Guest token
Get a token for public, unauthenticated access. The token has public:read scope and level = 0.
curl -X POST https://api.wapka.org/v1/auth/token \
-H "Content-Type: application/json" \
-d '{"site": "yoursite"}'| Field | Required | Type | Description |
|---|---|---|---|
site |
Yes | string | Your site subdomain |
Response:
{
"data": {
"token": "eyJhbGciOiJIUzI1NiIs...",
"site_id": 18448
},
"meta": { "requestId": "req_...", "timestamp": "..." }
}Use the token for all subsequent requests:
curl https://api.wapka.org/v1/posts \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."Note: Guest tokens can only read public content. For write access, use a login token or API key.
Login token
Authenticate with a username (or email) and password to get a full-access token.
curl -X POST https://api.wapka.org/v1/auth/login \
-H "Content-Type: application/json" \
-d '{
"site": "yoursite",
"username": "your-username",
"password": "your-password"
}'| Field | Required | Type | Description |
|---|---|---|---|
site |
Yes | string | Your site subdomain |
username |
Yes* | string | Account username (*or email) |
email |
Yes* | string | Account email (*or username) |
password |
Yes | string | Account password |
Response:
{
"data": {
"token": "eyJhbGciOiJIUzI1NiIs...",
"user": {
"id": 36012,
"username": "your-username",
"email": "you@example.com",
"level": 10,
"role": "superadmin",
"type": 1,
"type_label": "Active",
"avatar": "https://img.wapka.org/avatar.jpg",
"created_at": "2025-01-15T00:00:00Z"
}
},
"meta": { "requestId": "req_...", "timestamp": "..." }
}Tokens are valid for 24 hours. There is no refresh endpoint — authenticate again to get a new token.
Next: Users — manage site users and online visitors.