Skip to content

REST requests

Request method

Depending on the HTTP method used, different actions will be possible on the same resource. Example:

Action Description
GET /content/objects/2/versions/3 Fetches data about version #3 of Content item #2
PATCH /content/objects/2/versions/3 Updates the version #3 draft of Content item #2
DELETE /content/objects/2/versions/3 Deletes the (draft or archived) version #3 from Content item #2
COPY /content/objects/2/versions/3 Creates a new draft version of Content item #2 from its version #3
PUBLISH /content/objects/2/versions/3 Promotes the version #3 of Content item #2 from draft to published
OPTIONS /content/objects/2/versions/3 Lists all the methods usable with this resource, the 5 ones above

The following list of available methods gives an overview of the kind of action a method triggers on a resource, if available. For method action details per resource, see the REST API reference.

HTTP method Status Description Safe
OPTIONS Standard List available methods Yes
GET Standard Collect data Yes
HEAD Standard Check existence Yes
POST Standard Create an item No
PATCH Custom Update an item No
COPY Custom Duplicate an item No
MOVE Custom Move an item No
SWAP Custom Swap two Locations No
PUBLISH Custom Publish an item No
DELETE Standard Remove an item No

Caution with custom HTTP methods

Using custom HTTP methods can cause issues with several HTTP proxies, network firewall/security solutions and simpler web servers. To avoid issues with this, REST API allows you to set these using the HTTP header X-HTTP-Method-Override alongside the standard POST method instead of using a custom HTTP method. For example: X-HTTP-Method-Override: PUBLISH

If applicable, both methods are always mentioned in the specifications.

Unsafe methods will require a CSRF token if session-based authentication is used.

OPTIONS method

Any URI resource that the REST API responds to will respond to an OPTIONS request.

The response contains an Allow header, which lists the methods accepted by the resource.

1
curl -IX OPTIONS https://api.example.com/api/ezp/v2/content/objects/1
1
2
OPTIONS /content/objects/1 HTTP/1.1
Host: api.example.com
1
2
HTTP/1.1 200 OK
Allow: PATCH,GET,DELETE,COPY
1
curl -IX OPTIONS https://api.example.com/api/ezp/v2/content/locations/1/2
1
2
OPTIONS /content/locations/1/2 HTTP/1.1
Host: api.example.com
1
2
HTTP/1.1 200 OK
Allow: GET,PATCH,DELETE,COPY,MOVE,SWAP

Request headers

You can use the following HTTP headers with a REST request:

  • Accept describing the desired response type and format;
  • Content-Type describing the payload type and format;
  • X-Siteaccess specifying the target SiteAccess;
  • X-HTTP-Method-Override allowing to pass a custom method while using POST method as previously seen in HTTP method.
  • Destination specifying where to move an item

Other headers related to authentication methods can be found in REST API authentication.

SiteAccess

In order to specify a SiteAccess when communicating with the REST API, provide a custom X-Siteaccess header. Otherwise, the default SiteAccess is used.

The following example shows what could be a SiteAccess called restapi dedicated to REST API accesses:

1
2
3
4
GET / HTTP/1.1
Host: api.example.com
Accept: application/vnd.ez.api.Root+json
X-Siteaccess: restapi

One of the principles of REST is that the same resource (such as Content item, Location, Content Type) should be unique. It allows caching your REST API using a reverse proxy such as Varnish. If the same resource is available in multiple locations, cache purging is noticeably more complex. This is why SiteAccess matching with REST is not enabled at URL level (or domain).

Media types

On top of methods, HTTP request headers allow you to personalize the request's behavior. On every resource, you can use the Accept header to indicate which format you want to communicate in, JSON or XML. This header is also used to specify the response type you want the server to send when multiple types are available.

  • Accept: application/vnd.ez.api.Content+xml to get Content (full data, Fields included) as XML
  • Accept: application/vnd.ez.api.ContentInfo+json to get ContentInfo (metadata only) as JSON

Media types are also used with the Content-Type header to characterize a request body or a response body. See Creating content with binary attachments below. Also see Creating session examples.

If the resource only returns one media type, it is also possible to skip it and to just specify the format using application/xml or application/json.

A response indicates hrefs to related resources and their media types.

Destination

The Destination request header is the request counterpart of the Location response header. It is used for a COPY, MOVE or SWAP operation to indicate where the resource should be moved, copied to or swapped with by using the ID of the parent or target Location.

Examples of such requests are:

Request body

You can pass some short scalar parameters in the URIs or as GET parameters, but other resources need heavier structured payloads passed in the request body, in particular the ones to create (POST) or update (PATCH) items. In the REST API reference, request payload examples are given when needed.

One example is the creation of an authentication session.

When creating a Content item, a special payload is needed if the ContentType has some Image or BinaryFile Fields as files need to be attached. See the example of a script uploading images below.

When searching for Content items (or Locations), the query grammar is also particular. See the Search section below.

Creating content with binary attachments

The example below is a command-line script to upload images.

This script:

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
<?php declare(strict_types=1);

if ($argc < 2) {
    // Print script usage
    echo "Usage: php {$argv[0]} <FILE_PATH> [<IMAGE_NAME>]\n";
    exit(1);
}

if (!is_file($argv[1])) {
    echo "{$argv[1]} doesn't exist or is not a file.\n";
    exit(2);
}

// URL to Ibexa DXP installation and its REST API
$host = 'api.example.com';
$scheme = 'https';
$api = '/api/ezp/v2';
$baseUrl = "{$scheme}://{$host}{$api}";

// User credentials
$username = 'admin';
$password = 'publish';

// Targets
$contentTypeId = 5; // "Image"
$parentLocationPath = '1/43/51'; // "Media > Images"
$sectionId = 3; // "Media"

$fileName = basename($argv[1]);
$fileSize = filesize($argv[1]);
$fileContent = base64_encode(file_get_contents($argv[1]));
$name = $argv[2] ?? $fileName;

// Request payload
$data = <<<XML
<?xml version="1.0" encoding="UTF-8"?>
<ContentCreate>
  <ContentType href="$api/content/types/$contentTypeId" />
  <mainLanguageCode>eng-GB</mainLanguageCode>
  <LocationCreate>
    <ParentLocation href="$api/content/locations/$parentLocationPath" />
    <sortField>PATH</sortField>
    <sortOrder>ASC</sortOrder>
  </LocationCreate>
  <Section href="$api/content/sections/$sectionId" />
  <fields>
    <field>
      <fieldDefinitionIdentifier>name</fieldDefinitionIdentifier>
      <fieldValue>$name</fieldValue>
    </field>
    <field>
      <fieldDefinitionIdentifier>caption</fieldDefinitionIdentifier>
      <fieldValue>
        <value key="xml"><![CDATA[<section xmlns="http://ez.no/namespaces/ezpublish5/xhtml5/edit"><h1>$name</h1></section>]]></value>
      </fieldValue>
    </field>
    <field>
      <fieldDefinitionIdentifier>image</fieldDefinitionIdentifier>
      <fieldValue>
        <value key="fileName">$fileName</value>
        <value key="fileSize">$fileSize</value>
        <value key="data"><![CDATA[$fileContent]]></value>
      </fieldValue>
    </field>
  </fields>
</ContentCreate>
XML;

$curl = curl_init();
$responseHeaders = [];
$doc = new DOMDocument();

curl_setopt_array($curl, [
    CURLOPT_USERPWD => "$username:$password",
    CURLOPT_URL => "$baseUrl/content/objects",
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => $data,
    CURLOPT_HTTPHEADER => [
        'Content-Type: application/vnd.ez.api.ContentCreate+xml',
        'Accept: application/vnd.ez.api.ContentInfo+xml',
    ],
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HEADERFUNCTION => static function ($curl, $header) {
        global $responseHeaders;
        $responseHeaders[] = $header;

        return strlen($header);
    },
]);

$response = curl_exec($curl);

if ($error = curl_error($curl)) {
    echo "cURL error: $error\n";
    curl_close($curl);
    exit(3);
}

if (201 !== $responseCode = curl_getinfo($curl, CURLINFO_RESPONSE_CODE)) {
    if (!empty($response) && $doc->loadXML($response) && 'ErrorMessage' === $doc->firstChild->nodeName) {
        echo "Server error: {$doc->getElementsByTagName('errorCode')->item(0)->nodeValue} {$doc->getElementsByTagName('errorMessage')->item(0)->nodeValue}\n";
        echo "\t{$doc->getElementsByTagName('errorDescription')->item(0)->nodeValue}\n";
        curl_close($curl);
        exit(4);
    }
    $error = $responseHeaders[0] ?? $responseCode;
    echo "Server error: $error\n";
    curl_close($curl);
    exit(5);
}

$doc->loadXML($response);

if ('Content' !== $doc->firstChild->nodeName || !$doc->firstChild->hasAttribute('id')) {
    echo "Response error: Unexpected response structure\n";
    curl_close($curl);
    exit(6);
}

$contentId = $doc->firstChild->getAttribute('id');

curl_reset($curl);
$responseHeaders = [];

curl_setopt_array($curl, [
    CURLOPT_USERPWD => "$username:$password",
    CURLOPT_URL => "$baseUrl/content/objects/$contentId/versions/1",
    CURLOPT_POST => true,
    CURLOPT_HTTPHEADER => [
        'X-HTTP-Method-Override: PUBLISH',
        'Accept: application/json',
    ],
    CURLOPT_RETURNTRANSFER => true,
]);

$response = curl_exec($curl);

if ($error = curl_error($curl)) {
    echo "cURL error: $error\n";
    curl_close($curl);
    exit(7);
}

if (204 !== $responseCode = curl_getinfo($curl, CURLINFO_RESPONSE_CODE)) {
    if (!empty($response) && $doc->loadXML($response) && 'ErrorMessage' === $doc->firstChild->nodeName) {
        echo "Server error: {$doc->getElementsByTagName('errorCode')->item(0)->nodeValue} {{$doc->getElementsByTagName('errorMessage')->item(0)->nodeValue}\n";
        echo "\t{$doc->getElementsByTagName('errorDescription')->item(0)->nodeValue}\n";
        curl_close($curl);
        exit(8);
    }
    $error = $responseHeaders[0] ?? $responseCode;
    echo "Server error: $error\n";
    exit(9);
}

echo "Success: Image Content item created with ID $contentId and published\n";

curl_close($curl);
exit(0);
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
<?php declare(strict_types=1);

if ($argc < 2) {
    // Print script usage
    echo "Usage: php {$argv[0]} <FILE_PATH> [<IMAGE_NAME>]\n";
    exit(1);
}

if (!is_file($argv[1])) {
    echo "{$argv[1]} doesn't exist or is not a file.\n";
    exit(2);
}

// URL to Ibexa DXP installation and its REST API
$host = 'api.example.com';
$scheme = 'https';
$api = '/api/ezp/v2';
$baseUrl = "{$scheme}://{$host}{$api}";

// User credentials
$username = 'admin';
$password = 'publish';

// Targets
$contentTypeId = 5; // "Image"
$parentLocationPath = '1/43/51'; // "Media > Images"
$sectionId = 3; // "Media"

// Request payload
$data = [
    'ContentCreate' => [
        'ContentType' => [
            '_href' => "$api/content/types/$contentTypeId",
        ],
        'mainLanguageCode' => 'eng-GB',
        'LocationCreate' => [
            'ParentLocation' => [
                '_href' => "$api/content/locations/$parentLocationPath",
            ],
            'sortField' => 'PATH',
            'sortOrder' => 'ASC',
        ],
        'Section' => [
            '_href' => "$api/content/sections/$sectionId",
        ],
        'fields' => [
            'field' => [
                [
                    'fieldDefinitionIdentifier' => 'name',
                    'fieldValue' => $argv[2] ?? basename($argv[1]),
                ],
                [
                    'fieldDefinitionIdentifier' => 'image',
                    'fieldValue' => [
                        // Original file name
                        'fileName' => basename($argv[1]),
                        // File size in bytes
                        'fileSize' => filesize($argv[1]),
                        // File content must be encoded as Base64
                        'data' => base64_encode(file_get_contents($argv[1])),
                    ],
                ],
            ],
        ],
    ],
];

$curl = curl_init();
$responseHeaders = [];

curl_setopt_array($curl, [
    CURLOPT_USERPWD => "$username:$password",
    CURLOPT_URL => "$baseUrl/content/objects",
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => json_encode($data),
    CURLOPT_HTTPHEADER => [
        'Content-Type: application/vnd.ez.api.ContentCreate+json',
        'Accept: application/vnd.ez.api.ContentInfo+json',
    ],
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HEADERFUNCTION => static function ($curl, $header) {
        global $responseHeaders;
        $responseHeaders[] = $header;

        return strlen($header);
    },
]);

$response = curl_exec($curl);

if ($error = curl_error($curl)) {
    echo "cURL error: $error\n";
    curl_close($curl);
    exit(3);
}

if (201 !== $responseCode = curl_getinfo($curl, CURLINFO_RESPONSE_CODE)) {
    $response = json_decode($response, true);
    if (is_array($response) && array_key_exists('ErrorMessage', $response)) {
        echo "Server error: {$response['ErrorMessage']['errorCode']} {$response['ErrorMessage']['errorMessage']}\n";
        echo "\t{$response['ErrorMessage']['errorDescription']}\n";
        curl_close($curl);
        exit(4);
    }
    $error = $responseHeaders[0] ?? $responseCode;
    echo "Server error: $error\n";
    curl_close($curl);
    exit(5);
}

$response = json_decode($response, true);

if (!(array_key_exists('Content', $response) && array_key_exists('_id', $response['Content']))) {
    echo "Response error: Unexpected response structure\n";
    curl_close($curl);
    exit(6);
}

$contentId = $response['Content']['_id'];

curl_reset($curl);
$responseHeaders = [];

curl_setopt_array($curl, [
    CURLOPT_USERPWD => "$username:$password",
    CURLOPT_URL => "$baseUrl/content/objects/$contentId/versions/1",
    CURLOPT_POST => true,
    CURLOPT_HTTPHEADER => [
        'X-HTTP-Method-Override: PUBLISH',
        'Accept: application/json',
    ],
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HEADERFUNCTION => static function ($curl, $header) {
        global $responseHeaders;
        $responseHeaders[] = $header;

        return strlen($header);
    },
]);

$response = curl_exec($curl);

if ($error = curl_error($curl)) {
    echo "cURL error: $error\n";
    curl_close($curl);
    exit(7);
}

if (204 !== $responseCode = curl_getinfo($curl, CURLINFO_RESPONSE_CODE)) {
    $response = json_decode($response, true);
    if (is_array($response) && array_key_exists('ErrorMessage', $response)) {
        echo "Server error: {$response['ErrorMessage']['errorCode']} {$response['ErrorMessage']['errorMessage']}\n";
        echo "\t{$response['ErrorMessage']['errorDescription']}\n";
        curl_close($curl);
        exit(8);
    }
    $error = $responseHeaders[0] ?? $responseCode;
    echo "Server error: $error\n";
    exit(9);
}

echo "Success: Image Content item created with ID $contentId and published\n";

curl_close($curl);
exit(0);

Search (/views)

The /views route allows you to search in the repository. It works similarly to its PHP API counterpart.

The model allows combining criteria using the logical operators AND, OR and NOT.

Almost all Search Criteria are available in REST API. The suffix Criterion is added when used with REST API.

Almost all Sort Clauses are available too. They require no additional prefix or suffix.

The search request has a Content-Type: application/vnd.ez.api.ViewInput+xml or +json header to specify the format of its body's payload. The root node is <ViewInput> and it has two mandatory children: <identifier> and <Query>.

You can add version=1.1 to the Content-Type header to support the distinction between ContentQuery and LocationQuery instead of just Query which implicitly looks only for Content items.

The following examples search for article and news typed Content items everywhere or for Content items of all types directly under Location 123. All those Content items must be in the standard Section.

1
Content-Type: application/vnd.ez.api.ViewInput+xml
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
<?xml version="1.0" encoding="UTF-8"?>
<ViewInput>
  <identifier>test</identifier>
  <Query>
    <Filter>
        <AND>
            <OR>
                <ContentTypeIdentifierCriterion>article</ContentTypeIdentifierCriterion>
                <ContentTypeIdentifierCriterion>news</ContentTypeIdentifierCriterion>
                <ParentLocationIdCriterion>123</ParentLocationIdCriterion>
            </OR>
            <SectionIdentifierCriterion>standard</SectionIdentifierCriterion>
        </AND>
    </Filter>
    <limit>10</limit>
    <offset>0</offset>
    <SortClauses>
      <ContentName>ascending</ContentName>
    </SortClauses>
  </ContentQuery>
</ViewInput>
1
Content-Type: application/vnd.ez.api.ViewInput+xml; version=1.1
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
<?xml version="1.0" encoding="UTF-8"?>
<ViewInput>
  <identifier>test</identifier>
  <ContentQuery>
    <Filter>
        <AND>
            <OR>
                <ContentTypeIdentifierCriterion>article</ContentTypeIdentifierCriterion>
                <ContentTypeIdentifierCriterion>news</ContentTypeIdentifierCriterion>
                <ParentLocationIdCriterion>123</ParentLocationIdCriterion>
            </OR>
            <SectionIdentifierCriterion>standard</SectionIdentifierCriterion>
        </AND>
    </Filter>
    <limit>10</limit>
    <offset>0</offset>
    <SortClauses>
      <ContentName>ascending</ContentName>
    </SortClauses>
  </ContentQuery>
</ViewInput>
1
Content-Type: application/vnd.ez.api.ViewInput+json
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
{
  "ViewInput": {
    "identifier": "test",
    "Query": {
      "Filter": {
        "AND": {
          "OR": {
            "ContentTypeIdentifierCriterion": [
              "article",
              "news"
            ],
            "ParentLocationIdCriterion": 123
          },
          "SectionIdentifierCriterion": "standard"
        }
      },
      "limit": "10",
      "offset": "0",
      "SortClauses": { "ContentName": "ascending" }
    }
  }
}
1
Content-Type: application/vnd.ez.api.ViewInput+json; version=1.1
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
{
  "ViewInput": {
    "identifier": "test",
    "ContentQuery": {
      "Filter": {
        "AND": {
          "OR": {
            "ContentTypeIdentifierCriterion": [
              "article",
              "news"
            ],
            "ParentLocationIdCriterion": 123
          },
          "SectionIdentifierCriterion": "standard"
        }
      },
      "limit": "10",
      "offset": "0",
      "SortClauses": { "ContentName": "ascending" }
    }
  }
}

Note

In JSON, the structure for ContentTypeIdentifierCriterion with multiple values has a slightly different format as keys must be unique. In JSON, if there is only one item in SortClauses, it can be passed directly without an array to wrap it.

You can omit logical operators. If Criteria are of mixed types, they are wrapped in an implicit AND. If they are of the same type, they are wrapped in an implicit OR.

For example, the AND operator from previous example's Filter could be removed.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
<Filter>
    <AND>
        <OR>
            <ContentTypeIdentifierCriterion>article</ContentTypeIdentifierCriterion>
            <ContentTypeIdentifierCriterion>news</ContentTypeIdentifierCriterion>
            <ParentLocationIdCriterion>123</ParentLocationIdCriterion>
        </OR>
        <SectionIdentifierCriterion>standard</SectionIdentifierCriterion>
    </AND>
</Filter>
1
2
3
4
5
6
7
8
<Filter>
    <OR>
        <ContentTypeIdentifierCriterion>article</ContentTypeIdentifierCriterion>
        <ContentTypeIdentifierCriterion>news</ContentTypeIdentifierCriterion>
        <ParentLocationIdCriterion>123</ParentLocationIdCriterion>
    </OR>
    <SectionIdentifierCriterion>standard</SectionIdentifierCriterion>
</Filter>
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
"Filter": {
  "AND": {
    "OR": {
       "ContentTypeIdentifierCriterion": [
        "article",
        "news"
      ],
      "ParentLocationIdCriterion": 123
    },
    "SectionIdentifierCriterion": "standard"
  }
},
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
"Filter": {
  "OR": {
     "ContentTypeIdentifierCriterion": [
      "article",
      "news"
    ],
    "ParentLocationIdCriterion": 123
  },
  "SectionIdentifierCriterion": "standard"
},