Flags Endpoints¶
CTFd Version: 3.7.1
Last Updated: 6/6/2024
Models¶
Endpoints¶
GET /flags
POST /flags
GET /flags/types
GET /flags/types/{type_name}
GET /flags/{flag_id}
PATCH /flags/{flag_id}
DELETE /flags/{flag_id}
Flag
Model¶
Represents a flag in the CTFd database.
{
"id": 1,
"challenge_id": 1,
"type": "string",
"content": "string",
"data": "string"
}
Name | Type | Description |
---|---|---|
id |
int |
The ID of the flag |
challenge_id |
int |
The ID of the challenge the flag is for |
type |
string |
The type of the flag, can be either "static" or "regex" |
content |
string |
The content of the flag |
data |
string |
The data of the flag, seems to only be used for the flag's case-insensitivity, can be either "case_insensitive" or "" |
FlagType
Model¶
{
"name": "string",
"templates": {
"create": "string",
"update": "string"
}
}
Name | Type | Description |
---|---|---|
name |
string |
The name of the flag type |
templates |
dict |
The templates for creating and updating flags of this type |
GET /flags
¶
Note
This endpoint is only accessible to admins.
Endpoint to get all flags in bulk. Can be filtered by challenge_id
, flag type
, flag content
, and flag data
.
Query Parameters¶
Name | Type | Description |
---|---|---|
challenge_id |
int |
The ID of the challenge to get flags for |
type |
string |
The type of flag to get |
content |
string |
The content of the flag to match |
data |
string |
The data of the flag to match, seems to only be used for the flag's case-insensitivity, possible values are case_insensitive or a blank string |
q |
string |
A search query to match against the given field . If this is specified, field must also be specified |
field |
string |
The field to search against, can be either type , content or data . If this is specified, q must also be specified. |
Response¶
-
200 OK
- The flags were successfully retrievedlist[
Flag
]
{ "success": true, "data": [ { "id": 1, "challenge_id": 1, "type": "string", "content": "string", "data": "string" } ] }
-
400 Bad Request
- An error occurred processing the provided or stored dataapplication/json
{ "success": false, "errors": [ "string" ] }
Return Values¶
Name | Type | Description |
---|---|---|
id |
int |
The ID of the flag |
challenge_id |
int |
The ID of the challenge the flag is for |
type |
string |
The type of the flag, can be either "static" or "regex" |
content |
string |
The content of the flag |
data |
string |
The data of the flag, seems to only be used for the flag's case-insensitivity, can be either "case_insensitive" or "" |
POST /flags
¶
Note
This endpoint is only accessible to admins.
Endpoint to create a new flag.
JSON Parameters¶
Name | Type | Description |
---|---|---|
challenge_id |
int |
The ID of the challenge the flag is for |
type |
string |
The type of the flag, can be either "static" or "regex" |
content |
string |
The content of the flag |
data |
string |
The data of the flag, seems to only be used for the flag's case-insensitivity, can be either "case_insensitive" or "" |
Response¶
-
200 OK
- The flag was successfully createdFlag
{ "success": true, "data": { "id": 1, "challenge_id": 1, "type": "string", "content": "string", "data": "string" } }
-
400 Bad Request
- An error occurred processing the provided or stored dataapplication/json
{ "success": false, "errors": [ "string" ] }
-
403 Forbidden
- You are not allowed to access this endpointapplication/json
{ "message": "string" }
Return Values¶
Name | Type | Description |
---|---|---|
id |
int |
The ID of the flag |
challenge_id |
int |
The ID of the challenge the flag is for |
type |
string |
The type of the flag, can be either "static" or "regex" |
content |
string |
The content of the flag |
data |
string |
The data of the flag, seems to only be used for the flag's case-insensitivity, can be either "case_insensitive" or "" |
GET /flags/types
¶
Note
This endpoint is only accessible to admins.
Endpoint to get all flag types.
Response¶
200 OK
- The flag types were successfully retrieveddict[str,
FlagType
]
{ "success": true, "data": { "string": { "name": "string", "templates": { "create": "string", "update": "string" } } } }
Return Values¶
Name | Type | Description |
---|---|---|
name |
string |
The name of the flag type |
templates |
dict |
The templates for creating and updating flags of this type |
GET /flags/types/{type_name}
¶
Note
This endpoint is only accessible to admins.
Endpoint to get a specific flag type.
Response¶
200 OK
- The flag type was successfully retrievedFlagType
`{ "success": true, "data": { "name": "string", "templates": { "create": "string", "update": "string" } } }
Return Values¶
Name | Type | Description |
---|---|---|
name |
string |
The name of the flag type |
templates |
dict |
The templates for creating and updating flags of this type |
GET /flags/{flag_id}
¶
Note
This endpoint is only accessible to admins.
Endpoint to get a specific flag.
Response¶
-
200 OK
- The flag was successfully retrievedFlag
{ "success": true, "data": { "id": 1, "challenge_id": 1, "type": "string", "content": "string", "data": "string", "templates": { "create": "string", "update": "string" } } }
-
400 Bad Request
- An error occurred processing the provided or stored dataapplication/json
{ "success": false, "errors": [ "string" ] }
-
404 Not Found
- The flag with the given ID does not existapplication/json
{ "message": "string" }
Return Values¶
Name | Type | Description |
---|---|---|
id |
int |
The ID of the flag |
challenge_id |
int |
The ID of the challenge the flag is for |
type |
string |
The type of the flag, can be either "static" or "regex" |
content |
string |
The content of the flag |
data |
string |
The data of the flag, seems to only be used for the flag's case-insensitivity, can be either "case_insensitive" or "" |
templates |
dict |
The templates for creating and updating flags of this type |
PATCH /flags/{flag_id}
¶
Note
This endpoint is only accessible to admins.
Endpoint to update a specific flag.
JSON Parameters¶
Name | Type | Description |
---|---|---|
challenge_id |
int |
The ID of the challenge the flag is for |
type |
string |
The type of the flag, can be either "static" or "regex" |
content |
string |
The content of the flag |
data |
string |
The data of the flag, seems to only be used for the flag's case-insensitivity, can be either "case_insensitive" or "" |
Response¶
-
200 OK
- The flag was successfully updatedFlag
{ "success": true, "data": { "id": 1, "challenge_id": 1, "type": "string", "content": "string", "data": "string" } }
-
400 Bad Request
- An error occurred processing the provided or stored dataapplication/json
{ "success": false, "errors": [ "string" ] }
-
403 Forbidden
- You are not allowed to access this endpointapplication/json
{ "message": "string" }
-
404 Not Found
- The flag with the given ID does not existapplication/json
{ "message": "string" }
Return Values¶
Name | Type | Description |
---|---|---|
id |
int |
The ID of the flag |
challenge_id |
int |
The ID of the challenge the flag is for |
type |
string |
The type of the flag, can be either "static" or "regex" |
content |
string |
The content of the flag |
data |
string |
The data of the flag, seems to only be used for the flag's case-insensitivity, can be either "case_insensitive" or "" |
DELETE /flags/{flag_id}
¶
Note
This endpoint is only accessible to admins.
Endpoint to delete a specific flag.
Response¶
-
200 OK
- The flag was successfully deletedapplication/json
{ "success": true }
-
403 Forbidden
- You are not allowed to access this endpointapplication/json
{ "message": "string" }
-
404 Not Found
- The flag with the given ID does not existapplication/json
{ "message": "string" }