

"user": {

  

  

"id": "usr_123abc",

  

  

"email": "user@example.com",

  

  

"name": "John",

  

  

"lastName": "Doe",

  

  

"userName": "johndoe",

  

  

"userType": "customer",

  

  

"isVerified": true

  

},

  

"sessionId": "ses_xyz789",

  

"expiresAt": "string"

}

POST

/auth/token/validate

Playground

Server

Authorization

BridgeSecret

Variables

Key

Value

token

Body

Samples

---

Email Verification Link

GET

/auth/token/verify

Email verification endpoint for clicking verification links. No authentication required. Returns HTML page with verification status.

Parameters

Query Parameters

token*

Verification token from email link

Type

string

Required

redirect

Optional redirect URL after successful verification

Type

string

Responses

HTML page showing verification result

Content-Type

text/html

"<html><body><h1>Verification Successful</h1></body></html>"

GET

/auth/token/verify

Playground

Server

Variables

Key

Value

token*

redirect

Samples

---

Social Auth

OAuth social authentication (Google, GitHub, Facebook, etc.)

Operations

GET/auth/social/{provider}/loginGET/auth/social/{provider}/callbackPOST/auth/social/{provider}/login-apiGET/auth/social/providersGET/auth/social/accountsDELETE/auth/social/accounts/{provider}

---

Start OAuth Flow

GET

/auth/social/{provider}/login

⚠️ BETA FEATURE - Initiate OAuth authentication flow with a social provider (Google, GitHub, Facebook, Apple, Discord, Microsoft). Redirects to provider's login page.

Parameters

Path Parameters

provider*

Social authentication provider

Type

string

Required

Valid values

"google""github""facebook""apple""discord""microsoft"

Responses

Redirect to OAuth provider login page

GET

/auth/social/{provider}/login

Playground

Server

Variables

Key

Value

provider*

Samples

---

OAuth Callback Handler

GET

/auth/social/{provider}/callback

⚠️ BETA FEATURE - Handle OAuth callback from social provider. This endpoint is called automatically by the OAuth provider after user authentication.

Web redirect behavior:

• Full session (no 2FA): Redirects to {FRONTEND_URL}/login?social_login=success&provider={provider}. Session token is delivered via HTTP-only cookie — the frontend calls GET /auth/session/current to resolve it.
• 2FA required: Redirects to {FRONTEND_URL}/login?social_login=success&requires_2fa=true&session_id={partial_session_id}&provider={provider}. The partial session_id is always included in the URL for the 2FA case, even when callback_mode=cookie is configured. This is necessary because Safari ITP and privacy-focused browsers block cookies set during cross-origin OAuth redirect chains, making cookie-only delivery unreliable for the 2FA step. The partial session expires in 5 minutes and still requires a valid OTP code.

Parameters

Path Parameters

provider*

Type

string

Required

Valid values

"google""github""facebook""apple""discord""microsoft"

Query Parameters

code*

Authorization code from OAuth provider

Type

string

Required

format

Response format (json for API clients, omit for web redirect)

Type

string

Valid values

"json"

Responses

Authentication successful (API format)

Content-Type

application/json

{

  

"success": true,

  

"user": {

  

  

"id": "usr_abc123",

  

  

"email": "user@example.com",

  

  

"name": "John",

  

  

"last_name": "Doe",

  

  

"user_name": "johndoe",

  

  

"user_type": "customer",

  

  

"picture": "https://storage.pubflow.com/users/usr_abc123/picture.jpg",

  

  

"phone": "+1234567890",

  

  

"is_verified": true,

  

  

"two_factor": false,

  

  

"created_at": "2025-12-07T10:00:00Z",

  

  

"updated_at": "2025-12-07T10:00:00Z"

  

},

  

"sessionId": "ses_xyz789",

  

"expiresAt": "string",

  

"loginType": "social_auth",

  

"provider": "google"

}

GET

/auth/social/{provider}/callback

Playground

Server

Variables

Key

Value

provider*

code*

format

Samples

---

API-Based Social Login (Mobile)

POST

/auth/social/{provider}/login-api

⚠️ BETA FEATURE - Authenticate using social provider access token or ID token. Designed for mobile apps that handle OAuth flow client-side.

Parameters

Path Parameters

provider*

Type

string

Required

Valid values

"google""github""facebook""apple""discord""microsoft"

Request Body

application/json

{

  

"idToken": "eyJhbGciOiJSUzI1NiIs..."

}

Responses

Authentication successful

Content-Type

application/json

{

  

"success": true,

  

"user": {

  

  

"id": "usr_abc123",

  

  

"email": "user@example.com",

  

  

"name": "John",

  

  

"last_name": "Doe",

  

  

"user_name": "johndoe",

  

  

"user_type": "customer",

  

  

"picture": "https://storage.pubflow.com/users/usr_abc123/picture.jpg",

  

  

"phone": "+1234567890",

  

  

"is_verified": true,

  

  

"two_factor": false,

  

  

"created_at": "2025-12-07T10:00:00Z",

  

  

"updated_at": "2025-12-07T10:00:00Z"

  

},

  

"sessionId": "ses_xyz789",

  

"expiresAt": "string",

  

"loginType": "social_auth_api",

  

"provider": "google"

}

POST

/auth/social/{provider}/login-api

Playground

Server

Variables

Key

Value

provider*

Body

Samples

---

Get Available Providers

GET

/auth/social/providers

⚠️ BETA FEATURE - Get list of enabled social authentication providers and their configuration.

Responses

List of available providers

Content-Type

application/json

{

  

"success": true,

  

"data": {

  

  

"providers": [

  

  

  

{

  

  

  

  

"provider": "google",

  

  

  

  

"enabled": true,

  

  

  

  

"loginUrl": "/auth/social/google/login",

  

  

  

  

"apiLoginUrl": "/auth/social/google/login-api"

  

  

  

}

  

  

],

  

  

"allProviders": [

  

  

],

  

  

"globallyEnabled": true

  

}

}

GET

/auth/social/providers

Playground

Samples

---

Get Linked Social Accounts

GET

/auth/social/accounts

⚠️ BETA FEATURE - Get list of social accounts linked to the authenticated user.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Responses

List of linked social accounts

Content-Type

application/json

{

  

"success": true,

  

"data": {

  

  

"accounts": [

  

  

  

{

  

  

  

  

"provider": "google",

  

  

  

  

"provider_email": "user@gmail.com",

  

  

  

  

"provider_name": "John Doe",

  

  

  

  

"provider_picture": "string",

  

  

  

  

"linked_at": "string",

  

  

  

  

"last_updated": "string"

  

  

  

}

  

  

]

  

}

}

GET

/auth/social/accounts

Playground

Server

Authorization

SessionAuth

Samples

---

Unlink Social Account

DELETE

/auth/social/accounts/{provider}

⚠️ BETA FEATURE - Unlink a social account from the authenticated user.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Parameters

Path Parameters

provider*

Type

string

Required

Valid values

"google""github""facebook""apple""discord""microsoft"

Responses

Account unlinked successfully

Content-Type

application/json

{

  

"success": true,

  

"message": "google account unlinked successfully"

}

DELETE

/auth/social/accounts/{provider}

Playground

Server

Authorization

SessionAuth

Variables

Key

Value

provider*

Samples

---

Email Verification

Email verification and resend operations

Operations

POST/auth/resend-verification

---

Resend Verification Email

POST

/auth/resend-verification

Resend verification email to a registered user. Requires X-Bridge-Secret header. For security, always returns success even if email doesn't exist.

Authorizations

BridgeSecret

Bridge secret for backend integration

Type

API Key (header: X-Bridge-Secret)

Request Body

application/json

{

  

"email": "user@example.com"

}

Responses

Request processed successfully (doesn't reveal if email exists)

Content-Type

application/json

{

  

"success": true,

  

"message": "If your email is registered, you will receive a verification email.",

  

"verification_sent": true

}

POST

/auth/resend-verification

Playground

Server

Authorization

BridgeSecret

Body

Samples

---

Admin

Admin-only user management endpoints

Operations

GET/auth/admin/usersPOST/auth/admin/usersGET/auth/admin/users/{user_id}PUT/auth/admin/users/{user_id}POST/auth/password-change/admin

---

Search and List Users

GET

/auth/admin/users

Search and list users with pagination and filtering. Requires admin or superadmin role.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Parameters

Query Parameters

q

Search query (searches in email, name, username)

Type

string

userType

Filter by user type (can be any custom user type: customer, admin, superadmin, teacher, student, etc.)

Type

string

Example"customer"

page

Page number

Type

integer

Default

1

limit

Items per page

Type

integer

Default

20

sortBy

Sort field

Type

string

Default

"created_at"

sortOrder

Sort order

Type

string

Valid values

"asc""desc"

Default

"desc"

Responses

Users list retrieved successfully

Content-Type

application/json

{

  

"success": true,

  

"data": {

  

  

"users": [

  

  

  

{

  

  

  

  

"id": "usr_abc123",

  

  

  

  

"email": "user@example.com",

  

  

  

  

"name": "John",

  

  

  

  

"last_name": "Doe",

  

  

  

  

"user_name": "johndoe",

  

  

  

  

"user_type": "customer",

  

  

  

  

"picture": "https://storage.pubflow.com/users/usr_abc123/picture.jpg",

  

  

  

  

"phone": "+1234567890",

  

  

  

  

"is_verified": true,

  

  

  

  

"two_factor": false,

  

  

  

  

"created_at": "2025-12-07T10:00:00Z",

  

  

  

  

"updated_at": "2025-12-07T10:00:00Z"

  

  

  

}

  

  

],

  

  

"pagination": {

  

  

  

"page": 1,

  

  

  

"limit": 20,

  

  

  

"total": 150,

  

  

  

"pages": 8

  

  

}

  

}

}

GET

/auth/admin/users

Playground

Server

Authorization

SessionAuth

Variables

Key

Value

q

userType

page

limit

sortBy

sortOrder

Samples

---

Create New User

POST

/auth/admin/users

Create a new user account. Requires admin or superadmin role. Only superadmin can create superadmin users. Admin-created users are verified by default.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Request Body

application/json

{

  

"email": "newuser@example.com",

  

"password": "SecurePass123!",

  

"name": "John",

  

"last_name": "Doe",

  

"user_name": "johndoe",

  

"user_type": "customer",

  

"phone": "+1234567890",

  

"is_verified": true

}

Responses

User created successfully

Content-Type

application/json

{

  

"success": true,

  

"data": {

  

  

"user": {

  

  

  

"id": "usr_abc123",

  

  

  

"email": "user@example.com",

  

  

  

"name": "John",

  

  

  

"last_name": "Doe",

  

  

  

"user_name": "johndoe",

  

  

  

"user_type": "customer",

  

  

  

"picture": "https://storage.pubflow.com/users/usr_abc123/picture.jpg",

  

  

  

"phone": "+1234567890",

  

  

  

"is_verified": true,

  

  

  

"two_factor": false,

  

  

  

"created_at": "2025-12-07T10:00:00Z",

  

  

  

"updated_at": "2025-12-07T10:00:00Z"

  

  

}

  

}

}

POST

/auth/admin/users

Playground

Server

Authorization

SessionAuth

Body

Samples

---

Get User Details

GET

/auth/admin/users/{user_id}

Get detailed information about a specific user including their sessions. Requires admin or superadmin role.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Parameters

Path Parameters

user_id*

User ID

Type

string

Required

Example"usr_123abc"

Responses

User details retrieved successfully

Content-Type

application/json

{

  

"success": true,

  

"data": {

  

  

"user": {

  

  

  

"id": "usr_abc123",

  

  

  

"email": "user@example.com",

  

  

  

"name": "John",

  

  

  

"last_name": "Doe",

  

  

  

"user_name": "johndoe",

  

  

  

"user_type": "customer",

  

  

  

"picture": "https://storage.pubflow.com/users/usr_abc123/picture.jpg",

  

  

  

"phone": "+1234567890",

  

  

  

"is_verified": true,

  

  

  

"two_factor": false,

  

  

  

"created_at": "2025-12-07T10:00:00Z",

  

  

  

"updated_at": "2025-12-07T10:00:00Z"

  

  

},

  

  

"sessions": [

  

  

  

{

  

  

  

  

"id": "string",

  

  

  

  

"sessionPrefix": "string",

  

  

  

  

"ipAddress": "string",

  

  

  

  

"userAgent": "string",

  

  

  

  

"userDevice": "string",

  

  

  

  

"lastUsedAt": "string",

  

  

  

  

"createdAt": "string",

  

  

  

  

"expiresAt": "string",

  

  

  

  

"status": "string"

  

  

  

}

  

  

],

  

  

"sessionCount": 3

  

}

}

GET

/auth/admin/users/{user_id}

Playground

Server

Authorization

SessionAuth

Variables

Key

Value

user_id*

Samples

---

Update User

PUT

/auth/admin/users/{user_id}

Update user information. Requires admin or superadmin role. Non-superadmin cannot modify superadmin users. Only superadmin can change user types to/from superadmin.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Parameters

Path Parameters

user_id*

User ID

Type

string

Required

Request Body

application/json

{

  

"name": "John",

  

"last_name": "Doe",

  

"user_name": "johndoe",

  

"email": "user@example.com",

  

"phone": "+1234567890",

  

"user_type": "customer",

  

"is_verified": true,

  

"two_factor": false

}

Responses

User updated successfully

Content-Type

application/json

{

  

"success": true,

  

"data": {

  

  

"user": {

  

  

  

"id": "usr_abc123",

  

  

  

"email": "user@example.com",

  

  

  

"name": "John",

  

  

  

"last_name": "Doe",

  

  

  

"user_name": "johndoe",

  

  

  

"user_type": "customer",

  

  

  

"picture": "https://storage.pubflow.com/users/usr_abc123/picture.jpg",

  

  

  

"phone": "+1234567890",

  

  

  

"is_verified": true,

  

  

  

"two_factor": false,

  

  

  

"created_at": "2025-12-07T10:00:00Z",

  

  

  

"updated_at": "2025-12-07T10:00:00Z"

  

  

}

  

}

}

PUT

/auth/admin/users/{user_id}

Playground

Server

Authorization

SessionAuth

Variables

Key

Value

user_id*

Body

Samples

---

Change User Password (Admin)

POST

/auth/password-change/admin

Change password for any user. Requires admin or superadmin role. Non-superadmin cannot change superadmin passwords. Invalidates all active sessions for the target user.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Request Body

application/json

{

  

"user_id": "usr_123abc",

  

"new_password": "NewSecurePass123!"

}

Responses

Password changed successfully

Content-Type

application/json

{

  

"success": true,

  

"message": "Password updated successfully. User will need to log in again."

}

POST

/auth/password-change/admin

Playground

Server

Authorization

SessionAuth

Body

Samples

---

2FA

Operations

GET/auth/two_factor/systemGET/auth/two_factor/methodsPOST/auth/two_factor/email/setupPOST/auth/two_factor/sms/setupPOST/auth/two_factor/{method}/startPOST/auth/two_factor/verifyDELETE/auth/two_factor/{id}POST/auth/two_factor/toggle

---

2FA System Status

GET

/auth/two_factor/system

Returns global two-factor toggle and available methods from environment config.

Responses

2FA system status

Content-Type

application/json

{

  

"success": true,

  

"global_two_factor_enabled": true,

  

"available_methods": [

  

  

"string"

  

]

}

GET

/auth/two_factor/system

Playground

Samples

---

List User 2FA Methods

GET

/auth/two_factor/methods

Returns active 2FA methods configured for current user.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Responses

User methods

Content-Type

application/json

{

  

"success": true,

  

"methods": [

  

  

{

  

  

  

"id": "string",

  

  

  

"method": "string",

  

  

  

"status": "string",

  

  

  

"last_used_at": "string",

  

  

  

"metadata": {

  

  

  

  

"additionalProperties": "string"

  

  

  

}

  

  

}

  

]

}

GET

/auth/two_factor/methods

Playground

Server

Authorization

SessionAuth

Samples

---

Start Email 2FA Setup

POST

/auth/two_factor/email/setup

Starts email verification flow and sends a code.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Request Body

application/json

{

  

"email": "string"

}

Responses

Setup started

Content-Type

application/json

{

  

"success": true,

  

"method_id": "string",

  

"message": "string",

  

"expires_in": 600

}

POST

/auth/two_factor/email/setup

Playground

Server

Authorization

SessionAuth

Body

Samples

---

Start SMS 2FA Setup

POST

/auth/two_factor/sms/setup

Starts SMS verification flow and sends a code.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Request Body

application/json

{

  

"phone": "+15551234567"

}

Responses

Setup started

Content-Type

application/json

{

  

"success": true,

  

"method_id": "string",

  

"message": "string",

  

"expires_in": 600

}

POST

/auth/two_factor/sms/setup

Playground

Server

Authorization

SessionAuth

Body

Samples

---

Start 2FA Challenge

POST

/auth/two_factor/{method}/start

Resends a verification code for pending or active sessions.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Parameters

Path Parameters

method*

Type

string

Required

Valid values

"email""sms"

Request Body

application/json

{

  

"action": "login"

}

Responses

Challenge started

Content-Type

application/json

{

  

"success": true,

  

"message": "string",

  

"expires_in": 600

}

POST

/auth/two_factor/{method}/start

Playground

Server

Authorization

SessionAuth

Variables

Key

Value

method*

Body

Samples

---

Verify 2FA Code

POST

/auth/two_factor/verify

Verifies code for login, setup, or remove action.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Request Body

application/json

{

  

"code": "string",

  

"method": "string",

  

"action": "string"

}

Responses

Verification successful

Content-Type

application/json

{

  

"success": true,

  

"message": "string",

  

"user": {

  

  

"id": "string",

  

  

"email": "string",

  

  

"name": "string",

  

  

"two_factor": 0

  

}

}

POST

/auth/two_factor/verify

Playground

Server

Authorization

SessionAuth

Body

Samples

---

Delete 2FA Method

DELETE

/auth/two_factor/{id}

Removes user method after re-verification.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Parameters

Path Parameters

id*

Type

string

Required

Request Body

application/json

{

  

"verification_code": "string",

  

"verification_method_id": "string"

}

Responses

Method removed

Content-Type

application/json

{

  

"success": true,

  

"message": "Method removed"

}

DELETE

/auth/two_factor/{id}

Playground

Server

Authorization

SessionAuth

Variables

Key

Value

id*

Body

Samples

---

Toggle User 2FA

POST

/auth/two_factor/toggle

Enables or disables two-factor for current account.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Request Body

application/json

{

  

"enabled": true

}

Responses

Toggle updated

Content-Type

application/json

{

  

"success": true,

  

"two_factor": true,

  

"message": "string"

}

POST

/auth/two_factor/toggle

Playground

Server

Authorization

SessionAuth

Body

Samples

---

Module Hub

Operations for module discovery, status, installation, and updates

Operations

GET/api/v1/modules/install/statusPOST/api/v1/modules/install/dry-runPOST/api/v1/modules/install/runGET/api/v1/modules/installGET/api/v1/modules/install/{module_id}/statusGET/api/v1/modules/install/{module_id}/registryPOST/api/v1/modules/install/{module_id}/dry-runPOST/api/v1/modules/install/{module_id}/runPOST/api/v1/modules/install/{module_id}/update/dry-runPOST/api/v1/modules/install/{module_id}/update

---

Check Hub Status

GET

/api/v1/modules/install/status

Verifies if Module Hub core registry tables are installed.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Responses

Hub status

Content-Type

application/json

{

  

"data": {

  

  

"installed": true,

  

  

"tables": [

  

  

  

"string"

  

  

]

  

},

  

"user_context": {

  

  

"additionalProperties": "string"

  

}

}

GET

/api/v1/modules/install/status

Playground

Server

Authorization

SessionAuth

Samples

---

Hub Install Dry Run

POST

/api/v1/modules/install/dry-run

Simulates installation of module hub registry/event tables.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Request Body

application/json

{

  

"runtime_scope": "flowless-core"

}

Responses

Dry-run plan generated

POST

/api/v1/modules/install/dry-run

Playground

Server

Authorization

SessionAuth

Body

Samples

---

Run Hub Install

POST

/api/v1/modules/install/run

Installs module hub registry/event tables.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Request Body

application/json

{

  

"runtime_scope": "flowless-core"

}

Responses

Hub installed

POST

/api/v1/modules/install/run

Playground

Server

Authorization

SessionAuth

Body

Samples

---

Discover Modules

GET

/api/v1/modules/install

Discovers available modules by reading manifests.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Responses

Available modules

Content-Type

application/json

{

  

"success": true,

  

"data": [

  

  

{

  

  

  

"module_id": "blog",

  

  

  

"module_version": "1.0.0",

  

  

  

"description": "Content publishing module for blog posts with optional engagement and analytics extensions.",

  

  

  

"components": [

  

  

  

  

"string"

  

  

  

],

  

  

  

"components_meta": [

  

  

  

  

{

  

  

  

  

  

"component_id": "ext-comments",

  

  

  

  

  

"component_type": "extension",

  

  

  

  

  

"version": "1.0.0",

  

  

  

  

  

"description": "Threaded comments and moderation-ready discussion data model."

  

  

  

  

}

  

  

  

],

  

  

  

"installed_components": 3

  

  

}

  

]

}

GET

/api/v1/modules/install

Playground

Server

Authorization

SessionAuth

Samples

---

Check Module Status

GET

/api/v1/modules/install/{module_id}/status

Returns status, drift and component-level health for one module.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Parameters

Path Parameters

module_id*

Type

string

Required

Responses

Module status

Content-Type

application/json

{

  

"success": true,

  

"data": {

  

  

"module_id": "blog",

  

  

"module_description": "Content publishing module for blog posts with optional engagement and analytics extensions.",

  

  

"runtime_scope": "flowless-core",

  

  

"module_version": "1.0.0",

  

  

"status": "installed",

  

  

"components": [

  

  

  

{

  

  

  

  

"component_id": "ext-comments",

  

  

  

  

"component_type": "extension",

  

  

  

  

"description": "Threaded comments and moderation-ready discussion data model.",

  

  

  

  

"expected_version": "1.0.0",

  

  

  

  

"installed_version": "1.0.0",

  

  

  

  

"installed": true,

  

  

  

  

"status": "installed"

  

  

  

}

  

  

]

  

}

}

GET

/api/v1/modules/install/{module_id}/status

Playground

Server

Authorization

SessionAuth

Variables

Key

Value

module_id*

Samples

---

Read Module Registry

GET

/api/v1/modules/install/{module_id}/registry

Returns registry components and audit events for one module.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Parameters

Path Parameters

module_id*

Type

string

Required

Responses

Registry entries

GET

/api/v1/modules/install/{module_id}/registry

Playground

Server

Authorization

SessionAuth

Variables

Key

Value

module_id*

Samples

---

Module Install Dry Run

POST

/api/v1/modules/install/{module_id}/dry-run

Plans installation for selected module and components.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Parameters

Path Parameters

module_id*

Type

string

Required

Request Body

application/json

{

  

"target": "core",

  

"components": [

  

  

"string"

  

],

  

"runtime_scope": "flowless-core",

  

"verify_checksum": true,

  

"repair_missing": false

}

Responses

Install plan generated

POST

/api/v1/modules/install/{module_id}/dry-run

Playground

Server

Authorization

SessionAuth

Variables

Key

Value

module_id*

Body

Samples

---

Run Module Install

POST

/api/v1/modules/install/{module_id}/run

Executes installation plan for a module.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Parameters

Path Parameters

module_id*

Type

string

Required

Request Body

application/json

{

  

"target": "core",

  

"components": [

  

  

"string"

  

],

  

"runtime_scope": "flowless-core",

  

"skip_existing": true,

  

"verify_checksum": true,

  

"repair_missing": false

}

Responses

Module install executed

POST

/api/v1/modules/install/{module_id}/run

Playground

Server

Authorization

SessionAuth

Variables

Key

Value

module_id*

Body

Samples

---

Module Update Dry Run

POST

/api/v1/modules/install/{module_id}/update/dry-run

Plans update actions for outdated or drifted components.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Parameters

Path Parameters

module_id*

Type

string

Required

Request Body

application/json

{

  

"components": [

  

  

"string"

  

],

  

"runtime_scope": "flowless-core",

  

"verify_checksum": true

}

Responses

Update plan generated

POST

/api/v1/modules/install/{module_id}/update/dry-run

Playground

Server

Authorization

SessionAuth

Variables

Key

Value

module_id*

Body

Samples

---

Run Module Update

POST

/api/v1/modules/install/{module_id}/update

Applies updates to selected or all outdated components.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Parameters

Path Parameters

module_id*

Type

string

Required

Request Body

application/json

{

  

"components": [

  

  

"string"

  

],

  

"runtime_scope": "flowless-core",

  

"verify_checksum": true

}

Responses

Update executed

POST

/api/v1/modules/install/{module_id}/update

Playground

Server

Authorization

SessionAuth

Variables

Key

Value

module_id*

Body

Samples

---

Blog

Operations

GET/api/v1/postsPOST/api/v1/postsGET/api/v1/posts/authors/{id}GET/api/v1/posts/{slug}GET/api/v1/posts/id/{id}PUT/api/v1/posts/{id}DELETE/api/v1/posts/{id}POST/api/v1/posts/{id}/publishPOST/api/v1/posts/{id}/unpublishPOST/api/v1/posts/{id}/schedulePOST/api/v1/posts/{id}/restorePOST/api/v1/posts/{id}/featured-imageDELETE/api/v1/posts/{id}/featured-imageGET/api/v1/posts/categoriesPOST/api/v1/posts/categoriesPUT/api/v1/posts/categories/{id}DELETE/api/v1/posts/categories/{id}GET/api/v1/posts/tagsPOST/api/v1/posts/tagsPUT/api/v1/posts/tags/{id}DELETE/api/v1/posts/tags/{id}GET/api/v1/posts/{id}/commentsPOST/api/v1/posts/{id}/commentsPUT/api/v1/posts/{id}/comments/{commentId}DELETE/api/v1/posts/{id}/comments/{commentId}POST/api/v1/posts/comments/{commentId}/moderateGET/api/v1/posts/{id}/reactionsPOST/api/v1/posts/{id}/reactionsPOST/api/v1/posts/{id}/bookmarkDELETE/api/v1/posts/{id}/bookmarkGET/api/v1/posts/me/bookmarksPOST/api/v1/posts/{id}/viewGET/api/v1/posts/{id}/statsGET/api/v1/posts/id/{id}/translationsPOST/api/v1/posts/id/{id}/translationsPUT/api/v1/posts/id/{id}/translations/{lang}DELETE/api/v1/posts/id/{id}/translations/{lang}GET/api/v1/posts/seo/sitemap.xml

---

List Blog Posts

GET

/api/v1/posts

Lists posts with pagination, sorting and content filters.

Parameters

Query Parameters

page

Type

integer

Minimum

1

Default

1

limit

Type

integer

Minimum

1

Maximum

100

Default

10

sort

Type

string

Valid values

"created_at""published_at""updated_at""title"

order

Type

string

Valid values

"asc""desc"

Default

"desc"

status

Type

string

visibility

Type

string

category

Type

string

tag

Type

string

author

Type

string

q

Type

string

lang

Type

string

Responses

Posts list

GET

/api/v1/posts

Playground

Server

Variables

Key

Value

page

limit

sort

order

status

visibility

category

tag

author

q

lang

Samples

---

Create Blog Post

POST

/api/v1/posts

Creates a blog post for writer/admin roles.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Request Body

application/json

{

  

"title": "string",

  

"slug": "string",

  

"body": "string",

  

"body_format": "string",

  

"excerpt": "string",

  

"featured_image": "string",

  

"status": "string",

  

"visibility": "string",

  

"password": "string",

  

"category_ids": [

  

  

"string"

  

],

  

"tag_ids": [

  

  

"string"

  

],

  

"comments_enabled": true,

  

"reactions_enabled": true,

  

"scheduled_at": "string",

  

"metadata": {

  

  

"additionalProperties": "string"

  

}

}

Responses

Post created

POST

/api/v1/posts

Playground

Server

Authorization

SessionAuth

Body

Samples

---

Get Author Profile

GET

/api/v1/posts/authors/{id}

Returns public author profile metadata.

Parameters

Path Parameters

id*

Type

string

Required

Responses

Author profile

GET

/api/v1/posts/authors/{id}

Playground

Server

Variables

Key

Value

id*

Samples

---

Get Blog Post by Slug

GET

/api/v1/posts/{slug}

Parameters

Path Parameters

slug*

Type

string

Required

Query Parameters

lang

Type

string

Responses

Post details

GET

/api/v1/posts/{slug}

Playground

Server

Variables

Key

Value

slug*

lang

Samples

---

Get Blog Post by Id

GET

/api/v1/posts/id/{id}

Parameters

Path Parameters

id*

Type

string

Required

Responses

Post details

GET

/api/v1/posts/id/{id}

Playground

Server

Variables

Key

Value

id*

Samples

---

Update Blog Post

PUT

/api/v1/posts/{id}

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Parameters

Path Parameters

id*

Type

string

Required

Request Body

application/json

{

  

"additionalProperties": "string"

}

Responses

Post updated

PUT

/api/v1/posts/{id}

Playground

Server

Authorization

SessionAuth

Variables

Key

Value

id*

Body

Samples

---

Delete Blog Post

DELETE

/api/v1/posts/{id}

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Parameters

Path Parameters

id*

Type

string

Required

Responses

Post deleted

DELETE

/api/v1/posts/{id}

Playground

Server

Authorization

SessionAuth

Variables

Key

Value

id*

Samples

---

Publish Blog Post

POST

/api/v1/posts/{id}/publish

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Parameters

Path Parameters

id*

Type

string

Required

Responses

Post published

POST

/api/v1/posts/{id}/publish

Playground

Server

Authorization

SessionAuth

Variables

Key

Value

id*

Samples

---

Unpublish Blog Post

POST

/api/v1/posts/{id}/unpublish

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Parameters

Path Parameters

id*

Type

string

Required

Responses

Post moved to draft

POST

/api/v1/posts/{id}/unpublish

Playground

Server

Authorization

SessionAuth

Variables

Key

Value

id*

Samples

---

Schedule Blog Post

POST

/api/v1/posts/{id}/schedule

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Parameters

Path Parameters

id*

Type

string

Required

Request Body

application/json

{

  

"scheduled_at": "string"

}

Responses

Post scheduled

POST

/api/v1/posts/{id}/schedule

Playground

Server

Authorization

SessionAuth

Variables

Key

Value

id*

Body

Samples

---

Restore Blog Post

POST

/api/v1/posts/{id}/restore

Restores a soft-deleted post.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Parameters

Path Parameters

id*

Type

string

Required

Responses

Post restored

POST

/api/v1/posts/{id}/restore

Playground

Server

Authorization

SessionAuth

Variables

Key

Value

id*

Samples

---

Upload Featured Image

POST

/api/v1/posts/{id}/featured-image

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

Parameters

Path Parameters

id*

Type

string

Required

Request Body

multipart/form-data

object

Format"binary"

Responses

Featured image updated

POST

/api/v1/posts/{id}/featured-image

Playground

Server

Authorization

SessionAuth

Variables

Key

Value

id*

Body

Samples