Skip to main content

Permission Levels

Every user has a permission level that determines what admin actions they can perform. The hierarchy is strict — you can only act on users below your level (except Owners, who can act on each other).
LevelValueDescription
User0Default. Self-service only — manage own profile, prefix, sessions, and view own guilds.
Moderator1Can warn and timeout users below them. Limited admin panel access.
Admin2Full admin panel. Can ban, delete, manage subscriptions, and assign permissions up to Moderator.
Owner3Unrestricted. Can act on everyone including other Owners. Can assign permissions up to Admin.

What each level can access

User (level 0)

Public endpoints (no login required, just X-API-Key):
  • GET /statistics/* — View user, guild, bot counts
  • GET /bots — List public bots
  • GET /bots/{id} — View a bot’s public profile
  • GET /guilds/{id} — View a guild’s public profile
  • GET /users/{id} — View a user’s public profile
Authenticated endpoints (session cookie required):
  • GET /users/me — View own profile
  • POST /users/me/prefix — Update own command prefix
  • GET /users/me/subscription — View own subscription status
  • GET /users/me/punishments — View own punishment history
  • GET /users/me/guilds — List own guilds
  • POST /users/me/guilds/{id}/prefix — Update a guild’s prefix (must be guild owner)
  • GET /users/me/sessions — List own sessions
  • POST /users/me/sessions/{token}/destroy — Revoke a session
  • GET /users/search — Search users (returns public profiles)
  • GET /guilds/search — Search guilds
  • GET /bots/search — Search bots (returns public profiles)
Note: Session TTL varies by permission level — admin and above get 1-day sessions, while regular users get 30-day sessions.

Moderator (level 1)

Everything a User can access, plus:
  • GET /users/search — Search users (full details, only sees users below their level)
  • GET /users/{id} — View user detail with punishments, guilds, bots (hierarchy enforced)
  • GET /guilds/{id} — View guild detail (subscription/sponsor fields redacted)
  • GET /admin/audit/logs — View audit logs (only warn and timeout events)
  • POST /admin/punishments/.../warn — Issue warnings
  • POST /admin/punishments/.../timeout — Issue timeouts

Admin (level 2)

Everything a Moderator can access, plus:
  • GET /bots/search — Search bots (full details)
  • GET /users/{id} — Full user detail (no redaction, includes subscription history)
  • GET /guilds/{id} — Full guild detail (no redaction, includes subscription history)
  • GET /bots/{id} — Full bot detail (owner, rate limits, type)
  • POST /admin/users/{id} — Update users (permission, prefix)
  • POST /admin/users/{id}/delete — Delete users
  • POST /admin/guilds/{id}/update — Update guilds
  • POST /admin/guilds/{id}/prefix — Update guild prefix
  • POST /admin/guilds/{id}/delete — Delete guilds
  • GET /admin/bots — List bots
  • POST /admin/bots — Register new bots
  • POST /admin/bots/{id}/update — Update bots
  • POST /admin/bots/{id}/verify — Verify bots
  • POST /admin/bots/{id}/unverify — Unverify bots
  • POST /admin/bots/{id}/regenerate-key — Regenerate API keys
  • POST /admin/bots/{id}/reset-stats — Reset bot stats
  • POST /admin/bots/{id}/delete — Delete bots
  • POST /admin/punishments/.../ban — Ban users/guilds
  • POST /admin/punishments/.../unban — Unban users/guilds
  • GET /admin/punishments/search — Search punishments
  • GET /admin/punishments/{id} — View punishment detail
  • GET /admin/punishments/stats — Punishment analytics
  • GET /admin/subscriptions/active — List active subscriptions
  • POST /admin/subscriptions/.../grant — Grant subscriptions
  • POST /admin/subscriptions/.../trial — Grant trials
  • POST /admin/subscriptions/.../revoke — Revoke subscriptions
  • GET /admin/audit/logs — Full audit logs (filtered to exclude admin+ targets)

Owner (level 3)

Same as Admin, but:
  • Can act on all users including other Owners and Admins
  • Can assign permissions up to Admin (Admins can only assign up to Moderator)
  • Audit logs are unfiltered — sees everything

Subscription Tiers

Subscription tiers control feature access, not admin permissions. They apply to both users and guilds independently.
TierValueDurationDescription
Basic0Default. Standard features only.
Trial17 days (forced)One-time trial. Same access as Premium. Cannot be granted twice.
Premium2Set by adminPaid subscription with expiration date.
Lifetime3PermanentNever expires. subscription_expires_at is null.
  • has_premium is true for any active non-Basic tier (Trial, Premium, or Lifetime with valid expiry).
  • Expired Trial/Premium subscriptions are automatically downgraded to Basic by a background task.
  • Trial eligibility is checked via audit log history — once granted, it cannot be granted again.

User States

StateValueDescription
Active0Normal — can log in and use all features.
Timeout1Temporarily restricted — cannot execute commands.
Banned2Permanently blocked — cannot log in or interact.

Guild States

StateValueDescription
Active0Bot is present and operational.
Inactive1Bot has left or been removed.
Banned2Guild is blacklisted — bot will not rejoin.

Bot Types

TypeValueDescription
Official1First-party bots managed by the platform.
Verified2Third-party bots that passed review.
Community3Default — unverified community bots.

Bot API Access

Registered bots authenticate with X-API-Key and have their own set of endpoints:
  • GET /bot/me — View own bot profile
  • POST /bot/update-info — Update own name/avatar
  • POST /bot/me — Update stats (guilds, users, latency)
  • POST /bot/batch — Batch report command executions
  • GET /bot/users/{id} — Look up a user
  • POST /bot/users/{id} — Update a user’s info (username, avatar)
  • GET /bot/guilds/{id} — Look up a guild
  • POST /bot/guilds/{id} — Create/update guild info
Bots are rate-limited per their rate_limit_per_hour setting (configured by admins).