CoreBB now includes a first-pass JSON API intended to support the mobile web interface and basic external testing.
Base URL
Code:
/api/v1All responses are JSON.
Success:
JSON:
{
"ok": true,
"data": {}
}Error:
JSON:
{
"ok": false,
"error": {
"code": "error_code",
"message": "Human readable message"
}
}Authentication + CSRF
The API uses the normal CoreBB login cookie/session system. Browser clients should use same-origin cookies.
Before any POST request, fetch a CSRF token:
JSON:
GET /api/v1/auth/csrfSend the returned token using:
JSON:
X-CoreBB-CSRF: token_hereThe token may also be sent as:
JSON:
corebb_csrf_tokenAuth Endpoints
JSON:
GET /api/v1/meReturns the current viewer, or guest state.
JSON:
POST /api/v1/auth/registerJSON body:
JSON:
{
"username": "NewUser",
"email": "user@example.com",
"password": "password",
"passwordConfirm": "password",
"agreeTos": true,
"confirmAge13": true
}Registration requires email verification before login.
JSON:
POST /api/v1/auth/loginJSON body:
JSON:
{
"username": "Username",
"password": "Password",
"expiry": 86400
}Allowed expiry values:
JSON:
3600, 86400, 604800, 2592000, 31536000JSON:
POST /api/v1/auth/logoutRead Endpoints
JSON:
GET /api/v1/healthAPI health/status.
JSON:
GET /api/v1/indexForum index/categories/boards.
Optional:
JSON:
?category_id=1
?show_empty=1JSON:
GET /api/v1/boards/{boardId}?page=1Board/topic list.
JSON:
GET /api/v1/threads/{threadId}?page=1Thread posts, permissions, and poll data if present.
JSON:
GET /api/v1/profiles/{userId}Public profile data.
Private Messages
Requires login.
JSON:
GET /api/v1/pm/folders
GET /api/v1/pm/inbox
GET /api/v1/pm/unread
GET /api/v1/pm/read
GET /api/v1/pm/sent
GET /api/v1/pm/messages/{pmId}?folder=readSend PM:
JSON:
POST /api/v1/pm/sendJSON body:
JSON:
{
"to": "Username",
"subject": "Subject",
"body": "Message body"
}Mark PM read:
JSON:
POST /api/v1/pm/messages/{pmId}/readNote: normal users cannot delete private messages.
Posting / Editing
Requires login and CSRF.
Preflight endpoints load form defaults, quote text, permission state, hidden context, and CSRF info:
JSON:
GET /api/v1/post/reply/{threadId}?board_id={boardId}"e_id={postId}
GET /api/v1/post/new/{boardId}
GET /api/v1/post/edit/{postId}Submit reply:
JSON:
POST /api/v1/post/replyJSON body:
JSON:
{
"threadId": 123,
"boardId": 5,
"subject": "RE: Topic",
"body": "Reply text"
}Submit new topic:
JSON:
POST /api/v1/post/newJSON body:
JSON:
{
"boardId": 5,
"subject": "Topic title",
"body": "Post body"
}Edit post:
JSON:
POST /api/v1/post/editJSON body:
JSON:
{
"postId": 456,
"subject": "Updated subject",
"body": "Updated body"
}Poll Voting
Requires login and CSRF.
Code:
POST /api/v1/polls/{topicId}/voteJSON body:
JSON:
{
"optionId": 12
}Basic Moderation API
Requires moderator access and CSRF.
JSON:
POST /api/v1/mod/topics/{topicId}/lock
POST /api/v1/mod/topics/{topicId}/unlock
POST /api/v1/mod/posts/{postId}/remove
POST /api/v1/mod/posts/{postId}/restore
POST /api/v1/mod/users/{userId}/ban
POST /api/v1/mod/users/{userId}/unbanOptional moderation body:
JSON:
{
"reason": "Reason text"
}Unban also accepts:
JSON:
{
"note": "Admin note"
}Limits and Safety
Guest API requests are rate limited by IP.
Logged-in API requests are rate limited by account.
Current read limits:
Code:
Guest: 30/minute, 300/hour
Logged in: 120/minute, 2000/hour
Health endpoint: 120/minute guest, 240/minute logged inPage requests are capped:
Code:
Guest: up to page 100
Logged in: up to page 500All write requests require CSRF validation.
The API reuses CoreBB’s normal forum logic, including:
login/session cookies
private board visibility checks
Secure Archive read-only checks
thread lock checks
edit permissions/edit windows
moderator rank checks
post/PM/moderation logging behavior
Currently Not Included
This first API version does not expose:
administration tools
PM deletion
advanced PM moderation
post image upload API
poll creation API
arbitrary database/search/export endpoints
-----signature-----
_____.........--------===*
The More You Know.
Take what you want from this life. It's yours.
The More You Know.
Take what you want from this life. It's yours.