Docs Developer Site
Enonic XP
arrow-down
    1. Widgets
    1. ID providers
    2. System ID provider
    3. Users and groups
    4. Roles
    1. Projects
    2. Layers
        1. AttachmentUploader
        2. Checkbox
        3. Combobox
        4. ContentSelector
        5. ContentTypeFilter
        6. CustomSelector
        7. Date
        8. DateTime
        9. Double
        10. GeoPoint
        11. HtmlArea
        12. ImageSelector
        13. Long
        14. MediaSelector
        15. Radiobutton
        16. Tag
        17. TextArea
        18. TextLine
        19. Time
      2. Field set
      3. Item set
      4. Option set
      5. Mixins
      6. Localization
    4. Content Types
    5. X-data
    6. Macros
    7. Custom styles
    8. Sites
      1. Regions
      2. Part component
      3. Layout component
      4. Text component
      5. Fragments
      6. Filtering
      7. Component indexing
      8. Visual editor
    10. Page templates
  4. Applications
    1. Sandboxes
    2. Code
    3. Building
    4. Configuration
    5. TypeScript
      1. Controllers
      2. Globals
      3. HTTP
      4. Events
      5. Error handler
      6. Filters
      7. ID provider
      8. Tasks
      9. Templating
      10. Localization
      11. Websocket
      12. Mappings
      13. Components
      14. Processors
      15. Contributions
      16. Main controller
      17. Java bridge
      1. Admin API
      2. Application API
      3. Auditlog API
      4. Authentication API
      5. Cluster API
      6. Common API
      7. Content API
      8. Context API
      9. Event API
      10. Export API
      11. Grid API
      12. I18N API
      13. IO API
      14. Mail API
      15. Node API
      16. Portal API
      17. Project API
      18. Repo API
      19. Scheduler API
      20. Schema API
      21. Tasks API
      22. Value API
      23. VHost API
      24. Websocket API
      1. Webapp Engine
        1. Image service
        2. Component service
      3. Universal API Engine
      4. Media API
      5. Admin Engine
      6. Asset service
      7. HTTP service
      8. IDprovider service
    2. Task engine
    3. Management Endpoint
    4. Statistics Endpoint
    1. Nodes and repos
    2. Properties
    3. Indexing
    4. Branches
    5. Queries (NoQL)
    6. Queries (DSL)
    7. Filters
    8. Aggregations
    9. Highlighting
    10. Editors
    1. Strategies
    2. Distributions
    3. Docker image
    4. Vhosts
    5. Configuration
    6. Backup & restore
    7. Systemd
    8. Clustering
  9. Audit Logs
    1. Upgrade Notes
    2. Upgrading Apps
Developer Docs Xp Next Runtime Engines Api Engine

Universal API WIP

Contents

Universal API enables mounting of http controllers safely made available on /api endpoint as well as within an application (or site’s) URL space, without the use of routers. It supports Headless approach or Site engine, Webapp engine and Admin engine needs to access dynamic data, like REST API, GraphQL API, or other data sources.

The Main Features of Universal API are:

  • Secure be default

    • APIs are not mounted anywhere by default, so you don’t need to worry about accidental exposure of an admin API on a site.

    • Nobody can access an API without explicitly specifying access rights in the descriptor.

    • Cache pollution is avoided by mounting APIs to a single endpoint (per engine).

  • Headless friendly. APIs can be mounted on /api endpoint, so they can be used by any client.

  • Granular. Mounting of API must be explicitly specified in engine descriptor files.

  • Modular. APIs can be borrowed from other applications, so you can use existing APIs in your application.

Controller

To create an API, place an http controller file in the src/main/resources/apis/ structure of your project. Each controller needs to be placed in a folder matching its name i.e.: src/main/resources/api/myapi/myapi.js

Example service controller

src/main/resources/apis/<api-name>/<api-name>.js 
exports.get = function(req) {
  return {
    body: {
      time: new Date()
    },
    contentType: 'application/json; charset=utf-8'
  };
};

Descriptor

API descriptor is required. It provides a way to define the API’s access, availability on /api endpoint as well as display name, description and documentation URL.

Example of Full API descriptor:

<api>
  <mount>true</mount> (1)
  <display-name>My API</display-name> (2)
  <description>API for My App</description> (3)
  <documentation-url>https://developer.enonic.com/docs/api</documentation-url> (4)
  <allow> (5)
    <principal>role:system.admin</principal>
    <principal>role:myapp.myrole</principal>
  </allow>
</api>
1 By default, APIs are not mounted on the Generic API endpoint. To enable it, <mount>true</mount> should be set in the descriptor.
2 display-name is the name of the API that will be shown in the UI.
3 description is a short description of the API that will be shown in the UI.
4 documentation-url is a link to the API documentation that will be shown in the UI.
5 APIs must list principles that have access to it. It is required to specify at least one principal. Use role:system.everyone to make the API public.

Endpoint

API mount is context-aware:

  • Generic API endpoint /api/<app-name>/<api-name>/

  • For site engine: /site/<site-path>/_/<app-name>/<api-name>/

  • For webapp engine: (/webapp/<app-name>/_/<app-name>/<api-name>/

  • For admin engine: /admin/_/<app-name>/<api-name>/

Engine descriptors need to specify the available API names in the api element, while Generic API endpoint can be disabled in API Descriptor itself.

Example site descriptor with mounting of self-contained and external APIs:

<site xmlns="urn:enonic:xp:model:1.0">
  <apis>
        <api>ws</api>
        <api>app:graphql</api>
  </apis>
  <form/>
</site>

Built-in APIs

Media APIs

The Media APIs is a built-in API that provides access to media files in CMS repositories.

Media Image API is available real-time processing and delivery of rasterized RGB/RGBa image media.

Media Attachment API gives access to Content attached binaries - like PDFs, Word documents, etc.

These two APIs are always mounted on Generic Endpoint as well as on Sites. Admin Tools and Webapps can also mount them by specifying them in the api element of the engine descriptor.

Widget API

Widget API provide the way to dynamically extend Admin UI.

API discovery

GET :8080/api - returns JSON with a list of all available APIs in the system.

apiUrl()

To safely generate an API URL, use the apiUrl() function that is part of the Portal Library.

When invoked, the function will generate a contextual service url based on the context of the current controller.

Reserved API application names

Applications names without namespace are reserved. This list includes, but not limited to, the following:

  • media

  • admin

  • component

  • attachment

  • image

  • asset

  • service

  • error

  • idprovider

Contents

Contents

AI-powered search

Juke AI