docs/API/REST-API.md
REST API is not complete yet, please add missing functionality with pull requests to devel branch.
If you are in a hurry, you can use these to have more functionality:
For workflows see If-this-then-that issue than mentions Huginn, Flogo etc.
The REST API allows you to control and extend Wekan with ease.
If you are an end-user and not a dev or a tester, create an issue to request new APIs.
All API calls in the documentation are made using
curl. However, you are free to use Java / Python / PHP / Golang / Ruby / Swift / Objective-C / Rust / Scala / C# or any other programming languages.
When calling a production Wekan server, ensure it is running via HTTPS and has a valid SSL Certificate. The login method requires you to post your username and password in plaintext, which is why we highly suggest only calling the REST login api over HTTPS. Also, few things to note:
| HTTP Method | Url | Short Description |
|---|---|---|
POST | /users/login | Authenticate with the REST API. |
| HTTP Method | Url | Short Description |
|---|---|---|
POST | /users/register | Register a new user. |
POST | /api/users | Create a new user. |
PUT | /api/users/:id | Disable an existing user. |
PUT | /api/users/:id | Enable an existing user. |
PUT | /api/users/:id | Admin takes the ownership. |
DELETE | /api/users/:id | Delete an existing user. (Warning) |
GET | /api/users/:id | Gets a user's information. |
GET | /api/users | All of the users. |
GET | /api/user | Gets a logged-in user. |
| HTTP Method | Url | Short Description |
|---|---|---|
POST | /api/boards/:boardId/lists/:listId/cards | Add a card to a list, board, and swimlane. |
PUT | /api/boards/:boardId/lists/:fromListId/cards/:cardId | Update a card. |
DELETE | /api/boards/:boardId/lists/:listId/cards/:cardId | Delete a card. |
| HTTP Method | Url | Short Description |
|---|---|---|
GET | /api/boards/:boardId/domains | List the email domains a board is shared with. |
POST | /api/boards/:boardId/domains | Share a board with an email domain. |
DELETE | /api/boards/:boardId/domains/:domain | Stop sharing a board with an email domain. |
| HTTP Method | Url | Short Description |
|---|---|---|
GET | /api/settings | Read the Admin Panel global settings. |
PUT | /api/settings | Update the Admin Panel global settings. |
| URL | Requires Auth | HTTP Method |
|---|---|---|
/users/login | no | POST |
| Argument | Example | Required | Description |
|---|---|---|---|
username | myusername | Required | Your username |
password | my$up3erP@ssw0rd | Required | Your password |
| Argument | Example | Required | Description |
|---|---|---|---|
email | [email protected] | Required | Your email |
password | my$up3erP@ssw0rd | Required | Your password |
token for any of the authenticated methods.DOES NOT WORK ! Please use As JSON example below ! https://github.com/wekan/wekan/issues/4807
curl http://localhost:3000/users/login \
-d "username=myusername&password=mypassword"
curl http://localhost:3000/users/login \
-d "[email protected]&password=mypassword"
THIS WORKS !! Alternatively, look at api.py example at https://github.com/wekan/wekan
NOTE: Username and password is case sensitive. So type BIG and small letters correctly.
curl -H "Content-type:application/json" \
http://localhost:3000/users/login \
-d '{ "username": "myusername", "password": "mypassword" }'
curl -H "Content-type:application/json" \
http://localhost:3000/users/login \
-d '{ "email": "[email protected]", "password": "mypassword" }'
{
"id": "user id",
"token": "string",
"tokenExpires": "ISO encoded date string"
}
{
"id": "XQMZgynx9M79qTtQc",
"token": "ExMp2s9ML1JNp_l11sIfINPT3wykZ1SsVwg-cnxKdc8",
"tokenExpires": "2017-12-15T00:47:26.303Z"
}
Boards can be shared with every user on an email domain (for example everyone
with an @example.com address). These endpoints list, add and remove the domains a
board is shared with.
A board admin (or a site admin) is required to add or remove domains. Domains are
validated: they are stored lowercase, must contain a ., and must not contain @
or whitespace.
The matching api.py commands are boarddomains, addboarddomain and
removeboarddomain.
| URL | Requires Auth | HTTP Method |
|---|---|---|
/api/boards/:boardId/domains | yes | GET |
curl -H "Authorization: Bearer t7iYB86mXoLfP_XsMegxF41oKT7iiA9lDYiKVtXcctl" \
http://localhost:3000/api/boards/abcd1234/domains
| URL | Requires Auth (board admin) | HTTP Method |
|---|---|---|
/api/boards/:boardId/domains | yes | POST |
curl -H "Authorization: Bearer t7iYB86mXoLfP_XsMegxF41oKT7iiA9lDYiKVtXcctl" \
-H "Content-type:application/json" \
-X POST \
http://localhost:3000/api/boards/abcd1234/domains \
-d '{ "domain": "example.com" }'
| URL | Requires Auth (board admin) | HTTP Method |
|---|---|---|
/api/boards/:boardId/domains/:domain | yes | DELETE |
curl -H "Authorization: Bearer t7iYB86mXoLfP_XsMegxF41oKT7iiA9lDYiKVtXcctl" \
-X DELETE \
http://localhost:3000/api/boards/abcd1234/domains/example.com
These endpoints read and update the Admin Panel global settings (registration, product name, logos, custom head / manifest, accessibility and support pages, and so on). They are global-admin only.
Updates are applied through a field whitelist, so only the supported settings
fields can be changed. For security, mailServer / SMTP credentials are never
returned by GET and are never writable by PUT.
The matching api.py commands are getsettings and editsettings <field> <value>.
| URL | Requires Auth (global admin) | HTTP Method |
|---|---|---|
/api/settings | yes | GET |
curl -H "Authorization: Bearer t7iYB86mXoLfP_XsMegxF41oKT7iiA9lDYiKVtXcctl" \
http://localhost:3000/api/settings
| URL | Requires Auth (global admin) | HTTP Method |
|---|---|---|
/api/settings | yes | PUT |
curl -H "Authorization: Bearer t7iYB86mXoLfP_XsMegxF41oKT7iiA9lDYiKVtXcctl" \
-H "Content-type:application/json" \
-X PUT \
http://localhost:3000/api/settings \
-d '{ "productName": "My WeKan", "disableRegistration": true }'