Umbraco API Controllers
A guide to implementing APIs in Umbraco projects
Last updated
A guide to implementing APIs in Umbraco projects
Last updated
This article describes how to work with API controllers in Umbraco projects. It focuses on creating REST services using ASP.NET Core-based API controllers.
In Umbraco 13 and below, the recommended approach was to base API controllers on the UmbracoApiController
class. However, UmbracoApiController
is obsolete in Umbraco 14 and will be removed in Umbraco 15.
Read the article for more details.
To better understand the basics of APIs, you can see the . The documentation provides a solid foundation for API concepts in .NET environments..
Public APIs in Umbraco are similar to standard ASP.NET Core APIs. Below is an example of how to create an API in Umbraco:
You can secure your public APIs using front-end membership protection with the [UmbracoMemberAuthorize]
attribute. This attribute allows you to restrict access based on member types, groups, or specific member IDs.
The available parameters are:
AllowType
: A comma-delimited list of allowed member types.
AllowGroup
: A comma-delimited list of allowed member groups.
AllowMembers
: A comma-delimited list of allowed member IDs.
To allow all members, apply the [UmbracoMemberAuthorize]
attribute without parameters.
You can apply these attributes either at the controller level or at the action level.
The [UmbracoMemberAuthorize]
attribute offers flexible options for securing your public APIs in Umbraco. The following examples show different ways to apply member protection, such as how to restrict access by member type, group, or specific IDs.
In this example, any logged in member can access all actions in the ProductsController
controller:
This example allows only logged-in members of type "Retailers" to access the GetAll
action:
In this example, only members belonging to the "VIP" group can access any actions on the controller:
This example allows only members with IDs 1, 10, and 20
to access the GetAll
action:
Umbraco's Backoffice API is also known as the Management API. When you create API controllers for Umbraco's backoffice, you are writing Management API controllers.
Read more about members and member login in the article.
For a detailed guide on how to create APIs for the Backoffice, see the article.