Skip to main content

Endpoints

Complete reference for every REST endpoint exposed by Zander. Use the group navigation below to jump to a specific feature area.

All endpoints require the x-access-token header unless marked Public. Feature-gated endpoints additionally require the relevant feature to be enabled in features.json.

Announcements

Base path: /api/announcement

MethodPathDescription
GET/api/announcement/getRetrieve announcements. Optional query params: announcementId, announcementType (web/popup/tip/motd), enabled
POST/api/announcement/createCreate an announcement. Body: actioningUser, type, body, enabled, startDate, endDate
POST/api/announcement/editEdit an announcement. Body: actioningUser, announcementId, plus any fields to update
POST/api/announcement/deleteDelete an announcement. Body: actioningUser, announcementId

Applications

Base path: /api/application

MethodPathDescription
GET/api/application/getRetrieve all applications, or a specific one via ?id=
POST/api/application/createCreate an application. Body: actioningUser, displayName, description, displayIcon, requirementsMarkdown, redirectUrl, position, applicationStatus
POST/api/application/editEdit an application. Body: actioningUser, applicationId, plus fields to update
POST/api/application/deleteDelete an application. Body: actioningUser, applicationId

Bridge

Base path: /api/bridge

MethodPathDescription
GET/api/bridge/processor/getRetrieve executor tasks. Query: status (pending/processing/completed/failed), slug, limit (1–250, default 50), claim (boolean — transitions pending to processing)
POST/api/bridge/processor/command/addQueue a task. Body: command or routineSlug or tasks[]; optional slug, target, metadata, priority
POST/api/bridge/processor/task/:taskId/reportUpdate task status. Body: status (pending/processing/completed/failed), result, executedBy, metadata
POST/api/bridge/processor/task/:taskId/resetReset a task to pending
POST/api/bridge/processor/clearDelete tasks matching filters. Body: status, slug, routineSlug
POST/api/bridge/routine/saveCreate or update a routine. Body: routineSlug, steps[] (each with slug, command), displayName, description
GET/api/bridge/routine/getRetrieve routines. Query: routineSlug (optional)
GET/api/bridge/server/getRetrieve bridge server status
POST/api/bridge/server/updateUpdate server status. Body: serverInfo (object or JSON string), lastUpdated (optional ISO date)

Config / Policy

MethodPathAuthDescription
GET/policyPublicReturns site policy URLs from config.json
GET/socialPublicReturns enabled social media platform links

Discord (Minecraft relay)

Base path: /api/discord

MethodPathDescription
POST/api/discord/switchNotify Discord when a player switches servers. Body: actioningUser, server
POST/api/discord/chatRelay Minecraft chat to Discord. Body: actioningUser, message, server
POST/api/discord/joinAnnounce player join to Discord. Body: actioningUser, server
POST/api/discord/leaveAnnounce player leave and log audit. Body: actioningUser, server. Rate limited: 60 req/min
POST/api/discord/spy/commandRelay executed player command to Discord. Body: actioningUser, command. Rate limited: 120 req/min
POST/api/discord/spy/directMessageRelay Minecraft DM to Discord. Body: sender, recipient, message

Discord Punishments

Base path: /api/discord-punishments

MethodPathDescription
GET/api/discord-punishments/getRetrieve punishments for a user. Query: discordId, playerId, or username (at least one required)
GET/api/discord-punishments/punishmentFetch a specific punishment. Query: id (required)
POST/api/discord-punishments/appealSubmit an appeal. Body: punishmentId, discordUserId, appealReason
GET/api/discord-punishments/appeals/pendingRetrieve all pending appeals
POST/api/discord-punishments/appeal/reviewProcess an appeal decision. Body: appealId, status (APPROVED|REJECTED), reviewerDiscordUserId, reviewerNotes (optional)

Events

Base path: /api/events

Public Endpoints

MethodPathDescription
GET/api/events/upcomingUpcoming published events. Query: limit (max 50)
GET/api/events/publishedAll published events (paginated). Query: page, limit (max 100)
GET/api/events/calendarEvents in a date range. Query: start, end

Authenticated Endpoints

MethodPathDescription
GET/api/events/getAll events with filters. Query: status, search, page, limit
GET/api/events/singleSingle event. Query: eventId
GET/api/events/pending-reviewEvents awaiting approval
POST/api/events/createCreate event draft. Body: title, startAt, endAt
POST/api/events/updateUpdate event. Body: eventId + fields
POST/api/events/submit-reviewSubmit for approval. Body: eventId
POST/api/events/approveApprove and auto-publish. Body: eventId
POST/api/events/rejectReject submission. Body: eventId, rejectionNote (optional)
POST/api/events/publishPublish approved event. Body: eventId
POST/api/events/update-publishedUpdate a published event. Body: eventId
POST/api/events/cancelCancel an event. Body: eventId, reason (optional)
POST/api/events/archiveArchive an event. Body: eventId
POST/api/events/deleteDelete an event. Body: eventId
POST/api/events/duplicateClone as draft. Body: eventId
POST/api/events/actions/updateUpdate event actions. Body: eventId, actions
POST/api/events/announcements/updateUpdate event announcements. Body: eventId, announcements

Templates

MethodPathDescription
GET/api/events/templates/getAll templates
GET/api/events/templates/singleSingle template. Query: templateId
POST/api/events/templates/createCreate template. Body: title
POST/api/events/templates/updateUpdate template. Body: templateId
POST/api/events/templates/deleteDelete template. Body: templateId
POST/api/events/templates/announcements/updateUpdate template announcements. Body: templateId, announcements
POST/api/events/templates/generate-draftGenerate event from template. Body: templateId, targetDate (optional)

Forms

Base path: /api/forms

MethodPathDescription
GET/api/forms/getRetrieve forms. Query: id, slug, published (all optional)
POST/api/forms/createCreate a form. Body: actioningUser, name; optional: slug, status, requireLogin, allowAnonymous, accessPassword, submitterCanView, discordWebhookUrl, discordForumChannelId, webhookEnabled, postToForumEnabled, blocks[]
POST/api/forms/editUpdate a form. Body: actioningUser, formId, name; same optional fields as create
POST/api/forms/publishPublish or unpublish a form. Body: actioningUser, formId, status
POST/api/forms/deleteDelete a form. Body: actioningUser, formId
POST/api/forms/submitSubmit a form response. Body: formId, answers; optional: submittedByUserId, anonymous
GET/api/forms/responsesPaginated responses for a form. Query: formId, status, page, limit
GET/api/forms/responseSingle response with form and block data. Query: responseId
POST/api/forms/response/statusUpdate response status. Body: actioningUser, responseId, status

Filter

MethodPathDescription
POST/api/filterCheck content against phrase and link filters. Body: content (required), username, discordId, or discordUsername

Punishments

MethodPathDescription
GET/api/punishments/getPaginated punishment list. Query: page (default 1), limit (default 25, max 100)

Ranks

Base path: /api/rank

MethodPathDescription
GET/api/rank/getRetrieve ranks. Query: username (player's ranks) or rank (members of a rank)
GET/api/rank/userGet all ranks for a player. Query: username (required)
POST/api/rank/config/:rankSlugUpdate rank config in LuckPerms. Body: displayName, rankBadgeColour, rankTextColour, priority, discordRoleId, isStaff, isDonator
POST/api/rank/user/assignAssign a rank to a player. Body: username, rankSlug, title (optional)
POST/api/rank/user/removeRemove a rank from a player. Body: username, rankSlug
POST/api/rank/user/permission/checkCheck if a player has a permission. Body: username, permission

Reports

MethodPathDescription
GET/api/report/getRetrieve reports. Query: reportedId (optional)
POST/api/report/createSubmit a report. Body: reporterUser, reportedUser, reportReason, reportPlatform, reportReasonEvidence (optional)

Scheduler

MethodPathDescription
GET/api/scheduler/discord/getRetrieve scheduled messages. Query: status (optional)
POST/api/scheduler/discord/createSchedule a Discord message. Body: actioningUser, channelId, scheduledFor, timezoneOffset, embedTitle, embedDescription, embedColor
POST/api/scheduler/discord/deleteDelete a scheduled message. Body: actioningUser, scheduleId

Servers

MethodPathDescription
GET/api/server/getRetrieve servers. Query: id, type (both optional)
POST/api/server/createCreate a server. Body: actioningUser, displayName, serverType, serverConnectionAddress, position
POST/api/server/editEdit a server. Body: actioningUser, serverId, displayName, serverType, serverConnectionAddress, position
POST/api/server/deleteDelete a server. Body: actioningUser, serverId

Sessions

MethodPathDescription
POST/api/session/createStart a player session. Body: uuid, ip
POST/api/session/destroyEnd all sessions for a player. Body: uuid
POST/api/session/switchUpdate active session's server. Body: uuid, server

Shop Directory

MethodPathDescription
GET/api/shop/getPaginated shop listings. Query: page (default 1), material (optional filter)

Users

Base path: /api/user

MethodPathDescription
POST/api/user/createCreate or update a user by UUID. Body: uuid, username
GET/api/user/getRetrieve user(s). Query: username, discordId, or userId
GET/api/user/profile/getFull profile with stats and session data. Query: username, discordId, or userId
GET/api/user/punishmentsPunishment history. Query: uuid, username, or discordId
POST/api/user/verifyGenerate Discord verification code. Body: uuid. Rate limited: 10 req / 15 min
POST/api/user/linkLink Discord account using code. Body: uuid, code
POST/api/user/profile/displayUpdate profile picture preference. Body: displayPreference
POST/api/user/profile/interestsUpdate interests. Body: interests (content filtered)
POST/api/user/profile/aboutUpdate about section. Body: about (content filtered)
POST/api/user/profile/socialUpdate social links. Body: social platform URLs

Vault

MethodPathDescription
GET/api/vault/getRetrieve vault entries. Query: id (optional)
POST/api/vault/createCreate an entry. Body: actioningUser, displayName, description, redirectUrl, position
POST/api/vault/editEdit an entry. Body: actioningUser, vaultId, displayName, description, redirectUrl, position
POST/api/vault/deleteDelete an entry. Body: actioningUser, vaultId

Voting

Public

MethodPathDescription
GET/vote/sitesList active voting sites
GET/vote/leaderboardMonthly leaderboard. Query: month (YYYY-MM), limit (max 100, default 25)
GET/vote/player/:uuidPlayer vote stats. Query: month (YYYY-MM, optional)

Ingest (token-authenticated)

MethodPathDescription
POST/vote/ingestRecord an incoming vote. Body: playerName, playerUuid, serviceName, receivedFrom, receivedAt

Admin (token-authenticated)

MethodPathDescription
GET/admin/vote/sitesAll voting sites including inactive
POST/admin/vote/sitesCreate a voting site. Body: siteName, serviceName, voteUrl, isActive, displayOrder
PUT/admin/vote/sites/:idUpdate a voting site
DELETE/admin/vote/sites/:idDelete a voting site
GET/admin/votesVote history. Query: month, playerUuid, limit
GET/admin/vote/queueCommand queue. Query: status, playerUuid, limit, offset
GET/admin/vote/monthly/resultsMonthly results. Query: month (YYYY-MM)
POST/admin/vote/monthly/processTrigger monthly reward processing. Body: month (YYYY-MM)
GET/admin/vote/reward-templatesList reward templates. Query: type (vote/monthly_top)
POST/admin/vote/reward-templatesCreate a reward template. Body: rewardType, commandTemplate, executeAs, serverScope, isActive, displayOrder
PUT/admin/vote/reward-templates/:idUpdate a reward template
DELETE/admin/vote/reward-templates/:idDelete a reward template
POST/admin/vote/creditManually credit a vote. Body: playerUuid, playerName, monthKey

Upload

MethodPathAuthDescription
POST/api/upload/imageSession (logged-in user)Upload an image (PNG, JPEG, GIF, WebP — max 8 MB). Returns url, publicId, width, height. Requires Cloudinary to be configured.

Command Bridge (Vote Reward Delivery)

Used by zander-addon to consume vote reward commands queued by the voting system.

MethodPathDescription
POST/command-bridge/claimRetrieve and atomically claim pending commands for a player. Body: playerUuid, serverName; optional: playerName
POST/command-bridge/completeMark commands as completed. Body: playerUuid, completedCommandIds[]
POST/command-bridge/failMark commands as failed. Body: playerUuid, failed[] (each with id and optional reason)

Watch

MethodPathAuthDescription
GET/api/watch/livePublicCurrent live streams
GET/api/watch/videosPublicRecent creator videos (last 20)
GET/api/watchPublicCombined live + video feed

Web

MethodPathDescription
GET/api/web/configurationReturns site name and address
GET/api/web/statisticsCommunity stats — member count, hours played, staff count
GET/api/web/logs/getAudit logs. Query: user, feature (both optional)