It’s possible to create and manage your content using the Ghost Admin API. Our content management interface, Ghost Admin, uses the admin API - which means that everything Ghost Admin can do is also possible with the API, and a whole lot more!
https://{admin_domain}/ghost/api/admin/
All admin API requests start with this base URL. Your admin domain can be different to your main domain, and may include a subdirectory. Using the correct domain and protocol are critical to getting consistent behaviour, particularly when dealing with CORS in the browser. All Ghost(Pro) blogs have a *.ghost.io
domain as their admin domain and require https.
Accept-Version: v{major}.{minor}
Use the Accept-Version
header to indicate the minimum version of Ghost’s API to operate with. See API Versioning for more details.
resource_type
: will always match the resource name in the URL. All resources are returned wrapped in an array, with the exception of /site/
and /settings/
.meta
: contains pagination information for browse requests.Content-Type: application/json
header. Most request libraries have JSON-specific handling that will do this for you.
meta.pagination
key with information on the current location within the records:
include
and fields
. Browse endpoints additionally accept filter
, limit
, page
and order
. Some endpoints have their own specific parameters.
The values provided as query parameters MUST be url encoded when used directly. The client library will handle this for you.
For more details see the Content API.
GET /users/
or POST /posts/
. The full set of endpoints that integrations can access are those listed as endpoints on this page.
User permissions (whether using staff tokens or user authentication) are dependent entirely on their role. You can find more details in the team management guide. Authenticating as a user with the Owner or Admin role will give access to the full set of API endpoints. Many endpoints can be discovered by inspecting the requests made by Ghost Admin, the endpoints listed on this page are those stable enough to document.
There are two exceptions: Staff tokens cannot transfer ownership or delete all content.
Custom Integration
under the Integrations screen in Ghost Admin. Keys for individual users can be found on their respective profile page.
Search "integrations" in your settings to jump right to the section.
You can regenerate the Admin API key any time, but any scripts or applications using it will need to be updated.
:
into an id
and a secret
201 Created
: A successful session creation will return HTTP 201
response with an empty body and a set-cookie
header, in the following format:
403 Needs2FAError
: In many cases, session creation will require an auth code to be provided. In this case you’ll get a 403 and the message User must verify session to login
.
This response still has the set-cookie
header in the above format, which should be used in the request to provide the token:
Verification Request
To send the authentication token
fetch
API, pass credentials: 'include'
to ensure cookies are sent.withCredentials
property of the xhr to true
--cookie
and --cookie-jar
options to store and send cookies from a text file.Resource | Methods | Stability |
---|---|---|
/posts/ | Browse, Read, Edit, Add, Copy, Delete | Stable |
/pages/ | Browse, Read, Edit, Add, Copy, Delete | Stable |
/tags/ | Browse, Read, Edit, Add, Delete | Stable |
/tiers/ | Browse, Read, Edit, Add | Stable |
/newsletters/ | Browse, Read, Edit, Add | Stable |
/offers/ | Browse, Read, Edit, Add | Stable |
/members/ | Browse, Read, Edit, Add | Stable |
/users/ | Browse, Read | Stable |
/images/ | Upload | Stable |
/themes/ | Upload, Activate | Stable |
/site/ | Read | Stable |
/webhooks/ | Edit, Add, Delete | Stable |