OCS APIs overview

This document provides a quick overview of the OCS API endpoints supported in Nextcloud.

All requests need to provide authentication information, either as a Basic Auth header or by passing a set of valid session cookies, if not stated otherwise.

Authentication

Authentication can happen either via username / password (or app token) or with OIDC tokens, see the examples below:

Username/Password:

curl -u username:password -X GET 'https://cloud.example.com/ocs/v1.php/...' -H "OCS-APIRequest: true"

OIDC Token:

curl -X GET 'https://cloud.example.com/ocs/v1.php/...' -H "OCS-APIRequest: true" -H "Authorization: Bearer ID_TOKEN"

Testing requests with curl

All OCS requests can be easily tested out using curl by specifying the request method (GET, PUT, etc) and setting a request body where needed.

For example: you can perform a GET request to get information about a user:

curl -u username:password -X GET 'https://cloud.example.com/ocs/v1.php/...' -H "OCS-APIRequest: true"

User metadata

Since: 11.0.2, 12.0.0

This request returns the available metadata of a user. Admin users can see the information of all users, while a default user only can access their own metadata.

GET /ocs/v1.php/cloud/users/USERID
<?xml version="1.0"?>
<ocs>
        <meta>
                <status>ok</status>
                <statuscode>100</statuscode>
                <message>OK</message>
                <totalitems></totalitems>
                <itemsperpage></itemsperpage>
        </meta>
        <data>
                <enabled>1</enabled>
                <storageLocation>/path/to/storage/location/userid</storageLocation>
                <id>userid</id>
                <lastLogin>1578283711000</lastLogin>
                <backend>Database</database>
                <subadmin/>
                <quota>
                        <free>20632824998</free>
                        <used>842011482</used>
                        <total>21474836480</total>
                        <relative>3.92</relative>
                        <quota>21474836480</quota>
                </quota>
                <email>user@foo.de</email>
                <displayname>John Doe</displayname>
                <display-name>John Doe</display-name>
                <phone></phone>
                <address></address>
                <website>https://example.com</website>
                <twitter></twitter>
                <groups>
                        <element>1st group</element>
                        <element>2nd group</element>
                        <element>3rd group</element>
                        <element>... group</element>
                </groups>
                <language>de</language>
                <locale>de_DE</locale>
                <backendCapabilities>
                        <setDisplayName>1</setDisplayName>
                        <setPassword>1</setPassword>
                </backendCapabilities>
        </data>
</ocs>

User metadata - List user IDs

This request returns a list containing all user IDs. Only admin users can query the list.

GET /ocs/v1.php/cloud/users
<?xml version="1.0"?>
<ocs>
        <meta>
                <status>ok</status>
                <statuscode>100</statuscode>
                <message>OK</message>
                <totalitems></totalitems>
                <itemsperpage></itemsperpage>
        </meta>
        <data>
                <users>
                        <element>1st_user</element>
                        <element>2nd_user</element>
                        <element>3rd_user</element>
                        <element>..._user</element>
                </users>
        </data>
</ocs>

Capabilities API

Clients can obtain capabilities provided by the Nextcloud server and its apps via the capabilities OCS API.

GET /ocs/v1.php/cloud/capabilities
<?xml version="1.0"?>
<ocs>
        <meta>
                <status>ok</status>
                <statuscode>100</statuscode>
                <message>OK</message>
                <totalitems></totalitems>
                <itemsperpage></itemsperpage>
        </meta>
        <data>
                <version>
                        <major>17</major>
                        <minor>0</minor>
                        <micro>2</micro>
                        <string>17.0.2</string>
                        <edition></edition>
                        <extendedSupport></extendedSupport>
                </version>
                <capabilities>
                        <core>
                                <pollinterval>60</pollinterval>
                                <webdav-root>remote.php/webdav</webdav-root>
                        </core>
                </capabilities>
        </data>
</ocs>

Theming capabilities

Values of the theming app are exposed through the capabilities API, allowing client developers to adjust the look of clients to the theming of different Nextcloud instances.

<theming>
        <name>Nextcloud</name>
        <url>https://nextcloud.com</url>
        <slogan>A safe home for all your data</slogan>
        <color>#0082c9</color>
        <color-text>#ffffff</color-text>
        <color-element>#0082c9</color-element>
        <color-element-bright>#aaaaaa</color-element-bright>
        <color-element-dark>#555555</color-element-dark>
        <logo>http://cloud.example.com/index.php/apps/theming/logo?v=1</logo>
        <background>http://cloud.example.com/index.php/apps/theming/logo?v=1</background>
        <background-plain></background-plain>
        <background-default></background-default>
</theming>

For elements like radio buttons, input borders and more, instead of the primary color value, the color-element-bright should be used on bright background and color-element-dark on dark background. This when the primary color is e.g. set to #000000 the color-elemenet-dark will be set to #555555 so items are still visible. In the Nextcloud web UI only the top header uses color, everything else uses color-element-*. Text and icons on these elements should use color-text.

The background value can either be a URL to the background image or a hex color value.

Direct Download

It might be required to give a 3rd party access to a file however you do not want to hand over credentials to the 3rd party. An example of this is playing files in an external media player on mobile devices.

To solve this issue there is a way to request a unique public link to a single file. This link will be valid for 8 hours afterwards it will be removed.

To obtain a direct link:

POST /ocs/v2.php/apps/dav/api/v1/direct

With the fileId in the body (so fileId=42 for example). This will then return you the link to use to obtain the file.

Notifications

There is also the Notifications API As well as documentation on how to Register a device for push notifications