API Reference
All endpoints are prefixed with /api/v1.
Public API (no authentication)
Use these from your frontend to fetch published content.
| Method | Endpoint | Description |
|---|
GET | /public/content | List published content. Query: ?type=page&limit=20&offset=0 |
GET | /public/content/:type/:slug | Get single published content by type and slug |
GET | /public/categories | List all categories |
GET | /public/tags | List all tags |
GET | /media/:id/file | Serve a media file (images, videos, PDFs) |
Auth API
| Method | Endpoint | Auth | Description |
|---|
GET | /auth/status | No | Check setup status and available auth methods |
POST | /auth/setup | No | Create first admin account |
POST | /auth/login | No | Login with email/password |
POST | /auth/logout | No | Logout (clears session) |
GET | /auth/me | Yes | Get current user |
PATCH | /auth/me | Yes | Update own profile |
POST | /auth/me/change-password | Yes | Change own password |
Content API (requires auth)
| Method | Endpoint | Role | Description |
|---|
GET | /content | Any | List all content (including drafts) |
GET | /content/:id | Any | Get content by ID |
POST | /content | Any | Create content |
PATCH | /content/:id | Owner/Editor+ | Update content |
DELETE | /content/:id | Owner/Editor+ | Delete content |
POST | /content/:id/publish | Editor+ | Publish content |
POST | /content/:id/unpublish | Editor+ | Unpublish content |
GET | /content/:id/revisions | Owner/Editor+ | List revision history |
Media API (requires auth)
| Method | Endpoint | Role | Description |
|---|
GET | /media | Any | List media files |
POST | /media/upload | Any | Upload a file (multipart form) |
PATCH | /media/:id | Editor+ | Update media metadata |
DELETE | /media/:id | Editor+ | Delete media file |
Taxonomy API (requires auth)
| Method | Endpoint | Role | Description |
|---|
POST | /categories | Editor+ | Create category |
PATCH | /categories/:id | Editor+ | Update category |
DELETE | /categories/:id | Editor+ | Delete category |
POST | /tags | Editor+ | Create tag |
PATCH | /tags/:id | Editor+ | Update tag |
DELETE | /tags/:id | Editor+ | Delete tag |
Settings API (admin only)
| Method | Endpoint | Description |
|---|
GET | /settings | Get all settings |
PUT | /settings/:key | Update a setting |
DELETE | /settings/:key | Delete a setting |
Authentication
The API supports two auth methods:
- Session cookie — set by
/auth/login. Include credentials: 'include' in fetch requests. - Bearer token — pass
Authorization: Bearer YOUR_ADMIN_TOKEN header. Uses the ADMIN_TOKEN env var.
All state-changing requests require the X-CloudCore-Request: 1 CSRF header.