API Quick Reference

All endpoints use /api virtual paths for hosted web apps. For external clients, replace /api with https://<region>.restapi.com/<api-name>.

Data Operations

Method	Path	Description
GET	/api/{collection}	List items
GET	/api/{collection}/{id}	Get single item
POST	/api/{collection}	Create item(s) — send object or array
PUT	/api/{collection}/{id}	Replace item (full replace)
PATCH	/api/{collection}/{id}	Update item (partial update)
DELETE	/api/{collection}/{id}	Delete single item
DELETE	/api/{collection}	Bulk delete (send array of IDs)

Views (Filtered Collections)

Method	Path	Description
GET/POST/PUT/PATCH/DELETE	/api/{view-name}	Same operations as collections, with built-in filter

Queries (Read-Only Joins)

Method	Path	Description
GET	/api/{query-name}	List joined/aggregated results
GET	/api/{query-name}/{id}	Get single item from query

GET Query Parameters

Parameter	Description	Example
filter	Filter results	?filter=price gt 100
sortBy	Sort results	?sortBy=name or ?sortBy=name- (descending)
select	Choose fields	?select=name,price
pageNo	Page number	?pageNo=2
pageSize	Items per page (default: 10, max: 1000)	?pageSize=100
count	Include total count in response	?count=true

Filter Operators

Operator	Description	Example
eq	Equal to	name eq "Widget"
ne	Not equal to	status ne "deleted"
gt	Greater than	price gt 100
ge	Greater than or equal	price ge 100
lt	Less than	stock lt 10
le	Less than or equal	stock le 10
con	Contains (strings)	name con "pro"
ncon	Not contains (strings)	name ncon "test"
sw	Starts with	name sw "Pro"
ew	Ends with	name ew "Plus"

Append ~ for case-insensitive matching: name eq~ "widget". Combine with and/or: ?filter=price gt 100 and category eq "Electronics".

Nested Children

Use dot notation to manage parent-child data atomically in POST, PUT, and PATCH requests:

{collection}.{fieldPointingToParent}

Items with id are updated, items without id are created, existing items omitted from the array are deleted.

BLOBs (File Upload)

Method	Path	Description
POST	/api/{collection}/{id}/{blob-field}	Upload file (multipart/form-data, field name: file)
GET	/api/{collection}/{id}/{blob-field}	Retrieve file

Authentication

Method	Path	Description
POST	/api/_auth	Get JWT token (service account or identity provider)
POST	/api/_token	OAuth 2.0 token endpoint (client_credentials, refresh_token grants)
POST	/api/_refresh	Refresh access cookie
POST	/api/_logout	Logout (clear session cookies)
GET	/api/_webAppConfig	Get webapp auth configuration
—	/login	Hosted authentication page (not under /api)

Service Account Authentication

POST /api/_auth
Content-Type: application/json

{
  "authority": "serviceaccount",
  "clientId": "your-client-id",
  "clientSecret": "your-client-secret"
}

OAuth 2.0 Client Credentials

POST /api/_token
Content-Type: application/json

{
  "grant_type": "client_credentials",
  "client_id": "your-client-id",
  "client_secret": "your-client-secret"
}

OAuth 2.0 Refresh Token

POST /api/_token
Content-Type: application/json

{
  "grant_type": "refresh_token",
  "client_id": "your-client-id",
  "refresh_token": "your-refresh-token"
}

Configuration

Method	Path	Description
GET	/api/_settings	Get custom settings (key-value pairs)

Real-Time

Method	Path	Description
GET	/api/_rt/ws	Get Web PubSub WebSocket URL
GET	/api/_rt/signalr	Get SignalR connection info
POST	/api/_rt/join	Join a channel ({ connectionId, channel })
POST	/api/_rt/send	Send message to channel ({ channel, body })
POST	/api/{collection}/_listen	Subscribe to entity changes ({ connectionId })

HTTP Functions

Method	Path	Description
GET/POST	/api/{function-name}	Call custom HTTP function

Token Lifetimes

Token	Lifetime
Access token	~1 hour
Refresh token	70 days from creation

See Also

• Authentication — Full authentication documentation
• HTTP Methods — Detailed CRUD examples with filtering, sorting, pagination
• Nested Children — Hierarchical data operations
• Blobs — File upload examples
• Functions — Serverless functions
• Real Time — WebSocket and live updates