Moderation

Moderation covers three surfaces: a queue of reported items (approve / reject / escalate), rule definitions (rule-driven filtering), and per-user trust levels (auto-approve bypasses the queue for trusted users).

Source: apps/api/src/routes/admin/moderation.ts.

Endpoints

Method	Path	Description
GET	`/admin/projects/:projectId/moderation/queue`	Paginated queue; defaults to `?status=pending`.
POST	`/admin/projects/:projectId/moderation/queue/:itemId/approve`	Approve.
POST	`/admin/projects/:projectId/moderation/queue/:itemId/reject`	Reject.
POST	`/admin/projects/:projectId/moderation/queue/:itemId/escalate`	Escalate.
POST	`/admin/projects/:projectId/moderation/rules`	Create a rule.
GET	`/admin/projects/:projectId/moderation/rules`	List rules.
PATCH	`/admin/projects/:projectId/moderation/rules/:ruleId`	Partial update.
DELETE	`/admin/projects/:projectId/moderation/rules/:ruleId`	Delete a rule.
POST	`/admin/projects/:projectId/moderation/trust`	Upsert a user's trust level.
GET	`/admin/projects/:projectId/moderation/trust`	Paginated trust levels.

GET /admin/projects/:projectId/moderation/queue

Query

Param	Default	Values
`status`	`pending`	`pending`, `approved`, `rejected`, `escalated`
`limit`	50
`offset`	0

Response 200

{
  "data": [{ "id": "…", "reason": "…", "status": "pending", "created_at": "…" }],
  "total": 100,
  "offset": 0,
  "limit": 50
}

Try it:

GET/admin/projects/%7B%7BprojectId%7D%7D/moderation/queue

developer auth

curl -X GET 'https://api.amba.dev/admin/projects/%7B%7BprojectId%7D%7D/moderation/queue'

Loading auth… Configure auth in the settings drawer (top-right) to run this request.

Curl:

curl -X GET '${BASE_URL}/admin/projects/{projectId}/moderation/queue' \
  -H 'Authorization: Bearer ${DEV_TOKEN}'

POST /admin/projects/:projectId/moderation/queue/:itemId/approve

Marks status = 'approved', moderator_id = 'admin', resolved_at = NOW().

Errors

404 NOT_FOUND.

Try it:

POST/admin/projects/%7B%7BprojectId%7D%7D/moderation/queue/%7B%7BitemId%7D%7D/approve

developer auth

curl -X POST 'https://api.amba.dev/admin/projects/%7B%7BprojectId%7D%7D/moderation/queue/%7B%7BitemId%7D%7D/approve'

Loading auth… Configure auth in the settings drawer (top-right) to run this request.

Curl:

curl -X POST '${BASE_URL}/admin/projects/{projectId}/moderation/queue/{itemId}/approve' \
  -H 'Authorization: Bearer ${DEV_TOKEN}' \
  -H 'Content-Type: application/json' \
  -d '{}'

POST /admin/projects/:projectId/moderation/queue/:itemId/reject

Same shape as approve; sets status = 'rejected'.

Try it:

POST/admin/projects/%7B%7BprojectId%7D%7D/moderation/queue/%7B%7BitemId%7D%7D/reject

developer auth

curl -X POST 'https://api.amba.dev/admin/projects/%7B%7BprojectId%7D%7D/moderation/queue/%7B%7BitemId%7D%7D/reject'

Loading auth… Configure auth in the settings drawer (top-right) to run this request.

Curl:

curl -X POST '${BASE_URL}/admin/projects/{projectId}/moderation/queue/{itemId}/reject' \
  -H 'Authorization: Bearer ${DEV_TOKEN}' \
  -H 'Content-Type: application/json' \
  -d '{}'

POST /admin/projects/:projectId/moderation/queue/:itemId/escalate

Sets status = 'escalated'. Does not stamp resolved_at.

Try it:

POST/admin/projects/%7B%7BprojectId%7D%7D/moderation/queue/%7B%7BitemId%7D%7D/escalate

developer auth

curl -X POST 'https://api.amba.dev/admin/projects/%7B%7BprojectId%7D%7D/moderation/queue/%7B%7BitemId%7D%7D/escalate'

Loading auth… Configure auth in the settings drawer (top-right) to run this request.

Curl:

curl -X POST '${BASE_URL}/admin/projects/{projectId}/moderation/queue/{itemId}/escalate' \
  -H 'Authorization: Bearer ${DEV_TOKEN}' \
  -H 'Content-Type: application/json' \
  -d '{}'

POST /admin/projects/:projectId/moderation/rules

Request (`CreateModerationRuleInput`)

Field	Type	Required	Default
`name`	string	yes	—
`rule_type`	string	yes	—
`config`	object	yes	—
`is_active`	boolean	no	true

Response 201

{ "data": { "id": "…", "name": "…", "rule_type": "keyword", "config": {}, "is_active": true } }

Try it:

POST/admin/projects/%7B%7BprojectId%7D%7D/moderation/rules

developer auth

curl -X POST 'https://api.amba.dev/admin/projects/%7B%7BprojectId%7D%7D/moderation/rules'

Loading auth… Configure auth in the settings drawer (top-right) to run this request.

Curl:

curl -X POST '${BASE_URL}/admin/projects/{projectId}/moderation/rules' \
  -H 'Authorization: Bearer ${DEV_TOKEN}' \
  -H 'Content-Type: application/json' \
  -d '{}'

GET /admin/projects/:projectId/moderation/rules

{ "data": [{ "id": "…", "name": "…", "rule_type": "keyword" }] }

Try it:

GET/admin/projects/%7B%7BprojectId%7D%7D/moderation/rules

developer auth

curl -X GET 'https://api.amba.dev/admin/projects/%7B%7BprojectId%7D%7D/moderation/rules'

Loading auth… Configure auth in the settings drawer (top-right) to run this request.

Curl:

curl -X GET '${BASE_URL}/admin/projects/{projectId}/moderation/rules' \
  -H 'Authorization: Bearer ${DEV_TOKEN}'

PATCH /admin/projects/:projectId/moderation/rules/:ruleId

Allowed fields: name, rule_type, config, is_active.

Try it:

PATCH/admin/projects/%7B%7BprojectId%7D%7D/moderation/rules/%7B%7BruleId%7D%7D

developer auth

curl -X PATCH 'https://api.amba.dev/admin/projects/%7B%7BprojectId%7D%7D/moderation/rules/%7B%7BruleId%7D%7D'

Loading auth… Configure auth in the settings drawer (top-right) to run this request.

Curl:

curl -X PATCH '${BASE_URL}/admin/projects/{projectId}/moderation/rules/{ruleId}' \
  -H 'Authorization: Bearer ${DEV_TOKEN}' \
  -H 'Content-Type: application/json' \
  -d '{}'

DELETE /admin/projects/:projectId/moderation/rules/:ruleId

{ "data": { "deleted": true } }

Try it:

DELETE/admin/projects/%7B%7BprojectId%7D%7D/moderation/rules/%7B%7BruleId%7D%7D

developer auth

curl -X DELETE 'https://api.amba.dev/admin/projects/%7B%7BprojectId%7D%7D/moderation/rules/%7B%7BruleId%7D%7D'

Loading auth… Configure auth in the settings drawer (top-right) to run this request.

Curl:

curl -X DELETE '${BASE_URL}/admin/projects/{projectId}/moderation/rules/{ruleId}' \
  -H 'Authorization: Bearer ${DEV_TOKEN}'

POST /admin/projects/:projectId/moderation/trust

Upsert by app_user_id.

Request (`SetTrustLevelInput`)

Field	Type	Required	Default
`app_user_id`	uuid	yes	—
`trust_level`	string	yes	—
`auto_approve`	boolean	no	false

Response 200

{
  "data": { "app_user_id": "…", "trust_level": "trusted", "auto_approve": true, "updated_at": "…" }
}

Errors

500 UPSERT_FAILED.

Try it:

POST/admin/projects/%7B%7BprojectId%7D%7D/moderation/trust

developer auth

curl -X POST 'https://api.amba.dev/admin/projects/%7B%7BprojectId%7D%7D/moderation/trust'

Loading auth… Configure auth in the settings drawer (top-right) to run this request.

Curl:

curl -X POST '${BASE_URL}/admin/projects/{projectId}/moderation/trust' \
  -H 'Authorization: Bearer ${DEV_TOKEN}' \
  -H 'Content-Type: application/json' \
  -d '{}'

GET /admin/projects/:projectId/moderation/trust

{
  "data": [
    {
      "app_user_id": "…",
      "trust_level": "trusted",
      "auto_approve": true,
      "app_users": { "id": "…", "display_name": "…", "email": "…" }
    }
  ],
  "total": 42,
  "offset": 0,
  "limit": 50
}

Try it:

GET/admin/projects/%7B%7BprojectId%7D%7D/moderation/trust

developer auth

curl -X GET 'https://api.amba.dev/admin/projects/%7B%7BprojectId%7D%7D/moderation/trust'

Loading auth… Configure auth in the settings drawer (top-right) to run this request.

Curl:

curl -X GET '${BASE_URL}/admin/projects/{projectId}/moderation/trust' \
  -H 'Authorization: Bearer ${DEV_TOKEN}'

On this page