Technical reference for backend endpoints under /api.
- Base path:
/api - Authentication:
Authorization: Bearer <token> - Public endpoints:
/api/health,/api/auth/*(except protected auth operations) - Most resource endpoints require authentication middleware
Most resource routes return:
{
"success": true,
"data": {}
}Error shape (common):
{
"success": false,
"error": "message"
}Validation failures can also include:
details[]withfieldandmessage
Note: auth routes have some responses without success wrapper (for example direct { user, token } payloads).
Base: /api/auth
POST /registerPOST /loginGET /me(auth required)POST /change-password(auth required)POST /verify
Security notes:
- auth routes are rate-limited
- token verification can return
valid: falseresponses
GET /api/health
Returns service heartbeat and timestamp.
Base: /api/epackages
GET /GET /coreGET /:idGET /uri/:nsURIPOST /PUT /:idDELETE /:id
Base: /api/metamodels
GET /GET /:idPOST /PUT /:idDELETE /:idPOST /:id/classesPUT /:id/classes/:classIdDELETE /:id/classes/:classIdPOST /:id/constraintsPOST /:id/classes/:classId/constraints
Base: /api/models
GET /(optional query:metamodelId)GET /:idPOST /PUT /:idDELETE /:idPOST /:id/elementsPUT /:id/elements/:elementIdDELETE /:id/elements/:elementIdPOST /:id/connectionsDELETE /:id/connections/:connectionId
Base: /api/diagrams
These endpoints retain the /api/diagrams path for compatibility. In the current product model, a diagram row represents a view: a projection of model elements plus view-specific grid settings.
GET /(optional query:modelId)GET /:idPOST /PUT /:idDELETE /:idPOST /:id/model-elementsPOST /:id/model-elements/add-allPUT /:id/model-elements/:modelElementId/presentationDELETE /:id/model-elements/:modelElementIdPOST /:id/elementsPUT /:id/elements/:elementIdDELETE /:id/elements/:elementIdPUT /:id/grid-settings
The model-elements routes are the preferred view-membership API. The elements routes are compatibility routes for older clients.
Create and update payloads may include optional viewpointId and representationDescriptionId. When omitted, the backend resolves the model metamodel's default viewpoint and default diagram representation description. Current diagram editors reject non-diagram representation descriptions.
Base: /api/viewpoints
Viewpoints are metamodel-level specification resources. Access follows the owning metamodel rather than adding a separate shareable resource type.
GET /(optional query:metamodelId)GET /default?metamodelId=:idGET /:idPOST /PUT /:idDELETE /:idGET /:id/representation-descriptionsPOST /:id/representation-descriptionsPUT /:id/representation-descriptions/:representationDescriptionIdDELETE /:id/representation-descriptions/:representationDescriptionId
Representation descriptions are embedded in the viewpoint JSON. First-release executable kind is diagram; table and tree are reserved for specification data.
Base: /api/interoperability/sirius
These endpoints implement the first Sirius compatibility slice for Viewpoint Specification Models. .odesign validate/import/export is supported for the documented diagram subset. Validation also recognizes .aird, .ecore, .xmi, and base64-encoded project-zip payloads so deferred or delegated files appear in the compatibility report instead of being silently ignored.
POST /validatePOST /importPOST /export
validate accepts JSON { content, sourceFormat?, metamodelId?, options? } and returns a compatibility report plus a preview of imported viewpoints. For sourceFormat: "project-zip", content is a base64 ZIP payload and the backend validates safe relative paths before delegating the first .odesign file it finds. import accepts { content, metamodelId, options? } and creates SpatialDSL viewpoints and diagram representation descriptions for the supported .odesign subset. export accepts { metamodelId, viewpointIds?, options? } and returns { filename, content, report } for generated .odesign XML.
Every operation returns a SiriusCompatibilityReport with warnings, droppedFeatures, and unresolvedReferences.
Base: /api/transformations
Rule CRUD:
GET /rulesGET /rules/:idPOST /rulesPUT /rules/:idDELETE /rules/:id
Compatibility routes:
GET /patterns(returns empty list)POST /patterns(no-op passthrough)PUT /patterns/:id(no-op passthrough)DELETE /patterns/:id(no-op)GET /executions(returns empty list)
Base: /api/codegen
GET /projects(optional query:metamodelId)GET /projects/:idPOST /projectsPUT /projects/:idDELETE /projects/:idPOST /projects/:id/templatesPUT /projects/:id/templates/:templateIdDELETE /projects/:id/templates/:templateId
Base: /api/tests
GET /GET /cases(alias)POST /casesPUT /cases/:idGET /:idPOST /POST /batchPUT /:idPUT /:id/statusPUT /:id/valuesDELETE /:idDELETE /model/:modelIdPOST /model/:modelId/reset
Base: /api/files
GET /GET /statsGET /:idGET /:id/dataGET /:id/downloadPOST /upload(multipart)POST /upload-base64PUT /:id/metadataDELETE /:idPOST /cleanup
Base: /api/share
POST /:resourceType/:resourceId/shareDELETE /:resourceType/:resourceId/share/:userIdGET /:resourceType/:resourceId/sharesGET /shared-with-meGET /:resourceType/:resourceId/access
Valid resource types:
METAMODELMODELDIAGRAMTRANSFORMATION_RULECODEGEN_PROJECTTEST_CASE
Valid share permissions:
VIEWEREDITOR
Base: /api/admin (ADMIN role required)
User management:
GET /usersGET /users/:userIdPATCH /users/:userId/rolePOST /users/:userId/reset-passwordDELETE /users/:userIdPOST /users/bulk/rolePOST /users/bulk/delete
Resource and system:
GET /statsGET /resourcesGET /resources/:type/:resourceIdDELETE /resources/:type/:resourceIdPOST /resources/:type/:resourceId/transferPOST /resources/:type/:resourceId/unshareGET /health
- Auth middleware protects all non-public route groups.
- Resource operations are further constrained by role and ownership/share checks.
- Sharing creation is restricted to allowed roles and owner verification.