Skip to content
Open Social

API Endpoints Reference

Open Social uses two authentication methods:

  • OAuth Session — for web app users (browser cookies)
  • API Key — for programmatic access (X-Api-Key header)

All API Key routes use camelCase field names. Pagination defaults to 20 items per page (max 100). Pass cursor from the previous response to get the next page.

Authentication (OAuth)

Section titled “Authentication (OAuth)”
MethodPathDescription
GET/oauth-client-metadata.jsonOAuth client metadata
GET/.well-known/jwks.jsonPublic JSON Web Key Set
GET/oauth/callbackOAuth callback handler
POST/loginInitiate OAuth login flow
POST/logoutDestroy session

User Routes (OAuth Session)

Section titled “User Routes (OAuth Session)”
MethodPathDescription
GET/users/meGet current user profile
GET/users/me/membershipsList user’s community memberships
POST/users/me/communitiesCreate a new community

Community Management (OAuth Session)

Section titled “Community Management (OAuth Session)”
MethodPathDescription
GET/communities/:didGet community details
POST/communities/:did/avatarUpload community avatar
POST/communities/:did/bannerUpload banner or reuse Bluesky banner
PUT/communities/:did/profileUpdate community profile
DELETE/communities/:didDelete a community
GET/communities/:did/membersList community members
POST/communities/:did/members/:memberDid/adminPromote member to admin
DELETE/communities/:did/members/:memberDid/adminDemote admin
DELETE/communities/:did/members/:memberDidRemove member

App Management (OAuth Session)

Section titled “App Management (OAuth Session)”
MethodPathDescription
POST/api/v1/apps/registerRegister a new app
GET/api/v1/appsList your apps
GET/api/v1/apps/:appIdGet app details
PUT/api/v1/apps/:appIdUpdate app
DELETE/api/v1/apps/:appIdDeactivate app
POST/api/v1/apps/:appId/rotate-keyRotate API key
POST/api/v1/apps/verifyVerify API key

Communities API (API Key)

Section titled “Communities API (API Key)”
MethodPathDescription
POST/api/v1/communitiesCreate community
GET/api/v1/communitiesList/search communities
GET/api/v1/communities/:didGet community details
DELETE/api/v1/communities/:didDelete community

Search Communities

Section titled “Search Communities”
GET /api/v1/communities?query=gaming&userDid=did:plc:abc&limit=20&cursor=...

Returns memberCount, isAdmin, and community type for each result.

Members API (API Key)

Section titled “Members API (API Key)”
MethodPathDescription
POST/api/v1/communities/:did/members/joinJoin community
POST/api/v1/communities/:did/members/leaveLeave community
GET/api/v1/communities/:did/membersList members (paginated)
GET/api/v1/communities/:did/members/pendingList pending requests
POST/api/v1/communities/:did/members/approveApprove join request
POST/api/v1/communities/:did/members/rejectReject join request
DELETE/api/v1/communities/:did/members/:memberDidRemove member
POST/api/v1/communities/:did/admins/promotePromote to admin
POST/api/v1/communities/:did/admins/demoteDemote admin
POST/api/v1/communities/:did/admins/transferTransfer primary admin
POST/api/v1/communities/:did/membership/checkCheck membership status
GET/api/v1/communities/:did/audit-logView audit log

Join Community

Section titled “Join Community”
POST /api/v1/communities/:did/members/join
{ "userDid": "did:plc:abc123" }
  • Open communities → 201, immediately joined
  • Admin-approved communities → 202, request pending

List Members

Section titled “List Members”
GET /api/v1/communities/:did/members?public=true&search=did:plc&limit=20&cursor=...

Returns handle, avatar, isAdmin, confirmedAt for each member.

Membership Check

Section titled “Membership Check”
POST /api/v1/communities/:did/membership/check
{ "userDid": "did:plc:abc123" }
→ { "isMember": true, "isAdmin": false, "isPending": false }

Records API (API Key)

Section titled “Records API (API Key)”
MethodPathDescription
POST/api/v1/communities/:did/recordsCreate record
PUT/api/v1/communities/:did/recordsUpdate record
DELETE/api/v1/communities/:did/records/:collection/:rkeyDelete record
GET/api/v1/communities/:did/records/:collectionList records
GET/api/v1/communities/:did/records/:collection/:rkeyGet record

Create Record

Section titled “Create Record”
POST /api/v1/communities/:did/records
{
  "userDid": "did:plc:abc123",
  "collection": "community.opensocial.list",
  "record": {
    "$type": "community.opensocial.list",
    "name": "My Reading List"
  }
}

Webhooks API (API Key)

Section titled “Webhooks API (API Key)”
MethodPathDescription
POST/api/v1/webhooksRegister webhook
GET/api/v1/webhooksList webhooks
PUT/api/v1/webhooks/:webhookIdUpdate webhook
DELETE/api/v1/webhooks/:webhookIdDelete webhook

Webhook Events

Section titled “Webhook Events”
  • member.joined, member.left, member.approved, member.rejected, member.removed
  • record.created, record.updated, record.deleted

Create Webhook

Section titled “Create Webhook”
POST /api/v1/webhooks
{
  "url": "https://example.com/webhook",
  "events": ["member.joined", "member.left"],
  "communityDid": "did:plc:community123"
}

Webhook payloads include an X-Webhook-Signature header (HMAC-SHA256).