1.22 (2019-03-20)

  • New /accounts/{user id}/validate/{validation key} endpoint to validate a created account when the account validation option is enabled for the accounts plugin. See account validation (#1973)

  • New /accounts/{user id}/reset-password endpoint to request a temporary reset password by email when the account validation option is enabled for the accounts plugin. See account validation (#1973)

1.21 (2019-01-10)

  • The Total-Records header is no longer included in any GET request. Only available in HEAD requests. Also, the name of that header is deprecated, but kept, in favor of Total-Objects (#1624, #710)

1.20 (2018-06-07)

  • JSON schemas can now be defined in the bucket metadata and will apply to every underlying collection, group or record (#1555)

1.19 (2018-04-25)

  • New contains_ and contains_any filter operators (fixes #343)

1.18 (2017-11-16)

  • When a record is pushed with an older timestamp, the collection timestamps is not dumped anymore. (#1361)

1.17 (2017-06-15)

  • Filtering with like can now contain wild chars (eg. ?like_nobody=*you*) It is thus now impossible to search for the * character with this operator.

  • New has_ filter operator (fixes #344).

  • JSON values are now accepted as filter values (fixes #1215, #1216, and #1217).

1.16 (2017-05-15)

  • Groups can now be created with a simple PUT (fixes #793)

  • Batch requests now raise 400 on unknown attributes (#1163).

1.15 (2017-03-03)

  • If-Match and If-None-Match precondition headers now check the ETag for strict equality. Previous versions would allow requests if they seemed to be more recent than the current version.

  • If-Match now raises 412 if a record doesn’t exist.

  • A 409 Conflict error response is now returned when some backend integrity constraint is violated (instead of 503 Service Unavailable).

1.14 (2017-01-11)

  • Add an OpenAPI 2.0 specification on GET /__api__ endpoint.

1.13 (2016-12-19)

  • Add DELETE to the history endpoint.

  • Add a basicauth capability when activated on the server

1.12 (2016-11-18)

  • Add a list of principals to hello view.

  • details attribute present in response of 404 errors.

  • Add support of JSON patch format to PATCH endpoints when using Content-Type: application/json-patch+json (as in RFC 6902). For more details, see JSON-Patch Format.

  • Add support of JSON merge format to PATCH endpoints when using Content-Type: application/merge-patch+json (as in RFC 7396). which allows to remove attributes by passing null values.

1.11 (2016-10-04)

  • Parent attributes are now readable if children creation is allowed

  • Return an empty list on the plural endpoint instead of 403 Forbidden if the create permission is allowed

  • Now returns a 412 Precondition Failed instead of a 403 Forbidden if the If-None-Match: * header is provided and the create permission is allowed

  • The permissions attribute is now empty in the response if the user does not have the permission to write.

1.10 (2016-09-15)

  • Add substring query to filtering on plural endpoints (e.g ?like_person=Tim)

1.9 (2016-08-17)

  • Add new endpoint GET /__version__ to retrieve the information about the deployed version.

  • Allow sub-object filtering on plural endpoints (e.g ?person.name=Eliot)

  • Allow sub-object sorting on plural endpoints (e.g ?_sort=person.name)

1.8 (2016-07-19)

  • Add new endpoint GET /v1/permissions to retrieve the list of permissions granted on every kind of object.

1.7 (2016-06-14)

  • Allow record IDs to be any string instead of just UUID.

1.6 (2016-05-24)

  • Added the GET /contribute.json endpoint for open-source information.

1.5 (2016-04-21)

  • Allow groups to get arbitrary attributes.

1.4 (2016-03-08)

  • Allow bucket to get arbitrary attributes.

  • Delete every (writable) buckets using DELETE /v1/buckets

  • Delete every (writable) collections using DELETE /v1/buckets/<bucket-id>/collections

  • URLs with trailing slash are redirected only if the current URL does not exist

  • Partial responses can now be specified for nested objects. For example, /records?_fields=address.street.

  • List responses are now sorted by last_modified descending by default

  • Return 415 error response if client cannot accept JSON response

  • Return 415 error response if client does not send JSON request

  • Add the GET /v1/__lbheartbeat__ endpoint, for load balancer membership test


The capabilities object in the root URL response now contains some flush_endpoint, schema, and default_bucket entries if the features are enabled in settings (#270).

1.3 (2016-01-28)

  • Forward slashes (/) are not escaped anymore in JSON responses (#537)

  • The API capabilities can be exposed in a capabilities attribute in the root URL (#628). Clients can rely on this to detect optional features on the server (e.g. enabled plugins).

1.2 (2016-01-15)

  • Fields can be filtered in GET requests using _fields=f1,f2 in querystring

  • New collections can be created via POST requests

1.1 (2015-12-01)

1.0 (2015-06-17)

  • Initial working version.