Skip to content

ebit-api bo (backoffice) — REST API reference

Auto-generated from openapi/bo.openapi.json (OpenAPI 3.0.0, Evospin BO v1.0). For exhaustive parameter details — including every nested DTO field — open the live Swagger at http://localhost:4003/swagger.

58 endpoints across 15 tags.

Tags

Conventions

  • Base URL (local): http://localhost:4003
  • Auth: bearer security scheme — JWT presented as Authorization: Bearer <token> or as the access_token HTTP-only cookie set by POST /auth/sign-in. The legacy admin-fe also reads jwt_access_token; see auth-flow.md.
  • Captcha bypass (local only): any endpoint guarded by RecaptchaGuard accepts x-captcha-token: pass when the API runs with NODE_ENV=local (apps/api/src/captcha/google/recaptcha.service.ts:28). The bypass is silently rejected in staging/prod.
  • Schema rendering: request/response bodies link to the schema name (e.g. SignInDto). For nested fields and validation rules, use live Swagger.
  • Tracing context (api.md only): auto HTTP spans come from @opentelemetry/instrumentation-nestjs-core; per-endpoint notes call out manual tracer.startActiveSpan wraps and known blind spots from docs/audits/perf-trace-coverage-audit.md.

Admin Accounting API

POST /accounting/transactions

(SuperAdmin) Get all transactions

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
sortBy string req
sortOrder string req
where ref→TransactionFilterDto opt
page number req
take number req

Response 200: allOf:

field type required description
data array req
take number req
page number req
total number req
totalPages number req
field type required description
data array opt
total number opt

Response 201: (no body)

Sample curl

curl -X POST http://localhost:4003/accounting/transactions \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

Admin Affiliate API

POST /affiliate/find-one

(Permission) Get affiliate

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
where ref→FindOneAffiliateWhere req

Response 201: object

Sample curl

curl -X POST http://localhost:4003/affiliate/find-one \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

POST /affiliate/find-one-stats

(Permission) Get affiliate stats

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
where ref→FindOneAffiliateWhere req

Response 201: object

Sample curl

curl -X POST http://localhost:4003/affiliate/find-one-stats \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

GET /affiliate/levels

(Permission) Get affiliate levels

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Response 200: array of

field type required description
minWageredUsdAmount string req
id number req
name string req
commission string req
minReferralCountForClaim number req

Sample curl

curl -X GET http://localhost:4003/affiliate/levels \
  -H 'Cookie: access_token=<JWT>'

POST /affiliate/users

(Permission) Get affiliate users

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
sortBy string req
sortOrder string req
where ref→FindManyAffiliateUsersWhere req
page number req
take number req

Response 201: object

Sample curl

curl -X POST http://localhost:4003/affiliate/users \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

Admin Bets API

GET /bets

(Permission) View user bets

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
sortBy query req string
sortOrder query req string
where query opt ?
page query req number
take query req number

Response 200: allOf:

field type required description
data array req
take number req
page number req
total number req
totalPages number req
field type required description
data array opt
total number opt

Sample curl

curl -X GET http://localhost:4003/bets \
  -H 'Cookie: access_token=<JWT>'

POST /bets

(Permission) View user bets

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
sortBy string req
sortOrder string req
where ref→BetsFilterDto opt
page number req
take number req

Response 200: allOf:

field type required description
data array req
take number req
page number req
total number req
totalPages number req
field type required description
data array opt
total number opt

Response 201: (no body)

Sample curl

curl -X POST http://localhost:4003/bets \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

Admin Chat API

POST /chat/admin-action

(Permission) Perform admin action in chat

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
action string req
args object req

Response 201: (no body)

Sample curl

curl -X POST http://localhost:4003/chat/admin-action \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

Admin Core API

PUT /config

(SuperAdmin) Update site config by code

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
code path req ? COMMON, BATTLES, AFFILIATES, WITHDRAWALS

Request body (application/json):

field type required description
code object req
config object req

Response 200: object

Sample curl

curl -X PUT http://localhost:4003/config \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

Admin Key API

POST /api-keys

(Permission) Create API key

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
userId number req

Response 201:

field type required description
id string req
key string req
userId number req
createdAt string req
updatedAt string req

Sample curl

curl -X POST http://localhost:4003/api-keys \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

DELETE /api-keys/{userId}

(Permission) Disable API key

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
userId path req number

Response 204: (no body)

Sample curl

curl -X DELETE http://localhost:4003/api-keys/{userId} \
  -H 'Cookie: access_token=<JWT>'

GET /api-keys/{userId}

(Permission) Get API key

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
userId path req number

Response 200: object

Sample curl

curl -X GET http://localhost:4003/api-keys/{userId} \
  -H 'Cookie: access_token=<JWT>'

Admin Leaderboard API

GET /leaderboards

(Permission) Get leaderboards

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
withUsers query opt boolean Adds 50 users to response
withSchedule query opt boolean Adds schedule config to dto
type query opt string
status query opt string
sortOrder query opt string
sortBy query opt string
page query req number
take query req number

Response 200: allOf:

field type required description
data array req
take number req
page number req
total number req
totalPages number req
field type required description
data array opt
total number opt

Sample curl

curl -X GET http://localhost:4003/leaderboards \
  -H 'Cookie: access_token=<JWT>'

POST /leaderboards/give-prize

(Permission) Give prize

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
usdAmount string opt
currency string req Choose wallet for giving prize. usdAmount will be converted
fullUsdAmount boolean opt
leaderboardId string req
userId number req

Response 201: object

Sample curl

curl -X POST http://localhost:4003/leaderboards/give-prize \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

GET /leaderboards/schedule

(Permission) Get leaderboard schedules

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Response 200: array of

field type required description
id string req
createdAt string req
updatedAt string req
enabled boolean req
config ref→LeaderboardScheduleConfigDto req
leaderboards array req

Sample curl

curl -X GET http://localhost:4003/leaderboards/schedule \
  -H 'Cookie: access_token=<JWT>'

GET /leaderboards/schedule/{id}

(Permission) Get leaderboard schedule

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
id path req string

Response 200: object

Sample curl

curl -X GET http://localhost:4003/leaderboards/schedule/{id} \
  -H 'Cookie: access_token=<JWT>'

POST /leaderboards/schedule/{id}

(Permission) Update leaderboard schedule

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
id path req string

Request body (application/json):

field type required description
enabled boolean req
name string req
description string req
prizes array req

Response 201: object

Sample curl

curl -X POST http://localhost:4003/leaderboards/schedule/{id} \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

GET /leaderboards/{leaderboardId}

(Permission) Get leaderboard

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
leaderboardId path req string

Response 200: object

Sample curl

curl -X GET http://localhost:4003/leaderboards/{leaderboardId} \
  -H 'Cookie: access_token=<JWT>'

GET /leaderboards/{leaderboardId}/users

(Permission) Get leaderboard users

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
leaderboardId path req string
search query opt string Search by user id, name or email
isWinner query opt boolean
isWaitingForPrice query opt boolean
page query req number
take query req number

Response 200: allOf:

field type required description
data array req
take number req
page number req
total number req
totalPages number req
field type required description
data array opt
total number opt

Sample curl

curl -X GET http://localhost:4003/leaderboards/{leaderboardId}/users \
  -H 'Cookie: access_token=<JWT>'

GET /leaderboards/{leaderboardId}/users/{userId}

(Permission) Get leaderboard user

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
leaderboardId path req string
userId path req number

Response 200: object

Sample curl

curl -X GET http://localhost:4003/leaderboards/{leaderboardId}/users/{userId} \
  -H 'Cookie: access_token=<JWT>'

Admin Payments API

GET /deposit

(Permission) Get deposits

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
sortBy query req string
sortOrder query req string
status query opt string
userId query opt number
page query req number
take query req number

Response 200: allOf:

field type required description
data array req
take number req
page number req
total number req
totalPages number req
field type required description
data array opt
total number opt

Sample curl

curl -X GET http://localhost:4003/deposit \
  -H 'Cookie: access_token=<JWT>'

GET /withdraw

(Permission) Get withdrawals

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
sortBy query req string
sortOrder query req string
status query opt string
userId query opt number
username query opt string
page query req number
take query req number

Response 200: allOf:

field type required description
data array req
take number req
page number req
total number req
totalPages number req
field type required description
data array opt
total number opt

Sample curl

curl -X GET http://localhost:4003/withdraw \
  -H 'Cookie: access_token=<JWT>'

POST /withdraw/approve

(Permission) Approve withdraw

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
id string req

Response 201: object

Sample curl

curl -X POST http://localhost:4003/withdraw/approve \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

POST /withdraw/reject

(Permission) Reject withdraw

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
id string req
rejectReason string req

Response 201: object

Sample curl

curl -X POST http://localhost:4003/withdraw/reject \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

POST /withdraw/retry

(Permission) Retry withdraw

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
id string req

Response 201: object

Sample curl

curl -X POST http://localhost:4003/withdraw/retry \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

Admin Rakeback API

POST /rakeback/find-many

(Permission) Get rakebacks

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
where ref→FindManyRakebackWhere req

Response 201: array of

field type required description
instantClaimable string req
instantTotalClaimed string req
dailyClaimable string req
dailyTotalClaimed string req
dailyAccumulated string req
weeklyClaimable string req
weeklyTotalClaimed string req
weeklyAccumulated string req
monthlyClaimable string req
monthlyTotalClaimed string req
monthlyAccumulated string req
userId number req
currencyId object req
updatedAt string req

Sample curl

curl -X POST http://localhost:4003/rakeback/find-many \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

Admin Registration Info API

GET /registration-info/{userId}

(SuperAdmin) Get registration info by userId

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
userId path req number

Response 200: (no body)

Sample curl

curl -X GET http://localhost:4003/registration-info/{userId} \
  -H 'Cookie: access_token=<JWT>'

Admin Tips API

GET /admin-tips

(Permission) Get admin tips history

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
sortBy query req string
sortOrder query req string
senderUserId query opt number
recipientUserId query opt number
senderOrRecipientUserId query opt number
search query opt string
page query req number
take query req number

Response 200: allOf:

field type required description
data array req
take number req
page number req
total number req
totalPages number req
field type required description
data array opt
total number opt

Sample curl

curl -X GET http://localhost:4003/admin-tips \
  -H 'Cookie: access_token=<JWT>'

POST /admin-tips

(Permission) Tip user

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
amount string req
currencyId string req
tag string opt
recipientUserId number req
notes string req

Response 201:

field type required description
success boolean req

Sample curl

curl -X POST http://localhost:4003/admin-tips \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

POST /admin-tips/deduct-balance

(Permission) Deduct balance from user

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
amount string req
currencyId string req
tag string opt
recipientUserId number req
notes string req

Response 201:

field type required description
success boolean req

Sample curl

curl -X POST http://localhost:4003/admin-tips/deduct-balance \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

Admin User API

PUT /user/add-single-role

(SuperAdmin) Add single role to user

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
username string req
role object req

Response 200:

field type required description
exp string req
permissions array req
id number req
createdAt string req
updatedAt string req
username string req
isPrivate boolean req
email string req
emailVerified boolean req
lastLoginAt string req
avatar string req
mfaSecret string req
vipLevel number req
steamId string req
steamTradeLink string req
googleEmail string req
isStreamer boolean req
isStreamerMode boolean req
isStaff boolean req
isYoutuber boolean req

Sample curl

curl -X PUT http://localhost:4003/user/add-single-role \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

POST /user/admin-user

(SuperAdmin) Create admin user

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
username string req
password string req
email string opt
permissions array req

Response 201:

field type required description
exp string req
permissions array req
id number req
createdAt string req
updatedAt string req
username string req
isPrivate boolean req
email string req
emailVerified boolean req
lastLoginAt string req
avatar string req
mfaSecret string req
vipLevel number req
steamId string req
steamTradeLink string req
googleEmail string req
isStreamer boolean req
isStreamerMode boolean req
isStaff boolean req
isYoutuber boolean req

Sample curl

curl -X POST http://localhost:4003/user/admin-user \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

GET /user/all

(SuperAdmin) Get all users

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
sortBy query req string
sortOrder query req string
isBanned query opt boolean
withPermissions query req boolean
withRoles query req boolean
withNotes query req boolean
role query opt string
withBalance query req boolean
withStatsUsd query req boolean
search query opt string
where query opt ?
page query req number
take query req number

Response 200: (no body)

Sample curl

curl -X GET http://localhost:4003/user/all \
  -H 'Cookie: access_token=<JWT>'

POST /user/all

(SuperAdmin) Get all users

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
sortBy string req
sortOrder string req
isBanned boolean opt
withPermissions boolean req
withRoles boolean req
withNotes boolean req
role string opt
withBalance boolean req
withStatsUsd boolean req
search string opt
where ref→UserFilterDto opt
page number req
take number req

Response 201: (no body)

Sample curl

curl -X POST http://localhost:4003/user/all \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

GET /user/all-permissions

(SuperAdmin) Get all permissions

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Response 200: object

Sample curl

curl -X GET http://localhost:4003/user/all-permissions \
  -H 'Cookie: access_token=<JWT>'

GET /user/get-admins-with-roles

(SuperAdmin) Get all admins with roles

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Response 200: (no body)

Sample curl

curl -X GET http://localhost:4003/user/get-admins-with-roles \
  -H 'Cookie: access_token=<JWT>'

GET /user/get-all-roles-with-users

(SuperAdmin) Get all roles with users

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Response 200: (no body)

Sample curl

curl -X GET http://localhost:4003/user/get-all-roles-with-users \
  -H 'Cookie: access_token=<JWT>'

PUT /user/revoke-single-role

(SuperAdmin) Revoke single role from user

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
username string req
role object req

Response 200:

field type required description
exp string req
permissions array req
id number req
createdAt string req
updatedAt string req
username string req
isPrivate boolean req
email string req
emailVerified boolean req
lastLoginAt string req
avatar string req
mfaSecret string req
vipLevel number req
steamId string req
steamTradeLink string req
googleEmail string req
isStreamer boolean req
isStreamerMode boolean req
isStaff boolean req
isYoutuber boolean req

Sample curl

curl -X PUT http://localhost:4003/user/revoke-single-role \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

GET /user/stats/transactions

(Permission) Get top users by transactions

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
transactionType query req string
dataRange query opt string
sortBy query opt string
sortOrder query opt string
page query req number
take query req number

Response 200: (no body)

Sample curl

curl -X GET http://localhost:4003/user/stats/transactions \
  -H 'Cookie: access_token=<JWT>'

GET /user/{id}

(Permission) Find unique user

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
id path req number

Response 200:

field type required description
exp string req
permissions array req
id number req
createdAt string req
updatedAt string req
username string req
isPrivate boolean req
email string req
emailVerified boolean req
lastLoginAt string req
avatar string req
mfaSecret string req
vipLevel number req
steamId string req
steamTradeLink string req
googleEmail string req
isStreamer boolean req
isStreamerMode boolean req
isStaff boolean req
isYoutuber boolean req

Sample curl

curl -X GET http://localhost:4003/user/{id} \
  -H 'Cookie: access_token=<JWT>'

PATCH /user/{id}

(Permission) Update user

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
id path req number

Request body (application/json):

field type required description
username string opt
isStaff boolean opt
isYoutuber boolean opt
customMinAffiliateLevel number opt
isTest boolean opt
isStreamer boolean opt
canUseChat boolean opt
isPrivate boolean opt
isStreamerMode boolean opt
isEmailNotificationsEnabled boolean opt
steamTradeLink string opt

Response 200:

field type required description
exp string req
permissions array req
id number req
createdAt string req
updatedAt string req
username string req
isPrivate boolean req
email string req
emailVerified boolean req
lastLoginAt string req
avatar string req
mfaSecret string req
vipLevel number req
steamId string req
steamTradeLink string req
googleEmail string req
isStreamer boolean req
isStreamerMode boolean req
isStaff boolean req
isYoutuber boolean req

Sample curl

curl -X PATCH http://localhost:4003/user/{id} \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

PATCH /user/{id}/avatar/reset

(Permission) Replace user avatar with random

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
id path req number

Response 200: string

Sample curl

curl -X PATCH http://localhost:4003/user/{id}/avatar/reset \
  -H 'Cookie: access_token=<JWT>'

PUT /user/{id}/balance

(SuperAdmin) Update user balance

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
id path req number

Request body (application/json):

field type required description
balance string req
currencyId string req

Response 200: (no body)

Sample curl

curl -X PUT http://localhost:4003/user/{id}/balance \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

PATCH /user/{id}/ban

(Permission) Ban user

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
id path req number

Request body (application/json):

field type required description
banReason string req

Response 200:

field type required description
exp string req
permissions array req
id number req
createdAt string req
updatedAt string req
username string req
isPrivate boolean req
email string req
emailVerified boolean req
lastLoginAt string req
avatar string req
mfaSecret string req
vipLevel number req
steamId string req
steamTradeLink string req
googleEmail string req
isStreamer boolean req
isStreamerMode boolean req
isStaff boolean req
isYoutuber boolean req

Sample curl

curl -X PATCH http://localhost:4003/user/{id}/ban \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

GET /user/{id}/full/stats

(SuperAdmin) Get full user stats

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
id path req string

Response 200:

field type required description
totalWagered string req
totalPayouts string req
totalDeposits string req
totalWithdraws string req
ltv string req
ggr string req
avgBet string req
netDeposit string req
totalLoss string req
totalBets number req
rtp number req
winRate number req

Sample curl

curl -X GET http://localhost:4003/user/{id}/full/stats \
  -H 'Cookie: access_token=<JWT>'

PUT /user/{id}/permissions

(Permission) Update user permissions

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
id path req number

Request body (application/json):

field type required description
permissions string req

Response 200: object

Sample curl

curl -X PUT http://localhost:4003/user/{id}/permissions \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

PUT /user/{id}/roles

(SuperAdmin) Update user roles

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
id path req number

Request body (application/json):

field type required description
roles string req

Response 200: (no body)

Sample curl

curl -X PUT http://localhost:4003/user/{id}/roles \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

PATCH /user/{id}/unban

(SuperAdmin) Unban user

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
id path req number

Response 200:

field type required description
exp string req
permissions array req
id number req
createdAt string req
updatedAt string req
username string req
isPrivate boolean req
email string req
emailVerified boolean req
lastLoginAt string req
avatar string req
mfaSecret string req
vipLevel number req
steamId string req
steamTradeLink string req
googleEmail string req
isStreamer boolean req
isStreamerMode boolean req
isStaff boolean req
isYoutuber boolean req

Sample curl

curl -X PATCH http://localhost:4003/user/{id}/unban \
  -H 'Cookie: access_token=<JWT>'

Admin User Limits API

POST /user-limits/gambling-limits

(Permission) Set gambling limits

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
betLimit string req
userId number req

Response 201:

field type required description
betLimit string req
userId number req
id number req
createdAt string req
updatedAt string req

Sample curl

curl -X POST http://localhost:4003/user-limits/gambling-limits \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

GET /user-limits/gambling-limits/{id}

(Permission) Get gambling limits

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
id path req number

Response 200: object

Sample curl

curl -X GET http://localhost:4003/user-limits/gambling-limits/{id} \
  -H 'Cookie: access_token=<JWT>'

DELETE /user-limits/user-exclusion

(Permission) Delete user-self-exclusion

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
userId number req

Response 200:

field type required description
id number req
userId number req
expiresAt string req
createdAt string req
updatedAt string req

Sample curl

curl -X DELETE http://localhost:4003/user-limits/user-exclusion \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

POST /user-limits/user-exclusion

(Permission) Create user-self-exclusion

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
excludeUntil string req
userId number req

Response 201:

field type required description
id number req
userId number req
expiresAt string req
createdAt string req
updatedAt string req

Sample curl

curl -X POST http://localhost:4003/user-limits/user-exclusion \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

GET /user-limits/user-exclusion/{id}

(Permission) Get active self-exclusion

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Parameters

name in required type description
id path req number

Response 200: object

Sample curl

curl -X GET http://localhost:4003/user-limits/user-exclusion/{id} \
  -H 'Cookie: access_token=<JWT>'

Core API

GET /health

Health_check

Auth: public

Response 200:

field type required description
status string opt
info object opt
error object opt
details object opt

Response 503:

field type required description
status string opt
info object opt
error object opt
details object opt

Sample curl

curl -X GET http://localhost:4003/health

FAQ API

DELETE /faq

Delete an existing FAQ

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
id number req

Response 200: object

Sample curl

curl -X DELETE http://localhost:4003/faq \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

GET /faq

Get all FAQs

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Response 200: object

Sample curl

curl -X GET http://localhost:4003/faq \
  -H 'Cookie: access_token=<JWT>'

POST /faq

Create a new FAQ

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
title string req
text string req

Response 201: object

Sample curl

curl -X POST http://localhost:4003/faq \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'

PUT /faq

Update an existing FAQ

Auth: required (bearer — JWT in Authorization: Bearer … or access_token cookie)

Request body (application/json):

field type required description
id number req
title string opt
text string opt
order number opt

Response 200: object

Sample curl

curl -X PUT http://localhost:4003/faq \
  -H 'Cookie: access_token=<JWT>' \
  -H 'Content-Type: application/json' \
  -d '{ ... }'