GET Request from Admin/Post API is not working

  • What’s your URL?

  • What version of Ghost are you using? v5.49.0, just upgraded before opening this and I’m still having the issue.

  • How was Ghost installed and configured? via my Hostinger VPS.

  • What Node version, database, OS & browser are you using? Node: v16.20.0 Windows 11 (latest version), Brave v1.51.114

  • What errors or information do you see in the console?
    Well, this is a two fold question for me.
    I tried visiting the URL in the browser and this is the error I got:
    {"errors":[{"message":"Resource not found","context":null,"type":"NotFoundError","details":null,"property":null,"help":null,"code":null,"id":"48406a90-f66e-11ed-a71c-8f22bd906a63","ghostErrorCode":null}]}
    I am attempting to make an Obsidian plugin and the API is failing when I test it and this is what shows in that console (not helpful which is why I shared the above)

caught (in promise) Error: Request failed, status 404
    at new t (app.js:1:1668159)
    at tU (app.js:1:1668351)
    at app.js:1:1669028
    at app.js:1:235927
    at (app.js:1:236032)
    at a (app.js:1:234750)

This is the code I’m using to test the API…

const token = sign({}, Buffer.from(secret, "hex"), {
		keyid: id,
		algorithm: "HS256",
		expiresIn: "5m",
		audience: `/${version}/admin/`,
console.log('token ', token);
const apiTest = await request({
		url: `${settings.url}/ghost/api/${version}/admin/posts/?formats=html,mobiledoc`,
		method: "GET",
		contentType: "application/json",
		headers: {
			"Access-Control-Allow-Methods": "GET",
			"Content-Type": "application/json;charset=utf-8",
			Authorization: `Ghost ${token}`,

The token loads fine and displays in the console but the apiTest does not. So, I know there is something there.
This is how my variables are defined (from above)

settings.url =
version = v5
base_url = /ghost
const key = settings.adminToken;
settings.adminToken = the long code with a colon separator (:) from creating an integration in my admin panel
const [id, secret] = key.split(":");

I don’t see any issues. Am I missing something?

EDIT/Update: I’m also trying to switch from using the Buffer.from... part of my code as I want/need this to work (whole point of me coding this as it doesn’t work already) on iOS.
Someone pointed me in the direction of jsrsasign - npm
Though that seems to be for websites only. I attempted to get it working via my code but ended up with the following image:

Then when I ran that npm code I got the following:

npm i --save-dev @types/jsrsasign-util
npm ERR! code E404
npm ERR! 404 Not Found - GET - Not found
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.

npm ERR! A complete log of this run can be found in:
npm ERR!     C:\Users\dudet\AppData\Local\npm-cache\_logs\2023-05-19T17_47_26_347Z-debug-0.log

So, it doesn’t work. I just need a way to create the token in such a way that it works for the API and doesn’t need Node.js at all. I want people to be able to install and setup this plugin on their iPads or iPhones or Androids and not need to clone and run my repo.

Other plugins have this possibility but looking at their code, it appears they don’t have a strange hex token or whatever Ghost needs. So it seems very difficult if not impossible.

The 404 is because does not exist!

Since version 5 we have moved the api version from the path of the URL and instead use an Accept-Version header - you can see more in our Admin API SDK SDK/admin-api.js at main · TryGhost/SDK · GitHub

If you instead make a request to and include the Accept-Version header with a value of 'v5.0' you should get something working :dancer:

As for your TypeScript error - it tells you to create a new .d.ts file with the contents declare module 'jsrsasign'; you should be able to stick this in a file like jsrsasign.d.ts in the same directory as your code.

In addition to that, it looks like isn’t hosting a Ghost site - it shows the default Hostinger page and the 404 is an HTML response, instead of JSON.

Weird, on all of my browsers (phone, iPad, Desktop, etc.) it shows my ghost site.

Can you share a screenshot of what you see?

Alright, I’ll try those later on today, thank you.


Thanks, I’ll have to contact my host about that one. I have their premium web hosting and a VPS and I use the web hosting for email and then my VPS for ghost so something must be odd about it. Weird that all of my IPs work (I was even using Wi-fi an hour away and that worked fine) but you are seeing that.

Can you try clearing your cookies? My host is saying you are seeing a cache’d version which doesn’t make sense to me if you have never visited before.

I tried incognito, and even a curl is showing the same issue:

>curl -I
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.32
content-type: text/html; charset=UTF-8
date: Fri, 19 May 2023 18:54:51 GMT
server: LiteSpeed
platform: Hostinger
content-security-policy: upgrade-insecure-requests
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"