Complete guide to integrating with your FastCMS backend
Login & Register
User Management
Dynamic Data
File Storage
Event Callbacks
Data Protection
Social Login
Configuration
All API endpoints are relative to this base URL. Include the access token in the Authorization header for authenticated requests.
Secure JWT-based authentication with access and refresh tokens.
Manage user accounts and profiles.
Dynamic collections allow you to create custom data structures.
Note: Each collection has its own set of CRUD endpoints. Create a collection first, then access its API reference.
/collections
List all collections
/collections/{collection_name}/records
List records in a collection
/collections/{collection_name}/records
Create a new record
/collections/{collection_name}/records?search={query}
Full-text search across text fields (can combine with filters)
curl -X GET "/collections/posts/records?search=fastcms" \ -H "Authorization: Bearer YOUR_TOKEN"
Combine search with filters:
curl -X GET "/collections/posts/records?search=fastcms&filter=status=published" \ -H "Authorization: Bearer YOUR_TOKEN"
/collections/{collection_name}/records/bulk-delete
Delete multiple records at once (max 100)
curl -X POST "/collections/posts/records/bulk-delete" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_TOKEN" \
-d '{
"record_ids": ["id1", "id2", "id3"]
}'
/collections/{collection_name}/records/bulk-update
Update multiple records with same data (max 100)
curl -X POST "/collections/posts/records/bulk-update" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_TOKEN" \
-d '{
"record_ids": ["id1", "id2"],
"data": {
"status": "published",
"featured": true
}
}'
/collections/{collection_name}/records/export/csv
Export records to CSV file
curl "/collections/posts/records/export/csv?filter=status=published" \ -H "Authorization: Bearer YOUR_TOKEN" \ -o posts_export.csv
/collections/{collection_name}/records/import/csv
Import records from CSV file
curl -X POST "/collections/posts/records/import/csv" \ -H "Authorization: Bearer YOUR_TOKEN" \ -F "file=@posts.csv"
Your Collections: Click on any collection to see its specific API endpoints
No collections yet. Create your first collection
Upload and manage files with support for images, documents, and more.
/files
Upload a file (multipart/form-data)
/files
List uploaded files
/files/{file_id}/download
Download a file
/files/{file_id}
Delete a file
Subscribe to events and receive HTTP callbacks when records are created, updated, or deleted.
/webhooks
Create a new webhook subscription
curl -X POST "/webhooks" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"url": "https://your-server.com/webhook",
"collection_name": "posts",
"events": ["create", "update", "delete"],
"secret": "your-webhook-secret",
"retry_count": 3
}'
/webhooks
List all webhooks
curl -X GET "/webhooks" \ -H "Authorization: Bearer YOUR_TOKEN"
/webhooks/{webhook_id}
Delete a webhook
curl -X DELETE "/webhooks/WEBHOOK_ID" \ -H "Authorization: Bearer YOUR_TOKEN"
Pro Tip: Webhooks include HMAC signatures for security. See the Webhooks page for management or read full documentation for signature verification examples.
Create and restore database backups for disaster recovery.
/backups
Create a new database backup
curl -X POST "/backups" \ -H "Authorization: Bearer YOUR_ADMIN_TOKEN"
/backups
List all backups
curl -X GET "/backups" \ -H "Authorization: Bearer YOUR_ADMIN_TOKEN"
/backups/{backup_id}/restore
Restore a backup (overwrites current database)
curl -X POST "/backups/BACKUP_ID/restore" \ -H "Authorization: Bearer YOUR_ADMIN_TOKEN"
/backups/{backup_id}
Delete a backup
curl -X DELETE "/backups/BACKUP_ID" \ -H "Authorization: Bearer YOUR_ADMIN_TOKEN"
Warning: Backup operations require admin authentication. Visit the Backups page for a user-friendly interface or automate backups with cron jobs.
Allow users to sign in with Google, GitHub, or Microsoft accounts.
/oauth/{provider}/login
Supported providers: google, github, microsoft
<!-- Simple HTML Button --> <a href="/oauth/google/login"> <button>Sign in with Google</button> </a> <a href="/oauth/github/login"> <button>Sign in with GitHub</button> </a> <a href="/oauth/microsoft/login"> <button>Sign in with Microsoft</button> </a>
/oauth/{provider}/callback
OAuth provider redirects here with authorization code
// JavaScript: Handle OAuth Redirect
function loginWithGoogle() {
// Redirect to OAuth login
window.location.href = '/oauth/google/login';
}
// On callback page (auto-handled by FastCMS)
// FastCMS automatically:
// 1. Exchanges code for access token
// 2. Fetches user profile
// 3. Creates/updates user account
// 4. Returns JWT tokens
// Response format:
// {
// "access_token": "eyJhbGc...",
// "refresh_token": "eyJhbGc...",
// "token_type": "bearer",
// "user": {
// "id": "uuid",
// "email": "user@gmail.com",
// "name": "John Doe",
// "verified": true,
// "oauth_provider": "google"
// }
// }
Full example with token storage and redirect
// Complete OAuth Integration Example
// 1. Add OAuth buttons to your login page
<div class="oauth-buttons">
<button onclick="loginWithGoogle()">
<img src="google-icon.svg"> Sign in with Google
</button>
<button onclick="loginWithGitHub()">
<img src="github-icon.svg"> Sign in with GitHub
</button>
</div>
<script>
// 2. Redirect functions
function loginWithGoogle() {
window.location.href = '/oauth/google/login';
}
function loginWithGitHub() {
window.location.href = '/oauth/github/login';
}
// 3. Handle callback (optional manual handling)
// FastCMS automatically handles the callback and returns tokens
// If you need custom callback handling:
const urlParams = new URLSearchParams(window.location.search);
const code = urlParams.get('code');
if (code) {
// Exchange code for tokens (handled automatically by FastCMS)
fetch('/oauth/google/callback?code=' + code)
.then(res => res.json())
.then(data => {
// Store tokens
localStorage.setItem('access_token', data.access_token);
localStorage.setItem('refresh_token', data.refresh_token);
// Redirect to dashboard
window.location.href = '/dashboard';
})
.catch(err => {
console.error('OAuth failed:', err);
alert('Login failed. Please try again.');
});
}
</script>
Setup Required: Configure OAuth providers in your .env file before use:
# .env file GOOGLE_CLIENT_ID=your-google-client-id GOOGLE_CLIENT_SECRET=your-google-client-secret GOOGLE_REDIRECT_URI=http://localhost:8000/api/v1/oauth/google/callback GITHUB_CLIENT_ID=your-github-client-id GITHUB_CLIENT_SECRET=your-github-client-secret GITHUB_REDIRECT_URI=http://localhost:8000/api/v1/oauth/github/callback
See full documentation for provider setup guides.
Manage application configuration values stored in the database.
/settings
Get all settings across all categories
curl -X GET "/settings" \ -H "Authorization: Bearer YOUR_ADMIN_TOKEN"
/settings/{category}
Get settings for a specific category (e.g., app, email, security)
curl -X GET "/settings/app" \ -H "Authorization: Bearer YOUR_ADMIN_TOKEN"
/settings
Create or update a setting
curl -X POST "/settings" \
-H "Authorization: Bearer YOUR_ADMIN_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"key": "maintenance_mode",
"value": false,
"category": "app",
"description": "Enable maintenance mode"
}'
/settings/{key}
Delete a setting by key
curl -X DELETE "/settings/old_setting" \ -H "Authorization: Bearer YOUR_ADMIN_TOKEN"
Feature flags, rate limits, and configuration
# Feature Flag Example
curl -X POST "/settings" \
-H "Authorization: Bearer YOUR_ADMIN_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"key": "enable_ai_features",
"value": true,
"category": "app",
"description": "Enable AI features"
}'
# Rate Limiting Example
curl -X POST "/settings" \
-H "Authorization: Bearer YOUR_ADMIN_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"key": "api_rate_limit",
"value": 100,
"category": "security",
"description": "Max API requests per minute"
}'
# File Upload Limit Example
curl -X POST "/settings" \
-H "Authorization: Bearer YOUR_ADMIN_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"key": "max_file_size",
"value": 10485760,
"category": "storage",
"description": "Maximum file size in bytes (10MB)"
}'
Categories: Settings are organized into categories like app, email, security, storage, and custom for easy management.
Get started with your frontend in minutes using these code examples.
Fetch API examples for web apps
Requests library examples
Command-line examples