Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/dev0302/nextjs-project-1/llms.txt

Use this file to discover all available pages before exploring further.

The /api/accept-messages endpoint lets authenticated users control whether their inbox is open to new anonymous messages. A POST request flips the isAcceptingMessages boolean on the user’s document; a GET request reads the current value back. When isAcceptingMessages is false, any call to POST /api/send-message targeting that user will be rejected with a 403 — no messages enter the inbox until the flag is re-enabled.

POST /api/accept-messages

Update whether the authenticated user is currently accepting new anonymous messages.

Method and URL

POST /api/accept-messages

Authentication

Required. The server resolves the caller’s identity through getServerSession(NEXT_AUTH_CONFIG). Requests without a valid session cookie are rejected with 401.

Request Body

acceptMessage
boolean
required
Pass true to open the inbox and allow new messages. Pass false to close the inbox and block incoming messages. Any non-boolean value is rejected by the Zod acceptMessageSchema validation with a 400 error.

Example Request

{
  "acceptMessage": false
}

curl Example

# Close the inbox — stop accepting new messages
curl -X POST https://your-domain.com/api/accept-messages \
  -H "Content-Type: application/json" \
  -H "Cookie: next-auth.session-token=<your-session-token>" \
  -d '{ "acceptMessage": false }'

Responses

200 — Status Updated

{
  "success": true,
  "message": "User's isAcceptingMessages status updated successfully."
}

400 — Validation Failed

The acceptMessage field was missing or not a boolean. The error message is taken directly from the Zod issue. 
{
  "success": false,
  "message": "Expected boolean, received string"
}

401 — Not Authenticated

{
  "success": false,
  "message": "Not Authenticated"
}

404 — User Not Found

The session was valid but no matching user document was found in the database. 
{
  "success": false,
  "message": "Cant be able to update users accept message status or user not found"
}

500 — Server Error

{
  "success": false,
  "message": "Error while updating users isAcceptingMessages status"
}

GET /api/accept-messages

Read the current isAcceptingMessages status for the authenticated user.

Method and URL

GET /api/accept-messages

Authentication

Required. The server verifies the caller’s session with getServerSession(NEXT_AUTH_CONFIG). Unauthenticated requests receive a 401.

Request Parameters

No query parameters and no request body.

curl Example

curl -X GET https://your-domain.com/api/accept-messages \
  -H "Cookie: next-auth.session-token=<your-session-token>"

Responses

200 — Success

{
  "success": true,
  "isAcceptingMessages": true
}

401 — Not Authenticated

{
  "success": false,
  "message": "Not Authenticated"
}

404 — User Not Found

{
  "success": false,
  "message": "user not found."
}

500 — Server Error

{
  "success": false,
  "message": "Error while getting message acceptance status"
}

Response Fields

POST response fields

success
boolean
true when the flag was updated successfully; false on any error.
message
string
Human-readable outcome description, or a Zod validation error message on a 400.

GET response fields

success
boolean
true when the status was fetched successfully; false on any error.
isAcceptingMessages
boolean
The user’s current acceptance setting. true means their inbox is open; false means new messages are blocked. Present only on a 200 response.

Common Error Codes

StatusMeaning
400Zod validation failed — acceptMessage was not a boolean
401No valid NextAuth session cookie
404Authenticated but user document not found in MongoDB
500Unexpected server or database error

Notes

Zod validation for the POST body is handled by acceptMessageSchema (src/app/schemas/acceptMessageSchema.ts), which expects exactly { acceptMessage: z.boolean() }. The schema uses .safeParse() so validation errors never throw — instead the route returns a 400 with the first Zod issue message as the message field.
The GET and POST routes share the same URL path (/api/accept-messages) and are distinguished only by HTTP method. Most REST clients and fetch calls default to GET, so always set method: "POST" explicitly when updating the flag.
Setting isAcceptingMessages to false takes effect immediately. Any subsequent call to POST /api/send-message for this user will receive a 403 Forbidden response until the flag is re-enabled with POST /api/accept-messages and { "acceptMessage": true }.

Build docs developers (and LLMs) love

Get started for freeTalk to us