Abuse Reports

Note

These v4 APIs are now frozen. See the API versions available for details of the different API versions available.

The following API endpoint covers abuse reporting

Submitting an add-on abuse report

The following API endpoint allows an abuse report to be submitted for an Add-on, either listed on https://addons.mozilla.org or not. Authentication is not required, but is recommended so reports can be responded to if necessary.

Warning

Except for the message, all strings have a maximum length of 255 characters and should be truncated by the client where necessary.

Warning

For addon_install_method and addon_install_source specifically, if an unsupported value is sent, it will be silently changed to other instead of raising a 400 error.

POST /api/v4/abuse/report/addon/
Request JSON Object:

  • addon (string) – The id, slug, or guid of the add-on to report for abuse (required).

  • message (string) – The body/content of the abuse report (required).

  • report_entry_point (string|null) – The report entry point. The accepted values are documented in the table below.

  • addon_install_method (string|null) – The add-on install method. The accepted values are documented in the table below.

  • addon_install_origin (string|null) – The add-on install origin.

  • addon_install_source (string|null) – The add-on install source. The accepted values are documented in the table below.

  • addon_install_source_url (string|null) – The add-on install source URL.

  • addon_name (string|null) – The add-on name in the locale used by the client.

  • addon_signature (string|null) – The add-on signature state. The accepted values are documented in the table below.

  • addon_summary (string|null) – The add-on summary in the locale used by the client.

  • addon_version (string|null) – The add-on version string.

  • app (string|null) – The application used by the client. Can be either firefox or android.

  • appversion (string|null) – The application version used by the client.

  • lang (string|null) – The language code of the locale used by the client for the application.

  • client_id (string|null) – The client’s hashed telemetry ID.

  • install_date (string|null) – The add-on install date.

  • operating_system (string|null) – The client’s operating system.

  • operating_system_version (string|null) – The client’s operating system version.

  • reason (string|null) – The reason for the report. The accepted values are documented in the table below.

Response JSON Object:

  • reporter (object|null) – The user who submitted the report, if authenticated.

  • reporter.id (int) – The id of the user who submitted the report.

  • reporter.name (string) – The name of the user who submitted the report.

  • reporter.username (string) – The username of the user who submitted the report.

  • reporter.url (string) – The link to the profile page for of the user who submitted the report.

  • addon (object) – The add-on reported for abuse.

  • addon.guid (string) – The add-on extension identifier.

  • addon.id (int|null) – The add-on id on AMO. If the guid submitted didn’t match a known add-on on AMO, then null.

  • addon.slug (string|null) – The add-on slug. If the guid submitted didn’t match a known add-on on AMO, then null.

  • message (string) – The body/content of the abuse report.

  • report_entry_point (string|null) – The report entry point.

  • addon_install_method (string|null) – The add-on install method.

  • addon_install_origin (string|null) – The add-on install origin.

  • addon_install_source (string|null) – The add-on install source.

  • addon_install_source_url (string|null) – The add-on install source URL.

  • addon_name (string|null) – The add-on name in the locale used by the client.

  • addon_signature (string|null) – The add-on signature state.

  • addon_summary (string|null) – The add-on summary in the locale used by the client.

  • addon_version (string|null) – The add-on version string.

  • app (string|null) – The application used by the client.

  • appversion (string|null) – The application version used by the client.

  • lang (string|null) – The language code of the locale used by the client for the application.

  • client_id (string|null) – The client’s hashed telemetry ID.

  • install_date (string|null) – The add-on install date.

  • operating_system (string|null) – The client’s operating system.

  • operating_system_version (string|null) – The client’s operating system version.

  • reason (string|null) – The reason for the report.

Accepted values for the report_entry_point parameter:

Value

Description

uninstall

Report button shown at uninstall time

menu

Report menu in Add-ons Manager

toolbar_context_menu

Report context menu on add-on toolbar

amo

Report button on an AMO page (using navigator.mozAddonManager.reportAbuse)

Accepted values for the addon_install_method parameter:

Note

This should match what is documented for addonsManager.install.extra_keys.method in Firefox telemetry event definition except that the values are normalized by being converted to lowercase with the : and - characters converted to _. In addition, extra values are supported for backwards-compatibility purposes, since Firefox before version 70 merged source and method into the same value. If an unsupported value is sent for this parameter, it will be silently changed to special other instead of raising a 400 error.

Value

Description

amwebapi

Add-on Manager Web API

link

Direct Link

installtrigger

InstallTrigger API

install_from_file

Local File

management_webext_api

WebExt Management API

drag_and_drop

Drag & Drop

sideload

Sideload

file_url

File URL

url

URL

other

Other

enterprise_policy

Enterprise Policy (obsolete, for backwards-compatibility)

distribution

Included in build (obsolete, for backwards-compatibility)

system_addon

System Add-on (obsolete, for backwards-compatibility)

temporary_addon

Temporary Add-on (obsolete, for backwards-compatibility)

sync

Sync (obsolete, for backwards-compatibility)

Accepted values for the addon_install_source parameter:

Note

This should match what is documented for addonsManager.install.extra_keys.method in Firefox telemetry event definition except that the values are normalized by being converted to lowercase with the : and - characters converted to _. We support the additional other value as a catch-all. If an unsupported value is sent for this parameter, it will be silently changed to other instead of raising a 400 error.

Value

Description

about_addons

Add-ons Manager

about_debugging

Add-ons Debugging

about_preferences

Preferences

amo

AMO

app_profile

App Profile

disco

Disco Pane

distribution

Included in build

extension

Extension

enterprise_policy

Enterprise Policy

file_url

File URL

gmp_plugin

GMP Plugin

internal

Internal

plugin

Plugin

rtamo

Return To AMO

sync

Sync

system_addon

System Add-on

temporary_addon

Temporary Add-on

unknown

Unknown

other

Other

Accepted values for the addon_signature parameter:

Value

Description

curated_and_partner

Curated and partner

curated

Curated

partner

Partner

non_curated

Non-curated

unsigned

Unsigned

broken

Broken

unknown

Unknown

missing

Missing

preliminary

Preliminary

signed

Signed

system

System

privileged

Privileged

Accepted values for the reason parameter:

Value

Description

damage

Damages computer and/or data

spam

Creates spam or advertising

settings

Changes search / homepage / new tab page without informing user

broken

Doesn’t work, breaks websites, or slows Firefox down

policy

Hateful, violent, or illegal content

deceptive

Doesn’t match description

unwanted

Wasn’t wanted / impossible to get rid of

other

Something else

Submitting a user abuse report

The following API endpoint allows an abuse report to be submitted for a user account on https://addons.mozilla.org. Authentication is not required, but is recommended so reports can be responded to if necessary.

POST /api/v4/abuse/report/user/
Request JSON Object:

  • user (string) – The id or username of the user to report for abuse (required).

  • message (string) – The body/content of the abuse report (required).

Response JSON Object:

  • reporter (object|null) – The user who submitted the report, if authenticated.

  • reporter.id (int) – The id of the user who submitted the report.

  • reporter.name (string) – The name of the user who submitted the report.

  • reporter.url (string) – The link to the profile page for of the user who submitted the report.

  • reporter.username (string) – The username of the user who submitted the report.

  • user (object) – The user reported for abuse.

  • user.id (int) – The id of the user reported.

  • user.name (string) – The name of the user reported.

  • user.url (string) – The link to the profile page for of the user reported.

  • user.username (string) – The username of the user reported.

  • message (string) – The body/content of the abuse report.