This documentation is for a version that has reached its End Of Life. Such versions are no longer supported and don't receive security updates. Consider updating to a newer version.
Depending on the HTTP method used, different actions are possible on the same resource. Example:
Action
Description
GET /content/objects/2/versions/3
Fetches data about version #3 of content item #2
PATCH /content/objects/2/versions/3
Updates the version #3 draft of content item #2
DELETE /content/objects/2/versions/3
Deletes the (draft or archived) version #3 from content item #2
COPY /content/objects/2/versions/3
Creates a new draft version of content item #2 from its version #3
PUBLISH /content/objects/2/versions/3
Promotes the version #3 of content item #2 from draft to published
OPTIONS /content/objects/2/versions/3
Lists all the methods usable with this resource, the 5 ones above
The following list of available methods gives an overview of the kind of action a method triggers on a resource, if available.
For method action details per resource, see the REST API reference.
Using custom HTTP methods can cause issues with several HTTP proxies, network firewall/security solutions and simpler web servers.
To avoid such issuess, REST API allows you to set these by using the HTTP header X-HTTP-Method-Override alongside the standard POST method instead of using a custom HTTP method. For example: X-HTTP-Method-Override: PUBLISH
If applicable, both methods are always mentioned in the specifications.
One of the principles of REST is that the same resource (such as content item, location, content type) should be unique.
It allows caching your REST API with a reverse proxy such as Varnish.
If the same resource is available in multiple locations, cache purging is noticeably more complex.
This is why SiteAccess matching with REST isn't enabled at URL level (or domain).
On top of methods, HTTP request headers allow you to personalize the request's behavior.
On every resource, you can use the Accept header to indicate which format you want to communicate in, JSON or XML.
This header is also used to specify the response type you want the server to send when multiple types are available.
Accept: application/vnd.ibexa.api.Content+xml to get Content (full data, fields included) as XML
Accept: application/vnd.ibexa.api.ContentInfo+json to get ContentInfo (metadata only) as JSON
The Destination request header is the request counterpart of the Location response header.
It's used for a COPY, MOVE or SWAP operation to indicate where the resource should be moved, copied to or swapped with by using the ID of the parent or target location.
The X-Expected-User header specifies the user needed for the request execution.
With this header, if the current username on server side isn't equal to X-Expected-User value, a 401 Unauthorized error is returned.
Without this header, the request is executed with the current user who might be unexpected (like the Anonymous user if a previous authentication has expired) and an ambiguous response might be returned as a success not informing about a wrong user.
For example, it prevents a Content request to be executed with Anonymous user in the case of an expired authentication, and the response being a 200 OK but missing content items due to access rights difference with the expected user.
You can pass some short scalar parameters in the URIs or as GET parameters, but other resources need heavier structured payloads passed in the request body, in particular the ones to create (POST) or update (PATCH) items.
In the REST API reference, request payload examples are given when needed.
When creating a content item, a special payload is needed if the content type has some Image or BinaryFile fields as files need to be attached. See the example of a script uploading images below.
When searching for content items (or locations), the query grammar is also particular. See the Search section below.
<?phpdeclare(strict_types=1);require__DIR__.'/vendor/autoload.php';useSymfony\Component\HttpClient\HttpClient;useSymfony\Contracts\HttpClient\ExceptionasHttpException;if($argc<2){// Print script usageecho"Usage: php {$argv[0]} <FILE_PATH> [<IMAGE_NAME>]\n";exit(1);}if(!is_file($argv[1])){echo"{$argv[1]} doesn't exist or is not a file.\n";exit(2);}// URL to Ibexa DXP installation and its REST API$host='api.example.com';$scheme='https';$api='/api/ibexa/v2';$baseUrl="{$scheme}://{$host}{$api}";// User credentials$username='admin';$password='publish';// Targets$contentTypeId=5;// "Image"$parentLocationPath='1/43/51';// "Media > Images"$sectionId=3;// "Media"// Request payload$data=['ContentCreate'=>['ContentType'=>['_href'=>"$api/content/types/$contentTypeId",],'mainLanguageCode'=>'eng-GB','LocationCreate'=>['ParentLocation'=>['_href'=>"$api/content/locations/$parentLocationPath",],'sortField'=>'PATH','sortOrder'=>'ASC',],'Section'=>['_href'=>"$api/content/sections/$sectionId",],'fields'=>['field'=>[['fieldDefinitionIdentifier'=>'name','fieldValue'=>$argv[2]??basename($argv[1]),],['fieldDefinitionIdentifier'=>'image','fieldValue'=>[// Original file name'fileName'=>basename($argv[1]),// File size in bytes'fileSize'=>filesize($argv[1]),// File content must be encoded as Base64'data'=>base64_encode(file_get_contents($argv[1])),],],],],],];$client=HttpClient::createForBaseUri($baseUrl,['auth_basic'=>[$username,$password],]);try{$response=$client->request('POST',"$baseUrl/content/objects",['headers'=>['Content-Type: application/vnd.ibexa.api.ContentCreate+json','Accept: application/vnd.ibexa.api.ContentInfo+json',],'json'=>$data,]);}catch(HttpException\TransportExceptionInterface$exception){echo"Client error: {$exception->getMessage()}\n";exit(3);}if(201!==$responseCode=$response->getStatusCode()){try{$responseArray=$response->toArray(false);if(array_key_exists('ErrorMessage',$responseArray)){echo"Server error: {$responseArray['ErrorMessage']['errorCode']}{$responseArray['ErrorMessage']['errorMessage']}\n";echo"\t{$responseArray['ErrorMessage']['errorDescription']}\n";exit(4);}}catch(HttpException\DecodingExceptionInterface$exception){}$responseHeaders=$response->getInfo('response_headers');$error=$responseHeaders[0]??$responseCode;echo"Server error: $error\n";exit(5);}$response=$response->toArray();if(!(array_key_exists('Content',$response)&&array_key_exists('_id',$response['Content']))){echo"Response error: Unexpected response structure\n";exit(6);}$contentId=$response['Content']['_id'];try{$response=$client->request('PUBLISH',"$baseUrl/content/objects/$contentId/versions/1",['headers'=>['Accept: application/json',],]);}catch(HttpException\TransportExceptionInterface$exception){echo"Client error: {$exception->getMessage()}\n";exit(7);}if(204!==$responseCode=$response->getStatusCode()){try{$responseArray=$response->toArray(false);if(array_key_exists('ErrorMessage',$responseArray)){echo"Server error: {$responseArray['ErrorMessage']['errorCode']}{$responseArray['ErrorMessage']['errorMessage']}\n";echo"\t{$responseArray['ErrorMessage']['errorDescription']}\n";exit(8);}}catch(HttpException\DecodingExceptionInterface$exception){}$responseHeaders=$response->getInfo('response_headers');$error=$responseHeaders[0]??$responseCode;echo"Server error: $error\n";exit(9);}echo"Success: Image content item created with ID $contentId and published.\n";exit(0);
The model allows combining criteria using the logical operators AND, OR and NOT.
Most Search Criteria are available in REST API. The suffix Criterion is added when used with REST API.
Most Sort Clauses are available too. They require no additional prefix or suffix.
The search request has a Content-Type: application/vnd.ibexa.api.ViewInput+xml or +json header to specify the format of its body's payload.
The root node is <ViewInput> and it has two mandatory children: <identifier> and <Query>.
You can add version=1.1 to the Content-Type header to support the distinction between ContentQuery and LocationQuery instead of Query which implicitly looks only for content items.
The following examples search for article and news typed content items everywhere or for content items of all types directly under location 123. All those content items must be in the standard section.
In JSON, the structure for ContentTypeIdentifierCriterion with multiple values has a slightly different format as keys must be unique.
In JSON, if there is only one item in SortClauses, it can be passed directly without an array to wrap it.
You can omit logical operators. If Criteria are of mixed types, they're wrapped in an implicit AND.
If they're of the same type, they're wrapped in an implicit OR.
For example, the AND operator from previous example's Filter could be removed.