diff --git a/api.php b/api.php
index 80be0cf8..919ff07d 100644
--- a/api.php
+++ b/api.php
@@ -168,6 +168,33 @@ elseif(isset($_GET['customdns']) && $auth)
 
 	require("scripts/pi-hole/php/customdns.php");
 }
+elseif(isset($_GET['customcname']) && $auth)
+{
+	if(isset($_GET["auth"]))
+	{
+	if($_GET["auth"] !== $pwhash)
+		die("Not authorized!");
+	}
+	else
+	{
+		// Skip token validation if explicit auth string is given
+		check_csrf($_GET['token']);
+	}
+
+	switch ($_GET["action"]) {
+		case 'get':
+			$_POST['action'] = 'get';
+			break;
+		case 'add':
+			$_POST['action'] = 'add';
+			break;
+		case 'delete':
+			$_POST['action'] = 'delete';
+			break;
+		}
+
+	require("scripts/pi-hole/php/customcname.php");
+}
 
 // Other API functions
 require("api_FTL.php");
diff --git a/scripts/pi-hole/php/customcname.php b/scripts/pi-hole/php/customcname.php
index 060799e2..a34a8915 100644
--- a/scripts/pi-hole/php/customcname.php
+++ b/scripts/pi-hole/php/customcname.php
@@ -5,11 +5,13 @@
     require_once('auth.php');
 
     // Authentication checks
-    if (isset($_POST['token'])) {
-        check_cors();
-        check_csrf($_POST['token']);
-    } else {
-        log_and_die('Not allowed (login session invalid or expired, please relogin on the Pi-hole dashboard)!');
+    if (!isset($api)) {
+        if (isset($_POST['token'])) {
+            check_cors();
+            check_csrf($_POST['token']);
+        } else {
+            log_and_die('Not allowed (login session invalid or expired, please relogin on the Pi-hole dashboard)!');
+        }
     }