Moderation Tools

Flag

Any user is allowed to flag a message. This adds the message to the inbox of your moderation review queue on Stream Dashboard.

const flag = await client.flagMessage(messageResponse.message.id);

Reasons & custom data

You can enhance flags by associating them with a specific reason and custom data. It is advisable to utilise a slug or keyword as a designated reason for easy translation or other forms of display customisation.

The custom data can encompass any object, offering supplementary metadata to the flag.

The Query Message Flags endpoint retrieves both reasons and custom data, and the reason can also be utilised for filtering these flags.

// flag with a reason
let flag = await client.flagMessage(messageID, {
  reason: "spammy_user",
});

// flag with a reason and additional custom data
flag = await client.flagMessage(messageID, {
  reason: "spammy_user",
  custom: {
    user_comment: "This user is spamming the homepage.",
    page: "homepage",
  },
});

// flag with only custom data
flag = await client.flagMessage(messageID, {
  custom: {
    page: "homepage",
  },
});
cf;

Query Flagged Messages

If you prefer to build your own in-app moderation dashboard, rather than use the Stream dashboard, you can query flagged messages using the QueryReviewQueue API endpoint.

Both server-authenticated and user-authenticated clients can use this method. For client-side requests, the user needs moderator or admin permissions.

const response = await client.moderation.queryReviewQueue(
  { entity_type: "stream:chat:v1:message" },
  [{ field: "created_at", direction: -1 }],
  { next: null },
);

for (const item of response.items) {
  console.log(item.message.id);
  console.log(item.message.text);
  console.log(item.message.type);
  console.log(item.message.created_at);
}

console.log(next); // <-- next cursor for pagination

Please refer to the Moderation API documentation for more details.

Mutes

Any user is allowed to mute another user. Mutes are stored at the user level and returned with the rest of the user information when connectUser is called. A user will be muted until the user is unmuted or the mute is expired.

nametypedescriptiondefaultoptional
timeoutnumberThe timeout in minutes until the mute is expired.no limit
// client-side mute
const mute = await client.muteUser("eviluser");

// client-side mute for 60 minutes
const mute = await client.muteUser("eviluser", null, {
  timeout: 60,
});

// server-side mute requires the id of the user creating the mute as well
const mute = await client.muteUser("eviluser", "user_id");

After muting a user messages will still be delivered via web-socket. Implementing business logic such as hiding messages from muted users or displaying them differently is left to the developer to implement.

Messages from muted users are not delivered via push (APN/Firebase)

Ban

Users can be banned from an app entirely or from a channel. When a user is banned, they will not be allowed to post messages until the ban is removed or expired but will be able to connect to Chat and to channels as before.

Channel watchers cannot be banned.

It is also possible to ban the user’s last known IP address to prevent the creation of new “throw-away” accounts. This type of ban is only applicable on the app level. ISPs often rotate IP addresses, therefore in order to prevent innocent users to be banned, we automatically apply a 30 day timeout when applying an IP ban. This value can be overwritten, if a timeout is supplied in the request. The IP address will be unbanned either after reaching a timeout or with explicit user unban.

In most cases, only admins or moderators are allowed to ban other users from a channel.

nametypedescriptiondefaultoptional
timeoutnumberThe timeout in minutes until the ban is automatically expired.no limit
reasonstringThe reason that the ban was created.
ip_banbooleanWhether or not to apply IP address banfalse
banned_by_idstringThe ID of the user who is performing the ban. This is required only when using API from the server-side
delete_messagesstringDelete messages of the banned user. Can be “soft” or “hard” which soft-deletes and hard-deletes the messages respectively

Banning a user from all channels can only be done using server-side auth.

// ban a user for 60 minutes from all channel
let data = await client.banUser("eviluser", {
  banned_by_id: userID, // ID of the user who is performing the ban (Server-side auth)
  timeout: 60,
  reason: "Banned for one hour",
});

// ban a user and their IP address for 24 hours
let data = await client.banUser("eviluser", {
  banned_by_id: userID,
  timeout: 24 * 60,
  ip_ban: true,
  reason: "Please come back tomorrow",
});

// ban a user from the livestream:fortnite channel
data = await channel.banUser("eviluser", {
  banned_by_id: userID,
  reason: "Profanity is not allowed here",
});

// remove ban from channel
data = await channel.unbanUser("eviluser");

// remove global ban
data = await authClient.unbanUser("eviluser");

Query Banned Users

Banned users can be retrieved in different ways:

  1. Using the dedicated query bans endpoint

  2. User Search: you can add the banned: true condition to your search. Please note that this will only return users that were banned at the app level and not the ones that were banned only on channels.

// retrieve the list of banned users
const response = await client.queryUsers(
  { banned: true },
  {},
  { limit: 10, offset: 0 },
);

// query for banned members from one channel
const results = await client.queryBannedUsers({
  channel_cid: "livestream:123",
});

Query Bans Endpoint

The query bans endpoint allows you to list bans for your application. Similar to other query endpoints, you can filter bans by different fields and control the ordering of results.

Globally banned users can only be retrieved using server-side auth

Available fields

NameDescriptionExampleOperators
channel_cidThe channel CID for the ban. When this parameter is not provided, both global and channel bans will be returned.{ channel_cid :{$in:[“livestream:1”,“livestream:2”]}}$eq, $in
user_idThe ID of the banned user{ user_id: “evil_user” }$eq, $in, $neq, $nin
created_atThe date (RFC339) of the ban creation{ created_at: {$gt: “2020-10-02T15:00:00Z”} }$eq, $gt, $gte, $lt, $lte
banned_by_idThe ID of the user that created the ban{ banned_by_id: “42”}$eq, $in, $neq, $nin

Pagination for bans can be done in two ways: using offset/limit or using the created_at field. Bans are returned in ascending order by default so to get the second page you need to request bans with created_at less than the created_at of the last ban on the first page. Ordering can be reversed using the sort option.

// get the bans for channel livestream:123 in descending order
const response = await client.queryBannedUsers(
  { channel_cid: "livestream:123" },
  { created_at: -1 },
);

// get the next page of bans for the same channel
await client.queryBannedUsers(
  { channel_cid: "livestream:123", created_at_before_or_equal: createdAt },
  { created_at: -1 },
);

Shadow Ban

Instead of a default ban, you can shadow banusers from a channel, set of channels, or an entire App. When a user is shadow banned, they will still be allowed to post messages, but any message sent during the ban will only be visible to the author of the message and invisible to other users of the App.

Shadow banning can delay a persistent bad actor from attempting ban evasion techniques by obfuscating the fact that a ban has occurred for them. Since a shadow ban’s effectiveness relies on it not being discovered, shadow bans work best in chats with a high volume of messages and fast velocity where the offending user’s messages not receiving engagement appears plausible; think livestreams.

Messages from a shadow banned user will include the shadowed: true flag on the message object. This flag is only visible to users other than the shadow banned user, so the offender will not be able to recognize that they are shadow banned even if they use developer tools to inspect responses from the API. You will need to implement UI logic for how your application will handle shadowed messages. Having the client hide these messages for everybody other than the user sending them is a common approach.

nametypedescriptiondefaultoptional
timeoutnumberThe timeout in minutes until the ban is automatically expired.no-limit
reasonstringThe reason that the ban was created.-
ip_banbooleanWhether or not to apply IP address banfalse
banned_by_idstringThe ID of the user who is performing the ban. This is required only when using API from the server-side-
// shadow ban a user from all channels
let data = await client.shadowBan("eviluser");

// shadow ban a user from a channel
data = await channel.shadowBan("eviluser");

// remove shadow ban from channel
data = await channel.removeShadowBan("eviluser");

// remove global shadow ban
data = await client.removeShadowBan("eviluser");

// server-side shadow ban
data = await client.shadowBan("eviluser", { banned_by_id: "regularUser" });

Administrators can view shadow banned user status in queryChannels(), queryMembers() and queryUsers().

Block Lists

A list of words you can define to moderate chat messages. A blocklist can be assigned to each channel type to either block or flag messages that contain these words. More information can be found here.

Automated Moderation for Chat

Stream AutoMod uses an AI-based classification system to detect various types of bad content. The tool is powered by AI, an is highly configurable for each channel type to assist the manual work of human moderators. You can learn more here.

Previous
Message Reminders
Next
Image Moderation
© Getstream.io, Inc. All Rights Reserved.