Changes a user's password.

Changes the password for an account on this homeserver.

This API endpoint uses the User-Interactive Authentication API_ to
ensure the user changing the password is actually the owner of the
account.

An access token should be submitted to this endpoint if the client has
an active session.

The homeserver may change the flows available depending on whether a
valid access token is provided. The homeserver SHOULD NOT revoke the
access token provided in the request, however all other access tokens
for the user should be revoked if the request succeeds.

Lists the public rooms on the server with optional filter.

Lists the public rooms on the server, with optional filter.

This API returns paginated responses. The rooms are ordered by the number
of joined members, with the largest rooms first.

Unban a user from the room. This allows them to be invited to the room,
and join if they would otherwise be allowed to join according to its join rules.

The caller must have the required power level in order to perform this operation.

Get this user's profile information.

Get the combined profile information for this user. This API may be used
to fetch the user's own profile information or other users; either
locally or on remote homeservers. This API may return keys which are not
limited to displayname or avatar_url.

Remove a tag from the room.

Remove a tag from the room.

Gets information about a particular user.

Gets information about a particular user.

This API may be restricted to only be called by the user being looked
up, or by a server admin. Server-local administrator privileges are not
specified in this document.

Here is link to spec: https://matrix.org/docs/spec/client_server/r0.6.0#get-matrix-client-r0-account-whoami

Get a single event by event ID.

Get a single event based on event_id. You must have permission to
retrieve this event e.g. by being a member in the room for this event.

This endpoint was deprecated in r0 of this specification. Clients
should instead call the |/rooms/{roomId}/event/{eventId}|_ API
or the |/rooms/{roomId}/context/{eventId}|_ API.

This endpoint get the actions for the specified push rule.

Gets information about a particular user.

This API may be restricted to only be called by the user being looked
up, or by a server admin. Server-local administrator privileges are not
specified in this document.

Download a thumbnail of content from the content repository. See the thumbnailing <#thumbnails>_
section for more information.

Gets the list of currently joined users and their profile data.

This API returns a map of MXIDs to member info objects for members of the room. The current user must be in the room for it to work, unless it is an Application Service in which case any of the AS's users must be in the room. This API is primarily for Application Services and should be faster to respond than /members as it can be implemented more efficiently on the server.

Set the actions for a push rule.

This endpoint allows clients to change the actions of a push rule.
This can be used to change the actions of builtin rules.

Publishes end-to-end encryption keys for the device.

Download content from the content repository.

Unban a user from the room.

Unban a user from the room. This allows them to be invited to the room,
and join if they would otherwise be allowed to join according to its join rules.

The caller must have the required power level in order to perform this operation.

Invalidates all access tokens for a user

Invalidates all access tokens for a user, so that they can no longer be used for
authorization. This includes the access token that made this request. All devices
for the user are also deleted. Device keys <#device-keys>_ for the device are
deleted alongside the device.

This endpoint does not require UI authorization because UI authorization is
designed to protect against attacks where the someone gets hold of a single access
token then takes over the account. This endpoint invalidates all access tokens for
the user, including the token used in the request, and therefore the attacker is
unable to take over the account in this way.

List the tags for a room.

List the tags set by a user on a room.

Get the user's display name.

Get the user's display name. This API may be used to fetch the user's
own displayname or to query the name of other users; either locally or
on remote homeservers.

Set the user's display name.

This API sets the given user's display name. You must have permission to
set this user's display name, e.g. you need to have their access_token.

Download content from the content repository. This is the same as
the download endpoint above, except permitting a desired file name.

Reports an event as inappropriate.

Reports an event as inappropriate to the server, which may then notify
the appropriate people.

Stop the requesting user participating in a particular room.

This API stops a user participating in a particular room.

If the user was already in the room, they will no longer be able to see
new events in the room. If the room requires an invite to join, they
will need to be re-invited before they can re-join.

If the user was invited to the room, but had not joined, this call
serves to reject the invite.

The user will still be allowed to retrieve history from the room which
they were previously allowed to see.

Modify a pusher for this user on the homeserver.

This endpoint allows the creation, modification and deletion of pushers_
for this user ID. The behaviour of this endpoint varies depending on the
values in the JSON body.

Get the supported login types to authenticate users

Gets the homeserver's supported login types to authenticate users. Clients
should pick one of these and supply it as the type when logging in.

Get information about a URL for a client

Get information about a URL for the client. Typically this is called when a
client sees a URL in a message and wants to render a preview for the user.

.. Note::
Clients should consider avoiding this endpoint for URLs posted in encrypted
rooms. Encrypted rooms often contain more sensitive information the users
do not want to share with the homeserver, and this can mean that the URLs
being shared should also not be shared with the homeserver.

Upload end-to-end encryption keys.

Publishes end-to-end encryption keys for the device.

Bulk deletion of devices

This API endpoint uses the User-Interactive Authentication API_.

Deletes the given devices, and invalidates any access token associated with them.

The actions for a push rule

This endpoint get the actions for the specified push rule.

Checks to see if a username is available on the server.

Checks to see if a username is available, and valid, for the server.

The server should check to ensure that, at the time of the request, the
username requested is available for use. This includes verifying that an
application service has not claimed the username and that the username
fits the server's desired requirements (for example, a server could dictate
that it does not permit usernames with underscores).

Matrix clients may wish to use this API prior to attempting registration,
however the clients must also be aware that using this API does not normally
reserve the username. This can mean that the username becomes unavailable
between checking its availability and attempting to register it.

Gets Matrix server discovery information about the domain.

Gets discovery information about the domain. The file may include
additional keys, which MUST follow the Java package naming convention,
e.g. com.example.myapp.property. This ensures property names are
suitably namespaced for each application and reduces the risk of
clashes.

Note that this endpoint is not necessarily handled by the homeserver,
but by another webserver, to be used for discovering the homeserver URL.

Snapshot the current state of a room and its most recent messages.

Get a copy of the current state and the most recent messages in a room.

This endpoint was deprecated in r0 of this specification. There is no
direct replacement; the relevant information is returned by the
|/sync|_ API. See the migration guide <https://matrix.org/docs/guides/client-server-migrating-from-v1.html#deprecated-endpoints>_.

Authenticates the user, and issues an access token they can
use to authorize themself in subsequent requests.

If the client does not supply a device_id, the server must
auto-generate one.

The returned access token must be associated with the device_id
supplied by the client or generated by the server. The server may
invalidate any access token previously associated with that device. See
Relationship between access tokens and devices_.

Gets the versions of the specification supported by the server.

Gets the versions of the specification supported by the server.

Values will take the form rX.Y.Z.

Only the latest Z value will be reported for each supported X.Y value.
i.e. if the server implements r0.0.0, r0.0.1, and r1.2.0, it will report r0.0.1 and r1.2.0.

The server may additionally advertise experimental features it supports
through unstable_features. These features should be namespaced and
may optionally include version information within their name if desired.
Features listed here are not for optionally toggling parts of the Matrix
specification and should only be used to advertise support for a feature
which has not yet landed in the spec. For example, a feature currently
undergoing the proposal process may appear here and eventually be taken
off this list once the feature lands in the spec and the server deems it
reasonable to do so. Servers may wish to keep advertising features here
after they've been released into the spec to give clients a chance to
upgrade appropriately. Additionally, clients should avoid using unstable
features in their stable releases.

Gets the homeserver's supported login types to authenticate users. Clients
should pick one of these and supply it as the type when logging in.

Lists the public rooms on the server.

Lists the public rooms on the server.

This API returns paginated responses. The rooms are ordered by the number
of joined members, with the largest rooms first.

Authenticates the user.

Authenticates the user, and issues an access token they can
use to authorize themself in subsequent requests.

If the client does not supply a device_id, the server must
auto-generate one.

The returned access token must be associated with the device_id
supplied by the client or generated by the server. The server may
invalidate any access token previously associated with that device. See
Relationship between access tokens and devices_.

Get events and state around the specified event.

This API returns a number of events that happened just before and
after the specified event. This allows clients to get the context
surrounding an event.

Note: This endpoint supports lazy-loading of room member events. See
Lazy-loading room members <#lazy-loading-room-members>_ for more information.

This API stops a user remembering about a particular room.

In general, history is a first class citizen in Matrix. After this API
is called, however, a user will no longer be able to retrieve history
for this room. If all users on a homeserver forget a room, the room is
eligible for deletion from that homeserver.

If the user is currently joined to the room, they must leave the room
before calling this API.

Create a new room

Create a new room with various configuration options.

The server MUST apply the normal state resolution rules when creating
the new room, including checking power levels for each event. It MUST
apply the events implied by the request in the following order:

0. A default m.room.power_levels event, giving the room creator
   (and not other members) permission to send state events. Overridden
   by the power_level_content_override parameter.

1. Events set by the preset. Currently these are the m.room.join_rules,
   m.room.history_visibility, and m.room.guest_access state events.

2. Events listed in initial_state, in the order that they are
   listed.

3. Events implied by name and topic (m.room.name and m.room.topic
   state events).

4. Invite events implied by invite and invite_3pid (m.room.member with
   membership: invite and m.room.third_party_invite).

The available presets do the following with respect to room state:

======================== ============== ====================== ================ =========
Preset join_rules history_visibility guest_access Other
======================== ============== ====================== ================ =========
private_chat invite shared can_join
trusted_private_chat invite shared can_join All invitees are given the same power level as the room creator.
public_chat public shared forbidden
======================== ============== ====================== ================ =========

The server will create a m.room.create event in the room with the
requesting user as the creator, alongside other keys provided in the
creation_content.

Get a single event by event ID.

Get a single event based on roomId/eventId. You must have permission to
retrieve this event e.g. by being a member in the room for this event.

Authenticates the user, and issues an access token they can
use to authorize themself in subsequent requests.

If the client does not supply a device_id, the server must
auto-generate one.

The returned access token must be associated with the device_id
supplied by the client or generated by the server. The server may
invalidate any access token previously associated with that device. See
Relationship between access tokens and devices_.

Searches the user directory.

Performs a search for users. The homeserver may
determine which subset of users are searched, however the homeserver
MUST at a minimum consider the users the requesting user shares a
room with and those who reside in public rooms (known to the homeserver).
The search MUST consider local users to the homeserver, and SHOULD
query remote users as part of the search.

The search is performed case-insensitively on user IDs and display
names preferably using a collation determined based upon the
Accept-Language header provided in the request, if present.

List registered devices for the current user

Gets information about all devices for the current user.

This endpoint allows clients to change the actions of a push rule.
This can be used to change the actions of builtin rules.

Add a tag to a room.

Add a tag to the room.

Stop the requesting user remembering about a particular room.

This API stops a user remembering about a particular room.

In general, history is a first class citizen in Matrix. After this API
is called, however, a user will no longer be able to retrieve history
for this room. If all users on a homeserver forget a room, the room is
eligible for deletion from that homeserver.

If the user is currently joined to the room, they must leave the room
before calling this API.

Upload a new filter.

Uploads a new filter definition to the homeserver.
Returns a filter ID that may be used in future requests to
restrict which events are returned to the client.

Updates a room's visibility in the application service's room directory.

Updates the visibility of a given room on the application service's room
directory.

This API is similar to the room directory visibility API used by clients
to update the homeserver's more general room directory.

This API requires the use of an application service access token (as_token)
instead of a typical client's access_token. This API cannot be invoked by
users who are not identified as application services.

Claim one-time encryption keys.

Claims one-time keys for use in pre-key messages.

Upload some content to the content repository.