Dyrecteddyrected
API Reference

REST API Reference

Endpoint behavior, authentication, filtering, errors, and a generated OpenAPI inventory.

Dyrected derives a REST API from collections and globals in dyrected.config.ts. Runtime OpenAPI is project-specific; the generated inventory below uses a representative maximal configuration to cover every route family.

Base URL

Self-hosted routes are normally exposed beneath the application origin:

https://example.com/api

SDK configuration takes the origin before /api, because SDK methods add /api themselves.

Authentication

Depending on access configuration, requests use a site API key, a user JWT, and—in Cloud mode—a site identifier.

CredentialHeaderTypical use
Site API keyx-api-keyTrusted server-to-server access
User JWTAuthorization: Bearer …User-scoped and Admin operations
Site IDx-site-idCloud tenant selection

An endpoint can be public when its access rule allows the operation. The representative table's authentication column reflects the fixture, not a guarantee about your project.

Listing and filtering

Collection list routes accept limit, page, sort, depth, and a JSON-encoded where object.

const query = new URLSearchParams({
  limit: '10',
  sort: '-createdAt',
  depth: '1',
  where: JSON.stringify({ status: { equals: 'published' } }),
})

const response = await fetch(`/api/collections/posts?${query}`)

Operators include equals, not_equals, contains, starts_with, in, not_in, gt, gte, lt, lte, and exists. Incoming filters are sanitized against the configured schema; fields with admin.filterable: false cannot be used for filtering.

List responses use the shared pagination envelope:

{
  "docs": [],
  "total": 0,
  "limit": 10,
  "page": 1,
  "totalPages": 0,
  "hasNextPage": false,
  "hasPrevPage": false
}

Collections

  • GET /api/collections/{slug} lists documents.
  • POST /api/collections/{slug} creates a document or upload.
  • GET /api/collections/{slug}/{id} reads one document.
  • PATCH /api/collections/{slug}/{id} performs a partial update.
  • DELETE /api/collections/{slug}/{id} deletes one document.
  • DELETE /api/collections/{slug}/delete-many deletes authorized IDs in bulk.
  • POST /api/collections/{slug}/seed initializes configured seed content.

Access rules, hooks, field validation, relationship depth, and workflows apply at this boundary.

Uploads and media

Upload collections accept multipart/form-data with a required file part and optional configured metadata fields.

curl -X POST https://example.com/api/collections/media \
  -H "Authorization: Bearer $DYRECTED_TOKEN" \
  -F "[email protected]" \
  -F "alt=Mountain at sunrise"

Use URLs returned by the API. Local storage can serve bytes through /api/media/{filename}; cloud adapters normally return provider/CDN URLs.

Globals

GET /api/globals/{slug} reads a singleton and PATCH /api/globals/{slug} updates it. Global access and hooks run in the same way as their configured operations.

Authentication routes

Auth-enabled collections add login, logout, current-user, refresh, invitation, initialization, first-user, password reset, and password-change routes. Consult runtime OpenAPI for exact request and response schemas because the collection slug and document fields are project-specific.

Workflows

Workflow-enabled collections add an atomic transition route and paginated workflow history. Supply expectedRevision when the client must reject stale transitions, and include comments when required by the configured transition.

Schemas, preferences, preview, and dynamic options

  • /api/schemas serializes current collection/global schemas.
  • /api/preferences/{key} stores authenticated user preferences.
  • /api/preview-token creates a signed preview credential; /api/preview-data resolves it.
  • /api/dyrected/options/{collection}/{field} resolves server-side dynamic options.

Preview tokens and schema responses can expose application structure. Apply appropriate transport security and avoid logging secrets.

Error responses

Use HTTP status codes as the primary error category and display server validation messages safely. Common cases include invalid input (400), missing credentials (401), denied access (403), missing resources (404), conflicts (409), oversized uploads (413), and unexpected server failures (500).

Clients should not retry validation or authorization failures blindly. Retry transient failures only when the operation is idempotent or has an application-level idempotency strategy.

Generated endpoint inventory

MethodPathSummaryAuthentication
GET/api/collections/mediaFind MediaRequired
POST/api/collections/mediaCreate Media itemRequired
DELETE/api/collections/media/{id}Delete Media itemRequired
GET/api/collections/media/{id}Get a single Media itemRequired
PATCH/api/collections/media/{id}Update Media itemRequired
DELETE/api/collections/media/delete-manyDelete multiple MediaRequired
GET/api/collections/media/mediaList MediaRequired
POST/api/collections/media/mediaUpload Media itemRequired
GET/api/collections/media/media/{filename}Serve Media item bytesPublic
POST/api/collections/media/seedSeed initial MediaRequired
GET/api/collections/postsFind PostsRequired
POST/api/collections/postsCreate PostRequired
DELETE/api/collections/posts/{id}Delete PostRequired
GET/api/collections/posts/{id}Get a single PostRequired
PATCH/api/collections/posts/{id}Update PostRequired
POST/api/collections/posts/{id}/transitions/{transition}Transition Post workflowRequired
GET/api/collections/posts/{id}/workflow-historyGet Post workflow historyRequired
DELETE/api/collections/posts/delete-manyDelete multiple PostsRequired
POST/api/collections/posts/seedSeed initial PostsRequired
GET/api/collections/usersFind UsersRequired
POST/api/collections/usersCreate UserRequired
DELETE/api/collections/users/{id}Delete UserRequired
GET/api/collections/users/{id}Get a single UserRequired
PATCH/api/collections/users/{id}Update UserRequired
POST/api/collections/users/{id}/change-passwordChange a User passwordRequired
POST/api/collections/users/accept-inviteAccept an invitationPublic
DELETE/api/collections/users/delete-manyDelete multiple UsersRequired
POST/api/collections/users/first-userRegister the first UserPublic
POST/api/collections/users/forgot-passwordRequest a password resetPublic
GET/api/collections/users/initGet Users initialization statePublic
POST/api/collections/users/inviteInvite a UserRequired
POST/api/collections/users/loginLog in to UsersPublic
POST/api/collections/users/logoutLog out of UsersRequired
GET/api/collections/users/meGet the current UserRequired
POST/api/collections/users/refresh-tokenRefresh an authentication tokenRequired
POST/api/collections/users/reset-passwordReset a passwordPublic
POST/api/collections/users/seedSeed initial UsersRequired
GET/api/docsOpen interactive API documentationPublic
GET/api/dyrected/options/{collection}/{field}Resolve dynamic field optionsRequired
GET/api/globals/settingsGet Site settingsRequired
PATCH/api/globals/settingsUpdate Site settingsRequired
POST/api/globals/settings/seedSeed Site settingsRequired
GET/api/media/{filename}Serve a stored filePublic
GET/api/openapi.jsonGet the OpenAPI specificationPublic
GET/api/preferences/{key}Get an authenticated user preferenceRequired
PUT/api/preferences/{key}Set an authenticated user preferenceRequired
GET/api/preview-dataResolve preview data from a tokenPublic
POST/api/preview-tokenCreate a preview tokenRequired
GET/api/schemasGet the serialized Dyrected schemaPublic

On this page