PHPackages                             silverstripe/restfulserver - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [HTTP &amp; Networking](/categories/http)
4. /
5. silverstripe/restfulserver

ActiveSilverstripe-vendormodule[HTTP &amp; Networking](/categories/http)

silverstripe/restfulserver
==========================

Add a RESTful API to your SilverStripe application

3.0.3(10mo ago)46598.2k↓32.4%48[16 issues](https://github.com/silverstripe/silverstripe-restfulserver/issues)[4 PRs](https://github.com/silverstripe/silverstripe-restfulserver/pulls)4BSD-3-ClausePHPPHP ^8.1CI passing

Since Jul 14Pushed 10mo ago11 watchersCompare

[ Source](https://github.com/silverstripe/silverstripe-restfulserver)[ Packagist](https://packagist.org/packages/silverstripe/restfulserver)[ RSS](/packages/silverstripe-restfulserver/feed)WikiDiscussions 3 Synced 2d ago

READMEChangelog (10)Dependencies (6)Versions (52)Used By (4)Security (1)

Silverstripe RestfulServer Module
=================================

[](#silverstripe-restfulserver-module)

[![CI](https://github.com/silverstripe/silverstripe-restfulserver/actions/workflows/ci.yml/badge.svg)](https://github.com/silverstripe/silverstripe-restfulserver/actions/workflows/ci.yml)[![Silverstripe supported module](https://camo.githubusercontent.com/9b7e93d393a01f6d3091fb30983b870aa863ef076858115faaa1c74b995854ec/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f73696c7665727374726970652d737570706f727465642d3030373143342e737667)](https://www.silverstripe.org/software/addons/silverstripe-commercially-supported-module-list/)

Installation
------------

[](#installation)

```
composer require silverstripe/restfulserver
```

Overview
--------

[](#overview)

This class gives your application a RESTful API. All you have to do is set the `api_access` configuration option to `true`on the appropriate DataObjects. You will need to ensure that all of your data manipulation and security is defined in your model layer (ie, the DataObject classes) and not in your Controllers. This is the recommended design for SilverStripe applications.

Configuration
-------------

[](#configuration)

Example DataObject with simple API access, giving full access to all object properties and relations, unless explicitly controlled through model permissions.

```
namespace Vendor\Project;

use SilverStripe\ORM\DataObject;

class Article extends DataObject {

	private static $db = [
        'Title'=>'Text',
        'Published'=>'Boolean'
    ];

	private static $api_access = true;
}
```

Example DataObject with advanced API access, limiting viewing and editing to Title attribute only:

```
namespace Vendor\Project;

use SilverStripe\ORM\DataObject;

class Article extends DataObject {

    private static $db = [
        'Title'=>'Text',
        'Published'=>'Boolean'
    ];

    private static $api_access = [
        'view' => ['Title'],
        'edit' => ['Title']
    ];
}
```

Example DataObject field mapping, allows aliasing fields so that public requests and responses display different field names:

```
namespace Vendor\Project;

use SilverStripe\ORM\DataObject;

class Article extends DataObject {

    private static $db = [
        'Title'=>'Text',
        'Published'=>'Boolean'
    ];

    private static $api_access = [
        'view' => ['Title', 'Content'],
    ];

    private static $api_field_mapping = [
        'customTitle' => 'Title',
    ];
}
```

Given a dataobject with values:

```
    ID: 12
    Title: Title Value
    Content: Content value
```

which when requesting with the url `/api/v1/Vendor-Project-Article/12?fields=customTitle,Content` and `Accept: application/json` the response will look like:

```
{
    "customTitle": "Title Value",
    "Content": "Content value"
}
```

Similarly, `PUT` or `POST` requests will have fields transformed from the alias name to the DB field name.

Supported operations
--------------------

[](#supported-operations)

- `GET /api/v1/(ClassName)/(ID)` - gets a database record
- `GET /api/v1/(ClassName)/(ID)/(Relation)` - get all of the records linked to this database record by the given reatlion
- `GET /api/v1/(ClassName)?(Field)=(Val)&(Field)=(Val)` - searches for matching database records
- `POST /api/v1/(ClassName)` - create a new database record
- `PUT /api/v1/(ClassName)/(ID)` - updates a database record
- `PUT /api/v1/(ClassName)/(ID)/(Relation)` - updates a relation, replacing the existing record(s) (NOT IMPLEMENTED YET)
- `POST /api/v1/(ClassName)/(ID)/(Relation)` - updates a relation, appending to the existing record(s) (NOT IMPLEMENTED YET)
- `DELETE /api/v1/(ClassName)/(ID)` - deletes a database record (NOT IMPLEMENTED YET)
- `DELETE /api/v1/(ClassName)/(ID)/(Relation)/(ForeignID)` - remove the relationship between two database records, but don't actually delete the foreign object (NOT IMPLEMENTED YET)
- `POST /api/v1/(ClassName)/(ID)/(MethodName)` - executes a method on the given object (e.g, publish)

Search
------

[](#search)

You can trigger searches based on the fields specified on `DataObject::searchable_fields` and passed through `DataObject::getDefaultSearchContext()`. Just add a key-value pair with the search-term to the url, e.g. /api/v1/(ClassName)/?Title=mytitle.

Other url-modifiers
-------------------

[](#other-url-modifiers)

- `&limit=`: Limit the result set
- `&relationdepth=`: Displays links to existing has-one and has-many relationships to a certain depth (Default: 1)
- `&fields=`: Comma-separated list of fields on the output object (defaults to all database-columns). Handy to limit output for bandwidth and performance reasons.
- `&sort=&dir=`
- `&add_fields=`: Comma-separated list of additional fields, for example dynamic getters.

Access control
--------------

[](#access-control)

Access control is implemented through the usual Member system with BasicAuth authentication only. By default, you have to bear the ADMIN permission to retrieve or send any data. You should override the following built-in methods to customize permission control on a class- and object-level:

- `DataObject::canView()`
- `DataObject::canEdit()`
- `DataObject::canDelete()`
- `DataObject::canCreate()`

See `SilverStripe\ORM\DataObject` documentation for further details.

You can specify the character-encoding for any input on the HTTP Content-Type. At the moment, only UTF-8 is supported. All output is made in UTF-8 regardless of Accept headers.

###  Health Score

58

—

FairBetter than 98% of packages

Maintenance47

Moderate activity, may be stable

Popularity52

Moderate usage in the ecosystem

Community37

Small or concentrated contributor base

Maturity85

Battle-tested with a long release history

 Bus Factor3

3 contributors hold 50%+ of commits

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~88 days

Recently: every ~78 days

Total

51

Last Release

306d ago

Major Versions

1.0.x-dev → 2.2.02019-08-14

2.5.x-dev → 3.0.0-beta12023-01-22

2.6.0-rc1 → 3.0.0-rc12023-03-30

2.x-dev → 3.0.02023-04-27

3.x-dev → 4.x-dev2025-08-31

PHP version history (4 changes)2.4.0-rc1PHP ^7.3 || ^8.0

2.5.0-beta1PHP ^7.4 || ^8.0

3.0.0-beta1PHP ^8.1

4.x-devPHP ^8.3

### Community

Maintainers

![](https://www.gravatar.com/avatar/b0cba8b534e20e6ab4fff555a97b237a18436ebca1446fc0b29c8a8b504038b9?d=identicon)[GuySartorelli](/maintainers/GuySartorelli)

![](https://avatars.githubusercontent.com/u/111025?v=4)[Ingo Schommer](/maintainers/chillu)[@chillu](https://github.com/chillu)

![](https://www.gravatar.com/avatar/a25bc04c5720a36869d5a39c6449dde7eb43e19b7c8e666d5f632d6a9ab440b1?d=identicon)[emteknetnz](/maintainers/emteknetnz)

![](https://www.gravatar.com/avatar/afbb3dcc9ef29c1a6eedd6addcae5fce9ab1271915a85a4c349301b71237368d?d=identicon)[silverstripe-machine01](/maintainers/silverstripe-machine01)

![](https://www.gravatar.com/avatar/be6648e60fbab6f70bfc34dd8c14259562d28a47510a934ea9c01fe98633f3c2?d=identicon)[sminnee](/maintainers/sminnee)

---

Top Contributors

[![robbieaverill](https://avatars.githubusercontent.com/u/5170590?v=4)](https://github.com/robbieaverill "robbieaverill (42 commits)")[![emteknetnz](https://avatars.githubusercontent.com/u/4809037?v=4)](https://github.com/emteknetnz "emteknetnz (28 commits)")[![GuySartorelli](https://avatars.githubusercontent.com/u/36352093?v=4)](https://github.com/GuySartorelli "GuySartorelli (23 commits)")[![dhensby](https://avatars.githubusercontent.com/u/563596?v=4)](https://github.com/dhensby "dhensby (14 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (7 commits)")[![edwilde](https://avatars.githubusercontent.com/u/415374?v=4)](https://github.com/edwilde "edwilde (7 commits)")[![andreaspiening](https://avatars.githubusercontent.com/u/24401847?v=4)](https://github.com/andreaspiening "andreaspiening (7 commits)")[![chillu](https://avatars.githubusercontent.com/u/111025?v=4)](https://github.com/chillu "chillu (7 commits)")[![NightJar](https://avatars.githubusercontent.com/u/778003?v=4)](https://github.com/NightJar "NightJar (3 commits)")[![sabina-talipova](https://avatars.githubusercontent.com/u/87288324?v=4)](https://github.com/sabina-talipova "sabina-talipova (3 commits)")[![blueo](https://avatars.githubusercontent.com/u/948122?v=4)](https://github.com/blueo "blueo (2 commits)")[![raissanorth](https://avatars.githubusercontent.com/u/14869519?v=4)](https://github.com/raissanorth "raissanorth (2 commits)")[![phptek](https://avatars.githubusercontent.com/u/478440?v=4)](https://github.com/phptek "phptek (2 commits)")[![wilr](https://avatars.githubusercontent.com/u/101629?v=4)](https://github.com/wilr "wilr (1 commits)")[![mateusz](https://avatars.githubusercontent.com/u/118653?v=4)](https://github.com/mateusz "mateusz (1 commits)")[![mfendeksilverstripe](https://avatars.githubusercontent.com/u/26395487?v=4)](https://github.com/mfendeksilverstripe "mfendeksilverstripe (1 commits)")[![sanderha](https://avatars.githubusercontent.com/u/6941043?v=4)](https://github.com/sanderha "sanderha (1 commits)")[![ScopeyNZ](https://avatars.githubusercontent.com/u/3260989?v=4)](https://github.com/ScopeyNZ "ScopeyNZ (1 commits)")[![scott1702](https://avatars.githubusercontent.com/u/10215604?v=4)](https://github.com/scott1702 "scott1702 (1 commits)")

---

Tags

hacktoberfestapirestsilverstripe

###  Code Quality

TestsPHPUnit

Code StylePHP\_CodeSniffer

### Embed Badge

![Health badge](/badges/silverstripe-restfulserver/health.svg)

```
[![Health](https://phpackages.com/badges/silverstripe-restfulserver/health.svg)](https://phpackages.com/packages/silverstripe-restfulserver)
```

###  Alternatives

[colymba/silverstripe-restfulapi

SilverStripe RESTful API with a default JSON serializer.

6329.0k](/packages/colymba-silverstripe-restfulapi)[mediamonks/rest-api-bundle

MediaMonks Rest API Symfony Bundle

1656.2k1](/packages/mediamonks-rest-api-bundle)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
