API Reference

Tenrankai provides HTTP APIs for gallery data, authentication, administration, and file uploads.

Authentication

API requests use the same session-based authentication as the web interface. Include the session cookie from a web login:

curl -b "session=your-session-cookie" http://localhost:3000/api/gallery/main/preview

Public galleries can be accessed without authentication.

Gallery API

Gallery API routes are prefixed with /api/gallery/{gallery_name}.

Gallery Preview

GET /api/gallery/{name}/preview

Returns preview data for a gallery (used by homepage widgets).

Gallery Data

GET /api/gallery/{name}/data/{path}

Returns JSON data for a gallery folder, including images and subfolders. Supports query parameters for pagination and filtering. The response includes grid_mode (string: "masonry" or "square") and max_columns (integer) reflecting the resolved settings for the folder (folder override > gallery setting > default).

Image Detail

GET /api/gallery/{name}/image/{path}

Returns JSON detail data for a specific image, including metadata, EXIF data, and available sizes.

Composite Preview

GET /api/gallery/{name}/composite/{path}

Returns a composite preview image for a folder (multiple thumbnails combined).

Image Metadata

GET /api/gallery/{name}/metadata/{path}

Returns metadata for an image (comments, picks, tags).

PUT /api/gallery/{name}/metadata/{path}

Updates metadata for an image. Requires appropriate permissions.

Comments

POST /api/gallery/{name}/comments/{path}

Adds a comment to an image. Requires can_add_comments permission. Supports area-specific comments with coordinate data.

PUT /api/gallery/{name}/comment/{comment_id}/edit/{image_path}

Edits an existing comment. Requires can_edit_own_comments or can_edit_any_comments permission.

DELETE /api/gallery/{name}/comment/{comment_id}/delete/{image_path}

Deletes a comment. Requires can_delete_own_comments or can_delete_any_comments permission.

Content Editing

PUT /api/gallery/{name}/folder-description/{path}

Updates a folder’s title and description. Requires can_edit_content permission.

PUT /api/gallery/{name}/image-description/{path}

Updates an image’s title and description. Requires can_edit_content permission.

AI Analysis

POST /api/gallery/{name}/analyze/{path}

Triggers AI analysis for a single image. Requires owner_access permission and OpenAI configuration.

POST /api/gallery/{name}/analyze-folder/{path}

Triggers AI analysis for all images in a folder. Requires owner_access permission.

Posts

POST /api/posts/{name}/refresh

Triggers a refresh of the posts index for the named posts system.

Gallery Web Routes

These routes serve HTML pages and images (not JSON APIs):

RouteDescription
{prefix}/Gallery root (folder listing)
{prefix}/{path}Gallery subfolder
{prefix}/image/{path}Image file (with ?size= query parameter)
{prefix}/_image/{path}Image file (path-based size format)
{prefix}/detail/{path}Image detail view (React SPA)
{prefix}/_download/{path}Download folder as ZIP archive
{prefix}/_raw/{path}Download associated RAW file

Authentication Routes

Email Login

RouteMethodDescription
/_loginGETLogin page
/_login/requestPOSTRequest email magic link
/_login/verifyGETVerify login token from email
/_login/logoutGETLog out and clear session
/_login/profileGETUser profile and passkey management
/_login/passkey-enrollmentGETPasskey enrollment page

WebAuthn/Passkeys

RouteMethodDescription
/api/webauthn/check-passkeysPOSTCheck if user has registered passkeys
/api/webauthn/register/startPOSTStart passkey registration ceremony
/api/webauthn/register/finish/{reg_id}POSTComplete passkey registration
/api/webauthn/authenticate/startPOSTStart passkey authentication
/api/webauthn/authenticate/finish/{auth_id}POSTComplete passkey authentication
/api/webauthn/passkeysGETList user’s registered passkeys
/api/webauthn/passkeys/{passkey_id}DELETEDelete a passkey
/api/webauthn/passkeys/{passkey_id}/namePUTRename a passkey

Auth Status

GET /api/verify

Check if the current session is authenticated. Returns user info if logged in.

Upload API (TUS Protocol)

Tenrankai supports resumable file uploads using the TUS protocol. Upload routes require can_manage_images permission.

RouteMethodDescription
/_uploadOPTIONSTUS capability discovery
/_upload/{gallery}OPTIONS, POSTCreate a new upload
/_upload/{gallery}/{upload_id}OPTIONS, HEAD, PATCH, DELETEResume, check, or cancel upload

The folder path is passed in the Upload-Metadata header (key: folderPath), not in the URL. Chunk size limit is 10MB.

Upload Example

# Create upload
curl -X POST "http://localhost:3000/_upload/main" \
  -b "session=..." \
  -H "Upload-Length: 1048576" \
  -H "Upload-Metadata: filename dGVzdC5qcGc=,folderPath L3ZhY2F0aW9u" \
  -H "Tus-Resumable: 1.0.0"

# Upload chunk
curl -X PATCH "http://localhost:3000/_upload/main/{upload_id}" \
  -b "session=..." \
  -H "Upload-Offset: 0" \
  -H "Content-Type: application/offset+octet-stream" \
  -H "Tus-Resumable: 1.0.0" \
  --data-binary @file.jpg

Admin API

Admin routes are prefixed with /_admin/api and require authentication with owner_access permission.

User Management

RouteMethodDescription
/_admin/api/usersGETList all users
/_admin/api/usersPOSTCreate a new user
/_admin/api/users/{username}GETGet user details
/_admin/api/users/{username}PUTUpdate user
/_admin/api/users/{username}DELETEDelete user
/_admin/api/users/{username}/invitePOSTSend login invitation email

Gallery Management

RouteMethodDescription
/_admin/api/galleriesGETList all galleries
/_admin/api/galleries/{name}GETGet gallery details
/_admin/api/galleries/{name}/permissionsPUTUpdate gallery permissions
/_admin/api/galleries/{gallery}/users/{username}/rolesGET, PUTGet or assign user roles
/_admin/api/galleries/{gallery}/watermark-folderPOSTCreate watermark folder

Image Management (Admin)

RouteMethodDescription
/_admin/api/galleries/{gallery}/imagesDELETEDelete images
/_admin/api/galleries/{gallery}/folders/{path}/images/hidePOSTHide/unhide images
/_admin/api/galleries/{gallery}/folders/{path}/createPOSTCreate folder
/_admin/api/galleries/{gallery}/folders/{path}DELETEDelete folder
/_admin/api/galleries/{gallery}/folders/{path}/renamePOSTRename folder
/_admin/api/galleries/{gallery}/folders/{path}/images/movePOSTMove images
/_admin/api/galleries/{gallery}/folders/{path}/images/copyPOSTCopy images

Role Management

RouteMethodDescription
/_admin/api/rolesGET, POSTList or create roles
/_admin/api/roles/{name}GET, PUT, DELETEGet, update, or delete a role
/_admin/api/permission-groupsGETList permission groups (for UI)

Site Management (ConfigStorage)

RouteMethodDescription
/_admin/api/sitesGETList all sites
/_admin/api/sites/{name}GET, PUTGet or update site config
/_admin/api/sites/{site}/galleriesGETList galleries for a site
/_admin/api/sites/{site}/galleries/{name}GET, PUT, DELETEManage site gallery config
/_admin/api/sites/{site}/galleries/{gallery}/foldersGETList gallery folders
/_admin/api/sites/{site}/galleries/{gallery}/folders/{path}GET, PUTGet or update folder permissions
/_admin/api/sites/{site}/galleries/{gallery}/folders/{path}/sharePOSTGenerate share link for folder
/_admin/api/sites/{site}/galleries/{gallery}/folders/{path}/imagesGETList images in folder
/_admin/api/sites/{site}/permissionsGET, PUTGet or update site permissions
/_admin/api/sites/{site}/reloadPOSTReload site configuration

Theme Management

RouteMethodDescription
/_admin/api/themeGETGet current theme
/_admin/api/themePUTUpdate theme
/_admin/api/themeDELETEReset theme to defaults

Admin UI

The Admin UI is a React SPA served at /_admin/ and /_admin/{*path}.

Other Routes

RouteMethodDescription
/GETHomepage (template)
/{path}GETTemplate page (catch-all)
/static/{path}GETStatic file serving
/theme.cssGETGenerated theme CSS
/robots.txtGETRobots.txt
/api/verifyGETAuth status check
/api/refresh-static-versionsPOSTRefresh static file cache-busting versions

Next Steps