ffbe66a389
* fix relrefs around trends and related entities * revert moving caption-links to middle of page * hide empty menu in table of contents * clarify edit notifs are only for boosted statuses * following/followers no longer need auth * fix typo * specify cooldown period for account Move * use the correct cooldown * add missing parameters to accounts/id/statuses * link to account_statuses_filter.rb * fix typo (#1072) * fix typo (#1073) * fix link to http sig spec (#1067) * simply HTTP request examples in api methods docs * add missing client_secret to oauth/token (#1062) * Add any, all, none to hashtag timeline * minor formatting changes * Update signature requirements and advice * fix public key -> private key * clarify use of RSA with SHA256 * Add note about saving your profile after adding rel-me link * v2 filters api * comment out params that shouldn't be used in v2 filter api * admin trends * remove old todo * canonical email blocks + scheduled statuses * remove under-construction warnings from finished pages * verify api method params with source code * fix typo (#1088) * fix broken caption-links (#1100) * fix formatting of entities (#1094) * Remove keybase section from user guide (#1093) * fix typos (#1092) * Verify limits are accurate (#1086) * add mention of iframe limitation (#1084) * Add CORS header to WEB_DOMAIN example (#1083) * Fix typo (#1081) * pin http sigs spec at draft 8 * Revert "pin http sigs spec at draft 8" This reverts commit 9fd5f7032b69b29e77599dd62adfe8d2f5cd4f20. * add case sensitivity warning to 4.0 roles * Add url length note to bio (#1087) * remove follow scope from examples (#1103) * clarify usage of update_credentials to update profile fields * add noindex to Account entitity * remove required hint from technically not required property
6.8 KiB
| title | description | menu | aliases | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ip_blocks API methods | Disallow certain IP address ranges from signing up. |
|
|
List all IP blocks
GET /api/v1/admin/ip_blocks HTTP/1.1
Show information about all blocked IP ranges.
Returns: Array of [Admin::IpBlock]({{< relref "entities/Admin_IpBlock" >}})
OAuth: User token + admin:read:ip_blocks
Permissions: Manage Blocks
Version history:
4.0.0 - added
Request
Headers
- Authorization
- {{}} Provide this header with
Bearer <user token>to gain authorized access to this API method.
Query parameters
- max_id
- Internal parameter. Use HTTP
Linkheader for pagination. - since_id
- Internal parameter. Use HTTP
Linkheader for pagination. - min_id
- Internal parameter. Use HTTP
Linkheader for pagination. - limit
- Integer. Maximum number of results to return. Defaults to 100 blocks. Max 200 blocks.
Response
200: OK
[
{
"id": "1",
"ip": "8.8.8.8/32",
"severity": "no_access",
"comment": "",
"created_at": "2022-11-16T07:22:00.501Z",
"expires_at": null
},
// ...
]
Because IpBlock IDs are generally not exposed via any API responses, you will have to parse the HTTP Link header to load older or newer results. See [Paginating through API responses]({{<relref "api/guidelines#pagination">}}) for more information.
Link: <http://mastodon.example/api/v1/admin/ip_blocks?limit=2&max_id=2>; rel="next", <http://mastodon.example/api/v1/admin/ip_blocks?limit=2&since_id=1>; rel="prev"
403: Forbidden
Authorized user is not allowed to perform this action, or invalid or missing Authorization header
{
"error": "This action is not allowed"
}
Get a single IP block
GET /api/v1/admin/ip_blocks/:id HTTP/1.1
Show information about a single IP block.
Returns: [Admin::IpBlock]({{< relref "entities/Admin_IpBlock" >}})
OAuth: User token + admin:read:ip_blocks
Permissions: Manage Blocks
Version history:
4.0.0 - added
Path parameters
- :id
- {{}} String. The ID of the IpBlock in the database.
Headers
- Authorization
- {{}} Provide this header with
Bearer <user token>to gain authorized access to this API method.
Response
200: OK
{
"id": "1",
"ip": "8.8.8.8/32",
"severity": "no_access",
"comment": "",
"created_at": "2022-11-16T07:22:00.501Z",
"expires_at": null
}
403: Forbidden
Authorized user is not allowed to perform this action, or invalid or missing Authorization header
{
"error": "This action is not allowed"
}
404: Not found
IpBlock with the given ID does not exist
{
"error": "Record not found"
}
Block an IP address range from signing up
POST /api/v1/admin/ip_blocks HTTP/1.1
Add an IP address range to the list of IP blocks.
Returns: [Admin::IpBlock]({{< relref "entities/Admin_IpBlock" >}})
OAuth: User token + admin:write:ip_blocks
Permissions: Manage Blocks
Version history:
4.0.0 - added
Request
Headers
- Authorization
- {{}} Provide this header with
Bearer <user token>to gain authorized access to this API method.
Form data parameters
- ip
- String. The IP address and prefix to block. Defaults to
0.0.0.0/32 - severity
- {{}} String. The policy to apply to this IP range:
sign_up_requires_approval,sign_up_block, orno_access - comment
- String. The reason for this IP block.
- expires_in
- Integer. The number of seconds in which this IP block will expire.
Response
200: OK
IP has been blocked from signups.
{
"id": "1",
"ip": "8.8.8.8/32",
"severity": "no_access",
"comment": "",
"created_at": "2022-11-16T07:22:00.501Z",
"expires_at": null
}
403: Forbidden
Authorized user is not allowed to perform this action, or invalid or missing Authorization header
{
"error": "This action is not allowed"
}
422: Unprocessable entity
IP has already been blocked, and/or no severity was provided
{
"error": "Validation failed: Severity can't be blank, Ip has already been taken"
}
Update a domain block
PUT /api/v1/admin/ip_blocks/:id HTTP/1.1
Change parameters for an existing IP block.
Returns: [Admin::IpBlock]({{< relref "entities/Admin_IpBlock" >}})
OAuth: User token + admin:write:ip_blocks
Permissions: Manage Blocks
Version history:
4.0.0 - added
Request
Path parameters
- :id
- {{}} String. The ID of the IpBlock in the database.
Headers
- Authorization
- {{}} Provide this header with
Bearer <user token>to gain authorized access to this API method.
Form data parameters
- ip
- String. The IP address and prefix to block. Defaults to
0.0.0.0/32 - severity
- String. The policy to apply to this IP range:
sign_up_requires_approval,sign_up_block, orno_access - comment
- String. The reason for this IP block.
- expires_in
- Integer. The number of seconds in which this IP block will expire.
Response
200: OK
IP block has been updated
{
"id": "1",
"ip": "8.8.4.4/32",
"severity": "no_access",
"comment": "",
"created_at": "2022-11-16T07:22:00.501Z",
"expires_at": null
}
403: Forbidden
Authorized user is not allowed to perform this action, or invalid or missing Authorization header
{
"error": "This action is not allowed"
}
Delete an IP block
DELETE /api/v1/admin/ip_blocks/:id HTTP/1.1
Lift a block against an IP range.
Returns: [Admin::IpBlock]({{< relref "entities/Admin_IpBlock" >}})
OAuth: User token + admin:write:domain_blocks
Permissions: Manage Blocks
Version history:
4.0.0 - added
Request
Path parameters
- :id
- {{}} String. The ID of the DomainAllow in the database.
Headers
- Authorization
- {{}} Provide this header with
Bearer <user token>to gain authorized access to this API method.
Response
200: OK
The IP has been removed from the block list
{}
403: Forbidden
Authorized user is not allowed to perform this action, or invalid or missing Authorization header
{
"error": "This action is not allowed"
}
404: Not found
IpBlock with the given ID does not exist
{
"error": "Record not found"
}
See also
{{< caption-link url="https://github.com/mastodon/mastodon/blob/main/app/controllers/api/v1/admin/ip_blocks_controller.rb" caption="app/controllers/api/v1/admin/ip_blocks_controller.rb" >}}