# Admin

Administrative endpoints requiring bearer token authentication

## Grant credits to user (Admin)

> Grants new credits to a user for completing a specific goal. \
> Requires bearer token authentication with API\_ADMIN\_TOKEN.<br>

```json
{"openapi":"3.1.0","info":{"title":"Credits Server API","version":"1.0.0"},"tags":[{"name":"Admin","description":"Administrative endpoints requiring bearer token authentication"}],"servers":[{"url":"https://credits.decentraland.org","description":"Production environment","variables":{}},{"url":"https://credits.decentraland.zone","description":"Development environment","variables":{}}],"security":[{"BearerToken":[]}],"components":{"securitySchemes":{"BearerToken":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"Bearer token authentication for administrative endpoints. \nUse API_ADMIN_TOKEN for most admin endpoints or PROGRAMMATIC_API_ADMIN_TOKEN for /flag endpoint.\n"}}},"paths":{"/users/{address}/credits":{"post":{"tags":["Admin"],"summary":"Grant credits to user (Admin)","description":"Grants new credits to a user for completing a specific goal. \nRequires bearer token authentication with API_ADMIN_TOKEN.\n","operationId":"grantCredits","parameters":[{"name":"address","in":"path","required":true,"schema":{"type":"string","pattern":"^0x[a-fA-F0-9]{40}$"},"description":"User's Ethereum address"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"goalId":{"type":"string","description":"ID of the goal that was completed"}},"required":["goalId"]}}}},"responses":{"200":{"description":"Credits granted successfully","content":{"application/json":{"schema":{"type":"object","properties":{"signature":{"type":"string","description":"Credit signature for on-chain verification"},"expiresAt":{"type":"number","description":"Credit expiration timestamp"},"season":{"type":"object","properties":{"name":{"type":"string"},"id":{"type":"number"}}},"seasonId":{"type":"number"},"creditId":{"type":"string"}}}}}},"400":{"description":"Bad request - Invalid address or missing goalId","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error message"},"code":{"type":"string","description":"Error code (optional)"}},"required":["error"]}}}},"401":{"description":"Unauthorized - Invalid bearer token","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error message"},"code":{"type":"string","description":"Error code (optional)"}},"required":["error"]}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error message"},"code":{"type":"string","description":"Error code (optional)"}},"required":["error"]}}}}}}}}}
```

## Restart user program (Admin, Non-Production)

> Restarts a user's progress in the current season. \
> Only available in non-production environments.\
> Requires bearer token authentication with API\_ADMIN\_TOKEN.<br>

```json
{"openapi":"3.1.0","info":{"title":"Credits Server API","version":"1.0.0"},"tags":[{"name":"Admin","description":"Administrative endpoints requiring bearer token authentication"}],"servers":[{"url":"https://credits.decentraland.org","description":"Production environment","variables":{}},{"url":"https://credits.decentraland.zone","description":"Development environment","variables":{}}],"security":[{"BearerToken":[]}],"components":{"securitySchemes":{"BearerToken":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"Bearer token authentication for administrative endpoints. \nUse API_ADMIN_TOKEN for most admin endpoints or PROGRAMMATIC_API_ADMIN_TOKEN for /flag endpoint.\n"}}},"paths":{"/restart-program":{"post":{"tags":["Admin"],"summary":"Restart user program (Admin, Non-Production)","description":"Restarts a user's progress in the current season. \nOnly available in non-production environments.\nRequires bearer token authentication with API_ADMIN_TOKEN.\n","operationId":"restartProgram","requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"address":{"type":"string","pattern":"^0x[a-fA-F0-9]{40}$","description":"User's Ethereum address"}},"required":["address"]}}}},"responses":{"200":{"description":"Program restarted successfully","content":{"application/json":{"schema":{"type":"object","properties":{"ok":{"type":"boolean"}}}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error message"},"code":{"type":"string","description":"Error code (optional)"}},"required":["error"]}}}},"401":{"description":"Unauthorized - Invalid bearer token","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error message"},"code":{"type":"string","description":"Error code (optional)"}},"required":["error"]}}}}}}}}}
```

## Test email sending (Admin, Non-Production)

> Sends a test email to verify email notification functionality.\
> Only available in non-production environments.\
> Requires bearer token authentication with API\_ADMIN\_TOKEN.<br>

```json
{"openapi":"3.1.0","info":{"title":"Credits Server API","version":"1.0.0"},"tags":[{"name":"Admin","description":"Administrative endpoints requiring bearer token authentication"}],"servers":[{"url":"https://credits.decentraland.org","description":"Production environment","variables":{}},{"url":"https://credits.decentraland.zone","description":"Development environment","variables":{}}],"security":[{"BearerToken":[]}],"components":{"securitySchemes":{"BearerToken":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"Bearer token authentication for administrative endpoints. \nUse API_ADMIN_TOKEN for most admin endpoints or PROGRAMMATIC_API_ADMIN_TOKEN for /flag endpoint.\n"}}},"paths":{"/test-email":{"post":{"tags":["Admin"],"summary":"Test email sending (Admin, Non-Production)","description":"Sends a test email to verify email notification functionality.\nOnly available in non-production environments.\nRequires bearer token authentication with API_ADMIN_TOKEN.\n","operationId":"testEmail","requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"address":{"type":"string","pattern":"^0x[a-fA-F0-9]{40}$","description":"User's Ethereum address to send test email to"}},"required":["address"]}}}},"responses":{"200":{"description":"Test email sent successfully","content":{"application/json":{"schema":{"type":"object","properties":{"ok":{"type":"boolean"}}}}}},"401":{"description":"Unauthorized - Invalid bearer token","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error message"},"code":{"type":"string","description":"Error code (optional)"}},"required":["error"]}}}}}}}}}
```

## Flag users for multi-accounting (Programmatic Admin)

> Flags one or more users for multi-accounting detection or blacklisted addresses.\
> This endpoint is designed for programmatic use by external systems.\
> Requires bearer token authentication with PROGRAMMATIC\_API\_ADMIN\_TOKEN.<br>

```json
{"openapi":"3.1.0","info":{"title":"Credits Server API","version":"1.0.0"},"tags":[{"name":"Admin","description":"Administrative endpoints requiring bearer token authentication"}],"servers":[{"url":"https://credits.decentraland.org","description":"Production environment","variables":{}},{"url":"https://credits.decentraland.zone","description":"Development environment","variables":{}}],"security":[{"BearerToken":[]}],"components":{"securitySchemes":{"BearerToken":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"Bearer token authentication for administrative endpoints. \nUse API_ADMIN_TOKEN for most admin endpoints or PROGRAMMATIC_API_ADMIN_TOKEN for /flag endpoint.\n"}}},"paths":{"/flag":{"post":{"tags":["Admin"],"summary":"Flag users for multi-accounting (Programmatic Admin)","description":"Flags one or more users for multi-accounting detection or blacklisted addresses.\nThis endpoint is designed for programmatic use by external systems.\nRequires bearer token authentication with PROGRAMMATIC_API_ADMIN_TOKEN.\n","operationId":"flagUsers","requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"ip":{"type":"string","description":"IP address associated with the flagged users"},"addressesLinked":{"type":"array","items":{"type":"string","pattern":"^0x[a-fA-F0-9]{40}$"},"description":"List of Ethereum addresses linked to the same IP"},"source":{"type":"string","enum":["ip_multi_accounting","web_anon_multi_accounting","explorer_anon_multi_accounting","web_anon_blacklisted_address","explorer_anon_blacklisted_address"],"description":"Source of the flagging detection"}},"required":["ip","addressesLinked"]}}}},"responses":{"200":{"description":"Users flagged successfully","content":{"application/json":{"schema":{"type":"object","properties":{"ok":{"type":"boolean"}}}}}},"400":{"description":"Bad request - Invalid addresses or missing required fields","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error message"},"code":{"type":"string","description":"Error code (optional)"}},"required":["error"]}}}},"401":{"description":"Unauthorized - Invalid bearer token","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error message"},"code":{"type":"string","description":"Error code (optional)"}},"required":["error"]}}}}}}}}}
```

## Unflag users (Admin)

> Removes flags from users for captcha or multi-account violations.\
> Requires bearer token authentication with API\_ADMIN\_TOKEN.<br>

```json
{"openapi":"3.1.0","info":{"title":"Credits Server API","version":"1.0.0"},"tags":[{"name":"Admin","description":"Administrative endpoints requiring bearer token authentication"}],"servers":[{"url":"https://credits.decentraland.org","description":"Production environment","variables":{}},{"url":"https://credits.decentraland.zone","description":"Development environment","variables":{}}],"security":[{"BearerToken":[]}],"components":{"securitySchemes":{"BearerToken":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"Bearer token authentication for administrative endpoints. \nUse API_ADMIN_TOKEN for most admin endpoints or PROGRAMMATIC_API_ADMIN_TOKEN for /flag endpoint.\n"}}},"paths":{"/unflag":{"post":{"tags":["Admin"],"summary":"Unflag users (Admin)","description":"Removes flags from users for captcha or multi-account violations.\nRequires bearer token authentication with API_ADMIN_TOKEN.\n","operationId":"unflagUsers","requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"addresses":{"type":"array","items":{"type":"string","pattern":"^0x[a-fA-F0-9]{40}$"},"description":"List of Ethereum addresses to unflag"},"cacheType":{"type":"string","enum":["captcha","multi-account"],"description":"Type of flag to remove"}},"required":["addresses","cacheType"]}}}},"responses":{"200":{"description":"Users unflagged successfully","content":{"application/json":{"schema":{"type":"object","properties":{"ok":{"type":"boolean"}}}}}},"400":{"description":"Bad request - Invalid addresses","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error message"},"code":{"type":"string","description":"Error code (optional)"}},"required":["error"]}}}},"401":{"description":"Unauthorized - Invalid bearer token","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error message"},"code":{"type":"string","description":"Error code (optional)"}},"required":["error"]}}}}}}}}}
```

## Get flagged wallets (Admin)

> Retrieves all flagged wallets with their flagging details including timestamps, \
> reasons, and associated IP addresses. Provides summary statistics.\
> Requires bearer token authentication with API\_ADMIN\_TOKEN.<br>

```json
{"openapi":"3.1.0","info":{"title":"Credits Server API","version":"1.0.0"},"tags":[{"name":"Admin","description":"Administrative endpoints requiring bearer token authentication"}],"servers":[{"url":"https://credits.decentraland.org","description":"Production environment","variables":{}},{"url":"https://credits.decentraland.zone","description":"Development environment","variables":{}}],"security":[{"BearerToken":[]}],"components":{"securitySchemes":{"BearerToken":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"Bearer token authentication for administrative endpoints. \nUse API_ADMIN_TOKEN for most admin endpoints or PROGRAMMATIC_API_ADMIN_TOKEN for /flag endpoint.\n"}}},"paths":{"/admin/flagged-wallets":{"get":{"tags":["Admin"],"summary":"Get flagged wallets (Admin)","description":"Retrieves all flagged wallets with their flagging details including timestamps, \nreasons, and associated IP addresses. Provides summary statistics.\nRequires bearer token authentication with API_ADMIN_TOKEN.\n","operationId":"getFlaggedWallets","responses":{"200":{"description":"Flagged wallets retrieved successfully","content":{"application/json":{"schema":{"type":"object","properties":{"flaggedWallets":{"type":"array","items":{"type":"object","properties":{"address":{"type":"string","pattern":"^0x[a-fA-F0-9]{40}$","description":"Flagged wallet address"},"flagType":{"type":"string","enum":["captcha","multi-account"],"description":"Type of flag"},"flaggedAt":{"type":"string","format":"date-time","description":"When the wallet was flagged"},"reason":{"type":"object","properties":{"message":{"type":"string"},"ip":{"type":"string"},"linkedAddresses":{"type":"array","items":{"type":"string"}}}},"attempts":{"type":"number","description":"Number of failed captcha attempts (for captcha flags)"}}},"description":"List of flagged wallets"},"totalCount":{"type":"number","description":"Total number of flagged wallets"},"metadata":{"type":"object","properties":{"captchaFlags":{"type":"number","description":"Number of captcha-related flags"},"multiAccountFlags":{"type":"number","description":"Number of multi-accounting flags"},"retrievedAt":{"type":"string","format":"date-time","description":"When the data was retrieved"}},"required":["captchaFlags","multiAccountFlags","retrievedAt"]}},"required":["flaggedWallets","totalCount","metadata"]}}}},"401":{"description":"Unauthorized - Invalid bearer token","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error message"},"code":{"type":"string","description":"Error code (optional)"}},"required":["error"]}}}}}}}}}
```

## Trigger reminder emails (Admin)

> Manually triggers reminder email sending for users based on time window.\
> Requires bearer token authentication with API\_ADMIN\_TOKEN.<br>

```json
{"openapi":"3.1.0","info":{"title":"Credits Server API","version":"1.0.0"},"tags":[{"name":"Admin","description":"Administrative endpoints requiring bearer token authentication"}],"servers":[{"url":"https://credits.decentraland.org","description":"Production environment","variables":{}},{"url":"https://credits.decentraland.zone","description":"Development environment","variables":{}}],"security":[{"BearerToken":[]}],"components":{"securitySchemes":{"BearerToken":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"Bearer token authentication for administrative endpoints. \nUse API_ADMIN_TOKEN for most admin endpoints or PROGRAMMATIC_API_ADMIN_TOKEN for /flag endpoint.\n"}}},"paths":{"/trigger-emails":{"post":{"tags":["Admin"],"summary":"Trigger reminder emails (Admin)","description":"Manually triggers reminder email sending for users based on time window.\nRequires bearer token authentication with API_ADMIN_TOKEN.\n","operationId":"triggerEmails","requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"day":{"type":"string","enum":["thursday","friday","sunday"],"description":"Optional day of week filter"},"dateTime":{"type":"string","enum":["morning","midday","evening"],"description":"Time window for sending emails"}},"required":["dateTime"]}}}},"responses":{"200":{"description":"Emails triggered successfully","content":{"application/json":{"schema":{"type":"object","properties":{"ok":{"type":"boolean"}}}}}},"400":{"description":"Bad request - Invalid day or dateTime","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error message"},"code":{"type":"string","description":"Error code (optional)"}},"required":["error"]}}}},"401":{"description":"Unauthorized - Invalid bearer token","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error message"},"code":{"type":"string","description":"Error code (optional)"}},"required":["error"]}}}}}}}}}
```