4 files changed, 56 insertions, 18 deletions

diff --git a/docs/clients.md b/docs/clients.md
index 5650ea236..31d2d27c3 100644
--- a/docs/clients.md
+++ b/docs/clients.md
@@ -116,3 +116,9 @@ Feel free to contact us to be added to this list!
 - Contact: [@r@freesoftwareextremist.com](https://freesoftwareextremist.com/users/r)
 - Features: Does not requires JavaScript
 - Features: MastoAPI
+
+### Glitch-lily
+- Source Code: <https://lily.kazv.moe/infra/glitch-lily>
+- Contact: [@tusooa@kazv.moe](https://kazv.moe/users/tusooa)
+- Features: MastoAPI
+- Based on [glitch-soc](https://github.com/glitch-soc/mastodon) frontend
diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md
index 40e81cffb..4dacdc68c 100644
--- a/docs/configuration/cheatsheet.md
+++ b/docs/configuration/cheatsheet.md
@@ -125,6 +125,8 @@ To add configuration to your config file, you can copy it from the base config.
     * `Pleroma.Web.ActivityPub.MRF.ActivityExpirationPolicy`: Sets a default expiration on all posts made by users of the local instance. Requires `Pleroma.Workers.PurgeExpiredActivity` to be enabled for processing the scheduled delections.
     * `Pleroma.Web.ActivityPub.MRF.ForceBotUnlistedPolicy`: Makes all bot posts to disappear from public timelines.
     * `Pleroma.Web.ActivityPub.MRF.FollowBotPolicy`: Automatically follows newly discovered users from the specified bot account. Local accounts, locked accounts, and users with "#nobot" in their bio are respected and excluded from being followed.
+    * `Pleroma.Web.ActivityPub.MRF.KeywordPolicy`: Rejects or removes from the federated timeline or replaces keywords. (See [`:mrf_keyword`](#mrf_keyword)).
+    * `Pleroma.Web.ActivityPub.MRF.ForceMentionsInContent`: Forces every mentioned user to be reflected in the post content.
 * `transparency`: Make the content of your Message Rewrite Facility settings public (via nodeinfo).
 * `transparency_exclusions`: Exclude specific instance names from MRF transparency.  The use of the exclusions feature will be disclosed in nodeinfo as a boolean value.
 
diff --git a/docs/development/API/differences_in_mastoapi_responses.md b/docs/development/API/differences_in_mastoapi_responses.md
index 518aca114..0e6bcb79b 100644
--- a/docs/development/API/differences_in_mastoapi_responses.md
+++ b/docs/development/API/differences_in_mastoapi_responses.md
@@ -377,12 +377,6 @@ Pleroma is generally compatible with the Mastodon 2.7.2 API, but some newer feat
 
 - `GET /api/v1/identity_proofs`: Returns an empty array, `[]`
 
-### Endorsements
-
-*Added in Mastodon 2.5.0*
-
-- `GET /api/v1/endorsements`: Returns an empty array, `[]`
-
 ### Featured tags
 
 *Added in Mastodon 3.0.0*
diff --git a/docs/development/API/pleroma_api.md b/docs/development/API/pleroma_api.md
index 0e7367a72..0d15384b9 100644
--- a/docs/development/API/pleroma_api.md
+++ b/docs/development/API/pleroma_api.md
@@ -37,7 +37,7 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap
 ```
 * Note: Same data as Mastodon API’s `/api/v1/custom_emojis` but in a different format
 
-## `/api/v1/pleroma/follow_import`
+## `/api/pleroma/follow_import`
 ### Imports your follows, for example from a Mastodon CSV file.
 * Method: `POST`
 * Authentication: required
@@ -46,7 +46,7 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap
 * Response: HTTP 200 on success, 500 on error
 * Note: Users that can't be followed are silently skipped.
 
-## `/api/v1/pleroma/blocks_import`
+## `/api/pleroma/blocks_import`
 ### Imports your blocks.
 * Method: `POST`
 * Authentication: required
@@ -54,7 +54,7 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap
     * `list`: STRING or FILE containing a whitespace-separated list of accounts to block
 * Response: HTTP 200 on success, 500 on error
 
-## `/api/v1/pleroma/mutes_import`
+## `/api/pleroma/mutes_import`
 ### Imports your mutes.
 * Method: `POST`
 * Authentication: required
@@ -70,7 +70,7 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap
 * Response: Provider specific JSON, the only guaranteed parameter is `type`
 * Example response: `{"type": "kocaptcha", "token": "whatever", "url": "https://captcha.kotobank.ch/endpoint", "seconds_valid": 300}`
 
-## `/api/v1/pleroma/delete_account`
+## `/api/pleroma/delete_account`
 ### Delete an account
 * Method `POST`
 * Authentication: required
@@ -79,7 +79,7 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap
 * Response: JSON. Returns `{"status": "success"}` if the deletion was successful, `{"error": "[error message]"}` otherwise
 * Example response: `{"error": "Invalid password."}`
 
-## `/api/v1/pleroma/disable_account`
+## `/api/pleroma/disable_account`
 ### Disable an account
 * Method `POST`
 * Authentication: required
@@ -88,21 +88,22 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap
 * Response: JSON. Returns `{"status": "success"}` if the account was successfully disabled, `{"error": "[error message]"}` otherwise
 * Example response: `{"error": "Invalid password."}`
 
-## `/api/v1/pleroma/accounts/mfa`
+## `/api/pleroma/accounts/mfa`
 #### Gets current MFA settings
 * method: `GET`
 * Authentication: required
 * OAuth scope: `read:security`
-* Response: JSON. Returns `{"enabled": "false", "totp": false }`
+* Response: JSON. Returns `{"settings": {"enabled": "false", "totp": false }}`
+* Note: `enabled` is whether multi-factor auth is enabled for the user in general, while `totp` is one type of MFA.
 
-## `/api/v1/pleroma/accounts/mfa/setup/totp`
+## `/api/pleroma/accounts/mfa/setup/totp`
 #### Pre-setup the MFA/TOTP method
 * method: `GET`
 * Authentication: required
 * OAuth scope: `write:security`
 * Response: JSON. Returns `{"key": [secret_key], "provisioning_uri": "[qr code uri]"  }` when successful, otherwise returns HTTP 422 `{"error": "error_msg"}`
 
-## `/api/v1/pleroma/accounts/mfa/confirm/totp`
+## `/api/pleroma/accounts/mfa/confirm/totp`
 #### Confirms & enables MFA/TOTP support for user account.
 * method: `POST`
 * Authentication: required
@@ -113,7 +114,7 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap
 * Response: JSON. Returns `{}` if the enable was successful, HTTP 422 `{"error": "[error message]"}` otherwise
 
 
-## `/api/v1/pleroma/accounts/mfa/totp`
+## `/api/pleroma/accounts/mfa/totp`
 ####  Disables MFA/TOTP method for user account.
 * method: `DELETE`
 * Authentication: required
@@ -123,7 +124,7 @@ The `/api/v1/pleroma/*` path is backwards compatible with `/api/pleroma/*` (`/ap
 * Response: JSON. Returns `{}` if the disable was successful, HTTP 422 `{"error": "[error message]"}` otherwise
 * Example response: `{"error": "Invalid password."}`
 
-## `/api/v1/pleroma/accounts/mfa/backup_codes`
+## `/api/pleroma/accounts/mfa/backup_codes`
 ####  Generstes backup codes MFA for user account.
 * method: `GET`
 * Authentication: required
@@ -331,7 +332,7 @@ See [Admin-API](admin_api.md)
 }
 ```
 
-## `/api/v1/pleroma/change_email`
+## `/api/pleroma/change_email`
 ### Change account email
 * Method `POST`
 * Authentication: required
@@ -659,3 +660,38 @@ Emoji reactions work a lot like favourites do. They make it possible to react to
     "url": "https://example.com/media/backups/archive-foobar-20200910T161803-QUhx6VYDRQ2wfV0SdA2Pfj_2CLM_ATUlw-D5l5TJf4Q.zip"
 }]
 ```
+
+## `GET /api/oauth_tokens`
+### Retrieve a list of active sessions for the user
+* Method: `GET`
+* Authentication: required
+* Params: none
+* Response: JSON
+* Example response:
+
+```json
+[
+  {
+    "app_name": "Pleroma FE",
+    "id": 9275,
+    "valid_until": "2121-11-24T15:51:08.234234"
+  },
+  {
+    "app_name": "Patron",
+    "id": 8805,
+    "valid_until": "2121-10-26T18:09:59.857150"
+  },
+  {
+    "app_name": "Soapbox FE",
+    "id": 9727,
+    "valid_until": "2121-12-25T16:52:39.692877"
+  }
+]
+```
+
+## `DELETE /api/oauth_tokens/:id`
+### Revoke a user session by its ID
+* Method: `DELETE`
+* Authentication: required
+* Params: none
+* Response: HTTP 200 on success, 500 on error