Collections API

Requires Bearer token + collections permission.

List all collection schemas (metadata only, no entries).

// Response 200
[ { "slug": "blog", "title": "Blog Posts", "description": "...", "fields": [...] } ]

Requires Bearer token + collections permission.

Check whether the Pro (MongoDB) storage adapter is available.

// Response 200 (free)
{ "pro": false, "connections": [] }

// Response 200 (pro)
{ "pro": true, "connections": ["default", "analytics"] }

Requires Bearer token + admin role.

Return configured MongoDB connections from config/connections.json.

// Response 200
{ "default": { "type": "mongodb", "uri": "mongodb://localhost:27017", "database": "my_cms" } }

Requires Bearer token + admin role.

Save MongoDB connection definitions. Each connection requires type, uri, and database.

// Response 200
{ "success": true }

// Error 400
{ "error": "Connection "default" requires type, uri, and database" }

Requires Bearer token + collections permission.

Create a new collection. A slug is auto-generated from the title if not provided.

Field	Type	Description
`title`	string	Required. Human-readable collection name
`slug`	string	Optional. URL-safe identifier. Auto-generated if omitted.
`description`	string	Optional description
`fields`	array	Field definitions
`api`	object	Public API access config per operation
`storage`	object	Optional Pro: `{ "adapter": "mongodb", "connection": "default" }`

// Response 201 — returns the created schema object

// Error 409
{ "error": "A collection with that slug already exists" }

Requires Bearer token + collections permission.

Return the schema for a single collection by slug.

Requires Bearer token + collections permission.

Update a collection schema.

Requires Bearer token + collections permission.

Delete a collection and all its entries. Preset collections cannot be deleted.

// Response 200
{ "success": true }

// Error 403
{ "error": "Cannot delete a preset collection" }

Requires Bearer token + collections permission.

List entries with pagination, sorting, and full-text search.

Query param	Default	Description
`page`	1	Page number
`limit`	50	Entries per page
`sort`	createdAt	Field to sort by
`order`	desc	`asc` or `desc`
`search`	—	Full-text search query

// Response 200
{ "entries": [ { "id": "uuid", "data": { ... }, "createdAt": "...", "updatedAt": "..." } ], "total": 42, "page": 1, "limit": 50 }

Requires Bearer token + collections permission.

Return a single entry by ID.

Requires Bearer token + collections permission.

Create a new entry. Data is validated against the collection schema.

// Response 201 — returns the created entry

Requires Bearer token + collections permission.

Update an entry. Data is validated against the schema.

Requires Bearer token + collections permission.

Delete a single entry.

// Response 200
{ "success": true }

Requires Bearer token + collections permission.

Clear all entries from a collection. Irreversible.

// Response 200
{ "success": true }

Requires Bearer token + collections permission.

Download all entries as a file attachment.

Query param	Values	Description
`format`	`json` (default), `csv`	Export format

// Response 200 — file download
// Content-Disposition: attachment; filename="blog-entries.json"

Requires Bearer token + collections permission.

Bulk-import entries from a JSON array. Existing entries are not removed.

Field	Type	Description
`entries`	array	Array of entry objects with a `data` field each

// Request body
{ "entries": [ { "data": { "title": "Post 1" } }, { "data": { "title": "Post 2" } } ] }

// Response 201
{ "imported": 2, "skipped": 0 }

Public endpoints respect the per-collection api config. Each operation can be disabled, public (no auth), or restricted to a minimum role level.

Access level: per collection api.read config.

List entries publicly. Supports the same pagination and search query params as the admin endpoint.

Access level: per collection api.read config.

Return a single entry publicly by ID.

Access level: per collection api.create config.

Create an entry publicly (e.g. form submissions). Entry is tagged with source: "api".

Access level: per collection api.update config.

Update an entry publicly.

Access level: per collection api.delete config.

Delete an entry publicly.

Collections API

Schema Management

GET/api/collections

GET/api/collections/pro-status

GET/api/collections/connections

PUT/api/collections/connections

POST/api/collections

GET/api/collections/:slug

PUT/api/collections/:slug

DELETE/api/collections/:slug

Admin Entry CRUD

GET/api/collections/:slug/entries

GET/api/collections/:slug/entries/:id

POST/api/collections/:slug/entries

PUT/api/collections/:slug/entries/:id

DELETE/api/collections/:slug/entries/:id

DELETE/api/collections/:slug/entries

Export & Import

GET/api/collections/:slug/export

POST/api/collections/:slug/import

Public Access

GET/api/collections/:slug/public

GET/api/collections/:slug/public/:id

POST/api/collections/:slug/public

PUT/api/collections/:slug/public/:id

DELETE/api/collections/:slug/public/:id