Basic APIs
This document provides a quick overview of the WebDAV operations supported in Nextcloud, to keep things readable it won’t go into many details for each operation, further information for each operation can be found in the corresponding RFC where applicable.
WebDAV basics
The base url for all WebDAV operations for a Nextcloud instance is /remote.php/dav.
All requests need to provide authentication information, either as a basic auth header or by passing a set of valid session cookies.
If your Nextcloud installation uses an external auth provider (such as an OIDC server) you may have to create an app password. To do that, go to your personal security settings and create one. It will provide a username and password which you can use within the Basic Auth header.
Testing requests
With curl
All WebDAV requests can be easily tested out using curl by specifying the request method (GET, PROPFIND, PUT, …) and providing a request body where needed.
For example: you can perform a PROPFIND request to find files in a folder using:
curl 'https://cloud.example.com/remote.php/dav/files/username/folder' \
--user username:password \
--request PROPFIND \
--data '<?xml version="1.0" encoding="UTF-8"?>
<d:propfind xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns" xmlns:nc="http://nextcloud.org/ns">
<d:prop>
<d:getlastmodified/>
<d:getcontentlength/>
<d:getcontenttype/>
<oc:permissions/>
<d:resourcetype/>
<d:getetag/>
</d:prop>
</d:propfind>'
Making requests in JavaScript
Here is a JavaScript code sample to get you started:
import { createClient } from 'webdav'
import { generateRemoteUrl } from '@nextcloud/router'
import { getCurrentUser } from '@nextcloud/auth'
const client = createClient(generateRemoteUrl('dav'))
const response = await client.getDirectoryContents(`/files/${getCurrentUser()?.uid}/folder`, {
details: true,
data: `<?xml version="1.0" encoding="UTF-8"?>
<d:propfind xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns" xmlns:nc="http://nextcloud.org/ns">
<d:prop>
<d:getlastmodified/>
<d:getcontentlength/>
<d:getcontenttype/>
<oc:permissions/>
<d:resourcetype/>
<d:getetag/>
</d:prop>
</d:propfind>`,
})
Requesting properties
By default, a PROPFIND request will only return a small number of properties for each file: last modified date, file size, whether it’s a folder, etag and mime type.
You can request additional properties by sending a request body with the PROPFIND request that lists all requested properties.
<?xml version="1.0"?>
<d:propfind xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns" xmlns:nc="http://nextcloud.org/ns">
<d:prop>
<d:getlastmodified />
<d:getetag />
<d:getcontenttype />
<d:resourcetype />
<oc:fileid />
<oc:permissions />
<oc:size />
<d:getcontentlength />
<nc:has-preview />
<oc:favorite />
<oc:comments-unread />
<oc:owner-display-name />
<oc:share-types />
<nc:contained-folder-count />
<nc:contained-file-count />
</d:prop>
</d:propfind>
A note about namespaces URI
When building the body of your DAV request, you will request properties that are available under specific namespace URI.
It is usual to declare prefixes for those namespace in the d:propfind element of the body.
Here is the list of available namespace:
URI |
Prefix |
|---|---|
DAV: |
d |
oc |
|
nc |
|
ocs |
|
ocm |
And here is how it should look in your DAV request:
<?xml version="1.0"?>
<d:propfind
xmlns:d="DAV:"
xmlns:oc="http://owncloud.org/ns"
xmlns:nc="http://nextcloud.org/ns"
xmlns:ocs="http://open-collaboration-services.org/ns">
xmlns:ocm="http://open-cloud-mesh.org/ns">
...
Supported properties
Property |
Description |
Example |
|---|---|---|
<d:creationdate /> |
The creation date of the node. |
|
<d:getlastmodified /> |
The latest modification time. |
|
<d:getetag /> |
The file’s etag. |
|
<d:getcontenttype /> |
The mime type of the file. |
|
<d:resourcetype /> |
Specifies the nature of the resource. |
|
<d:getcontentlength /> |
The size if it is a file in bytes. |
|
<d:getcontentlanguage /> |
The language of the content. |
|
<d:displayname /> |
A name suitable for presentation. |
|
<d:lockdiscovery /> |
Dummy endpoint for class 2 WebDAV support.
Should return the list of lock, but
always return an empty response.
|
|
<d:quota-available-bytes /> |
Amount of available bytes in the folder. |
3950773-1 Uncomputed free space.-2 Unknown free space.-3 Unlimited free space. |
<d:quota-used-bytes /> |
Amount of bytes used in the folder. |
|
<d:supportedlock /> |
Dummy endpoint for class 2 WebDAV support.
Always provide the same lock capabilities.
|
<d:lockentry><d:lockscope><d:exclusive /></d:lockscope><d:locktype><d:write /></d:locktype></d:lockentry></d:lockentry><d:lockentry><d:lockscope><d:shared /></d:lockscope><d:locktype><d:write /></d:locktype></d:lockentry> |
<oc:id /> |
The fileid namespaced by the instance id.
Globally unique.
|
|
<oc:fileid /> |
The unique id for the file within the instance. |
|
<oc:downloadURL /> |
A URL to directly download the file from a
storage. No storage implements that yet.
|
|
<oc:permissions /> |
The permissions that the user has over the
file. The value is a string containing
letters for all available permissions.
|
S: SharedR: ShareableM: MountedG: ReadableD: DeletableNV: Updateable, Renameable, MoveableW: Updateable (file)CK: Creatable |
<nc:creation_time /> |
Same as |
|
<nc:mount-type /> |
The type of mount. |
'' = local'shared' = received share'group' = group folder'external' = external storage'external-session' = external storage |
<nc:is-encrypted /> |
Whether the folder is end-to-end encrypted. |
0 for false1 for true |
<nc:is-mount-root> |
This is a special property which is used to
determine if a node is a mount root or not,
e.g. a shared folder. If so, then the node
can only be unshared and not deleted.
|
|
<oc:tags /> |
List of user specified tags. |
|
<oc:favorite /> |
The favorite state. |
0 for not favourited1 for favourited |
<oc:comments-href /> |
The DAV endpoint to fetch the comments. |
|
<oc:comments-count /> |
The number of comments. |
|
<oc:comments-unread /> |
The number of unread comments. |
|
<oc:owner-id /> |
The user id of the owner of a shared file. |
|
<oc:owner-display-name /> |
The display name of the owner of a shared file. |
|
<oc:share-types /> |
XML array of share types. |
<oc:share-type>{shareTypeId}</oc:share-type>0 = User1 = Group3 = Public link4 = Email6 = Federated cloud share7 = Circle8 = Guest9 = Remote group10 = Talk conversation12 = Deck15 = Science mesh |
<ocs:share-permissions /> |
The permissions that the
user has over the share.
|
1 = Read2 = Update4 = Create8 = Delete16 = Share31 = All |
<ocm:share-permissions /> |
The permissions that the user has
over the share as a JSON array.
|
|
<nc:share-attributes /> |
User set attributes as a JSON array. |
|
<nc:sharees /> |
The list of share recipient. |
<nc:sharee><nc:id>alice</nc:id><nc:display-name>Alice</nc:display-name><nc:type>0</nc:type></nc:sharee> |
<oc:checksums /> |
An array of checksums. |
|
<nc:has-preview /> |
Whether a preview of the file is available. |
|
<nc:hidden> |
Defines if a file should be hidden
Currently only used for live photos
|
|
<oc:size /> |
Unlike
getcontentlength, this propertyalso works for folders, reporting the size of
everything in the folder. Size is in bytes.
|
|
<nc:rich-workspace-file /> |
The id of the workspace file. |
3456 |
<nc:rich-workspace /> |
The content of the workspace file. |
|
<nc:upload_time /> |
Date this file was uploaded. |
|
<nc:note /> |
Share note. |
|
<nc:contained-folder-count /> |
The number of folders directly contained
in the folder (not recursively).
|
|
<nc:contained-file-count /> |
The number of files directly contained
in the folder (not recursively).
|
|
<nc:data-fingerprint /> |
Used by the clients to find out
if a backup has been restored.
|
|
<nc:acl-enabled> |
Whether ACL is enabled for this group folder. |
|
<nc:acl-can-manage> |
Wether the current user can manager ACL. |
|
<nc:acl-list> |
Array of ACL rules. |
<nc:acl><nc:acl-mapping-type>group</nc:acl-mapping-type><nc:acl-mapping-id>admin</nc:acl-mapping-id><nc:acl-mapping-display-name>admin</nc:acl-mapping-display-name><nc:acl-mask>20</nc:acl-mask><nc:acl-permissions>15</nc:acl-permissions></nc:acl> |
<nc:inherited-acl-list> |
Array of ACL rules from the parents folders |
See <nc:acl-list> |
<nc:group-folder-id> |
Numerical id of that group folder. |
|
<nc:lock> |
Wether the file is locked. |
|
<nc:lock-owner-type> |
Type of the owner of the lock. |
|
<nc:lock-owner> |
User id of the owner of the lock. |
|
<nc:lock-owner-displayname> |
Display name of the owner of the lock. |
|
<nc:lock-owner-editor> |
App id of an app owned lock. |
|
<nc:lock-time> |
Date when the lock was created as a timestamp. |
|
<nc:lock-timeout> |
TTL of the lock in seconds staring from the creation time. |
|
<nc:lock-token> |
The token of the lock. |
|
<nc:reminder-due-date> |
The due date of the reminder
as an ISO 8601 formatted string.
|
|
<nc:version-label /> |
The user-set label for a file. |
|
<nc:version-author /> |
The author’s id of a specified file verson. |
|
Listing folders (rfc4918)
The contents of a folder can be listed by sending a PROPFIND request to the folder.
PROPFIND remote.php/dav/files/user/path/to/folder
Getting properties for just the folder
You can request properties of a folder without also getting the folder contents by adding a Depth: 0 header to the request.
Downloading files
A file can be downloaded by sending a GET request to the WebDAV url of the file.
GET remote.php/dav/files/user/path/to/file
Uploading files
A file can be uploaded by sending a PUT request to the file and sending the raw file contents as the request body.
PUT remote.php/dav/files/user/path/to/file
Any existing file will be overwritten by the request.
Creating folders (rfc4918)
A folder can be created by sending a MKCOL request to the folder.
MKCOL remote.php/dav/files/user/path/to/new/folder
Deleting files and folders (rfc4918)
A file or folder can be deleted by sending a DELETE request to the file or folder.
DELETE remote.php/dav/files/user/path/to/file
When deleting a folder, its contents will be deleted recursively.
Moving files and folders (rfc4918)
A file or folder can be moved by sending a MOVE request to the file or folder and specifying the destination in the Destination header as full url.
MOVE remote.php/dav/files/user/path/to/file
Destination: https://cloud.example/remote.php/dav/files/user/new/location
The overwrite behavior of the move can be controlled by setting the Overwrite head to T or F to enable or disable overwriting respectively.
Copying files and folders (rfc4918)
A file or folder can be copied by sending a COPY request to the file or folder and specifying the destination in the Destination header as full url.
COPY remote.php/dav/files/user/path/to/file
Destination: https://cloud.example/remote.php/dav/files/user/new/location
The overwrite behavior of the copy can be controlled by setting the Overwrite head to T or F to enable or disable overwriting respectively.
Settings favorites
A file or folder can be marked as favorite by sending a PROPPATCH request to the file or folder and setting the oc-favorite property
PROPPATCH remote.php/dav/files/user/path/to/file
<?xml version="1.0"?>
<d:propertyupdate xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns">
<d:set>
<d:prop>
<oc:favorite>1</oc:favorite>
</d:prop>
</d:set>
</d:propertyupdate>
Setting the oc:favorite property to 1 marks a file as favorite, setting it to 0 un-marks it as favorite.
Listing favorites
Favorites for a user can be retrieved by sending a REPORT request and specifying oc:favorite as a filter
REPORT remote.php/dav/files/user/path/to/folder
<?xml version="1.0"?>
<oc:filter-files xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns" xmlns:nc="http://nextcloud.org/ns">
<oc:filter-rules>
<oc:favorite>1</oc:favorite>
</oc:filter-rules>
</oc:filter-files>
File properties can be requested by adding a <d:prop/> element to the request listing the requested properties in the same way as it would be done for a PROPFIND request.
When listing favorites, the request will find all favorites in the folder recursively, all favorites for a user can be found by sending the request to remote.php/dav/files/user
Special Headers
Request Headers
You can set some special headers that Nextcloud will interpret.
Header |
Description |
Example |
|---|---|---|
X-OC-MTime |
Allow to specify a modification time.
The response will contain the header
X-OC-MTime: acceptedif the mtime was accepted.
|
|
X-OC-CTime |
Allow to specify a creation time.
The response will contain the header
X-OC-CTime: acceptedif the mtime was accepted.
|
|
OC-Checksum |
A checksum that will be stored in the DB.
The server will not do any sort of validation.
|
|
X-Hash |
Allow to request the file’s hash from the server.
The server will return the hash in a header named either:
X-Hash-MD5, X-Hash-SHA1, or X-Hash-SHA256. |
|
OC-Total-Length |
Contains the total size of the file during a chunk upload.
This allow the server to abort faster if the remaining
user’s quota is not enough.
|
|
OC-Chunked (deprecated) |
Used for legacy chunk upload to differentiate a regular
upload from a chunked upload. It allowed checking for quota
and various other things. Nowadays, you need to provide the
OC-Total-Length header on the PUT requests instead. |
Deprecated ⚠️ You do not have to provide this anymore |
Response Headers
Header |
Description |
Example |
|---|---|---|
OC-Etag |
On creation, move and copy,
the response contain the etag of the file.
|
|
OC-FileId |
On creation, move and copy,
the response contain the fileid of the file.
|
Format:
<padded-id><instance-id>.Example:
00000259oczn5x60nrdu |