Umbraco API Controllers
A guide to implementing APIs in Umbraco projects
This article describes how to work with API Controllers in Umbraco to create REST services.
UmbracoApiController
has been removed from Umbraco CMS as of version 15.
Read the article Porting old Umbraco APIs for more details.
What is an API?
The Microsoft ASP.NET Core API documentation is a great place to familiarize yourself with API concepts. It can be found on the official ASP.NET Core site.
Public APIs in Umbraco
A public API in Umbraco is created as any other ASP.NET Core API:
Adding member protection to public APIs
To protect your APIs based on front-end membership, you can annotate your API controllers with the [UmbracoMemberAuthorize]
attribute.
There are 3 parameters that can be supplied to control how the authorization works:
To allow all members, use the attribute without supplying any parameters.
You can apply these attributes either at controller level or at action level.
Read more about members and member login in the Member Registration and Login article.
Examples
This will allow any logged in member to access all actions in the ProductsController
controller:
This will only allow logged in members of type "Retailers" to access the GetAll
action:
This will only allow members belonging to the "VIP" group to access any actions on the controller:
This will only allow the members with ids 1, 10 and 20 to access the GetAll
action:
Backoffice API Controllers
Read the Creating a Backoffice API article for a comprehensive guide to writing APIs for the Management API.
The Umbraco Backoffice API is also known as the Management API. Thus, a Backoffice API Controller is often referred to as a Management API Controller.
Last updated