⚙️API formats

Our API provides a structured format for interacting with our services.

We provide CRUD (Create, Read, Update, Delete) endpoints specifically for databases that accept requests in FormData (multipart/form-data) format.

For screens and global items, we only provide public GET endpoints that can't be disabled (so they're always public), so you can easily retrieve data. Global items are also included in every screen, so you can reduce the number of calls and load screens faster.

Read requests must be sent as GET requests. Create, Update and Delete requests must be sent as POST requests. Update requests must include a field in the request body called _method containing the value PUT. This request completely replaces the old record with a new one (keeping the ID) Delete requests must include a field in the request body called _method containing the value DELETE. The database endpoint for retrieving data (GET) also includes pagination functionality, which can be configured using the following query parameters:

  • ?page: the page number. The default value is 1.

  • ?pageSize: the number of items included in each page. The default value is 10.

  • ?order: the order of the results. It supports "latest", "oldest" or "random". The default value is "latest".

  • ?filter: Filter results. It supports a JSON array of filters. Usage: [{"field": "surname", "operator": "=", "value": "Doe"}, {"field": "experience", "operator": ">", "value": 5}]. Supported operators are: =, !=, >, <, >=, <=, like, not like', in (accepts array), not in (accepts array). Specific for date and date time types: after, before, after or equal, before or equal, date equals, date not equals. The operators can be used to search within a list by replacing the item number with the * character in the field name (e.g., if you want to search inside a list called names, you have to specify the field as names.* inside the filter). Note that it must always have a parent array (even if there is only one array filter inside) and it must be valid JSON (make sure you use double quotes).

  • ?q: Natural language search. It supports a string. Usage: "John Doe".

  • ?qFields: Optional fields to limit the scope of your natural language search. It supports a JSON array of fields. Usage: ["name", "surname"].

All data received from the API must be safely injected into your application, avoiding XSS or other possible attacks depending on the platform. In general, all responses must be considered user-provided and therefore unsafe.

An exception to this is the rich text field, where we perform additional backend cleansing to eliminate possible XSS attacks, so it can be considered safe to inject the html of the rich text values directly into your application. In any case, caution is always advised. Please note that changing the API structure does not affect existing records. In fact, old records are kept with the original fields and values for integrity reasons. At the same time, if you want to update (PUT) an entry with an old structure, you will need to adhere to the new structure.

Last updated