📡 Macagram Public API

REST API for your self-hosted Macagram instance. All endpoints require a session cookie for write operations.

Auth

POST/api/login

Login with username/password. Returns session cookie.

curl -X POST /api/login -H "Content-Type: application/json" -d '{"username":"test","password":"test123"}'

POST/api/register

Create a new account.

curl -X POST /api/register -H "Content-Type: application/json" -d '{"username":"new","password":"pass","email":"a@b.com"}'

POST/api/logout

End your session.

Posts

GET/api/posts

Get all posts in the feed. Returns reaction counts, comment counts, author info.

POST/api/posts

Create a post. Supports content field and optional image file upload. URLs auto-generate link previews.

PUT/api/posts/:id

Edit your own post.

DELETE/api/posts/:id

Delete your own post (or any if admin).

Reactions

POST/api/posts/:id/react

React with an emoji. {"type":"❤️"}. Supports any emoji.

GET/api/posts/:id/comments

Get comments for a post.

POST/api/posts/:id/comments

Add a comment. {"content":"Nice post!"}

Videos

GET/api/videos

POST/api/videos — multipart: video, title, description

DMs

GET/api/messages/:username

Get DM history with a user.

POST/api/messages/:username

Send a DM. {"content":"hey"}

Account

GET/api/account

Get your full account info (profile, email, 2FA status, etc).

GET/api/analytics

Get your stats: posts, likes received, followers, DMs.

POST/api/account/password

Change password. {"currentPassword":"old","newPassword":"new"}

Search

GET/api/search?q=term

Search posts, users, and comments. Returns {posts, users, comments}.

Other

GET/api/uptime — server uptime in seconds

GET/api/preview?url=... — Open Graph link preview

GET/api/leaderboard — top users by wins (Crash Arena)

GET/api/bookmarks — your bookmarked posts

POST/api/posts/:id/bookmark — bookmark a post

DELETE/api/posts/:id/bookmark — remove bookmark

Webhooks

POST/api/webhook/:key

Simplest bot endpoint. POST {"content":"Hello"} — no auth headers needed. The API key is in the URL path.

curl -X POST https://YOUR-DOMAIN/api/webhook/m_xxx -H "Content-Type: application/json" -d '{"content":"Hello!"}'

Mini Games

POST/api/posts/:id/ttt

Play Tic-Tac-Toe. {"cell":0-8} (cells are 0-8, left to right, top to bottom).

POST/api/posts/:id/ttt/reset

Reset the game board.

API Keys

GET/api/keys

POST/api/keys{"name":"My Bot"}

DELETE/api/keys/:id

Security

POST/api/account/security

Set security question. {"question":"...","answer":"..."}

GET/api/users/:username/security-question

POST/api/users/:username/recover

Reset password via security question. {"answer":"...","newPassword":"..."}

POST/api/auth/security-login

Login with security question. {"username":"...","answer":"..."}

Profile

PUT/api/users/:username/profile

Update display name, bio, location, website, pronouns, status. {"display_name":"...","bio":"...","location":"...","website":"...","pronouns":"...","status_text":"..."}

POST/api/users/:username/pfp

Upload profile picture (multipart: pfp).

POST/api/users/:username/banner

Upload banner image (multipart: banner).

2FA / TOTP

POST/api/totp/setup — returns QR code + secret

POST/api/totp/verify{"code":"123456"}

POST/api/totp/disable

POST/api/totp/check{"username":"..."}

Passkeys / WebAuthn

POST/api/webauthn/register/begin

POST/api/webauthn/register/complete

POST/api/webauthn/login/begin

POST/api/webauthn/login/complete

Login Codes

POST/api/auth/code{"username":"..."} (generates 6-digit code)

POST/api/auth/code/verify{"username":"...","code":"123456"}

QR Login

GET/api/auth/qr/generate — get session + login URL

GET/api/auth/qr/poll?sid=... — check if authenticated

© 2026 Luis Services — Self-hosted social platform