Skip to content

Flags Endpoints

CTFd Version: 3.7.1

Last Updated: 6/6/2024

Models

Endpoints

Flag Model

Represents a flag in the CTFd database.

{
    "id": 1,
    "challenge_id": 1,
    "type": "string",
    "content": "string",
    "data": "string"
}
Name Type Description
id int The ID of the flag
challenge_id int The ID of the challenge the flag is for
type string The type of the flag, can be either "static" or "regex"
content string The content of the flag
data string The data of the flag, seems to only be used for the flag's case-insensitivity, can be either "case_insensitive" or ""

FlagType Model

{
    "name": "string",
    "templates": {
        "create": "string",
        "update": "string"
    }
}
Name Type Description
name string The name of the flag type
templates dict The templates for creating and updating flags of this type

GET /flags

Note

This endpoint is only accessible to admins.

Endpoint to get all flags in bulk. Can be filtered by challenge_id, flag type, flag content, and flag data.

Query Parameters

Name Type Description
challenge_id int The ID of the challenge to get flags for
type string The type of flag to get
content string The content of the flag to match
data string The data of the flag to match, seems to only be used for the flag's case-insensitivity, possible values are case_insensitive or a blank string
q string A search query to match against the given field. If this is specified, field must also be specified
field string The field to search against, can be either type, content or data. If this is specified, q must also be specified.

Response

  • 200 OK - The flags were successfully retrieved

    • list[Flag] 
      {
    "success": true,
    "data": [
        {
            "id": 1,
            "challenge_id": 1,
            "type": "string",
            "content": "string",
            "data": "string"
        }
    ]
}

  • 400 Bad Request - An error occurred processing the provided or stored data

    • application/json 
      {
    "success": false,
    "errors": [
        "string"
    ]
}

Return Values

Name Type Description
id int The ID of the flag
challenge_id int The ID of the challenge the flag is for
type string The type of the flag, can be either "static" or "regex"
content string The content of the flag
data string The data of the flag, seems to only be used for the flag's case-insensitivity, can be either "case_insensitive" or ""

POST /flags

Note

This endpoint is only accessible to admins.

Endpoint to create a new flag.

JSON Parameters

Name Type Description
challenge_id int The ID of the challenge the flag is for
type string The type of the flag, can be either "static" or "regex"
content string The content of the flag
data string The data of the flag, seems to only be used for the flag's case-insensitivity, can be either "case_insensitive" or ""

Response

  • 200 OK - The flag was successfully created

    • Flag 
      {
    "success": true,
    "data": {
        "id": 1,
        "challenge_id": 1,
        "type": "string",
        "content": "string",
        "data": "string"
    }
}

  • 400 Bad Request - An error occurred processing the provided or stored data

    • application/json 
      {
    "success": false,
    "errors": [
        "string"
    ]
}

  • 403 Forbidden - You are not allowed to access this endpoint

    • application/json 
      {
    "message": "string"
}

Return Values

Name Type Description
id int The ID of the flag
challenge_id int The ID of the challenge the flag is for
type string The type of the flag, can be either "static" or "regex"
content string The content of the flag
data string The data of the flag, seems to only be used for the flag's case-insensitivity, can be either "case_insensitive" or ""

GET /flags/types

Note

This endpoint is only accessible to admins.

Endpoint to get all flag types.

Response

  • 200 OK - The flag types were successfully retrieved
    • dict[str,FlagType] 
      {
    "success": true,
    "data": {
        "string": {
            "name": "string",
            "templates": {
                "create": "string",
                "update": "string"
            }
        }
    }
}

Return Values

Name Type Description
name string The name of the flag type
templates dict The templates for creating and updating flags of this type

GET /flags/types/{type_name}

Note

This endpoint is only accessible to admins.

Endpoint to get a specific flag type.

Response

  • 200 OK - The flag type was successfully retrieved
    • FlagType` 
      {
    "success": true,
    "data": {
        "name": "string",
        "templates": {
            "create": "string",
            "update": "string"
        }
    }
}

Return Values

Name Type Description
name string The name of the flag type
templates dict The templates for creating and updating flags of this type

GET /flags/{flag_id}

Note

This endpoint is only accessible to admins.

Endpoint to get a specific flag.

Response

  • 200 OK - The flag was successfully retrieved

    • Flag 
      {
    "success": true,
    "data": {
        "id": 1,
        "challenge_id": 1,
        "type": "string",
        "content": "string",
        "data": "string",
        "templates": {
            "create": "string",
            "update": "string"
        }
    }
}

  • 400 Bad Request - An error occurred processing the provided or stored data

    • application/json 
      {
    "success": false,
    "errors": [
        "string"
    ]
}

  • 404 Not Found - The flag with the given ID does not exist

    • application/json 
      {
    "message": "string"
}

Return Values

Name Type Description
id int The ID of the flag
challenge_id int The ID of the challenge the flag is for
type string The type of the flag, can be either "static" or "regex"
content string The content of the flag
data string The data of the flag, seems to only be used for the flag's case-insensitivity, can be either "case_insensitive" or ""
templates dict The templates for creating and updating flags of this type

PATCH /flags/{flag_id}

Note

This endpoint is only accessible to admins.

Endpoint to update a specific flag.

JSON Parameters

Name Type Description
challenge_id int The ID of the challenge the flag is for
type string The type of the flag, can be either "static" or "regex"
content string The content of the flag
data string The data of the flag, seems to only be used for the flag's case-insensitivity, can be either "case_insensitive" or ""

Response

  • 200 OK - The flag was successfully updated

    • Flag 
      {
    "success": true,
    "data": {
        "id": 1,
        "challenge_id": 1,
        "type": "string",
        "content": "string",
        "data": "string"
    }
}

  • 400 Bad Request - An error occurred processing the provided or stored data

    • application/json 
      {
    "success": false,
    "errors": [
        "string"
    ]
}

  • 403 Forbidden - You are not allowed to access this endpoint

    • application/json 
      {
    "message": "string"
}

  • 404 Not Found - The flag with the given ID does not exist

    • application/json 
      {
    "message": "string"
}

Return Values

Name Type Description
id int The ID of the flag
challenge_id int The ID of the challenge the flag is for
type string The type of the flag, can be either "static" or "regex"
content string The content of the flag
data string The data of the flag, seems to only be used for the flag's case-insensitivity, can be either "case_insensitive" or ""

DELETE /flags/{flag_id}

Note

This endpoint is only accessible to admins.

Endpoint to delete a specific flag.

Response

  • 200 OK - The flag was successfully deleted

    • application/json 
      {
    "success": true
}

  • 403 Forbidden - You are not allowed to access this endpoint

    • application/json 
      {
    "message": "string"
}

  • 404 Not Found - The flag with the given ID does not exist

    • application/json 
      {
    "message": "string"
}