API Documentation
This page lists all available backend API endpoints and their requirements.
Authentication
-
POST /api/login Public
Authenticates an administrator. Requires password in the request body. Returns an admin session token.
-
POST /api/moderator-login Public
Authenticates a moderator. Requires username and password in the body. Returns a moderator session token.
Content & Posts
-
GET /api/comments Public
Fetches comments for a specific board (e.g., 'random', 'media'). Query parameters: `?board=...` and `?sort=...`.
-
POST /api/comments Public
Submits a new text comment. Can be posted as anonymous, or as an admin/mod if a valid token is provided in the body.
-
POST /api/upload Public
Submits a new media post (image/video) with optional text content. Can be posted as anonymous, or as an admin/mod if a valid token is provided.
-
POST /api/comments/vote Public
Submits an upvote or downvote for a specific comment. Body requires `commentId` and `vote_type` ('like' or 'dislike').
-
POST /api/comments/delete Moderator
Deletes a specific comment and all its replies. Requires a moderator or admin token.
-
POST /api/comments/pin Admin
Toggles the pinned status of a comment. Requires an admin token.
-
GET /api/media/:filename Public
Serves an uploaded media file.
Site Management
-
GET /api/stats Moderator
Fetches general site statistics (post counts, user counts, etc.). Requires moderator or admin token.
-
GET /api/analytics Moderator
Fetches site analytics (page views, active users). Requires moderator or admin token.
-
POST /api/analytics Public
Client-side heartbeat to report active sessions for analytics.
-
GET /api/banners Public
Fetches the current active site-wide banner, if one exists.
-
POST /api/banners Admin
Creates or updates the site-wide banner. Requires an admin token.
-
DELETE /api/banners Admin
Deletes the current site-wide banner. Requires an admin token.
Polls
-
GET /api/polls Public
Fetches all currently active (non-expired) polls for display in the sidebar.
-
GET /api/polls/all Public
Fetches all polls (active and expired) for the polls archive page.
-
POST /api/polls/vote Public
Submits a vote for a specific poll option. IP-based duplicate vote prevention.
-
POST /api/polls Admin
Creates a new poll. Requires an admin token.
-
DELETE /api/polls Admin
Deletes a poll and all its associated votes. Requires an admin token.
Moderation & User Management
-
GET /api/ads Moderator
Fetches the queue of pending advertisements for review. Requires moderator or admin token.
-
POST /api/ads Moderator
Approves a pending advertisement, posting it to the #promotions board. Requires moderator or admin token.
-
DELETE /api/ads Moderator
Discards a pending advertisement from the queue. Requires moderator or admin token.
-
POST /api/ads/submit Public
Submits a new advertisement to the moderation queue.
-
GET /api/moderators Moderator
Fetches a list of all moderator usernames. Requires moderator or admin token.
-
POST /api/moderators Admin
Creates a new moderator account. Requires an admin token.
-
DELETE /api/moderators Admin
Deletes a moderator account. Requires an admin token.
-
GET /api/bans Moderator
Fetches a list of all banned IP addresses. Requires moderator or admin token.
-
DELETE /api/bans Admin
Removes an IP address from the ban list (pardons). Requires an admin token.