All Versions
- DSpace 7.x (Current Release)
- DSpace 8.x (Unreleased)
- DSpace 6.x (EOL)
- DSpace 5.x (EOL)
- More Versions...
...
The REST Contract is maintained in GitHub at https://github.com/DSpace/RestContract/blob/maindspace-7_x/README.md
This contract provides detailed information on how to interact with the API, what endpoints are available, etc. All features/capabilities of the DSpace UI are available in this API.
When first trying the use the DSpace REST API, it can be difficult to determine where to begin. This brief guide provides a few hints on where to start.
First, it's important to be aware that every single action in the User Interface can be done in the REST API. So, if you can achieve something in the User Interface, then it's also possible to do via the REST API.
A few key endpoints to be aware of:
How to find which endpoint(s) to use for any feature or action:
The following REST API configurations are provided in [dspace]/config/rest.cfg
and may be overridden in your local.cfg
Property: |
|
Example Value: |
|
Informational Note: | Allowed Cross-Origin-Resource-Sharing (CORS) origins (in "Access-Control-Allow-Origin" header). Only these origins (client URLs) can successfully authenticate with your REST API via a web browser. Defaults to Multiple allowed origin URLs may be comma separated (or this configuration can be defined multiple times). Wildcard value (*) is NOT SUPPORTED. Keep in mind any URLs added to this setting must be an exact match with the origin: mode (http vs https), domain, port, and subpath(s) all must match.. So, for example, these URLs are all considered different origins: "http://mydspace.edu", "http://mydspace.edu:4000" (different port), "https://mydspace.edu" (http vs https), "https://myapp.mydspace.edu" (different domain), and "https://mydspace.edu/myapp" (different subpath). NOTE #1: Development or command-line tools may not use CORS and may therefore bypass this configuration. CORS does not provide protection to the REST API / server webapp. Instead, it's its role is to protect browser-based clients from cookie stealing or other Javascript-based attacks. All modern web browsers use CORS to protect their users from such attacks, and therefore . Therefore DSpace's CORS support is used to protect users who access the REST API via a web browser application, such as the DSpace UI or custom built Javascript tools/scripts. NOTE #2: If you modify this value to allow additional UIs (or Javascript tools) to access your REST API, then you may also need to modify (Requires reboot of servlet container, e.g. Tomcat, to reload) |
Property: |
|
Example Value: |
|
Informational Note: | Whether or not to allow credentials (e.g. cookies) sent by the client/browser in CORS requests (in "Access-Control-Allow-Credentials" header). For DSpace, this MUST be set to "true" to support CSRF checks (which use Cookies) and external authentication via Shibboleth (and similar). Defaults to "true" if unspecified. (Requires reboot of servlet container, e.g. Tomcat, to reload) |
Property: |
|
Example Value: |
|
Informational Note: | This property determines the max embeddepth for a FullProjection. This is also used by the SpecificLevelProjection |
Property: |
|
Example Value: |
|
Informational Note: | This property determines the max embed depth for a SpecificLevelProjection. Usually, this should be kept as-is for best performance. |
Property: |
|
Example Value: |
|
Informational Note: | Define which configuration properties are exposed through the If a rest request is made for a property which exists, but isn't listed here, the server will respond that the property wasn't found. This property can be defined multiple times to allow access to multiple configuration properties. Generally, speaking, it is ONLY recommended to expose configuration settings where they are necessary for the UI or client, as exposing too many configurations could be a security issue. This is why we only expose the two above settings by default. |
...
More information can be found in the REST Contract at https://github.com/DSpace/RestContract/blob/maindspace-7_x/README.md#rest-design-principles
...
The Library Code is a DSpace Platinum certified Service Provider. They created a python library to use the REST-API of DSpace 7 and upwards out of python: https://
...