Skip to main content

Overview

The Admin API provides comprehensive administrative control over users, teams, games, and platform configuration.
All endpoints in this section require Admin role. Unauthorized access returns 403 Forbidden.

Platform Configuration

Get Configuration

Retrieve global platform settings.

GET /api/admin/config

{
  "accountPolicy": {
    "allowRegister": true,
    "activeOnRegister": false,
    "emailConfirmationRequired": true,
    "emailDomainList": "edu,org",
    "useCaptcha": true
  },
  "globalConfig": {
    "title": "GZCTF Platform",
    "slogan": "Hack the Planet",
    "logoHash": "abc123...",
    "faviconHash": "def456...",
    "apiEncryption": false
  },
  "containerPolicy": {
    "enableTrafficCapture": true,
    "publicEntry": "ctf.example.com",
    "portRangeStart": 30000,
    "portRangeEnd": 40000
  }
}

Update Configuration

Modify platform settings.

PUT /api/admin/config

accountPolicy
object
Account policy settings
globalConfig
object
Global platform configuration
containerPolicy
object
Container management settings
{
  "accountPolicy": {
    "allowRegister": true,
    "useCaptcha": true
  },
  "globalConfig": {
    "title": "My CTF Platform"
  }
}
Upload custom logo and favicon.
file
file
required
Image file (max 3MB, generates both logo and favicon)
{
  "logo": "/assets/logo_640.png",
  "favicon": "/assets/favicon_256.png"
}
Restore default logo and favicon.

User Management

List Users

Retrieve paginated list of users.

GET /api/admin/users

count
integer
default:"100"
Number of users (max 500)
skip
integer
default:"0"
Offset for pagination
{
  "data": [
    {
      "id": "user-guid",
      "userName": "player1",
      "email": "[email protected]",
      "role": "User",
      "emailConfirmed": true,
      "registerTimeUtc": "2025-01-15T10:00:00Z"
    }
  ],
  "total": 250
}

Search Users

Search users by username, email, real name, student number, or ID.

POST /api/admin/users/search

hint
string
required
Search query (case-insensitive, returns up to 30 results)
{
  "data": [
    {
      "id": "user-guid",
      "userName": "player1",
      "email": "[email protected]",
      "realName": "John Doe",
      "stdNumber": "STU12345"
    }
  ]
}

Get User Details

Retrieve detailed user information.

GET /api/admin/users/

userid
string
required
User UUID

Update User

Modify user information.

PUT /api/admin/users/

userid
string
required
User UUID
userName
string
New username
email
string
New email address
bio
string
User biography
phone
string
Phone number
realName
string
Real name
stdNumber
string
Student/ID number
role
string
User role: Banned, User, Monitor, Admin
emailConfirmed
boolean
Email confirmation status

Batch Add Users

Create multiple users at once.

POST /api/admin/users

users
array
required
Array of user creation objects
[
  {
    "userName": "student1",
    "email": "[email protected]",
    "password": "defaultPassword123",
    "realName": "Alice Smith",
    "stdNumber": "2024001",
    "teamName": "Team A"
  },
  {
    "userName": "student2",
    "email": "[email protected]",
    "password": "defaultPassword123",
    "teamName": "Team A"
  }
]
Users with the same teamName will be automatically grouped into teams.

Reset User Password

Generate and return a new random password for a user.

DELETE /api/admin/users//password

userid
string
required
User UUID
"NewRandomPass123"
The generated password is shown only once. Save it securely.

Delete User

Permanently delete a user account.

DELETE /api/admin/users/

userid
string
required
User UUID
Cannot delete team captains. Transfer team ownership first.

Team Management

List Teams

Retrieve paginated list of teams.

GET /api/admin/teams

count
integer
default:"100"
Number of teams (max 500)
skip
integer
default:"0"
Offset for pagination

Search Teams

Search teams by name or ID.

POST /api/admin/teams/search

hint
string
required
Search query

Update Team

Modify team information.

PUT /api/admin/teams/

id
integer
required
Team ID
name
string
Team name
bio
string
Team biography
locked
boolean
Lock status (prevents roster changes)

Delete Team

Permanently delete a team.

DELETE /api/admin/teams/

id
integer
required
Team ID

Participation Management

Update Participation

Modify team participation in a game (approve/reject/ban).

PUT /api/admin/participation/

id
integer
required
Participation ID
status
string
New status: Pending, Accepted, Rejected, Suspended
organization
string
Team organization/affiliation
{
  "status": "Accepted",
  "organization": "University A"
}

Writeups

Get Writeups

Retrieve all writeup submissions for a game.

GET /api/admin/writeups/

id
integer
required
Game ID
{
  "writeups": [
    {
      "team": {
        "id": 42,
        "name": "Team Alpha"
      },
      "file": "writeups/game1_team42.pdf",
      "uploadTimeUtc": "2026-03-20T15:00:00Z",
      "fileSize": 2048000
    }
  ]
}

Download All Writeups

Download all writeups as a TAR archive.

GET /api/admin/writeups//all

id
integer
required
Game ID
Returns a downloadable .tar file containing all submitted writeups.

Container Management

List Containers

Retrieve all active container instances.

GET /api/admin/instances

{
  "data": [
    {
      "containerId": "abc123def456",
      "image": "ctf/web-challenge:latest",
      "team": "Team Alpha",
      "challenge": "SQL Injection 101",
      "entry": "http://ctf.local:31337",
      "startedAt": "2026-03-01T10:00:00Z",
      "expectStopAt": "2026-03-01T12:00:00Z"
    }
  ]
}

Destroy Container

Forcibly stop and remove a container instance.

DELETE /api/admin/instances/

id
string
required
Container UUID
This forcibly terminates the container. Use with caution during active games.

File Management

List Files

Retrieve uploaded files (attachments, avatars, etc.).

GET /api/admin/files

count
integer
default:"50"
Number of files (max 500)
skip
integer
default:"0"
Offset for pagination
{
  "data": [
    {
      "hash": "abc123def456...",
      "name": "challenge-attachment.zip",
      "size": 1048576,
      "uploadTimeUtc": "2026-02-15T14:00:00Z",
      "type": "Attachment"
    }
  ]
}

Logs

View System Logs

Retrieve platform logs.

GET /api/admin/logs

level
string
default:"All"
Log level filter: All, Information, Warning, Error
count
integer
default:"50"
Number of log entries (max 1000)
skip
integer
default:"0"
Offset for pagination
[
  {
    "time": "2026-03-01T12:30:45Z",
    "level": "Information",
    "logger": "GZCTF.Controllers.GameController",
    "message": "User joined game: Team Alpha -> Spring CTF 2026",
    "status": "Success"
  },
  {
    "time": "2026-03-01T12:25:10Z",
    "level": "Warning",
    "logger": "GZCTF.Services.Container",
    "message": "Container startup delayed",
    "status": "Pending"
  }
]

Game Export/Import

Game export and import endpoints are documented in the game management section above.

Next Steps

Challenge API

Challenge management operations

Game API

Game management operations

Build docs developers (and LLMs) love

Get started for freeTalk to us