arrow-down
    1. Overview
    2. Core concepts
    3. Using docs
    4. Intro Videos
    5. Tutorials
    1. Intro
    2. GraphQL API
    3. Media API
    4. Extending the API
    5. Component API
    1. Content Studio
      1. Branches
    2. Layers
      1. Lifecycle
      2. Media
      3. Attachments
      4. X-data
        1. Page templates
        2. Fragments
      5. Variants
      6. Permissions
      7. Versions
    3. Sites
      1. Visual editor
    4. Publishing
    1. Introduction
      1. Controllers
      2. Globals
      3. Events
      4. HTTP Request
      5. HTTP Response
      6. Error handler
      7. Filters
      8. Templating
      9. Localization
      10. Websocket
      11. Tasks
      12. Main controller
      13. Java bridge
      1. Admin Lib
      2. Application Lib
      3. Auditlog Lib
      4. Authentication Lib
      5. Cluster Lib
      6. Common Lib
      7. Content Lib
      8. Context Lib
      9. Event Lib
      10. Export Lib
      11. Grid Lib
      12. I18N Lib
      13. IO Lib
      14. Mail Lib
      15. Node Lib
      16. Portal Lib
      17. Project Lib
      18. Repo Lib
      19. Scheduler Lib
      20. Schema Lib
      21. Tasks Lib
      22. Value Lib
      23. VHost Lib
      24. Websocket Lib
    2. Other Libraries
      1. CLI
      2. Sandboxes
      3. Code
      4. Building
      5. Configuration
      6. TypeScript
    3. Building APIs
      1. Mappings
      2. Components
      3. Processors
      4. Contributions
    4. Building Webapps
      1. ID providers
      2. Admin Apps
      3. Admin Widgets
    1. Architecture
      1. TODO
      1. Navigating
      2. Users
      3. Applications
      4. Data management
      5. System info
      6. Audit Logs
      7. Task management
      1. Portal
      2. IDprovider
      3. Management
      4. Statistics
      1. Nodes and repos
      2. Properties
      3. Indexing
      4. Branches
      5. Editors
      1. DSL Queries
      2. NoQL Queries
      3. Filters
      4. Aggregations
      5. Highlighting
      1. ID providers
      2. System ID provider
      3. Users and groups
      4. Roles
      1. Strategies
      2. Distributions
      3. Docker
      4. Kubernetes
      5. Systemd
      6. Vhosts
      7. Configuration
      8. Backup & restore
      9. Clustering
      10. Observability
      1. Notes
      2. Upgrade
      3. Upgrading Apps
        1. Asset service
        2. HTTP service
        3. Image service
    1. Best practice
        1. AttachmentUploader
        2. Checkbox
        3. Combobox
        4. ContentSelector
        5. ContentTypeFilter
        6. CustomSelector
        7. Date
        8. DateTime
        9. Double
        10. GeoPoint
        11. HtmlArea
        12. ImageSelector
        13. Long
        14. MediaSelector
        15. Radiobutton
        16. Tag
        17. TextArea
        18. TextLine
        19. Time
        1. Field set
        2. Item set
        3. Option set
      1. Mixins
      2. Localization
      3. Styles
    2. Content Types
    3. X-data
    4. Macros
      1. Pages
      2. Regions
      3. Part component
      4. Layout component
      5. Text component
      6. Component Filtering
      7. Component Indexing
    1. Marketplace
    2. Market guidelines

Universal API WIP

Contents

Universal API enables mounting of http controllers safely made available on /api endpoint as well as within an application (or site’s) URL space, without the use of routers. It supports Headless approach or Site engine, Webapp engine and Admin engine needs to access dynamic data, like REST API, GraphQL API, or other data sources.

The Main Features of Universal API are:

  • Secure be default

    • APIs are not mounted anywhere by default, so you don’t need to worry about accidental exposure of an admin API on a site.

    • Nobody can access an API without explicitly specifying access rights in the descriptor.

    • Cache pollution is avoided by mounting APIs to a single endpoint (per engine).

  • Headless friendly. APIs can be mounted on /api endpoint, so they can be used by any client.

  • Granular. Mounting of API must be explicitly specified in engine descriptor files.

  • Modular. APIs can be borrowed from other applications, so you can use existing APIs in your application.

Controller

To create an API, place an http controller file in the src/main/resources/apis/ structure of your project. Each controller needs to be placed in a folder matching its name i.e.: src/main/resources/api/myapi/myapi.js

Example service controller

src/main/resources/apis/<api-name>/<api-name>.js
exports.get = function(req) {
  return {
    body: {
      time: new Date()
    },
    contentType: 'application/json; charset=utf-8'
  };
};

Descriptor

API descriptor is required. It provides a way to define the API’s access, availability on /api endpoint as well as display name, description and documentation URL.

Example of Full API descriptor:

<api>
  <mount>true</mount> (1)
  <display-name>My API</display-name> (2)
  <description>API for My App</description> (3)
  <documentation-url>https://developer.enonic.com/docs/api</documentation-url> (4)
  <allow> (5)
    <principal>role:system.admin</principal>
    <principal>role:myapp.myrole</principal>
  </allow>
</api>
1 By default, APIs are not mounted on the Generic API endpoint. To enable it, <mount>true</mount> should be set in the descriptor.
2 display-name is the name of the API that will be shown in the UI.
3 description is a short description of the API that will be shown in the UI.
4 documentation-url is a link to the API documentation that will be shown in the UI.
5 APIs must list principles that have access to it. It is required to specify at least one principal. Use role:system.everyone to make the API public.

Endpoint

API mount is context-aware:

  • Generic API endpoint /api/<app-name>/<api-name>/

  • For site engine: /site/<site-path>/_/<app-name>/<api-name>/

  • For webapp engine: (/webapp/<app-name>/_/<app-name>/<api-name>/

  • For admin engine: /admin/_/<app-name>/<api-name>/

Engine descriptors need to specify the available API names in the api element, while Generic API endpoint can be disabled in API Descriptor itself.

Example site descriptor with mounting of self-contained and external APIs:

<site xmlns="urn:enonic:xp:model:1.0">
  <apis>
        <api>ws</api>
        <api>app:graphql</api>
  </apis>
  <form/>
</site>

Built-in APIs

Media APIs

The Media APIs is a built-in API that provides access to media files in CMS repositories.

Media Image API is available real-time processing and delivery of rasterized RGB/RGBa image media.

Media Attachment API gives access to Content attached binaries - like PDFs, Word documents, etc.

These two APIs are always mounted on Generic Endpoint as well as on Sites. Admin Tools and Webapps can also mount them by specifying them in the api element of the engine descriptor.

Widget API

Widget API provide the way to dynamically extend Admin UI.

API discovery

GET :8080/api - returns JSON with a list of all available APIs in the system.

apiUrl()

To safely generate an API URL, use the apiUrl() function that is part of the Portal Library.

When invoked, the function will generate a contextual service url based on the context of the current controller.

Reserved API application names

Applications names without namespace are reserved. This list includes, but not limited to, the following:

  • media

  • admin

  • component

  • attachment

  • image

  • asset

  • service

  • error

  • idprovider


Contents

Contents

AI-powered search

Juke AI