Abuse Reports

Note

These APIs are not frozen and can change at any time without warning. See the API versions available for alternatives if you need stability.

The following API endpoint covers abuse reporting

Submitting an add-on abuse report

The following API endpoint allows an abuse report to be submitted for an Add-on, either listed on https://addons.mozilla.org or not. Authentication is not required, but is recommended so reports can be responded to if necessary.

Warning

Except for the message, all strings have a maximum length of 255 characters and should be truncated by the client where necessary.

Warning

For addon_install_method and addon_install_source specifically, if an unsupported value is sent, it will be silently changed to other instead of raising a 400 error.

POST /api/v5/abuse/report/addon/
Request JSON Object:

  • addon (string|int) – The id, slug, or guid of the add-on to report for abuse (required).

  • message (string) – The body/content of the abuse report (required).

  • report_entry_point (string|null) – The report entry point. The accepted values are documented in the table below.

  • addon_install_method (string|null) – The add-on install method. The accepted values are documented in the table below.

  • addon_install_origin (string|null) – The add-on install origin.

  • addon_install_source (string|null) – The add-on install source. The accepted values are documented in the table below.

  • addon_install_source_url (string|null) – The add-on install source URL.

  • addon_name (string|null) – The add-on name in the locale used by the client.

  • addon_signature (string|null) – The add-on signature state. The accepted values are documented in the table below.

  • addon_summary (string|null) – The add-on summary in the locale used by the client.

  • addon_version (string|null) – The add-on version string.

  • app (string|null) – The application used by the client. Can be either firefox or android.

  • appversion (string|null) – The application version used by the client.

  • lang (string|null) – The language code of the locale used by the client for the application.

  • location (string|null) – Where the content being reported is located - on AMO or inside the add-on. The accepted values are documented in the table below.

  • client_id (string|null) – The client’s hashed telemetry ID.

  • install_date (string|null) – The add-on install date.

  • operating_system (string|null) – The client’s operating system.

  • operating_system_version (string|null) – The client’s operating system version.

  • reason (string|null) – The reason for the report. The accepted values are documented in the table below.

  • reporter_name (string|null) – The provided name of the reporter, if not authenticated.

  • reporter_email (string|null) – The provided email of the reporter, if not authenticated.

Response JSON Object:

  • reporter (object|null) – The user who submitted the report, if authenticated.

  • reporter.id (int) – The id of the user who submitted the report.

  • reporter.name (string) – The name of the user who submitted the report.

  • reporter.username (string) – The username of the user who submitted the report.

  • reporter.url (string) – The link to the profile page for of the user who submitted the report.

  • reporter_name (string|null) – The provided name of the reporter, if not authenticated.

  • reporter_email (string|null) – The provided email of the reporter, if not authenticated.

  • addon (object) – The add-on reported for abuse.

  • addon.guid (string) – The add-on extension identifier.

  • addon.id (int|null) – The add-on id on AMO, or null if the addon submitted was a guid.

  • addon.slug (string|null) – The add-on slug, or null if the addon submitted was a guid.

  • message (string) – The body/content of the abuse report.

  • report_entry_point (string|null) – The report entry point.

  • addon_install_method (string|null) – The add-on install method.

  • addon_install_origin (string|null) – The add-on install origin.

  • addon_install_source (string|null) – The add-on install source.

  • addon_install_source_url (string|null) – The add-on install source URL.

  • addon_name (string|null) – The add-on name in the locale used by the client.

  • addon_signature (string|null) – The add-on signature state.

  • addon_summary (string|null) – The add-on summary in the locale used by the client.

  • addon_version (string|null) – The add-on version string.

  • app (string|null) – The application used by the client.

  • appversion (string|null) – The application version used by the client.

  • lang (string|null) – The language code of the locale used by the client for the application.

  • location (string|null) – Where the content being reported is located - on AMO or inside the add-on.

  • client_id (string|null) – The client’s hashed telemetry ID.

  • install_date (string|null) – The add-on install date.

  • operating_system (string|null) – The client’s operating system.

  • operating_system_version (string|null) – The client’s operating system version.

  • reason (string|null) – The reason for the report.

Accepted values for the report_entry_point parameter:

Value

Description

uninstall

Report button shown at uninstall time

menu

Report menu in Add-ons Manager

toolbar_context_menu

Report context menu on add-on toolbar

amo

Report button on an AMO page (using navigator.mozAddonManager.reportAbuse)

unified_context_menu

Report unified extensions (context) menu

Accepted values for the addon_install_method parameter:

Note

This should match what is documented for addonsManager.install.extra_keys.method in Firefox telemetry event definition except that the values are normalized by being converted to lowercase with the : and - characters converted to _. In addition, extra values are supported for backwards-compatibility purposes, since Firefox before version 70 merged source and method into the same value. If an unsupported value is sent for this parameter, it will be silently changed to special other instead of raising a 400 error.

Value

Description

amwebapi

Add-on Manager Web API

link

Direct Link

installtrigger

InstallTrigger API

install_from_file

Local File

management_webext_api

WebExt Management API

drag_and_drop

Drag & Drop

sideload

Sideload

file_url

File URL

url

URL

other

Other

enterprise_policy

Enterprise Policy (obsolete, for backwards-compatibility)

distribution

Included in build (obsolete, for backwards-compatibility)

system_addon

System Add-on (obsolete, for backwards-compatibility)

temporary_addon

Temporary Add-on (obsolete, for backwards-compatibility)

sync

Sync (obsolete, for backwards-compatibility)

Accepted values for the addon_install_source parameter:

Note

This should match what is documented for addonsManager.install.extra_keys.method in Firefox telemetry event definition except that the values are normalized by being converted to lowercase with the : and - characters converted to _. We support the additional other value as a catch-all. If an unsupported value is sent for this parameter, it will be silently changed to other instead of raising a 400 error.

Value

Description

about_addons

Add-ons Manager

about_debugging

Add-ons Debugging

about_preferences

Preferences

amo

AMO

app_builtin

Built-in Add-on

app_global

Application Add-on

app_profile

App Profile

app_system_addons

System Add-on (Update)

app_system_defaults

System Add-on (Bundled)

app_system_local

System-wide Add-on (OS Local)

app_system_profile

System Add-on (Profile)

app_system_share

System-wide Add-on (OS Share)

app_system_user

System-wide Add-on (User)

disco

Disco Pane

distribution

Included in build

enterprise_policy

Enterprise Policy

extension

Extension

file_url

File URL

gmp_plugin

GMP Plugin

internal

Internal

other

Other

plugin

Plugin

rtamo

Return To AMO

sync

Sync

system_addon

System Add-on

temporary_addon

Temporary Add-on

unknown

Unknown

winreg_app_global

Windows Registry (Global)

winreg_app_user

Windows Registry (User)

Accepted values for the addon_signature parameter:

Value

Description

curated_and_partner

Curated and partner

curated

Curated

partner

Partner

non_curated

Non-curated

unsigned

Unsigned

broken

Broken

unknown

Unknown

missing

Missing

preliminary

Preliminary

signed

Signed

system

System

privileged

Privileged

Accepted values for the reason parameter (for add-on abuse reports):

Value

Description

damage

Damages computer and/or data

spam

Creates spam or advertising

settings

Changes search / homepage / new tab page without informing user

broken

Doesn’t work, breaks websites, or slows Firefox down

policy

Hateful, violent, or illegal content

deceptive

Doesn’t match description

unwanted

Wasn’t wanted / impossible to get rid of

hateful_violent_deceptive

Hateful, violent, deceptive, or other inappropriate content

illegal

Violates the law or contains content that violates the law

does_not_work

Doesn’t work, breaks websites, or slows Firefox down

feedback_spam

Spam

something_else

Something else

other

Other

Accepted values for the location parameter:

Value

Description

amo

Offending content is on add-on’s detail page on AMO

addon

Offending content is inside the add-on

both

Offending content is in both locations

Submitting a user abuse report

The following API endpoint allows an abuse report to be submitted for a user account on https://addons.mozilla.org. Authentication is not required, but is recommended so reports can be responded to if necessary.

POST /api/v5/abuse/report/user/
Request JSON Object:

  • user (string|int) – The id or username of the user to report for abuse (required).

  • message (string) – The body/content of the abuse report (required).

  • lang (string|null) – The language code of the locale used by the client for the application.

  • reason (string|null) – The reason for the report. The accepted values are documented in the table below.

  • reporter_name (string|null) – The provided name of the reporter, if not authenticated.

  • reporter_email (string|null) – The provided email of the reporter, if not authenticated.

Response JSON Object:

  • reporter (object|null) – The user who submitted the report, if authenticated.

  • reporter.id (int) – The id of the user who submitted the report.

  • reporter.name (string) – The name of the user who submitted the report.

  • reporter.url (string) – The link to the profile page for of the user who submitted the report.

  • reporter.username (string) – The username of the user who submitted the report.

  • reporter_name (string|null) – The provided name of the reporter, if not authenticated.

  • reporter_email (string|null) – The provided email of the reporter, if not authenticated.

  • user (object) – The user reported for abuse.

  • user.id (int) – The id of the user reported.

  • user.name (string) – The name of the user reported.

  • user.url (string) – The link to the profile page for of the user reported.

  • user.username (string) – The username of the user reported.

  • message (string) – The body/content of the abuse report.

  • lang (string|null) – The language code of the locale used by the client for the application.

Accepted values for the reason parameter (for user abuse reports):

Value

Description

hateful_violent_deceptive

Hateful, violent, deceptive, or other inappropriate content

illegal

Violates the law or contains content that violates the law

feedback_spam

Spam

something_else

Something else

Submitting a rating abuse report

The following API endpoint allows an abuse report to be submitted for a rating on https://addons.mozilla.org. Authentication is not required, but is recommended so reports can be responded to if necessary.

POST /api/v5/abuse/report/rating/
Request JSON Object:

  • rating (string|int) – The id of the rating to report for abuse (required).

  • message (string) – The body/content of the abuse report (required).

  • lang (string|null) – The language code of the locale used by the client for the application.

  • reason (string|null) – The reason for the report. The accepted values are documented in the table below.

  • reporter_name (string|null) – The provided name of the reporter, if not authenticated.

  • reporter_email (string|null) – The provided email of the reporter, if not authenticated.

Response JSON Object:

  • reporter (object|null) – The user who submitted the report, if authenticated.

  • reporter.id (int) – The id of the user who submitted the report.

  • reporter.name (string) – The name of the user who submitted the report.

  • reporter.url (string) – The link to the profile page for of the user who submitted the report.

  • reporter.username (string) – The username of the user who submitted the report.

  • reporter_name (string|null) – The provided name of the reporter, if not authenticated.

  • reporter_email (string|null) – The provided email of the reporter, if not authenticated.

  • rating (object) – The user reported for abuse.

  • rating.id (int) – The id of the rating reported.

  • message (string) – The body/content of the abuse report.

  • lang (string|null) – The language code of the locale used by the client for the application.

  • reason (string|null) – The reason for the report.

Accepted values for the reason parameter (for rating abuse reports):

Value

Description

hateful_violent_deceptive

Hateful, violent, deceptive, or other inappropriate content

illegal

Violates the law or contains content that violates the law

something_else

Something else

Submitting a collection abuse report

The following API endpoint allows an abuse report to be submitted for a collection on https://addons.mozilla.org. Authentication is not required, but is recommended so reports can be responded to if necessary.

POST /api/v5/abuse/report/collection/
Request JSON Object:

  • collection (string|int) – The id of the collection to report for abuse (required).

  • message (string) – The body/content of the abuse report (required).

  • lang (string|null) – The language code of the locale used by the client for the application.

  • reason (string|null) – The reason for the report. The accepted values are documented in the table below.

  • reporter_name (string|null) – The provided name of the reporter, if not authenticated.

  • reporter_email (string|null) – The provided email of the reporter, if not authenticated.

Response JSON Object:

  • reporter (object|null) – The user who submitted the report, if authenticated.

  • reporter.id (int) – The id of the user who submitted the report.

  • reporter.name (string) – The name of the user who submitted the report.

  • reporter.url (string) – The link to the profile page for of the user who submitted the report.

  • reporter.username (string) – The username of the user who submitted the report.

  • reporter_name (string|null) – The provided name of the reporter, if not authenticated.

  • reporter_email (string|null) – The provided email of the reporter, if not authenticated.

  • collection (object) – The collection reported for abuse.

  • collection.id (int) – The id of the collection reported.

  • message (string) – The body/content of the abuse report.

  • lang (string|null) – The language code of the locale used by the client for the application.

Accepted values for the reason parameter (for collection abuse reports):

Value

Description

hateful_violent_deceptive

Hateful, violent, deceptive, or other inappropriate content

illegal

Violates the law or contains content that violates the law

feedback_spam

Spam

something_else

Something else