API Reference
The MantleWP API lets you manage sites, generate reports, and access health data programmatically. All endpoints return JSON.
Base URL
https://mantlewp.com/api
Authentication
MantleWP supports two authentication methods depending on context. Session auth is used by the dashboard via NextAuth.js cookies. API Key auth is used by the WordPress plugin via the X-MantleWP-Key header. See Authentication for details.
Response Format
All responses return a consistent JSON structure. Success responses:
{
"data": { ... }
}
Error responses:
{
"error": {
"message": "Human-readable error",
"code": "ERROR_CODE",
"details": { ... }
}
}
Rate Limiting
Endpoints are rate-limited per API key or session to prevent abuse. When you exceed the limit, the API returns 429 Too Many Requests. Retry after a short delay.
Endpoint Overview
Sites
| Method | Endpoint | Description | Auth |
|---|
| POST | /api/sites | Add a new site | Session |
| GET | /api/sites | List all sites | Session |
| GET | /api/sites/[id] | Get site details | Session |
| PUT | /api/sites/[id] | Update site | Session |
| DELETE | /api/sites/[id] | Remove site | Session |
Reports
| Method | Endpoint | Description | Auth |
|---|
| POST | /api/reports | Create report record | Session |
| GET | /api/reports | List reports | Session |
| GET | /api/reports/[id] | Get report details | Session |
| POST | /api/reports/generate | Generate PDF report | Session |
| POST | /api/reports/[id]/send | Email report to clients | Session |
Schedules
| Method | Endpoint | Description | Auth |
|---|
| GET | /api/schedules | List schedules | Session |
| POST | /api/schedules | Create schedule | Session |
| PUT | /api/schedules/[id] | Update schedule | Session |
| DELETE | /api/schedules/[id] | Delete schedule | Session |
Branding
| Method | Endpoint | Description | Auth |
|---|
| GET | /api/branding | Get branding settings | Session |
| PUT | /api/branding | Update branding | Session |
| POST | /api/branding/logo | Upload logo | Session |
Ingest (WordPress Plugin)
| Method | Endpoint | Description | Auth |
|---|
| POST | /api/ingest/health | Submit health data | API Key |
| POST | /api/ingest/plugins | Submit plugin inventory | API Key |
| POST | /api/ingest/heartbeat | Uptime heartbeat | API Key |
Billing
| Method | Endpoint | Description | Auth |
|---|
| POST | /api/billing/checkout | Create checkout session | Session |
| POST | /api/billing/portal | Open billing portal | Session |
Webhooks
| Method | Endpoint | Description | Auth |
|---|
| POST | /api/webhooks/stripe | Stripe webhook handler | Stripe signature |
Error Codes
| Status | Meaning |
|---|
| 400 | Bad Request — invalid parameters or malformed request body |
| 401 | Unauthorized — missing or invalid authentication |
| 403 | Forbidden — authenticated but insufficient permissions |
| 404 | Not Found — resource does not exist |
| 429 | Rate Limited — too many requests |
| 500 | Internal Server Error — unexpected server issue |