POST /api/flags Flags a challenge completion for admin review. Each user may flag a given completion only once.
This endpoint requires a valid Bearer token in the Authorization header.
This endpoint is rate-limited. Submitting too many flag requests in a short window will result in a 429 Too Many Requests response.
Request body The integer ID of the ChallengeCompletion to flag.
Optional human-readable description of why the completion is being flagged.
Response 201 Created true when the flag was created successfully.
Human-readable confirmation message. Value: "Completion flagged successfully".
The newly created flag record. Unique identifier of the flag.
ID of the flagged completion.
ID of the user who submitted the flag.
Reason provided by the reporter, or null if none was given.
ISO 8601 timestamp of when the flag was created.
Error responses Status Description 400Validation error (e.g. missing completionId) or the authenticated user tried to flag their own completion. 401Missing or invalid Bearer token. 404No completion exists with the given completionId. 409The authenticated user has already flagged this completion. 429Rate limit exceeded.
Example curl -X POST http://localhost:3000/api/flags \ -H "Authorization: Bearer <accessToken>" \ -H "Content-Type: application/json" \ -d '{"completionId": 99, "reason": "Image does not match the challenge location."}'
{ "success" : true , "message" : "Completion flagged successfully" , "data" : { "id" : 7 , "completionId" : 99 , "flaggedById" : 42 , "reason" : "Image does not match the challenge location." , "createdAt" : "2026-03-28T14:05:00.000Z" } }
GET /api/flags Returns all submitted flags with related completion and user data, ordered by most recent first.
This endpoint requires a valid Bearer token for an admin account. Regular users receive 403 Forbidden.
Response 200 OK true when the request succeeded.
Array of all flag records with nested completion and user details. ID of the flagged completion.
ID of the user who submitted the flag.
Reporter’s reason, or null.
ISO 8601 creation timestamp.
Abbreviated user record for the reporter. Show flaggedBy properties
The flagged completion with its associated user and challenge. Show completion properties
User who submitted the completion. Challenge associated with the completion. Show challenge properties
Error responses Status Description 401Missing or invalid Bearer token. 403Authenticated user does not have admin privileges.
Example curl http://localhost:3000/api/flags \ -H "Authorization: Bearer <adminAccessToken>"
{ "success" : true , "data" : [ { "id" : 7 , "completionId" : 99 , "flaggedById" : 42 , "reason" : "Image does not match the challenge location." , "createdAt" : "2026-03-28T14:05:00.000Z" , "flaggedBy" : { "id" : 42 , "email" : "[email protected] " , "name" : "Jane Smith" }, "completion" : { "id" : 99 , "user" : { "id" : 17 , "email" : "[email protected] " , "name" : "Alex Lee" }, "challenge" : { "id" : 3 , "title" : "Sunrise Summit" } } } ] }