skip to navigation
skip to content

plone.restapi 1.0a10

plone.restapi is a RESTful hypermedia API for Plone.

Latest Version: 1.4.0


plone.restapi is a RESTful hypermedia API for Plone.

RESTful Hypermedia API

REST stands for Representational State Transfer. It is a software architectural principle to create loosely coupled web APIs.

Most web APIs have a tight coupling between client and server. This makes them brittle and hard to change over time. It requires them not only to fully document every small detail of the API, but also write a client implementation that follows that specification 100% and breaks as soon as you change any detail.

A hypermedia API just provides an entry point to the API that contains hyperlinks the clients can follow. Just like a human user of a regular website, that knows the initial URL of a website and then follows hyperlinks to navigate through the site. This has the advantage that the client just needs to understand how to detect and follow links. The URL and other details of the API can change without breaking the client.

Live Demo

Heroku live demo::


You will need some kind of API browser application to explore the API. We recommend to use Postman.

Design Decisions

  • A truly RESTful API (Hypermedia / HATEOAS / Linked-data)
  • JSON is the main target format, support other formats (HTML, XML) later
  • Use HTTP headers (to set format and versioning, also provide URL-based option to make it easier for people to try it out)
  • No versioning, version in the HTTP header can be added later
  • Field names just map over (we will not try to clean up attributes or enforce naming standards like pep8 (e.g. isPrincipiaFoldish -> is_folderish)

Software Quality

  • 100% Test Coverage
  • 100% PEP8 compliant


The project is licensed under the GPLv2.


Note: place names and roles of the people who contribute to this package
in this file, one to a line, like so:
  • Timo Stollenwerk, Original Author
  • Thomas Buchberger
  • Lukas Graf
  • Víctor Fernández de Alba
  • Paul Roeland
  • Mikel Larreategi


1.0a10 (2017-03-22)

New Features:

  • Add @sharing endpoint. [timo,csenger,sneridagh]
  • Add @vocabularies endpoint. [timo,csenger,sneridagh]
  • Add @copy and @move endpoints. [buchi,sneridagh]
  • Docs: Convert all HTTP examples to use sphinxcontrib-httpexample. [lgraf]
  • Add ‘addable’ attribute to the @types endpoint. It specifies if the content type can be added to the current context. See [jaroel]
  • Add support for named IJsonSchemaProvider adapter to target a single field in a schema. This allows us to prevent rendering all choices in relatedItems. See [jaroel]
  • Add review_state to the folderish summary serializer. [sneridagh]
  • Add @principals endpoint. It searches for principals and returns a list of users and groups that matches the query. This is aimed to be used in the sharing UI widget or other user/groups search widgets. [sneridagh]
  • Add reset-password action to the @users endpoint. [timo,csenger]


  • Fix coveralls reporting. [timo]
  • Return correct @id for folderish objects created via POST. [lgraf]
  • Fix timezone-related failures when running tests through coverage. [witsch]
  • @search endpoint: Also prefill path query dict with context path. This will allow users to supply an argument like path.depth=1, and still have path.query be prefilled server-side to the context’s path. [lgraf]
  • Overhaul JSON schema generation for @types endpoint. It now returns fields in correct order and in their appropriate fieldsets. [lgraf]
  • Add missing id to the Plone site serialization, related to issue #186. [sneridagh]
  • Add missing adapter for IBytes on JSONFieldSchema generator. This fixes the broken /@types/Image and /@types/File endpoints. [sneridagh]
  • Fix addable types for member users and roles assigned locally on @types endpoint. [sneridagh]

1.0a9 (2017-03-03)

New Features:

  • Make date and datetime fields provide a ‘widget’ attribute. [timo]
  • Add documentation for types endpoint schema. [timo]
  • Add basic groups CRUD operations in @groups endpoints [sneridagh]
  • Make @types endpoint include a ‘mode’ attribute. This fixes [timo]


  • Fix queries to ensure ordering of container items by getObjectPositionInParent. [lgraf]

1.0a8 (2017-01-12)

New Features:

  • Add simple user search capabilities in the GET @users endpoint. [sneridagh]


1.0a7 (2016-12-05)


1.0a6 (2016-11-30)

New Features:

  • Introduce dedicated permission required to use REST API at all (assigned to everybody by default). [lgraf]


  • When token expires, PAS plugin should return an empty credential. [ebrehault]

1.0a5 (2016-10-07)


1.0a4 (2016-10-05)

New Features:

  • Make POST request return the serialized object. [timo]
  • Include ‘id’ attribute in responses. [timo]

1.0a3 (2016-09-27)

New Features:

  • Add @users endpoint. [timo]


  • Fix bug where disabling the “Use Keyring” flag wasn’t persisted in jwt_auth plugin. [lgraf]

1.0a2 (2016-08-20)

New Features:

  • Implements navigation and breadcrumbs components [ebrehault]
  • Add widget and support for RichText field in @types component. [ebrehault]
  • Add fieldsets in @types [ebrehault]


  • Disable automatic CSRF protection for @login and @login-renew endpoints: If persisting tokens server-side is enabled, those requests need to be allowed to cause DB writes. [lgraf]
  • Documentation: Fixed parameter ‘data’ to JSON format in JWT Authentication documentation [lccruz]
  • Tests: Fail tests on uncommitted changes to docs/source/_json/ [lgraf]
  • Tests: Use freezegun to freeze hard to control timestamps in response dumps used for documentation. [lgraf]
  • Tests: Limit available languages to a small set to avoid excessive language lists in response dumps used for documentation. [lgraf]

1.0a1 (2016-07-14)

  • Initial release. [timo,buchi,lukasgraf,et al.]
File Type Py Version Uploaded on Size
plone.restapi-1.0a10.tar.gz (md5) Source 2017-03-22 326KB