Private API
The Private API is Pagoti's token-authenticated API for servers, build pipelines, background jobs, and internal tooling. It now supports both read and write flows for project-scoped endpoints, so splitting the guide by topic keeps it easier to navigate.
For the high-level API comparison, start on the documentation overview.
Key characteristics
- Token-protected: authenticate every request with a Bearer token
- Server-friendly: built for backend and automation use cases
- Unrestricted origins: requests can come from anywhere
- Project-scoped: dashboard-created tokens are tied to a single project
- Ability-aware: token abilities control whether project-scoped requests can read, write, or both
Base URL
https://pagoti.com/api/v1
Start here
Authentication and access
How to send Bearer tokens, how project scope works, and how access:read / access:write affect requests.
Read the authentication guide →
Projects
List, create, fetch, update, and delete projects.
Pages
List, create, fetch, update, and delete pages inside a project.
Media
List media for a project.
Available endpoint groups
Projects
GET /projectsPOST /projectsGET /projects/{project}PUT /projects/{project}DELETE /projects/{project}
Pages
GET /projects/{project}/pagesPOST /projects/{project}/pagesGET /projects/{project}/pages/{page}PUT /projects/{project}/pages/{page}DELETE /projects/{project}/pages/{page}
Media
GET /projects/{project}/media
Media remains read-only in the private API at the moment.
Security warning
Never embed Private API tokens in frontend bundles, mobile apps, or public repositories. Use the Public API for browser-delivered experiences.
Rate limits
Private API requests are rate limited per user and tier. When you exceed your allowance, the API returns 429 Too Many Requests.
Common status codes
200 OKfor successful reads and updates201 Createdfor successful creates204 No Contentfor successful deletes401 Unauthorizedwhen authentication is missing403 Forbiddenwhen scope or ability checks fail404 Not Foundwhen a route-bound resource cannot be found422 Unprocessable Contentwhen validation fails