Feature request: expose report author in Public API and allow moderation actions via Public API #346
Description
Strapi 5.26.1
Plugin: 3.1.0
Summary
Two API improvements would greatly help when building a custom moderation UI outside Strapi Admin:
1. Expose the reporter (author) of abuse reports in the Public REST API responses.
2. Allow moderation actions (resolve/reopen report, block/unblock comment, approve/reject) via the Public REST API.
Context
• Strapi v5 + strapi-plugin-comments (latest)
• We’re building an external dashboard to manage comments and reports.
• Reading comments via the Public API works well; however:
• The report author is not available through the Public API response (or cannot be populated), making it impossible to show “who reported” in our UI.
• Moderation endpoints exist only outside the /api namespace (admin-only). To moderate from a front-end (or a backend-for-frontend), we need equivalent Public API routes.
⸻
Current behavior
• GET /api/comments/<relation>/flat returns comments (OK).
• GET /api/comments/reports?... or GET /api/comments/<relation>/reports returns reports but does not include reporter details (or populate for author is not honored).
• Moderation actions are only available at non-public routes, e.g.:
• PUT /comments/moderate/:commentId { action: 'approve'|'reject' }
• PUT /comments/moderate/single/:commentId/block
• PUT /comments/moderate/single/:commentId/unblock
• PUT /comments/moderate/single/:commentId/report/:reportId/(resolve|reopen)
These are not available under /api/... and require an admin token.
⸻
Desired behavior
(1) Reporter exposure in Public API
• Public endpoints that return reports should include minimal reporter info:
• id, username/name (email optional/behind a flag for privacy)
• Support populate=author or a dedicated include=author query param.
• Allow field selection/exclusion to avoid PII:
• e.g. ?omit[]=author.email or ?select[author][]=id&select[author][]=name
Example response (desired)
{
"result": [
{
"id": 5,
"reason": "OTHER",
"content": "This is misleading",
"resolved": false,
"createdAt": "2025-07-24T19:30:34.192Z",
"related": { "id": 4, "content": "aaa" },
"author": { "id": "123", "username": "fexx", "name": "Federico" }
}
],
"pagination": { "page": 1, "pageSize": 10, "pageCount": 1, "total": 1 }
}
(2) Public API for moderation
Mirror existing moderation actions under the Public API prefix.
Thanks a lot for the great plugin! These two additions would let teams build safe, external moderation tools without needing to proxy admin-only routes.