Admin

Administrative endpoints requiring bearer token authentication

Grant credits to user (Admin)

post

/users/{address}/credits

Grants new credits to a user for completing a specific goal. Requires bearer token authentication with API_ADMIN_TOKEN.

Authorizations

AuthorizationstringRequired

Bearer token authentication for administrative endpoints. Use API_ADMIN_TOKEN for most admin endpoints or PROGRAMMATIC_API_ADMIN_TOKEN for /flag endpoint.

Path parameters

addressstringRequired

User's Ethereum address

Example: 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEbPattern: ^0x[a-fA-F0-9]{40}$

Body

goalIdstringRequired

ID of the goal that was completed

Responses

200

Credits granted successfully

application/json

400

Bad request - Invalid address or missing goalId

application/json

401

Unauthorized - Invalid bearer token

application/json

500

Internal server error

application/json

post

/users/{address}/credits

POST /users/{address}/credits HTTP/1.1
Host: credits.decentraland.org
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 21

{
  "goalId": "goal-123"
}

{
  "signature": "text",
  "expiresAt": 1,
  "season": {
    "name": "text",
    "id": 1
  },
  "seasonId": 1,
  "creditId": "text"
}

Restart user program (Admin, Non-Production)

post

/restart-program

Restarts a user's progress in the current season. Only available in non-production environments. Requires bearer token authentication with API_ADMIN_TOKEN.

Authorizations

AuthorizationstringRequired

Bearer token authentication for administrative endpoints. Use API_ADMIN_TOKEN for most admin endpoints or PROGRAMMATIC_API_ADMIN_TOKEN for /flag endpoint.

Body

addressstringRequired

User's Ethereum address

Pattern: ^0x[a-fA-F0-9]{40}$

Responses

200

Program restarted successfully

application/json

400

Bad request

application/json

401

Unauthorized - Invalid bearer token

application/json

post

/restart-program

POST /restart-program HTTP/1.1
Host: credits.decentraland.org
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 55

{
  "address": "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb"
}

{
  "ok": true
}

Test email sending (Admin, Non-Production)

post

/test-email

Sends a test email to verify email notification functionality. Only available in non-production environments. Requires bearer token authentication with API_ADMIN_TOKEN.

Authorizations

AuthorizationstringRequired

Bearer token authentication for administrative endpoints. Use API_ADMIN_TOKEN for most admin endpoints or PROGRAMMATIC_API_ADMIN_TOKEN for /flag endpoint.

Body

addressstringRequired

User's Ethereum address to send test email to

Pattern: ^0x[a-fA-F0-9]{40}$

Responses

200

Test email sent successfully

application/json

401

Unauthorized - Invalid bearer token

application/json

post

/test-email

POST /test-email HTTP/1.1
Host: credits.decentraland.org
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 18

{
  "address": "text"
}

{
  "ok": true
}

Flag users for multi-accounting (Programmatic Admin)

post

/flag

Flags one or more users for multi-accounting detection or blacklisted addresses. This endpoint is designed for programmatic use by external systems. Requires bearer token authentication with PROGRAMMATIC_API_ADMIN_TOKEN.

Authorizations

AuthorizationstringRequired

Bearer token authentication for administrative endpoints. Use API_ADMIN_TOKEN for most admin endpoints or PROGRAMMATIC_API_ADMIN_TOKEN for /flag endpoint.

Body

ipstringRequired

IP address associated with the flagged users

addressesLinkedstring[]Required

List of Ethereum addresses linked to the same IP

sourcestring · enumOptional

Source of the flagging detection

Possible values:

Responses

200

Users flagged successfully

application/json

400

Bad request - Invalid addresses or missing required fields

application/json

401

Unauthorized - Invalid bearer token

application/json

post

/flag

POST /flag HTTP/1.1
Host: credits.decentraland.org
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 71

{
  "ip": "text",
  "addressesLinked": [
    "text"
  ],
  "source": "ip_multi_accounting"
}

{
  "ok": true
}

Unflag users (Admin)

post

/unflag

Removes flags from users for captcha or multi-account violations. Requires bearer token authentication with API_ADMIN_TOKEN.

Authorizations

AuthorizationstringRequired

Bearer token authentication for administrative endpoints. Use API_ADMIN_TOKEN for most admin endpoints or PROGRAMMATIC_API_ADMIN_TOKEN for /flag endpoint.

Body

addressesstring[]Required

List of Ethereum addresses to unflag

cacheTypestring · enumRequired

Type of flag to remove

Possible values:

Responses

200

Users unflagged successfully

application/json

400

Bad request - Invalid addresses

application/json

401

Unauthorized - Invalid bearer token

application/json

post

/unflag

POST /unflag HTTP/1.1
Host: credits.decentraland.org
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 87

{
  "addresses": [
    "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb"
  ],
  "cacheType": "multi-account"
}

{
  "ok": true
}

Get flagged wallets (Admin)

get

/admin/flagged-wallets

Retrieves all flagged wallets with their flagging details including timestamps, reasons, and associated IP addresses. Provides summary statistics. Requires bearer token authentication with API_ADMIN_TOKEN.

Authorizations

AuthorizationstringRequired

Bearer token authentication for administrative endpoints. Use API_ADMIN_TOKEN for most admin endpoints or PROGRAMMATIC_API_ADMIN_TOKEN for /flag endpoint.

Responses

200

Flagged wallets retrieved successfully

application/json

401

Unauthorized - Invalid bearer token

application/json

get

/admin/flagged-wallets

GET /admin/flagged-wallets HTTP/1.1
Host: credits.decentraland.org
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "flaggedWallets": [
    {
      "address": "text",
      "flagType": "captcha",
      "flaggedAt": "2026-01-19T15:24:48.620Z",
      "reason": {
        "message": "text",
        "ip": "text",
        "linkedAddresses": [
          "text"
        ]
      },
      "attempts": 1
    }
  ],
  "totalCount": 1,
  "metadata": {
    "captchaFlags": 1,
    "multiAccountFlags": 1,
    "retrievedAt": "2026-01-19T15:24:48.620Z"
  }
}

Trigger reminder emails (Admin)

post

/trigger-emails

Manually triggers reminder email sending for users based on time window. Requires bearer token authentication with API_ADMIN_TOKEN.

Authorizations

AuthorizationstringRequired

Bearer token authentication for administrative endpoints. Use API_ADMIN_TOKEN for most admin endpoints or PROGRAMMATIC_API_ADMIN_TOKEN for /flag endpoint.

Body

daystring · enumOptional

Optional day of week filter

Possible values:

dateTimestring · enumRequired

Time window for sending emails

Possible values:

Responses

200

Emails triggered successfully

application/json

400

Bad request - Invalid day or dateTime

application/json

401

Unauthorized - Invalid bearer token

application/json

post

/trigger-emails

POST /trigger-emails HTTP/1.1
Host: credits.decentraland.org
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 37

{
  "day": "friday",
  "dateTime": "evening"
}

{
  "ok": true
}

PreviousSeasons NextNotifications Workers

Last updated 2 months ago

hashtagGrant credits to user (Admin)

hashtagRestart user program (Admin, Non-Production)

hashtagTest email sending (Admin, Non-Production)

hashtagFlag users for multi-accounting (Programmatic Admin)

hashtagUnflag users (Admin)

hashtagGet flagged wallets (Admin)

hashtagTrigger reminder emails (Admin)

Grant credits to user (Admin)

Restart user program (Admin, Non-Production)

Test email sending (Admin, Non-Production)

Flag users for multi-accounting (Programmatic Admin)

Unflag users (Admin)

Get flagged wallets (Admin)

Trigger reminder emails (Admin)