User 24 endpoints

GET /users/{ids}/favorites

Get the questions that users in {ids} have favorited.

This method is effectively a view onto a user’s favorites tab.

{ids} can contain up to 100 semicolon delimited ids, to find ids programatically look for user_id on user or shallow_user objects.

The sorts accepted by this method operate on the follow fields of the question object:

  • activity - last_activity_date
  • creation - creation_date
  • votes - score
  • added - when the user favorited the question
    activity is the default sort.

It is possible to create moderately complex queries using sort, min, max, fromdate, and todate.

This method returns a list of questions.

operationId: User_getFavoritesList

Parameters

Name In Required Type Description
ids path required string

Number list (semicolon delimited).
order query optional string
max query optional string

sort = activity => date
sort = creation => date
sort = votes => number
sort = added => date
min query optional string

sort = activity => date
sort = creation => date
sort = votes => number
sort = added => date
sort query optional string
fromdate query optional integer

Unix date.
todate query optional integer

Unix date.
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.
site query required string

Each of these methods operates on a single site at a time, identified by the site parameter. This parameter can be the full domain name (ie. “stackoverflow.com”), or a short form identified by api_site_parameter on the site object.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{ids}/favorites
GET /users/{ids}/mentioned

Gets all the comments that the users in {ids} were mentioned in.

Note, to count as a mention the comment must be considered to be “in reply to” a user. Most importantly, this means that a comment can only be in reply to a single user.

{ids} can contain up to 100 semicolon delimited ids, to find ids programatically look for user_id on user or shallow_user objects.

The sorts accepted by this method operate on the follow fields of the comment object:

  • creation - creation_date
  • votes - score
    It is possible to create moderately complex queries using sort, min, max, fromdate, and todate.

This method returns a list of comments.

operationId: User_mentionedCommentsList

Parameters

Name In Required Type Description
ids path required string

Number list (semicolon delimited).
order query optional string
max query optional string

sort = creation => date
sort = votes => number
min query optional string

sort = creation => date
sort = votes => number
sort query optional string
fromdate query optional integer

Unix date.
todate query optional integer

Unix date.
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.
site query required string

Each of these methods operates on a single site at a time, identified by the site parameter. This parameter can be the full domain name (ie. “stackoverflow.com”), or a short form identified by api_site_parameter on the site object.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{ids}/mentioned
GET /users/{ids}/merges

Returns a record of merges that have occurred involving the passed account ids.

This method allows you to take now invalid account ids and find what account they’ve become, or take currently valid account ids and find which ids were equivalent in the past.

This is most useful when confirming that an account_id is in fact “new” to an application.

Account merges can happen for a wide range of reasons, applications should not make assumptions that merges have particular causes.

Note that accounts are managed at a network level, users on a site may be merged due to an account level merge but there is no guarantee that a merge has an effect on any particular site.

This method returns a list of account_merge.

operationId: User_listAccountMerges

Parameters

Name In Required Type Description
ids path required string

Number list (semicolon delimited).
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{ids}/merges
GET /users/{ids}/questions

Gets the questions asked by the users in {ids}.

{ids} can contain up to 100 semicolon delimited ids, to find ids programatically look for user_id on user or shallow_user objects.

The sorts accepted by this method operate on the follow fields of the question object:

  • activity - last_activity_date
  • creation - creation_date
  • votes - score
    activity is the default sort.

It is possible to create moderately complex queries using sort, min, max, fromdate, and todate.

This method returns a list of questions.

operationId: User_getQuestionsByUserIds

Parameters

Name In Required Type Description
ids path required string

Number list (semicolon delimited).
order query optional string
max query optional string

sort = activity => date
sort = creation => date
sort = votes => number
min query optional string

sort = activity => date
sort = creation => date
sort = votes => number
sort query optional string
fromdate query optional integer

Unix date.
todate query optional integer

Unix date.
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.
site query required string

Each of these methods operates on a single site at a time, identified by the site parameter. This parameter can be the full domain name (ie. “stackoverflow.com”), or a short form identified by api_site_parameter on the site object.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{ids}/questions
GET /users/{ids}/questions/featured

Gets the questions on which the users in {ids} have active bounties.

{ids} can contain up to 100 semicolon delimited ids, to find ids programatically look for user_id on user or shallow_user objects.

The sorts accepted by this method operate on the follow fields of the question object:

  • activity - last_activity_date
  • creation - creation_date
  • votes - score
    activity is the default sort.

It is possible to create moderately complex queries using sort, min, max, fromdate, and todate.

This method returns a list of questions.

operationId: User_getFeaturedQuestions

Parameters

Name In Required Type Description
ids path required string

Number list (semicolon delimited).
order query optional string
max query optional string

sort = activity => date
sort = creation => date
sort = votes => number
min query optional string

sort = activity => date
sort = creation => date
sort = votes => number
sort query optional string
fromdate query optional integer

Unix date.
todate query optional integer

Unix date.
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.
site query required string

Each of these methods operates on a single site at a time, identified by the site parameter. This parameter can be the full domain name (ie. “stackoverflow.com”), or a short form identified by api_site_parameter on the site object.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{ids}/questions/featured
GET /users/{ids}/questions/no-answers

Gets the questions asked by the users in {ids} which have no answers.

Questions returns by this method actually have zero undeleted answers. It is completely disjoint /users/{ids}/questions/unanswered and /users/{ids}/questions/unaccepted, which only return questions with at least one answer, subject to other contraints.

{ids} can contain up to 100 semicolon delimited ids, to find ids programatically look for user_id on user or shallow_user objects.

The sorts accepted by this method operate on the follow fields of the question object:

  • activity - last_activity_date
  • creation - creation_date
  • votes - score
    activity is the default sort.

It is possible to create moderately complex queries using sort, min, max, fromdate, and todate.

This method returns a list of questions.

operationId: User_listNoAnswerQuestions

Parameters

Name In Required Type Description
ids path required string

Number list (semicolon delimited).
order query optional string
max query optional string

sort = activity => date
sort = creation => date
sort = votes => number
min query optional string

sort = activity => date
sort = creation => date
sort = votes => number
sort query optional string
fromdate query optional integer

Unix date.
todate query optional integer

Unix date.
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.
site query required string

Each of these methods operates on a single site at a time, identified by the site parameter. This parameter can be the full domain name (ie. “stackoverflow.com”), or a short form identified by api_site_parameter on the site object.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{ids}/questions/no-answers
GET /users/{ids}/questions/unaccepted

Gets the questions asked by the users in {ids} which have at least one answer, but no accepted answer.

Questions returned by this method have answers, but the owner has not opted to accept any of them.

{ids} can contain up to 100 semicolon delimited ids, to find ids programatically look for user_id on user or shallow_user objects.

The sorts accepted by this method operate on the follow fields of the question object:

  • activity - last_activity_date
  • creation - creation_date
  • votes - score
    activity is the default sort.

It is possible to create moderately complex queries using sort, min, max, fromdate, and todate.

This method returns a list of questions.

operationId: User_getUnacceptedQuestions

Parameters

Name In Required Type Description
ids path required string

Number list (semicolon delimited).
order query optional string
max query optional string

sort = activity => date
sort = creation => date
sort = votes => number
min query optional string

sort = activity => date
sort = creation => date
sort = votes => number
sort query optional string
fromdate query optional integer

Unix date.
todate query optional integer

Unix date.
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.
site query required string

Each of these methods operates on a single site at a time, identified by the site parameter. This parameter can be the full domain name (ie. “stackoverflow.com”), or a short form identified by api_site_parameter on the site object.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{ids}/questions/unaccepted
GET /users/{ids}/questions/unanswered

Gets the questions asked by the users in {ids} which the site consideres unanswered, while still having at least one answer posted.

These rules are subject to change, but currently any question without at least one upvoted or accepted answer is considered unanswered.

To get the set of questions that a user probably considers unanswered, the returned questions should be unioned with those returned by /users/{id}/questions/no-answers. These methods are distinct so that truly unanswered (that is, zero posted answers) questions can be easily separated from mearly poorly or inadequately answered ones.

{ids} can contain up to 100 semicolon delimited ids, to find ids programatically look for user_id on user or shallow_user objects.

The sorts accepted by this method operate on the follow fields of the question object:

  • activity - last_activity_date
  • creation - creation_date
  • votes - score
    activity is the default sort.

It is possible to create moderately complex queries using sort, min, max, fromdate, and todate.

This method returns a list of questions.

operationId: User_getUnansweredQuestions

Parameters

Name In Required Type Description
ids path required string

Number list (semicolon delimited).
order query optional string
max query optional string

sort = activity => date
sort = creation => date
sort = votes => number
min query optional string

sort = activity => date
sort = creation => date
sort = votes => number
sort query optional string
fromdate query optional integer

Unix date.
todate query optional integer

Unix date.
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.
site query required string

Each of these methods operates on a single site at a time, identified by the site parameter. This parameter can be the full domain name (ie. “stackoverflow.com”), or a short form identified by api_site_parameter on the site object.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{ids}/questions/unanswered
GET /users/{ids}/reputation

Gets a subset of the reputation changes for users in {ids}.

Reputation changes are intentionally scrubbed of some data to make it difficult to correlate votes on particular posts with user reputation changes. That being said, this method returns enough data for reasonable display of reputation trends.

{ids} can contain up to 100 semicolon delimited ids, to find ids programatically look for user_id on user or shallow_user objects.

This method returns a list of reputation objects.

operationId: User_getReputationChanges

Parameters

Name In Required Type Description
ids path required string

Number list (semicolon delimited).
fromdate query optional integer

Unix date.
todate query optional integer

Unix date.
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.
site query required string

Each of these methods operates on a single site at a time, identified by the site parameter. This parameter can be the full domain name (ie. “stackoverflow.com”), or a short form identified by api_site_parameter on the site object.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{ids}/reputation
GET /users/{ids}/reputation-history

Returns users’ public reputation history.

This method returns a list of reputation_history.

operationId: User_getReputationHistory

Parameters

Name In Required Type Description
ids path required string

Number list (semicolon delimited).
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.
site query required string

Each of these methods operates on a single site at a time, identified by the site parameter. This parameter can be the full domain name (ie. “stackoverflow.com”), or a short form identified by api_site_parameter on the site object.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{ids}/reputation-history
GET /users/{ids}/suggested-edits

Returns the suggested edits a users in {ids} have submitted.

{ids} can contain up to 100 semicolon delimited ids, to find ids programatically look for user_id on user or shallow_user objects.

The sorts accepted by this method operate on the follow fields of the suggested_edit object:

  • creation - creation_date
  • approval - approval_date Does not return unapproved suggested_edits
  • rejection - rejection_date Does not return unrejected suggested_edits
    creation is the default sort.

It is possible to create moderately complex queries using sort, min, max, fromdate, and todate.

This method returns a list of suggested-edits.

operationId: User_getSuggestedEditsByIds

Parameters

Name In Required Type Description
ids path required string

Number list (semicolon delimited).
order query optional string
max query optional string

sort = creation => date
sort = approval => date
sort = rejection => date
min query optional string

sort = creation => date
sort = approval => date
sort = rejection => date
sort query optional string
fromdate query optional integer

Unix date.
todate query optional integer

Unix date.
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.
site query required string

Each of these methods operates on a single site at a time, identified by the site parameter. This parameter can be the full domain name (ie. “stackoverflow.com”), or a short form identified by api_site_parameter on the site object.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{ids}/suggested-edits
GET /users/{ids}/tags

Returns the tags the users identified in {ids} have been active in.

This route corresponds roughly to user’s stats tab, but does not include tag scores. A subset of tag scores are available (on a single user basis) in /users/{id}/top-answer-tags and /users/{id}/top-question-tags.

{ids} can contain up to 100 semicolon delimited ids, to find ids programatically look for user_id on user or shallow_user objects.

The sorts accepted by this method operate on the follow fields of the tag object:

  • popular - count
  • activity - the creation_date of the last question asked with the tag
  • name - name
    popular is the default sort.

It is possible to create moderately complex queries using sort, min, max, fromdate, and todate.

This method returns a list of tags.

operationId: User_getTags

Parameters

Name In Required Type Description
ids path required string

Number list (semicolon delimited).
order query optional string
max query optional string

sort = popular => number
sort = activity => date
sort = name => string
min query optional string

sort = popular => number
sort = activity => date
sort = name => string
sort query optional string
fromdate query optional integer

Unix date.
todate query optional integer

Unix date.
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.
site query required string

Each of these methods operates on a single site at a time, identified by the site parameter. This parameter can be the full domain name (ie. “stackoverflow.com”), or a short form identified by api_site_parameter on the site object.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{ids}/tags
GET /users/{ids}/timeline

Returns a subset of the actions the users in {ids} have taken on the site.

This method returns users’ posts, edits, and earned badges in the order they were accomplished. It is possible to filter to just a window of activity using the fromdate and todate parameters.

{ids} can contain up to 100 semicolon delimited ids, to find ids programatically look for user_id on user or shallow_user objects.

This method returns a list of user timeline objects.

operationId: User_getUserTimelineByIds

Parameters

Name In Required Type Description
ids path required string

Number list (semicolon delimited).
fromdate query optional integer

Unix date.
todate query optional integer

Unix date.
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.
site query required string

Each of these methods operates on a single site at a time, identified by the site parameter. This parameter can be the full domain name (ie. “stackoverflow.com”), or a short form identified by api_site_parameter on the site object.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{ids}/timeline
GET /users/{id}/inbox

Returns a user’s inbox.

This method requires an access_token, with a scope containing “read_inbox”.

This method is effectively an alias for /inbox. It is provided for consumers who make strong assumptions about operating within the context of a single site rather than the Stack Exchange network as a whole.

{id} can contain a single id, to find it programatically look for user_id on user or shallow_user objects.

This method returns a list of inbox items.

operationId: User_getInboxItems

Parameters

Name In Required Type Description
id path required integer
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.
site query required string

Each of these methods operates on a single site at a time, identified by the site parameter. This parameter can be the full domain name (ie. “stackoverflow.com”), or a short form identified by api_site_parameter on the site object.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{id}/inbox
GET /users/{id}/inbox/unread

Returns the unread items in a user’s inbox.

This method requires an access_token, with a scope containing “read_inbox”.

This method is effectively an alias for /inbox/unread. It is provided for consumers who make strong assumptions about operating within the context of a single site rather than the Stack Exchange network as a whole.

{id} can contain a single id, to find it programatically look for user_id on user or shallow_user objects.

This method returns a list of inbox items.

operationId: User_getInboxUnread

Parameters

Name In Required Type Description
id path required integer
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.
site query required string

Each of these methods operates on a single site at a time, identified by the site parameter. This parameter can be the full domain name (ie. “stackoverflow.com”), or a short form identified by api_site_parameter on the site object.
since query optional integer

Unix date.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{id}/inbox/unread
GET /users/{id}/notifications

Returns a user’s notifications.

This method requires an access_token, with a scope containing “read_inbox”.

This method returns a list of notifications.

operationId: User_getNotificationsList

Parameters

Name In Required Type Description
id path required integer
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.
site query required string

Each of these methods operates on a single site at a time, identified by the site parameter. This parameter can be the full domain name (ie. “stackoverflow.com”), or a short form identified by api_site_parameter on the site object.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{id}/notifications
GET /users/{id}/notifications/unread

Returns a user’s unread notifications.

This method requires an access_token, with a scope containing “read_inbox”.

This method returns a list of notifications.

operationId: User_getUnreadNotifications

Parameters

Name In Required Type Description
id path required integer
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.
site query required string

Each of these methods operates on a single site at a time, identified by the site parameter. This parameter can be the full domain name (ie. “stackoverflow.com”), or a short form identified by api_site_parameter on the site object.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{id}/notifications/unread
GET /users/{id}/privileges

Returns the privileges a user has.

Applications are encouraged to calculate privileges themselves, without repeated queries to this method. A simple check against the results returned by /privileges and user.user_type would be sufficient.

{id} can contain only a single, to find it programatically look for user_id on user or shallow_user objects.

This method returns a list of privileges.

operationId: User_getPrivilegesList

Parameters

Name In Required Type Description
id path required integer
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.
site query required string

Each of these methods operates on a single site at a time, identified by the site parameter. This parameter can be the full domain name (ie. “stackoverflow.com”), or a short form identified by api_site_parameter on the site object.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{id}/privileges
GET /users/{id}/reputation-history/full

Returns a user’s full reputation history, including private events.

This method requires an access_token, with a scope containing “private_info”.

This method returns a list of reputation_history.

operationId: User_getFullReputationHistory

Parameters

Name In Required Type Description
id path required integer
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.
site query required string

Each of these methods operates on a single site at a time, identified by the site parameter. This parameter can be the full domain name (ie. “stackoverflow.com”), or a short form identified by api_site_parameter on the site object.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{id}/reputation-history/full
GET /users/{id}/tags/{tags}/top-answers

Returns the top 30 answers a user has posted in response to questions with the given tags.

{id} can contain a single id, to find it programatically look for user_id on user or shallow_user objects. {tags} is limited to 5 tags, passing more will result in an error.

The sorts accepted by this method operate on the follow fields of the answer object:

  • activity - last_activity_date
  • creation - creation_date
  • votes - score
    activity is the default sort.

It is possible to create moderately complex queries using sort, min, max, fromdate, and todate.

This method returns a list of answers.

operationId: User_getUserTopAnswers

Parameters

Name In Required Type Description
id path required integer
tags path required string

String list (semicolon delimited).
order query optional string
max query optional string

sort = activity => date
sort = creation => date
sort = votes => number
min query optional string

sort = activity => date
sort = creation => date
sort = votes => number
sort query optional string
fromdate query optional integer

Unix date.
todate query optional integer

Unix date.
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.
site query required string

Each of these methods operates on a single site at a time, identified by the site parameter. This parameter can be the full domain name (ie. “stackoverflow.com”), or a short form identified by api_site_parameter on the site object.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{id}/tags/{tags}/top-answers
GET /users/{id}/tags/{tags}/top-questions

Returns the top 30 questions a user has asked with the given tags.

{id} can contain a single id, to find it programatically look for user_id on user or shallow_user objects. {tags} is limited to 5 tags, passing more will result in an error.

The sorts accepted by this method operate on the follow fields of the question object:

  • activity - last_activity_date
  • creation - creation_date
  • votes - score
    activity is the default sort.

It is possible to create moderately complex queries using sort, min, max, fromdate, and todate.

This method returns a list of questions.

operationId: User_getTopQuestionsByTags

Parameters

Name In Required Type Description
id path required integer
tags path required string

String list (semicolon delimited).
order query optional string
max query optional string

sort = activity => date
sort = creation => date
sort = votes => number
min query optional string

sort = activity => date
sort = creation => date
sort = votes => number
sort query optional string
fromdate query optional integer

Unix date.
todate query optional integer

Unix date.
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.
site query required string

Each of these methods operates on a single site at a time, identified by the site parameter. This parameter can be the full domain name (ie. “stackoverflow.com”), or a short form identified by api_site_parameter on the site object.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{id}/tags/{tags}/top-questions
GET /users/{id}/top-answer-tags

Returns a single user’s top tags by answer score.

This a subset of the data returned on a user’s tags tab.

{id} can contain a single id, to find it programatically look for user_id on user or shallow_user objects.

This method returns a list of top_tag objects.

operationId: User_getUserTopAnswerTags

Parameters

Name In Required Type Description
id path required integer
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.
site query required string

Each of these methods operates on a single site at a time, identified by the site parameter. This parameter can be the full domain name (ie. “stackoverflow.com”), or a short form identified by api_site_parameter on the site object.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{id}/top-answer-tags
GET /users/{id}/top-question-tags

Returns a single user’s top tags by question score.

This a subset of the data returned on a user’s tags tab.

{id} can contain a single id, to find it programatically look for user_id on user or shallow_user objects.

This method returns a list of top_tag objects.

operationId: User_getTopQuestionTags

Parameters

Name In Required Type Description
id path required integer
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.
site query required string

Each of these methods operates on a single site at a time, identified by the site parameter. This parameter can be the full domain name (ie. “stackoverflow.com”), or a short form identified by api_site_parameter on the site object.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{id}/top-question-tags
GET /users/{id}/write-permissions

Returns the write permissions a user has via the api.

The Stack Exchange API gives users the ability to create, edit, and delete certain types. This method returns whether the passed user is capable of performing those actions at all, as well as how many times a day they can.

This method does not consider the user’s current quota (ie. if they’ve already exhausted it for today) nor any additional restrictions on write access, such as editing deleted comments.

This method returns a list of write_permissions.

operationId: User_getWritePermissions

Parameters

Name In Required Type Description
id path required integer
pagesize query optional integer
page query optional integer
filter query optional string

#Discussion

The Stack Exchange API allows applications to exclude almost every field returned. For example, if an application did not care about a user’s badge counts it could exclude user.badge_counts whenever it calls a method that returns users.

An application excludes fields by creating a filter (via /filter/create) and passing it to a method in the filter parameter.

Filters are immutable and non-expiring. An application can safely “bake in” any filters that are created, it is not necessary (or advisable) to create filters at runtime.

The motivation for filters are several fold. Filters allow applications to reduce API responses to just the fields they are concerned with, saving bandwidth. With the list of fields an application is actually concerned with, the API can avoid unneccessary queries thereby decreasing response time (and reducing load on our infrastructure). Finally, filters allow us to be more conservative in what the API returns by default without a proliferation of parameters (as was seen with body, answers, and comments in the 1.x API family).

#Safety

Filters also carry a notion of safety, which is defined as follows. Any string returned as a result of an API call with a safe filter will be inline-able into HTML without script-injection concerns. That is to say, no additional sanitizing (encoding, HTML tag stripping, etc.) will be necessary on returned strings. Applications that wish to handle sanitizing themselves should create an unsafe filter. All filters are safe by default, under the assumption that double-encoding bugs are more desirable than script injections.

Note that this does not mean that “safe” filter is mearly an “unsafe” one with all fields passed though UrlEncode(…). Many fields can and will contain HTML in all filter types (most notably, the *.body fields).

When using unsafe filters, the API returns the highest fidelity data it can reasonably access for the given request. This means that in cases where the “safe” data is the only accessible data it will be returned even in “unsafe” filters. Notably the *.body fields are unchanged, as they are stored in that form. Fields that are unchanged between safe and unsafe filters are denoted in their types documentation.

#Built In Filters

The following filters are built in:

default, each type documents which fields are returned under the default filter (for example, answers).
withbody, which is default plus the *.body fields
none, which is empty
total, which includes just .total

#Compatibility with V1.x

For ease of transition from earlier API versions, the filters _b, _ba, _bc, _bca, _a, _ac, and _c are also built in. These are unsafe, and exclude a combination of question and answer body, comments, and answers so as to mimic the body, answers, and comments parameters that have been removed in V2.0. New applications should not use these filters.
callback query optional string

All API responses are JSON, we do support JSONP with the callback query parameter.
site query required string

Each of these methods operates on a single site at a time, identified by the site parameter. This parameter can be the full domain name (ie. “stackoverflow.com”), or a short form identified by api_site_parameter on the site object.

Responses

200

OK
400

bad_parameter – 400 An invalid parameter was passed, this includes even “high level” parameters like key or site.
401

access_token_required – 401 A method that requires an access token (obtained via authentication) was called without one.
402

invalid_access_token – 402 An invalid access token was passed to a method.
403

access_denied – 403 A method which requires certain permissions was called with an access token that lacks those permissions.
404

no_method – 404 An attempt was made to call a method that does not exist. Note, calling methods that expect numeric ids (like /users/{ids}) with non-numeric ids can also result in this error.
405

key_required – 405 A method was called in a manner that requires an application key (generally, with an access token), but no key was passed.
406

access_token_compromised – 406 An access token is no longer believed to be secure, normally because it was used on a non-HTTPS call. The access token will be invalidated if this error is returned.
500

internal_error – 500 An unexpected error occurred in the API. It has been logged, and Stack Exchange developers have been notified. You should report these errors on Stack Apps if you want to be notified when they’re fixed.
502

throttle_violation – 502 An application has violated part of the rate limiting contract, so the request was terminated.
503

temporarily_unavailable – 503 Some or all of the API is unavailable. Applications should backoff on requests to the method invoked.
GET /users/{id}/write-permissions