OCS APIs overview

This document provides a quick overview of the OCS API endpoints supported in Nextcloud.

All requests need to provide authentication information, either as a Basic Auth header or by passing a set of valid session cookies, if not stated otherwise.

Testing requests with curl

All OCS requests can be easily tested out using curl by specifying the request method (GET, PUT, etc) and setting a request body where needed.

For example: you can perform a GET request to get information about a user:

curl -u username:password -X GET 'https://cloud.example.com/ocs/v1.php/...' -H "OCS-APIRequest: true"

User metadata

Since: 11.0.2, 12.0.0

This request returns the available metadata of a user. Admin users can see the information of all users, while a default user only can access it’s own metadata.

GET /ocs/v1.php/cloud/users/USERID
<?xml version="1.0"?>
                <displayname>John Doe</displayname>
                        <element>1st group</element>
                        <element>2nd group</element>
                        <element>3rd group</element>
                        <element>... group</element>

User metadata - List user IDs

This request returns a list containing all user IDs. Only admin users can query the list.

GET /ocs/v1.php/cloud/users
<?xml version="1.0"?>

Capabilities API

Clients can obtain capabilities provided by the Nextcloud server and its apps via the capabilities OCS API.

GET /ocs/v1.php/cloud/capabilities
<?xml version="1.0"?>

Theming capabilities

Values of the theming app are exposed through the capabilities API, allowing client developers to adjust the look of clients to the theming of different Nextcloud instances.

        <slogan>A safe home for all your data</slogan>

The background value can either be an URL to the background image or a hex color value.

Direct Download

It might be required to give a 3rd party access to a file however you do not want to hand over credentials to the 3rd party. An example of this is playing files in an external media player on mobile devices.

To solve this issue there is a way to request a unique public link to a single file. This link will be valid for 24 hours afterwards it will be removed.

To obtain a direct link:

POST /ocs/v2.php/apps/dav/api/v1/direct

With the fileId in the body (so fileId=42 for example). This will then return you the link to use to obtain the file.


There is also the Notifications API As well as documentation on how to Register a device for push notifications