> ## Documentation Index > Fetch the complete documentation index at: https://octolens.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Update global filters > Replace any of the five filter lists. Pass `[]` to clear a list; omit a field to leave it unchanged. ## OpenAPI ````yaml https://app.octolens.com/api/v2/openapi.json patch /api/v2/filters/global openapi: 3.1.0 info: title: Octolens API version: 2.0.0 description: >- The Octolens API lets you query mentions, manage keywords, and configure feeds programmatically. Every action available in the Octolens UI is available here. ### Authentication All v2 endpoints require an API key. Create one in **Settings > API** and pass it as `Authorization: Bearer `. Keys are scoped to the organization they were minted in; you cannot access another org's data. API keys carry a scope — `read`, `write` (implies read), or `admin` (implies write). Each endpoint documents the scope it needs via the `x-required-scope` OpenAPI extension and the scope badge in the docs surface. ### Rate limiting The v2 API is rate-limited at **500 requests per hour per organization**, across all keys for that org. The limit resets at the top of each hour (sliding hourly window). Every 2xx response carries three headers so clients can pace themselves: * `X-RateLimit-Limit` — the hourly cap (500) * `X-RateLimit-Remaining` — requests left in the current window * `X-RateLimit-Reset` — Unix timestamp (seconds) when the window resets When the cap is hit, the endpoint returns **429 Rate Limited** with an additional `Retry-After` header (seconds until the next window). The response body is the standard `ErrorResponse` with `code: "RATE_LIMITED"`. ### Error handling All non-2xx responses share the same `ErrorResponse` envelope: `{ error: { code, message, status, details? } }`. The `code` field is a stable `ApiErrorCode` enum — branch on it programmatically instead of parsing `message`. See the `ApiErrorCode` schema for the full catalog grouped by category. `VALIDATION_ERROR` (400) responses include a `details` array with per-field Zod issues — inspect `details[i].path` to pinpoint which input was rejected. ### Building filter bodies Endpoints that accept `simpleFilters` / `advancedFilters` (e.g. `POST /api/v2/mentions`, `PATCH /api/v2/feeds/{id}`) take a structured object that can be tricky to hand-craft. If you just have a natural-language description of what you want ("negative posts about pricing on reddit in the last week"), call `POST /api/v2/ai/filter-wizard` with that prompt and it will return a ready-to-use filter object you can pass straight through. servers: - url: https://app.octolens.com description: Production - url: http://localhost:3000 description: Local development security: - ApiKey: [] paths: /api/v2/filters/global: patch: tags: - Filters summary: Update global filters description: >- Replace any of the five filter lists. Pass `[]` to clear a list; omit a field to leave it unchanged. operationId: updateGlobalFilters requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateGlobalFiltersRequest' responses: '200': description: 200 response content: application/json: schema: $ref: '#/components/schemas/GlobalFilters' '400': description: Validation error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '401': description: Missing or invalid authentication content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '403': description: Forbidden (insufficient plan or permissions) content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '429': description: Rate limit exceeded content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' components: schemas: UpdateGlobalFiltersRequest: description: >- Replace the given lists wholesale. Omitted fields are unchanged; pass `[]` to clear a list. See each field's description for the exact format expected — subreddits without `r/`, repos as `owner/name`, etc. type: object properties: negativeKeywords: maxItems: 2000 type: array items: description: >- Word, phrase, or `@handle` / `$TICKER` token. Trimmed; 1-200 chars. type: string minLength: 1 maxLength: 200 negativeAuthors: maxItems: 2000 type: array items: description: >- Author handle/username exactly as it appears on `mention.author`. Don't add a leading `@` unless the platform does (Twitter stores handles without `@`; Reddit stores usernames as-is; YouTube uses channel titles). type: string minLength: 1 maxLength: 200 negativeSubreddits: maxItems: 2000 type: array items: description: >- Subreddit name. Both `nextjs` and `r/nextjs` work — the `r/` prefix is stripped on input. Stored and matched case-insensitively without the prefix. type: string positiveSubreddits: maxItems: 2000 type: array items: description: >- Subreddit name. Both `nextjs` and `r/nextjs` work — the `r/` prefix is stripped on input. Stored and matched case-insensitively without the prefix. type: string negativeRepos: maxItems: 2000 type: array items: description: GitHub repo in `owner/name` form (e.g. `vercel/next.js`). type: string minLength: 3 maxLength: 140 GlobalFilters: description: >- Org-wide filter lists. Applied on top of per-keyword exclusions and always active. type: object properties: negativeKeywords: description: >- Words, phrases, or `@handle` / `$TICKER` tokens that disqualify a mention org-wide. Matched case-insensitively as whole words against the post title + body. example: - porn - scam - '@spambot' maxItems: 2000 type: array items: description: >- Word, phrase, or `@handle` / `$TICKER` token. Trimmed; 1-200 chars. type: string minLength: 1 maxLength: 200 negativeAuthors: description: >- Author handles/usernames to filter out org-wide. Matched case-sensitively as an exact string against the post's `author` field. example: - spambot1 maxItems: 2000 type: array items: description: >- Author handle/username exactly as it appears on `mention.author`. Don't add a leading `@` unless the platform does (Twitter stores handles without `@`; Reddit stores usernames as-is; YouTube uses channel titles). type: string minLength: 1 maxLength: 200 negativeSubreddits: description: >- Subreddit names to exclude. `r/` prefix is optional — both `nextjs` and `r/nextjs` are accepted and stored in canonical form. Matched case-insensitively. example: - theredpill - r/unpopularopinion maxItems: 2000 type: array items: description: >- Subreddit name. Both `nextjs` and `r/nextjs` work — the `r/` prefix is stripped on input. Stored and matched case-insensitively without the prefix. type: string minLength: 1 maxLength: 50 pattern: ^[A-Za-z0-9_]+$ positiveSubreddits: description: >- Subreddit allowlist. `r/` prefix is optional. When non-empty, Reddit mentions are restricted to these subreddits only; empty array means all subreddits pass. example: - nextjs - r/vercel maxItems: 2000 type: array items: description: >- Subreddit name. Both `nextjs` and `r/nextjs` work — the `r/` prefix is stripped on input. Stored and matched case-insensitively without the prefix. type: string minLength: 1 maxLength: 50 pattern: ^[A-Za-z0-9_]+$ negativeRepos: description: >- GitHub repos to exclude in `owner/name` form. Matched case-insensitively against the repo parsed from the GitHub URL. example: - acme/spam-repo maxItems: 2000 type: array items: description: GitHub repo in `owner/name` form (e.g. `vercel/next.js`). type: string minLength: 3 maxLength: 140 required: - negativeKeywords - negativeAuthors - negativeSubreddits - positiveSubreddits - negativeRepos additionalProperties: false ErrorResponse: description: >- Standard error envelope returned for all non-2xx responses. The `code` field is stable — safe to branch on programmatically. type: object properties: error: type: object properties: code: $ref: '#/components/schemas/ApiErrorCode' description: >- Machine-readable error code. See `ApiErrorCode` for the full list. example: NOT_FOUND message: description: Human-readable error message. example: Resource not found type: string status: description: HTTP status code — always matches the response status. example: 404 type: integer minimum: -9007199254740991 maximum: 9007199254740991 details: description: >- Present on `VALIDATION_ERROR` responses. Contains Zod issues describing each failing field (path, code, message). type: array items: {} required: - code - message - status additionalProperties: false required: - error additionalProperties: false ApiErrorCode: description: >- Stable, machine-readable error code. Grouped as follows: **Auth / request shape** — `UNAUTHORIZED` (401), `FORBIDDEN` (403), `RATE_LIMITED` (429), `VALIDATION_ERROR` (400 — response carries a `details` array with Zod issues), `INTERNAL_ERROR` (500). **Not found (404)** — generic `NOT_FOUND` plus domain-specific variants: `FEED_NOT_FOUND`, `KEYWORD_NOT_FOUND`, `POST_NOT_FOUND`, `SUMMARY_NOT_FOUND`, `SUGGESTION_NOT_FOUND`, `COMPANY_NOT_FOUND`, `ORG_NOT_FOUND`, `SETTINGS_NOT_FOUND`. **Business-rule violations (400)** — `KEYWORD_LIMIT_EXCEEDED` (plan cap hit), `LAST_ADMIN` (refuses to remove the only admin), `ITEM_EXISTS` (duplicate), `INVALID_DOMAIN`, `INVALID_TIMEZONE`. type: string enum: - UNAUTHORIZED - FORBIDDEN - RATE_LIMITED - VALIDATION_ERROR - INTERNAL_ERROR - NOT_FOUND - FEED_NOT_FOUND - KEYWORD_NOT_FOUND - POST_NOT_FOUND - SUMMARY_NOT_FOUND - SUGGESTION_NOT_FOUND - COMPANY_NOT_FOUND - ORG_NOT_FOUND - SETTINGS_NOT_FOUND - KEYWORD_LIMIT_EXCEEDED - LAST_ADMIN - ITEM_EXISTS - INVALID_DOMAIN - INVALID_TIMEZONE securitySchemes: ApiKey: type: http scheme: bearer description: >- Clerk API key. Create one in Settings → API Keys. Pass as `Authorization: Bearer `. ````