API Overview
Niuton exposes a RESTful JSON API at /api/. All endpoints require authentication unless noted otherwise.
Base URL
https://your-domain.net/api/Authentication
All API requests must include a valid session cookie or Bearer token. See Authentication for details.
Response Format
All endpoints return JSON:
json
// Success
{
"success": true,
"data": { ... }
}
// Error
{
"success": false,
"error": "Error message"
}Available Endpoints
| Endpoint | Description | Documentation |
|---|---|---|
/api/login.php | Authentication & 2FA | Auth |
/api/filesystem.php | File operations | Filesystem |
/api/sync.php | Delta sync protocol | Sync |
/api/team-chat.php | Chat rooms & messages | Team Chat |
/api/assistant.php | Aurora AI | Assistant |
/api/apps.php | App management | Apps |
/api/desktop-components.php | Desktop overrides & profiles | Desktop Components |
/api/trash.php | Trash operations | — |
/api/routines.php | Routine management & execution | — |
/api/settings.php | User settings | — |
/api/system-config.php | Admin config | — |
Request Methods
- GET — Read operations (list, get, search)
- POST — Create and action operations
- DELETE — Remove operations (where applicable)
Most endpoints use the action query parameter to determine the operation:
GET /api/filesystem.php?action=list&path=/Documents
POST /api/team-chat.php?action=sendRate Limiting
Authentication endpoints enforce rate limiting:
- 5 failed attempts → 15-minute lockout
- Tracked per username in
niuton_login_attemptstable
Content Types
- Request:
application/jsonorapplication/x-www-form-urlencoded - Response:
application/json - File uploads:
multipart/form-data