search

Subscriptions

User subscription preferences and email verification (Inbox service)

hashtag
Get user subscription preferences

get
/subscription

Retrieves the subscription preferences for the authenticated user, including confirmed email, unconfirmed email (if any), and detailed notification preferences for each notification type. If no subscription exists, returns default preferences with all notifications enabled.

Authorizations
AuthorizationstringRequired

Signed fetch authentication using @dcl/platform-crypto-middleware implementing Decentraland's ADR-44.

Requirements:

  • Authentication chain headers: x-identity, x-signature, x-timestamp
  • Token expiration: 5 minutes
  • Metadata validation: Rejects requests with signer: "decentraland-kernel-scene"
  • The user's Ethereum address is extracted from the auth chain

Example:

Authorization: Bearer <signed-fetch-token>
x-identity: <auth-chain-json>
x-signature: <signature>
x-timestamp: <timestamp>
Responses
chevron-right
200

User subscription preferences retrieved successfully

application/json
get
/subscription

hashtag
Update subscription preferences

put
/subscription

Updates the subscription preferences for the authenticated user. Allows configuring global email/in-app preferences and per-notification-type preferences. The request is validated against the SubscriptionDetails schema. Sends an analytics event to the data warehouse.

Authorizations
AuthorizationstringRequired

Signed fetch authentication using @dcl/platform-crypto-middleware implementing Decentraland's ADR-44.

Requirements:

  • Authentication chain headers: x-identity, x-signature, x-timestamp
  • Token expiration: 5 minutes
  • Metadata validation: Rejects requests with signer: "decentraland-kernel-scene"
  • The user's Ethereum address is extracted from the auth chain

Example:

Authorization: Bearer <signed-fetch-token>
x-identity: <auth-chain-json>
x-signature: <signature>
x-timestamp: <timestamp>
Body
ignore_all_emailbooleanRequired

If true, user will not receive any email notifications

ignore_all_in_appbooleanRequired

If true, user will not receive any in-app notifications

Responses
put
/subscription
No content

hashtag
Unsubscribe from all email notifications

get
/unsubscribe/{address}

Unsubscribes a user from all email notifications by setting ignore_all_email to true. The URL must be signed with HMAC-SHA256 using the service's signing key. Returns an HTML confirmation page. This endpoint is typically accessed via links in notification emails.

Path parameters
addressstringRequired

Ethereum address of the user

Example: 0xb5D7D1A05f553b5098D9274Df6B292e4e8222314Pattern: ^0x[a-fA-F0-9]{40}$
Query parameters
signaturestringRequired

HMAC-SHA256 signature of the URL path and query parameters

timestampstringRequired

Unix timestamp when the signature was generated

Responses
chevron-right
200

Successfully unsubscribed from all email notifications - returns HTML page

text/html
Responsestring

HTML confirmation page

get
/unsubscribe/{address}

hashtag
Unsubscribe from specific notification type

get
/unsubscribe/{address}/{notificationType}

Unsubscribes a user from email notifications for a specific notification type. The URL must be signed with HMAC-SHA256 using the service's signing key. Returns an HTML confirmation page. This endpoint is typically accessed via links in notification emails.

Path parameters
addressstringRequired

Ethereum address of the user

Example: 0xb5D7D1A05f553b5098D9274Df6B292e4e8222314Pattern: ^0x[a-fA-F0-9]{40}$
notificationTypestringRequired

Notification type to unsubscribe from (must be a valid NotificationType enum value)

Example: bid_accepted
Query parameters
signaturestringRequired

HMAC-SHA256 signature of the URL path and query parameters

timestampstringRequired

Unix timestamp when the signature was generated

Responses
chevron-right
200

Successfully unsubscribed from notification type - returns HTML page

text/html
Responsestring

HTML confirmation page

get
/unsubscribe/{address}/{notificationType}

hashtag
Set or update email address

put
/set-email

Initiates email verification process by storing an unconfirmed email and sending a confirmation email.

  • If email is an empty string, removes the current email and disables email notifications

  • If email already exists for another address, returns an error

  • If email matches the currently confirmed email, skips verification

  • Otherwise, generates a 32-character code and sends verification email via SendGrid

The confirmation email contains a link that may include Turnstile challenge if the feature flag is enabled.

Authorizations
AuthorizationstringRequired

Signed fetch authentication using @dcl/platform-crypto-middleware implementing Decentraland's ADR-44.

Requirements:

  • Authentication chain headers: x-identity, x-signature, x-timestamp
  • Token expiration: 5 minutes
  • Metadata validation: Rejects requests with signer: "decentraland-kernel-scene"
  • The user's Ethereum address is extracted from the auth chain

Example:

Authorization: Bearer <signed-fetch-token>
x-identity: <auth-chain-json>
x-signature: <signature>
x-timestamp: <timestamp>
Body
emailstring · emailRequired

Email address to set (provide empty string to remove email and disable notifications)

redirectstringOptional

Optional redirect URL for email confirmation flow

isCreditsWorkflowbooleanOptional

Whether this is part of the credits workflow (affects confirmation URL and email template)

Default: false
Responses
put
/set-email
No content

hashtag
Confirm email address

put
/confirm-email

Confirms an email address using the verification code sent via email. Validates the code against the stored unconfirmed email entry. If Turnstile verification is enabled, also validates the captcha token. Upon success, moves the email to the confirmed subscriptions table and deletes the unconfirmed entry.

Body
addressstringRequired

Ethereum address of the user confirming the email

Pattern: ^0x[a-fA-F0-9]{40}$
codestring · min: 32 · max: 32Required

32-character verification code sent via email

turnstileTokenstringOptional

Cloudflare Turnstile captcha token (required when Turnstile verification is enabled)

sourcestring · enumOptional

Source of the email confirmation (used for analytics)

Possible values:
Responses
put
/confirm-email
No content

hashtag
Check notification opt-out status

get
/subscription/opt-outs/{scope}/{scopeId}

Returns whether the authenticated user has opted out from the provided scope and scope identifier. The user address is extracted from the signed fetch authentication chain.

Authorizations
AuthorizationstringRequired

Signed fetch authentication using @dcl/platform-crypto-middleware implementing Decentraland's ADR-44.

Requirements:

  • Authentication chain headers: x-identity, x-signature, x-timestamp
  • Token expiration: 5 minutes
  • Metadata validation: Rejects requests with signer: "decentraland-kernel-scene"
  • The user's Ethereum address is extracted from the auth chain

Example:

Authorization: Bearer <signed-fetch-token>
x-identity: <auth-chain-json>
x-signature: <signature>
x-timestamp: <timestamp>
Path parameters
scopestring · enumRequired

Scope type for the opt-out

Possible values:
scopeIdstring · min: 1Required

Identifier scoped to the scope (e.g., community ID)

Responses
chevron-right
200

Notification opt-out status retrieved successfully

application/json
get
/subscription/opt-outs/{scope}/{scopeId}

hashtag
Delete notification opt-out

delete
/subscription/opt-outs/{scope}/{scopeId}

Removes the opt-out configuration for the specified scope and scope identifier.

Authorizations
AuthorizationstringRequired

Signed fetch authentication using @dcl/platform-crypto-middleware implementing Decentraland's ADR-44.

Requirements:

  • Authentication chain headers: x-identity, x-signature, x-timestamp
  • Token expiration: 5 minutes
  • Metadata validation: Rejects requests with signer: "decentraland-kernel-scene"
  • The user's Ethereum address is extracted from the auth chain

Example:

Authorization: Bearer <signed-fetch-token>
x-identity: <auth-chain-json>
x-signature: <signature>
x-timestamp: <timestamp>
Path parameters
scopestring · enumRequired

Scope type for the opt-out

Possible values:
scopeIdstring · min: 1Required

Identifier scoped to the scope (e.g., community ID)

Responses
delete
/subscription/opt-outs/{scope}/{scopeId}
No content

hashtag
Create notification opt-out

post
/subscription/opt-outs

Creates an opt-out configuration for the authenticated user based on a scope and scope identifier pair. Each scope maps to a canonical metadata configuration that determines which notifications are filtered.

Authorizations
AuthorizationstringRequired

Signed fetch authentication using @dcl/platform-crypto-middleware implementing Decentraland's ADR-44.

Requirements:

  • Authentication chain headers: x-identity, x-signature, x-timestamp
  • Token expiration: 5 minutes
  • Metadata validation: Rejects requests with signer: "decentraland-kernel-scene"
  • The user's Ethereum address is extracted from the auth chain

Example:

Authorization: Bearer <signed-fetch-token>
x-identity: <auth-chain-json>
x-signature: <signature>
x-timestamp: <timestamp>
Body
scopestring · enumRequired

Scope type to opt out from

Possible values:
scopeIdstring · min: 1Required

Identifier scoped to the scope (e.g., community ID)

Responses
post
/subscription/opt-outs
PreviousNotificationsNextPublishing

Last updated