Settings & Locales

Public endpoints used by frontends to bootstrap site identity and language switchers — no API key required.

Site settings

GET /api/v1/settings

Returns the subset of settings flagged as publicly visible (site name, logo, social links, default SEO, etc.). Internal settings (SMTP credentials, integration secrets) are never exposed here.

GET /api/v1/settings?locale=en

200 OK
{
  "data": {
    "site": {
      "name":     "DM Editors",
      "tagline":  "Headless CMS for modern teams",
      "logo":     "https://your-host/storage/media/logo.svg",
      "favicon":  "https://your-host/storage/media/favicon.png",
      "default_locale": "en"
    },
    "seo": {
      "default_title":       "{entry_title} — DM Editors",
      "default_description": "Made with DM Editors.",
      "og_image":            "https://your-host/storage/media/og.png"
    },
    "social": {
      "twitter":  "https://x.com/…",
      "linkedin": "https://linkedin.com/company/…",
      "github":   "https://github.com/…",
      "youtube":  "https://youtube.com/@…"
    }
  },
  "meta":  { "locale": "en" },
  "error": null
}

Locale resolution

Pass ?locale=es to request translated values for translatable settings.
Without a query param, the server inspects the Accept-Language header.
Falls back to the site's default locale (languages.is_default = true).

Locales

GET /api/v1/i18n/locales

Returns the list of active languages so the frontend can render a switcher.

GET /api/v1/i18n/locales

200 OK
{
  "data": [
    { "code": "en", "name": "English", "native_name": "English", "direction": "ltr", "is_default": true,  "sort_order": 0 },
    { "code": "es", "name": "Spanish", "native_name": "Español", "direction": "ltr", "is_default": false, "sort_order": 1 },
    { "code": "hi", "name": "Hindi",   "native_name": "हिन्दी",   "direction": "ltr", "is_default": false, "sort_order": 2 },
    { "code": "ar", "name": "Arabic",  "native_name": "العربية",  "direction": "rtl", "is_default": false, "sort_order": 3 }
  ],
  "error": null
}

Why this is public

Both endpoints are intended to be called on every page load from the frontend (server-side render or hydration). Putting them behind an API key would force every static site builder, edge function, or SPA to ship a secret — instead, the contract is "safe-to-read data only." If you need to expose extra settings, mark them publicly visible in the admin Settings UI.

Cache aggressivelyThese responses are static between admin changes. Add a CDN cache layer with a short TTL (1–5 min) and a webhook on settings.updated to purge.