...

In DSpace 5, the REST API adds authentication, allows Creation, Update, and Delete to objects, can access restricted materials if authorized, and it requires SSL.

Disabling SSL

For localhost development purposes, SSL can add additional getting-started difficulty, so security can be disabled. To disable DSpace REST's requirement to require security/ssl, alter [dspace]/webapps/rest/WEB-INF/web.xml or [dspace-source]/dspace-rest/src/main/webapp/WEB-INF/web.xml and comment out the security<security-constraint constraint> block, and restart your servlet container. Production usages of the REST API should use SSL, as authentication credentials should not go over the internet unencrypted.

...

Example usage from command line in XML format with pretty printing:

curl -s -H "Accept: application/xml" http://localhost:8080/rest/communities | xmllint --format - 

Example usage from command line in JSON format with pretty printing: 

curl -s -H "Accept: application/json" http://localhost:8080/rest/communities | python -m json.tool

For this documentation, we will assume that the URL to the "REST" webapp will be http://localhost:8080/rest/ for production systems, this address will be slightly different, such as: http https://demo.dspace.org/rest/. The path to an endpoint, will go after the /rest/, such as /rest/communities, all-together this is: http://localhost:8080/rest/communities

Another thing to note is that there are Query Parameters that you can tack on to the end of an endpoint to do extra things. The most commonly used one in this API is "?expand". Instead of every API call defaulting to giving you every possible piece of information about it, it only gives a most commonly used set by default and gives the more "expensive" information when you deliberately request it. Each endpoint will provide a list of available expands in the output, but for getting started, you can start with ?expand=all, to make the endpoint provide all of its information (parent objects, metadata, child objects). You can include multiple expands, such as: ?expand=collections,subCommunities .

Index

...

Login to the REST API using a DSpace EPerson (user). It returns a token, that can be used for future authenticated requests (as a value of the rest-dspace-token request header).

Example Request:

Pagination

DSpace 6.x supports pagination by allowing two query parameters: limit and offset. Note however that the aggregate results number is not supplied (see DS-3887). Endpoints which return arrays of objects, such as /communities, /collections or /items, are "paginated":  the full list is broken into "pages" which start at offset from the beginning of the list and contain at most limit elements.  By repeated queries you can retrieve any portion of the array or all of it.  The default value of offset  is 0 and the default value of limit is 100.  So, as an example, to retrieve the sixth through tenth elements of the full list of Collections, you could do this:

curl -s -H "Accept: application/json" 

...

http://localhost:8080/rest/

...

Example Response:

1febef81-5eb6-4e76-a0ea-a5be245563a5

Invalid email/password combinations will receive an HTTP 403 Forbidden.

...

Logout from the REST API, by providing a header rest-dspace-token. After being posted this token will no longer work.

Example Request:

curl -X POST -H "Content-Type: application/json" -H "rest-dspace-token: 1febef81-5eb6-4e76-a0ea-a5be245563a5" http://localhost:8080/rest/logout

Invalid token will result in HTTP 400 Invalid Request

...

Returns string "REST api is running", for testing that the API is up.

Example Request:

curl http://localhost:8080/rest/test

Example Response:

REST api is running.

...

Receive information about the currently authenticated user token.

Example Request:

curl -X GET -H "Content-Type: application/json" -H "Accept: application/json" -H "rest-dspace-token: f2f478e2-90f2-4e77-a757-4e838ae94154" http://localhost:8080/rest/status

Example Response:
{"okay":true,"authenticated":true,"email":"admin@dspace.org","fullname":"DSpace Administrator","token":"f2f478e2-90f2-4e77-a757-4e838ae94154"}

collections?offset=5\&limit=5

Index / Authentication

# Can use either POST or GET (POST recommended). Must pass the parameters "email" and "password".
curl -v -X POST --data "email=admin@dspace.org&password=mypass" https://dspace.myu.edu/rest/login

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=6B98CF8648BCE57DCD99689FE77CB1B8; Path=/rest/; Secure; HttpOnly

curl -v --cookie "JSESSIONID=6B98CF8648BCE57DCD99689FE77CB1B8" https://dspace.myu.edu/rest/status
# This should return <authenticated>true</authenticated>, and information about the authenticated user session

curl -v -L -c cookiejar "https://dspace.myu.edu/rest/shibboleth-login"

curl -v "http://localhost:8080/dspace-rest/status" --cookie "JSESSIONID=0633C6379266A283E53F65DF8EF61AB9"

curl -v -X POST --cookie "JSESSIONID=6B98CF8648BCE57DCD99689FE77CB1B8" https://dspace.myu.edu/rest/logout

curl -v --cookie "JSESSIONID=6B98CF8648BCE57DCD99689FE77CB1B8" https://dspace.myu.edu/rest/status
# This should show <authenticated>false</authenticated>

curl https://dspace.myu.edu/rest/test

REST api is running.

curl -v --cookie "JSESSIONID=6B98CF8648BCE57DCD99689FE77CB1B8" https://dspace.myu.edu/rest/status

curl -v -H "Accept: application/json" --cookie "JSESSIONID=6B98CF8648BCE57DCD99689FE77CB1B8" https://dspace.myu.edu/rest/status

{
  "okay":true,
  "authenticated":true,
  "email":"admin@dspace.org",
  "fullname":"DSpace Administrator",
  "sourceVersion":"6.0",
  "apiVersion":"6"
}

Shibboleth Apache configuration for the REST API

Before Shibboleth authentication for the REST API will work, you need to secure the /rest/shibboleth-login endpoint. Add this configuration section to your Apache HTTPD Shibboleth configuration:

<Location "/rest/shibboleth-login">
         AuthType shibboleth
         ShibRequireSession On
         # Please note that setting ShibUseHeaders to "On" is a potential security risk. 
         # You may wish to set it to "Off". See the mod_shib docs for details about this setting:
         # https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-AuthConfigOptions
         # Here's a good guide to configuring Apache + Tomcat when this setting is "Off": 
         # https://www.switch.ch/de/aai/support/serviceproviders/sp-access-rules.html#javaapplications
         ShibUseHeaders On
         require valid-user
</Location>

You can test your configuration in 3 different ways:

1. Using a web browser:
   1. Go to https://dspace.myu.edu/rest/shibboleth-login, this should redirect you to the login page of your IdP if you don't have a Shibboleth session yet.
   2. Enter your test credentials and this should take you back to the /rest/shibboleth-login URL. You should then see a blank page but in the response headers, the JSESSIONID cookie should be present.
   3. Then go to /rest/status and you should see information on the current authenticated ePerson.
2. Using curl without a Shibboleth Session
   1. Call the REST Shibboleth login point with a Cookie jar: 

      
      

      Code Block
      curl -v -L -c cookiejar "https://dspace.myu.edu/rest/shibboleth-login"

      



   2. This should take you again to the IdP login page. You can submit this form using curl using the same cookie jar. However this is IdP dependant so I cannot provide an example here.
   3. Once you submit the form using curl, you should be taken back to the /rest/shibboleth-login URL which will return you the JSESSIONID.

   4. Using that JSESSIONID, check if you have authenticated successfully: 

      Code Block
      curl -v "https://dspace.myu.edu/dspace-rest/status" --cookie "JSESSIONID=0633C6379266A283E53F65DF8EF61AB9"

      
      

3. Using curl with a Shibboleth Session (cookie)
   1. When you post the Shibboleth login form, the Shibboleth daemon on the DSpace server also returns you a Shibboleth Cookie. This cookie looks like _shibsession_64656661756c74687... You can also grab this cookie from your browser.

   2. Double check that the cookie you took is valid:

      Code Block
      curl -v 'https://dspace-url/Shibboleth.sso/Session' -H 'Cookie: _shibsession_64656661756c7468747470733a2f2f7265706f7369746f72792e636172646966666d65742e61632e756b2f73686962626f6c657468=_a8d3ad20d8b655250c7357f7ac0e2910;'

      
      

   3. This should give you information if the Shibboleth session is valid and on the number of attributes. 

   4. Use this cookie to obtain a Tomcat JSESSIONID:

      Code Block
      curl -v 'https://dspace-url/rest/shibboleth-login' -H 'Cookie: _shibsession_64656661756c7468747470733a2f2f7265706f7369746f72792e636172646966666d65742e61632e756b2f73686962626f6c657468=_a8d3ad20d8b655250c7357f7ac0e2910;'

      
      

   5. Use the returned JSESSIONID to check if you have authenticated successfully:

      Code Block
      curl -v "http://dspace-url/rest/status" --cookie "JSESSIONID=0633C6379266A283E53F65DF8EF61AB9"

      
      

Communities

Communities in DSpace are used for organization and hierarchy, and are containers that hold sub-Communities and Collections. (ex: Department of Engineering)

• GET /communities - Returns array of all communities in DSpace.
• GET /communities/top-communities - Returns array of all top communities in DSpace.
• GET /communities/{communityId} - Returns community.
• GET /communities/{communityId}/collections - Returns array of collections of community.
• GET /communities/{communityId}/communities - Returns array of subcommunities of community.
• POST /communities - Create new community at top level. You must post community.
• POST /communities/{communityId}/collections - Create new collections in community. You must post Collection.
• POST /communities/{communityId}/communities - Create new subcommunity in community. You must post Community.
• PUT /communities/{communityId} - Update community. You must put Community
• DELETE /communities/{communityId} - Delete community.
• DELETE /communities/{communityId}/collections/{collectionId} - Delete collection in community.
• DELETE /communities/{communityId}/communities/{communityId2} - Delete subcommunity in community.

Collections

Collections in DSpace are containers of Items. (ex: Engineering Faculty Publications)

• GET /collections - Return all collections of DSpace in array.
• GET /collections/{collectionId} - Return collection with id.
• GET /collections/{collectionId}/items - Return all items of collection.
• POST /collections/{collectionId}/items - Create posted item in collection. You must post an Item
• POST /collections/find-collection - Find collection by passed name.
• PUT /collections/{collectionId} - Update collection. You must put Collection.
• DELETE /collections/{collectionId} - Delete collection from DSpace.
• DELETE /collections/{collectionId}/items/{itemId} - Delete item in collection.

Items

Items in DSpace represent a "work" and combine metadata and files, known as Bitstreams.

• GET /items - Return list of items.
• GET /items/{item id} - Return item.
• GET /items/{item id}/metadata - Return item metadata.
• GET /items/{item id}/bitstreams - Return item bitstreams.
• POST /items/find-by-metadata-field - Find items by metadata entry. You must post a MetadataEntry. 
• POST /items/{item id}/metadata - Add metadata to item. You must post an array of MetadataEntry.
• POST /items/{item id}/bitstreams - Add bitstream to item. You must post a Bitstream.
• PUT /items/{item id}/metadata - Update metadata in item. You must put a MetadataEntry.
• DELETE /items/{item

Communities

Communities in DSpace are used for organization and hierarchy, and are containers that hold sub-Communities and Collections. (ex: Department of Engineering)

• GET /communities - Returns array of all communities in DSpace.
• GET /communities/top-communities - Returns array of all top communities in DSpace.
• GET /communities/{communityId} - Returns community.
• GET /communities/{communityId}/collections - Returns array of collections of community.
• GET /communities/{communityId}/communities - Returns array of subcommunities of community.
• POST /communities - Create new community at top level. You must post community.
• POST /communities/{communityId}/collections - Create new collections in community. You must post Collection.
• POST /communities/{communityId}/communities - Create new subcommunity in community. You must post Community.
• PUT /communities/{communityId} - Update community. You must put Community
• DELETE /communities/{communityId} - Delete community.
• DELETE /communities/{communityId}/collections/{collectionId} - Delete collection in community.
• DELETE /communities/{communityId}/communities/{communityId2} - Delete subcommunity in community.

Collections

Collections in DSpace are containers of Items. (ex: Engineering Faculty Publications)

• GET /collections - Return all collections of DSpace in array.
• GET /collections/{collectionId} - Return collection with id.
• GET /collections/{collectionId}/items - Return all items of collection.
• POST /collections/{collectionId}/items - Create posted item in collection. You must post an Item
• POST /collections/find-collection - Find collection by passed name.
• PUT /collections/{collectionId} - Update collection. You must put Collection.
• DELETE /collections/{collectionId} - Delete collection from DSpace.
• DELETE /collections/{collectionId}/items/{itemId} - Delete item in collection.

Items

Items in DSpace represent a "work" and combine metadata and files, known as Bitstreams.

• GET /items - Return list of items.
• GET /items/{item id} - Return item.
• GET /items/{item id}/metadata - Return item metadata.
• GET /items/{item id}/bitstreams - Return item bitstreams.
• POST /items/find-by-metadata-field - Find items by metadata entry. You must post a MetadataEntry. 
• POST /items/{item id}/metadata - Add metadata to item. You must post an array of MetadataEntry.
• POST /items/{item id}/bitstreams - Add bitstream to item. You must post a Bitstream.
• PUT /items/{item id}/metadata - Update metadata in item. You must put a MetadataEntry.
• DELETE /items/{item id} - Delete item.
• DELETE /items/{item id}/metadata - Clear item metadata.
• DELETE /items/{item id}/bitstreams/{bitstream id} - Delete item bitstream.

...

Reporting Tools that allow a repository manager to audit a collection for metadata consistency and bitstream consistency.  See REST Based Quality Control Reports for more information.

Collection Report Tool on demo.dspace.org

Metadata Query Tool on demo.dspace.org

• GET /reports - Return a list of report tools built on the rest api

...

Here are all of the data types, not all fields are necessary or supported when posting/putting content, but the output contains this information:

Community Object

{"id":456,"name":"Reports Community","handle":"10766/10213","type":"community","link":"/

...

rest/communities/456","expand":["parentCommunity","collections","subCommunities","logo","all"],"logo":null,"parentCommunity":null,"copyrightText":"","introductoryText":"","shortDescription":"Collection contains materials pertaining to the Able Family","sidebarText":"","countItems":3,"subcommunities":[],"collections":[]}

Collection Object

{"id":730,"name":"Annual Reports Collection","handle":"10766/10214","type":"collection","link":"/

...

rest/collections/730","expand":["parentCommunityList","parentCommunity","items","license","logo","all"],"logo":null,"parentCommunity":null,"parentCommunityList":[],"items":[],"license":null,"copyrightText":"","introductoryText":"","shortDescription":"","sidebarText":"","numberItems":3}

Item Object

{"id":14301,"name":"2015 Annual Report","handle":"123456789/13470","type":"item","link":"/

...

rest/items/14301","expand":["metadata","parentCollection","parentCollectionList","parentCommunityList","bitstreams","all"],"lastModified":"2015-01-12 15:44:12.978","parentCollection":null,"parentCollectionList":null,"parentCommunityList":null,"bitstreams":null,"archived":"true","withdrawn":"false"}

Bitstream Object

{"id":47166,"name":"appearance and physiology 100 percent copied from wikipedia.pdf","handle":null,"type":"bitstream","link":"/

...

rest/bitstreams/47166","expand":["parent","policies","all"],"bundleName":"ORIGINAL","description":"","format":"Adobe PDF","mimeType":"application/pdf","sizeBytes":129112,"parentObject":null,"retrieveLink":"/bitstreams/47166/retrieve","checkSum":{"value":"62778292a3a6dccbe2662a2bfca3b86e","checkSumAlgorithm":"MD5"},"sequenceId":1,"policies":null}

ResourcePolicy Object

[{"id":317127,"action":"READ","epersonId":-1,"groupId":0,"resourceId":47166

...

,"resourceType":"bitstream","rpDescription":null,"rpName":null,"rpType":"TYPE_INHERITED","startDate":null,"endDate":null}]

MetadataEntry Object

{"key":"dc.description.abstract", "value":"This is the description abstract", "language": null}

User Object

{"email":"test@dspace.org","password":"pass"}

Status Object

{"okay":true,"authenticated":true,"email":"test@dspace.org","fullname":"DSpace Test User","token":"6d45daaa-7b02-4ae7-86de-a960838fae5c"}

Introduction to Jersey for developers

The REST API for DSpace is implemented using Jersey, the reference implementation of the Java standard for building RESTful Web Services (JAX-RS 1). That means this API should be easier to expand and maintain than other API approaches, as this approach has been widely adopted in the industry. If this client documentation does not fully answer about how an endpoint works, it is helpful to look directly at the Java REST API code, to see how it is implemented. The code typically has required parameters, optional parameters, and indicates the type of data that will be responded.

There was no central ProviderRegistry that you have to declare your path. Instead, the code is driven by annotations, here is a list of annotations used in the code for CommunitiesResource.java:

• @Path("/communities"), which then allows it to be routed to

MetadataEntry Object

{"key":"dc.description.abstract", "value":"This is the description abstract", "language": null}

User Object

{"email":"test@dspace.org","password":"pass"}

Status Object

{"okay":true,"authenticated":true,"email":"test@dspace.org","fullname":"DSpace Test User","token":"6d45daaa-7b02-4ae7-86de-a960838fae5c"}

Introduction to Jersey for developers

The REST API for DSpace is implemented using Jersey, the reference implementation of the Java standard for building RESTful Web Services (JAX-RS 1). That means this API should be easier to expand and maintain than other API approaches, as this approach has been widely adopted in the industry. If this client documentation does not fully answer about how an endpoint works, it is helpful to look directly at the Java REST API code, to see how it is implemented. The code typically has required parameters, optional parameters, and indicates the type of data that will be responded.

There was no central ProviderRegistry that you have to declare your path. Instead, the code is driven by annotations, here is a list of annotations used in the code for CommunitiesResource.java:

• @Path("/communities"), which then allows it to be routed to http://localhost:8080/communities, this is then the base path for all the requests within this class.

• @GET, which indicates that this method responds to GET http requests

• @POST, which indicates that this method responds to POST http requests
• @PUT, which indicates that this method responds to PUT http requests
• @DELETE, which indicates that this method responds to DELETE http requests
• @Path("/{community_id}"), the path is appended to the class level @Path above, this one uses a variable {community_id}. The total endpoint would be http://localhost:8080/rest/communities/123,  where 123 this is the ID.
  

• @Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML }), this indicates that this request expects input of either JSON or XML. Another endpoint accepts HTML input.

• @PathParam("community_id") Integer communityId, this maps the path placeholder variable {community_id} to Java int communityID
  
• @QueryParam("userIP") String user_ip, this maps a query param like ?userIP=8.8.4.4 to Java String user_id variable, and user_id == "8.8.4.4"

Configuration for DSpace REST

Recording Proxy Access by Tools

http://localhost:8080/rest/items/:ID?userIP=ip&userAgent=userAgent&xforwardedfor=xforwardedfor

Deploying the DSpace REST API in your Servlet Container

The dspace-rest module is automatically configured to compile and build with DSpace 4.0, so a mvn+ant process will create the webapp. To make it work in your environment, you would just need to add a context entry for it in your servlet container. For example, in tomcat, one might alter $CATALINA_HOME/conf/server.xml and add:

...

...

• then the base path for all the requests within this class.

• @GET, which indicates that this method responds to GET http requests

• @POST, which indicates that this method responds to POST http requests
• @PUT, which indicates that this method responds to PUT http requests
• @DELETE, which indicates that this method responds to DELETE http requests
• @Path("/{community_id}"), the path is appended to the class level @Path above, this one uses a variable {community_id}. The total endpoint would be http://localhost:8080/rest/communities/123, where 123 is the ID.
  

• @Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML }), this indicates that this request expects input of either JSON or XML. Another endpoint accepts HTML input.

• @PathParam("community_id") Integer communityId, this maps the path placeholder variable {community_id} to Java int communityID
  
• @QueryParam("userIP") String user_ip, this maps a query param like ?userIP=8.8.4.4 to Java String user_id variable, and user_id == "8.8.4.4"

Configuration for DSpace REST

Recording Proxy Access by Tools

http://localhost:8080/rest/items/:ID?userIP=ip&userAgent=userAgent&xforwardedfor=xforwardedfor

Additional Information

Additional information can be found in the README for dspace-rest, and in the GitHub Pull Request for DSpace REST (Jersey).

...