Old API (v3.1.0 and below)
This page describes CTFOJ's API and how to use it. All endpoints labelled with 
To get started, generate an API key on the settings page.
Found a bug? File a bug report here
All GET requests that require authentication should pass the api key as a query parameter. For example, /api/endpoint?key=00000000-0000-0000-0000-000000000000
All POST requests that require authentication should pass the api key as part of the post data.
All Markdown responses will return a Markdown file containing the requested Markdown content.
Request (curl):
curl http://127.0.0.1:5000/api/problem/description/helloworld?key=00000000-0000-0000-0000-000000000000
Response:
Here's a sample Hello World problem. It can include [links](https://www.youtube.com/watch?v=dQw4w9WgXcQ) because it uses Markdown!
The flag for this problem is: `CTF{welcome_to_ctf_club}`This endpoint is used to get the problem description with the specified problem id.
| Status Code | Meaning | Response Format |
|---|---|---|
| 401 | You are unauthorized; make sure you have included a valid session cookie in your request | None |
| 404 | The problem referenced by the problem_id does not exist | None |
| 200 | The request has succeeded | Markdown |
This endpoint is used to get any hints associated with the specified problem id. If there are no hints, the response body will be empty.
| Status Code | Meaning | Response Format |
|---|---|---|
| 401 | You are unauthorized; make sure you have included a valid session cookie in your request | None |
| 404 | The problem referenced by the problem_id does not exist | None |
| 200 | The request has succeeded | Markdown |
This endpoint is used to get the editorial associated with the specified problem id. If the problem does not have an editorial, the response body will be empty.
| Status Code | Meaning | Response Format |
|---|---|---|
| 401 | You are unauthorized; make sure you have included a valid session cookie in your request | None |
| 404 | The problem referenced by the problem_id does not exist | None |
| 200 | The request has succeeded | Markdown |
This endpoint is used to get the problem description with the specified contest & problem id.
| Status Code | Meaning | Response Format |
|---|---|---|
| 401 | You are unauthorized; make sure you have included a valid session cookie in your request | None |
| 404 | The problem or contest referenced by the problem_id or contest_id does not exist | None |
| 200 | The request has succeeded | Markdown |
This endpoint is used to get any hints associated with specified contest & problem id. If there are no hints, the response body will be empty.
| Status Code | Meaning | Response Format |
|---|---|---|
| 401 | You are unauthorized; make sure you have included a valid session cookie in your request | None |
| 404 | The problem or contest referenced by the problem_id or contest_id does not exist | None |
| 200 | The request has succeeded | Markdown |
This endpoint is used to get the description of the contest with the specified contest id.
| Status Code | Meaning | Response Format |
|---|---|---|
| 401 | You are unauthorized; make sure you have included a valid session cookie in your request | None |
| 404 | The contest referenced by the contest_id does not exist | None |
| 200 | The request has succeeded | Markdown |
This endpoint is used to get the contents of an announcement with the specified id. Authentication will be required if the site requires logging in to view announcements.
| Status Code | Meaning | Response Format |
|---|---|---|
| 401 | You are unauthorized | None |
| 404 | The announcement referenced by the announcement_id does not exist | None |
| 200 | The request has succeeded | Markdown |
This endpoint is used to get the contents of the homepage, if it is enabled. If the homepage is disabled, admin authentication will be required.
| Status Code | Meaning | Response Format |
|---|---|---|
| 403 | The homepage is disabled and you are not an admin | None |
| 200 | The request has succeeded | Markdown |
These API endpoints are used internally, and should not be used.
-
POST/api/getkey