Documentation Index
Fetch the complete documentation index at: https://docs.7331.org/llms.txt
Use this file to discover all available pages before exploring further.
Base URLs
REST API:
https://portal-api.7331.org
https://portal-ws.7331.org
Endpoint Groups
Portal — chats, chat, match
The core product surface. Session cookie required.
| Group | Description |
|---|
| Chats | Create, start, stop, destroy chats; config, invites, clipboard, screen |
| Chat | Send, delete, clear messages; history; register encryption keys |
| Moderation | Kick, mute, ban, timeout, warn — scoped per-chat |
| Match | Enqueue, dequeue, leave — 1-on-1 matchmaking into direct chats |
| Notifications | List, mark read, unread count (user); broadcast/targeted create (admin) |
Public
| Group | Description | Auth |
|---|
| Monitoring | Health checks and deployment status | None |
| Statistics | User, bot, chat, and app statistics | Optional API Key |
| Authentication | OTP request, lookup, verify, logout | None |
| Users | Profiles, preferences, sessions, search | Session cookie |
Bot integrations
For community operators running bots against Portal.
| Group | Description | Auth |
|---|
| Bots — Public | Browse and search registered bots | Session cookie / API Key |
| Bots — Management | Bot self-management, user lookups, login-code delivery | Bot API Key |
Admin
Note: All admin operations (moderation, permissions, bots, subscriptions, notifications, announcements) are handled via the admin_tools.py CLI. There are no admin REST endpoints.
Rate Limiting
All endpoints are rate limited per client IP (or per API key hash for key-authenticated requests). Limits are applied per minute:
| Tier | Limit | Applies to |
|---|
| LOGIN | 20/min | Authentication endpoints (login, verify, logout) |
| AUTH | 120/min | Authenticated portal, user, and notification endpoints |
| ADMIN | 60/min | Admin endpoints (notifications, announcements) |
| PUBLIC | 120/min | Public endpoints (statistics, user profiles, bot browsing) |
| BOT | 600/min | Bot API-key-authenticated endpoints (self-management, user lookups, batch reporting) |
| HEALTH | 1200/min | Health check endpoints |
| Header | Description |
|---|
X-RateLimit-Limit | Maximum requests allowed in the window |
X-RateLimit-Remaining | Requests remaining in the current window |
X-RateLimit-Reset | Unix timestamp when the window resets |
Retry-After header indicating how many seconds to wait.
All API responses include the following headers:
Identification
| Header | Description |
|---|
X-Source-Hash | Git commit hash of the running deployment |
Security
| Header | Value |
|---|
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
X-XSS-Protection | 0 (disabled in favor of CSP) |
Content-Security-Policy | default-src 'none'; frame-ancestors 'none' |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
Referrer-Policy | strict-origin-when-cross-origin |
Permissions-Policy | Disables geolocation, microphone, camera, payment, USB, magnetometer, accelerometer |
X-Permitted-Cross-Domain-Policies | none |
