Appwrite supports multiple protocols for accessing the server, including REST, GraphQL, and Realtime.
-The REST API allows you to manipulate your Appwrite server through many endpoints, each representing a specific method of modification to a specific resource type.
+The REST API allows you to access your Appwrite server through HTTP requests without the needing an SDK. Each endpoint in the API represents a specific operation on a specific resource.
-Requests and responses through the REST API follow a rigid structure - that is, they always expect the same structure for requests to a specific endpoint, and responses from that endpoint will also always have the same structure.
+Appwrite's REST APIs expect certain headers to be included with each request:
-The specific structures used for Appwrite resources and their related endpoints can be found in the References section for each service.
+| Header | ++ | Description | +
X-Appwrite-Project: [PROJECT-ID] |
+ required | +The ID of your Appwrite Project to the REST API. | +
Content-Type: application/json |
+ required | +Content type of the HTTP request. | +
X-Appwrite-Key: [API-KEY] |
+ optional | +API key used for server authentication. Do not use API keys in client applications. | +
X-Appwrite-JWT: [TOKEN] |
+ optional | +Token used for JWT authentication, tokens can be generated using the Create JWT endpoint. | +
X-Appwrite-Response-Format: [VERSION-NUMBER] |
+ optional | +Version number used for backward compatibility. The response will be formatted to be compatible with the provided version number. | +
X-Fallback-Cookies: [FALLBACK-COOKIES] |
+ optional | +Fallback cookies used in scenarios where browsers do not allow third-party cookies. Often used when there is no Custom Domain. | +
The REST API authenticates using Appwrite accounts and sessions. Both accounts and sessions can be created with REST using the POST /v1/account, /v1/account/sessions/email, /v1/account/sessions/anonymous, or /v1/account/sessions/phone endpoints.
+Some use cases do not allow custom headers, such as embedding images from Appwrite in HTML. In these cases, you can provide the Appwrite project ID using the query parameter project.
'); ?>More information and examples of authenticating users can be found in the dedicated authentication guide.
+You can create account sessions with POST requests to the Account API. Sessions are persisted using cookies. You can learn more about session persistence in the Authentication Guide.
+The example below shows creating an account session with the Create Account Session with Email endpoint.
+POST /v1/account/sessions/email HTTP/1.1
+Host: [HOSTNAME_OR_IP]
+Content-Type: application/json
+X-Appwrite-Project: 5df5acd0d48c2
+X-Appwrite-Response-Format: 1.0.0
+
+{
+ "email": "example@email.com",
+ "password": "password"
+}You can find the cookies used to persist the new session in the response headers.
+Set-Cookie: a_session_61e71ec784ab035f7259_legacy=eyJ0...aSJ9; expires=Tue, 19-Dec-2023 21:26:51 GMT; path=/; domain=.demo.appwrite.io; secure; httponly
+Set-Cookie: a_session_61e71ec784ab035f7259=eyJ0...aSJ9; expires=Tue, 19-Dec-2023 21:26:51 GMT; path=/; domain=.demo.appwrite.io; secure; httponly; samesite=NoneThese cookies are used in subsequent requests to authenticate the user.
+GET /v1/account HTTP/1.1
+Host: demo.appwrite.io
+Cookie: a_session_61e71ec784ab035f7259_legacy=eyJ0...aSJ9; a_session_61e71ec784ab035f7259=eyJ0...aSJ9
+Content-Type: application/json
+X-Appwrite-Project: 5df5acd0d48c2
+X-Appwrite-Response-Format: 1.0.0Server integrations use API keys to authenticate and are typically used for backend applications.
+Server APIs are authenticated with API keys instead of account sessions. Simply pass an API key in the X-Appwrite-key: [API-KEY] header with the appropriate scopes.
GET /v1/databases/{databaseId}/collections/{collectionId}/documents HTTP/1.1
+Host: [HOSTNAME_OR_IP]
+Content-Type: application/json
+X-Appwrite-Project: [PROJECT_ID]
+X-Appwrite-Key: [API_KEY]
+X-Appwrite-Response-Format: 1.0.0JWT authentication is frequently used by server applications to act on behalf of a user. Users generate tokens using the Create JWT endpoint. When issuing requests authenticated with a JWT, Appwrite will treat the request like it is from the authenticated user.
+ +GET /v1/account HTTP/1.1
+Host: [HOSTNAME_OR_IP]
+Content-Type: application/json
+X-Appwrite-Project: [PROJECT_ID]
+X-Appwrite-JWT: [TOKEN]
+X-Appwrite-Response-Format: 1.0.0Appwrite implements resumable, chunked uploads for files larger than 5MB. Chunked uploads send files in chunks of 5MB to reduce memory footprint and increase resilience when handling large files. Appwrite SDKs will automatically handle chunked uploads, but it is possible to implement this with the REST API directly.
+ +Upload endpoints in Appwrite, such as Create File and Create Deployment, are different from other endpoints. These endpoints take multipart form data instead of JSON data. To implement chunked uploads, you will need to implement the following headers:
+ +| Header | ++ | Description | +
X-Appwrite-Project: [PROJECT-ID] |
+ required | +Contains the ID of your Appwrite Project to the REST API. | +
Content-Type: multipart/form-data; boundary=[FORM-BOUNDARY] |
+ required | +Contains the content type of the HTTP request and provides a boundary that is used to parse the form data. | +
Content-Range: bytes [BYTE-RANGE] |
+ required | +Contains information about which bytes are being transmitted in this chunk, with the format [FIRST-BYTE]-[LAST-BYTE]/[TOTAL-BYTES]. |
+
X-Appwrite-ID: [FILE-ID] |
+ required | +Contains ID of the file this chunk belongs to. | +
X-Appwrite-Key: [API-KEY] |
+ optional | +Used for authentication in server integrations. Do not use API keys in client applications. | +
The multipart form data is structured as follows:
+ +| Key | ++ | Value | +File Name | +Description | +
| fileId | +optional | +[FILE-ID] |
+ n/a | +Contains the file ID of the new file. Only used by file chunks following the first chunk uploaded. | +
| file | +required | +[CHUNK-DATA] |
+ [FILE-NAME] |
+ Contains file chunk data. | +
| permissions | +required | +[PERMISSION ARRAY] |
+ n/a | +Contains an array of permission strings about who can access the new file. | +
While cURL and fetch are great tools to explore other REST endpoints, it's impractical to use for chunked file uploads because you need to split files into chunks.
+ +The multipart form data posted to file upload endpoints have the following format:
+ +POST /v1/storage/buckets/default/files HTTP/1.1
+Host: [HOSTNAME_OR_IP]
+Content-Type: multipart/form-data; boundary=----WebKitFormBoundarye0m6iNBQNHlzTpVM
+X-Appwrite-Project: demo-project
+Content-Range: bytes 10485760-12582912/12582912
+X-Appwrite-ID: 6369b0bc1dcf4ff59051
+
+------WebKitFormBoundarye0m6iNBQNHlzTpVM
+Content-Disposition: form-data; name="fileId"
+
+unique()
+------WebKitFormBoundarye0m6iNBQNHlzTpVM
+Content-Disposition: form-data; name="file"; filename="file.txt"
+Content-Type: application/octet-stream
+
+[CHUNKED-DATA]
+------WebKitFormBoundarye0m6iNBQNHlzTpVM
+Content-Disposition: form-data; name="permissions[]"
+
+read("user:627a958ded6424a98a9f")
+------WebKitFormBoundarye0m6iNBQNHlzTpVM--Appwrite SDKs have helpers to generate permission strings, but when using Appwrite without SDKs, you'd need to create the strings yourself.
+ +| SDK | +Permission String | +
Permission.read() |
+ read("[PERMISSION_ROLE]") |
+
Permission.create() |
+ create("[PERMISSION_ROLE]") |
+
Permission.update() |
+ update("[PERMISSION_ROLE]") |
+
Permission.delete() |
+ delete("[PERMISSION_ROLE]") |
+
Permission.write() |
+ write("[PERMISSION_ROLE]") |
+
| SDK | +Role String | +
Role.any() |
+ any |
+
Role.guests() |
+ guests |
+
Role.users() |
+ users |
+
Role.users([STATUS]) |
+ users/[STATUS] |
+
Role.user([USER_ID]) |
+ user:[USER_ID] |
+
Role.user([USER_ID], [STATUS]) |
+ user:[USER_ID]/[STATUS] |
+
Role.team([TEAM_ID]) |
+ team:[TEAM_ID] |
+
Role.team([TEAM_ID], [ROLE]) |
+ team:[TEAM_ID]/[ROLE] |
+
Role.member([MEMBERSHIP_ID]) |
+ member:[MEMBERSHIP_ID] |
+
+Appwrite's SDKs have a helper ID.unqiue() to generate unique IDs. When using Appwrite without an SDK, pass the string "unique()" into the ID parameter.
+
+Appwrite's SDKs provide a Query class to generate query strings. When using Appwrite without an SDK, you can template your own strings with the format below.
+
Query strings are passed to Appwrite using the queries parameter. You can attach multiple query strings by including the array parameter multiple times in the query string: queries[]="..."&queries[]="..."
| Query Method | +Query String | +
|---|---|
| equal | +equal("attribute", [value]) |
+
| notEqual | +notEqual("attribute", [value]) |
+
| lessThan | +lessThan("attribute", [value]) |
+
| lessThanEqual | +lessThanEqual("attribute", [value]) |
+
| greaterThan | +greaterThan("attribute", [value]) |
+
| greaterThanEqual | +greaterThanEqual("attribute", [value]) |
+
| search | +search("attribute", [value1]) |
+
| orderDesc | +orderDesc("attribute") |
+
| orderAsc | +orderAsc("attribute") |
+
| cursorAfter | +cursorAfter("documentId") |
+
| cursorBefore | +cursorBefore("documentId") |
+
| limit | +limit(0) |
+
| offset | +offset(0) |
+
When using greater than, greater than or equal to, less than, or less than or equal to, it is not recommended to pass in multiple values. While the API will accept multiple values and return results with or logic, it's best practice to pass in only one value for performance reasons.
++Appwrite provides a full REST API specification in the OpenAPI 3 and Swagger 2 formats every release. These can be accessed through Appwrite's GitHub repository and rendered using a variety of parsers and tools. +
+