Wiki: Request Paths/project-management-only / Scraper Snitch Bot

This page provides details of some paths that have been observed being requested by bots, and why you might care about them.

Instance Info

/api/v1/instance:

Generally low sensitivity, provides an overview of the instance itself:

Also provides details of the person to contact about the instance, this includes a copy of the persons profile

This path is quite commonly requested by bots looking to show the overall size (or uptime) of the fediverse.

/api/v1/instance/activity:

Provides an overview of activity by week:

[
  {
    "week": "1674998453",
    "statuses": "0",
    "logins": "1",
    "registrations": "0"
  },
  {
    "week": "1674393653",
    "statuses": "114",
    "logins": "2",
    "registrations": "0"
  },

Public Activity APIs

Paths:

These are called to populate the Explore, Local and Federated tabs, both for logged in users and for unauthenticated users hitting the default page.

They provide details of current activity (the /api/v1/timelines/public endpoint accepts various querystrings to control whether toots returned are local or federated).

These paths cannot simply be blocked at the webserver without impacting legitimate users.

It it is, however, possible to implement and enforce active checks against these endpoints

Public Streaming API: Activity

Paths:

Part of the streaming API.

Placing a request to these paths will establish a long lived HTTP request. Whenever related activity (i.e. local for local, federated for remote etc) occurs, the listening client will be sent a copy

Hashtag Streaming API: Hashtags

Paths:

Requires a query string arg tag denoting the tag (e.g. /api/v1/streaming/hashtag?tag=nsfw)