Add moderation API

[Gargron]

• Fix Allow moderation through API #8580
• Fix Proposal: Moderation APIs #7143

Method	Description
GET /api/v1/admin/accounts	Get accounts, with params local, remote, by_domain, active, pending, disabled, silenced, suspended, username, display_name, email, ip, staff
GET /api/v1/admin/accounts/:id	Get a specific account
POST /api/v1/admin/accounts/:id/enable	Re-enable account
POST /api/v1/admin/accounts/:id/approve	Approve pending account
POST /api/v1/admin/accounts/:id/reject	Reject pending account
POST /api/v1/admin/accounts/:id/unsilence	Unsilence account
POST /api/v1/admin/accounts/:id/unsuspend	Unsuspend account
GET /api/v1/admin/reports	Get reports, with params resolved, account_id, target_account_id
GET /api/v1/admin/reports/:id	Get a specific report
POST /api/v1/admin/reports/:id/assign_to_self	Assign report to self
POST /api/v1/admin/reports/:id/unassign	Unassign report from self
POST /api/v1/admin/reports/:id/reopen	Re-open report
POST /api/v1/admin/reports/:id/resolve	Close report
POST /api/v1/admin/accounts/:id/action	Perform a moderation action on an account, with params type, report_id, warning_preset_id, text, send_email_notification

JSON returned from accounts APIs includes id, username, domain, created_at, email, role, ip, confirmed, suspended, silenced, disabled, approved, and account which renders the standard account data used in the rest of the application. Additionally, there are locale, invite_request, created_by_application_id and invited_by_account_id

JSON returns from reports APIs includes id, action_taken, comment, created_at, updated_at, account_id, target_account_id, assigned_account_id, action_taken_by_account_id, and statuses which renders the standard status data used in the rest of the application.

[ghost]

@Gargron is it possible to add a parameter in Account entity like "is_moderator" to display moderation features only if needed?

[Gargron]

This is still far from everything that admins can do through the website. However, it should be possible to automate the most pressing tasks with this: Approval of pending accounts and auto-modding of reports. What is not yet possible but could be important as part of auto-modding applications is modifying statuses, such as updating sensitive or removing them.

[bclindner]

Great stuff, thanks! This should help with Fedi's still-at-large spam problem.

One thing I can think of that could be added is the ability to get recently created accounts and their posts, so that an automated script could pull them and screen their posts to ensure they aren't following common spam patterns.

[joyeusenoelle]

Can pending be added as a parameter to GET /api/v1/admin/accounts? Or is there another way to get a list of pending accounts that I don't see?

[Gargron]

Can pending be added as a parameter to GET /api/v1/admin/accounts? Or is there another way to get a list of pending accounts that I don't see?

It's supported I forgot to list it.

One thing I can think of that could be added is the ability to get recent accounts and their posts

Accounts returned from the accounts API are ordered by recent-first. The non-admin REST API could be used to retrieve those accounts' posts, I believe.

[slice]

Endpoints to manage federation (e.g. suspending instances) would be nice to have, if they aren't already a thing.

[bclindner]

I concur, but would argue that's not something most people would not want to be doing from a mobile app or automated script, at least with the current state of the Fediverse.

[slice]

@bclindner I'm sure it would be nice to have regardless; what I had in mind when suggesting that was the ability to write a small CLI script to let me suspend an instance from my terminal window instead of having to jump through hoops in the web interface.

[Gargron]

@slice I'm sure a new tootctl command would suffice for that

[slice]

@Gargron Yeah, tootctl seems like it would be more appropriate for this, actually.

[tribela]

moderation note missing?

[ghost]

@Gargron does /accounts/verify_credentials that returns an Account will also return the role like in /api/v1/admin/accounts/:id/action?
That's an important element for displaying admin features inside applications. Also what are the possible values for role: user, moderator, admin?

[ghost]

It's easy to get the entity Account for the reported one (ie via statuses->getAccount) but for the account who reports, it needs an extra call from account_id. Would it be possible to attach Account entities inside the report entity?
ie: account_id, target_account_id, assigned_account_id could be replaced by account, target_account and assigned_account entities.

[Gargron]

Okay, that will make the API a bit slower, though. I was even considering GraphQL for this to avoid sending unnecessary attributes and entities but I guess it'd be kinda weird to add GraphQL just for the admin parts of the API.

[Gargron]

Okay, that information is now included in the reports API. This kind of makes sense too because it means you can give an app access to reports only and it will be able to see data of reported accounts only.

[ThisIsMissEm]

@Gargron If you are interested in developing a GraphQL API to mastodon, please drop me a message, and I'd be happy to help with the schema design & implementation.

(Though it could also be a standalone component like the real-time service, which would also then support GraphQL Subscriptions)

[ThisIsMissEm]

@Gargron, does this support marking media as sensitive or removing images or other media? (I'm looking at this thinking it can't be that hard to add, but it's been a while since I've contributed)

[rjrobinson]

I would also be interested in helping with a GraphQL API. i know this ticket is closed, but i would love to help. @ThisIsMissEm && @Gargron

[aakritichoudhary]

@Gargron , are there APIs to DELETE and SENSITIVE the post(s) attached to the reported user? These actions can be done from the web UI but I could not find an API for this.
POST /api/v1/admin/accounts/:id/action - I believe this only works for user level actions and not toot level actions.
Also can we fetch list of all the moderator(s) on an instance via an API call? If so, please specify the API.

[ThisIsMissEm]

@aakritichoudhary there isn't currently. There's also not an API to fetch all moderators on a server. Consider opening new feature requests for these?