Rest API Definitions

Provides the ability to provide both public and non-public REST API's.

The effective URL is visualized in the endpoint using the current access URL (here in the example http://localhost:8080/_pro).

A base URI can optionally be defined for all endpoints.

Each endpoint can optionally have a URI defined.

All REST methods (GET, POST, PUT, DELETE, HEAD, OPTIONS) are available.

Anonymous access allows access to the endpoint without prior login. Please note that there are no rights for search queries etc. and that sensitive data can be read without access control if the configuration is incorrect (e.g. a search as super user). For authorized access, see the chapter Authorisierter Zugriff.

The answer is given by the 'response' variable, furthermore the following variables are available:

Name

Type

Description

Direction

requestHeaders

Map<String,String>

All request headers as a map

Incoming

queryParameters

Map<String,String>

All query parameters as a map

Incoming

response

Object

The response object

Outgoing

responseCode

int

The HTTP code for the response (default: 200)

Outgoing

responseHeaders

Map<String,String>

User specific response header

Outgoing

disableContentHandling

Boolean

If the value is 'true', the special handling of the content object (to deliver e.g. binary files) is disabled and the object is serialized like any other object (e.g. as JSON)

Outgoing

forceDownload

Boolean

Only applies if disableContentHandling is false and the response is a content object. If forceDownload='false', the content disposition is set to inline, if forceDownload='true', it is set to attachment.

Outgoing


images/download/attachments/164332692/image-2023-3-27_16-27-34-version-1-modificationdate-1704373025218-api-v2.png

The following HTTP methods are available:

Method

Request Body?

Usual REST action

GET

No

Read

POST

Yes

Create

PUT

Yes

Change

PATCH

Yes

Ändern(Partiell)

HEAD

No

Prüfe vorhanden

DELETE

No

Löschen


URI Parameter

The URI can optionally have variable parts, e.g. fetch/{id}. The value of 'id' can then be read from the variable 'id'.

IMPORTANT◄ The value must/cannot contain an unmasked "/". The value should therefore always be url-encoded.

Several such URI parameters can be defined, but they are then required.

For example, if a dynamic path is to be read, this can be done using the following expression: {dynamicPath: .+}

IMPORTANT◄ This can only be done at the end of the URI.


Input types and special forms

If "Content(de.lobster.scm.actionevent.actor.content.Content)" is selected as the input type, no automatic deserialization is performed. The entire request payload is then available via the content object. For example, a binary file or a custom XML can be parsed.

A request of the "application/x-www-form-urlencoded" type is passed as a client object.

Form data

Client object JSON

fname=John&lname=Doe

 
{
   "fname": "John",
   "lname": "Doe"
}

fname=John&lname=Doe&fname=Agent&lname=Smith

 
{
   "fname": ["John", "Agent"],
   "lname": ["Doe", "Smith"]
}

fname[]=John&lname[]=Doe

 
{ 
   "fname": ["John"], 
   "lname": ["Doe"]
}

Response types

If "Content (de.lobster.scm.actionevent.actor.content.Content)" is selected as the response type, no automatic serialization is performed. The entire response payload is provided via the content object. Here, for example, a file reference with arbitrarily large data can be provided. The content type is read from the content object and set automatically.

In any other case, the rest client decides the format of serialization via the 'Accept' header.


Authorized access

If the access takes place via the browser in which a user is logged in, the session cookie of the logged-in user automatically takes effect.

Otherwise the authentication should be done via OAuth2 (possible from _data 4.6).