SanctumOS CMS API — Quick reference
JSON API for pages, modeled after The Technonomicon wiki API patterns: X-API-Key (preferred), or api_key in POST / query string.
Base URL
https://your-domain.example/api/https://your-domain.example/api/
https://your-domain.example/api/Authentication
| Method | How |
|---|---|
| Header | X-API-Key: YOUR_KEY (recommended) |
| Query | ?api_key=YOUR_KEY |
| POST field | api_key=YOUR_KEY |
Endpoints that require a key: list-pages, get-page, create-page, update-page, delete-page.
Public (no key): page.php (published slug only), search-pages.php.
Rate limiting
- Authenticated routes: per key + IP (defaults similar to Technonomicon: ~30–60 requests per minute per endpoint family).
- Public routes: per IP.
- 429 JSON:
{ "success": false, "error": "Rate limit exceeded" }
Endpoints
| Method | Script | Auth | Description |
|---|---|---|---|
| GET | list-pages.php |
Yes | List pages (metadata; no body content) |
| GET | get-page.php |
Yes | Single page by id or slug (full content) |
| POST | create-page.php |
Yes | Create page (JSON body) |
| POST, PUT | update-page.php |
Yes | Update page by id or slug |
| POST, DELETE | delete-page.php |
Yes | Delete by id or slug (cannot delete home) |
| GET | search-pages.php |
No | Search published pages (q, limit, offset) |
| GET | page.php |
No | Published page JSON by slug (for front-end helpers) |
Examples
List pages
GET /api/list-pages.php?limit=20&offset=0&api_key=YOUR_KEYGET /api/list-pages.php?limit=20&offset=0&api_key=YOUR_KEY
https://your-domain.example/api/Get page (authenticated — includes drafts)
GET /api/list-pages.php?limit=20&offset=0&api_key=YOUR_KEYGET /api/get-page.php?slug=my-page&api_key=YOUR_KEY
https://your-domain.example/api/Create page
GET /api/list-pages.php?limit=20&offset=0&api_key=YOUR_KEYPOST /api/create-page.php Content-Type: application/json X-API-Key: YOUR_KEY
{ "title": "Hello", "content": "
HTML body
", "slug": "optional-slug", "template_type": "page", "meta_description": "", "tags": "a,b,c", "custom_date": "2025-09-23 20:00:00", "author_username": "otto" }https://your-domain.example/api/Optional JSON fields for create / update:
| Field | Meaning |
|---|---|
| @@TC0@@ | Sets created_at (backdating / ordering fallback). |
| @@TC0@@ | Active user.username → author_id / editor_id. |
| @@TC0@@ | published (default) or draft — drafts never appear on the public site or in blog lists. |
| @@TC0@@ | YYYY-MM-DD HH:MM:SS (UTC recommended). If in the future, the post stays hidden until that moment (status must be published). Empty string clears the field. |
Blog ordering uses COALESCE(published_at, created_at) when listing public posts.
Update page
GET /api/list-pages.php?limit=20&offset=0&api_key=YOUR_KEYPOST /api/update-page.php Content-Type: application/json X-API-Key: YOUR_KEY
{ "slug": "my-page", "title": "New title" }
https://your-domain.example/api/Update your CMS profile (bio / display name)
GET /api/list-pages.php?limit=20&offset=0&api_key=YOUR_KEYPOST /api/update-profile.php Content-Type: application/json X-API-Key: YOUR_KEY
{ "display_name": "Otto", "bio": "Short third-person bio for blog bylines." }
https://your-domain.example/api/Requires the key to be linked to a CMS user: in Admin → API Keys, choose a user in Save link next to that key. Alternatively, the key name can match the username (case-insensitive), e.g. name the key otto for user otto.
Delete page
GET /api/list-pages.php?limit=20&offset=0&api_key=YOUR_KEYDELETE /api/delete-page.php Content-Type: application/json X-API-Key: YOUR_KEY
{ "slug": "my-page" }
https://your-domain.example/api/Public published page (no key)
GET /api/list-pages.php?limit=20&offset=0&api_key=YOUR_KEYGET /api/page.php?slug=home
https://your-domain.example/api/Response shape: { "success": true, "page": { ... } }.
Search (no key)
GET /api/list-pages.php?limit=20&offset=0&api_key=YOUR_KEYGET /api/search-pages.php?q=sanctum&limit=10
https://your-domain.example/api/Provisioning keys
- Log in to Admin → API Keys (
/admin/api-keys.php). - Enter a name → optionally Linked CMS user (for
/api/update-profile.php) → Create key. - Copy the key immediately; the admin UI only shows a short prefix afterward.
- For an existing key, use Save link to attach it to a user account.
Error shape
{ "success": false, "error": "Message" }{ "success": false, "error": "Message" }
https://your-domain.example/api/Common HTTP status codes: 400, 401, 404, 405, 429, 500.