etherpad-lite/doc/api/http_api.md
John McLear 29dac6bfcc
fix(pad): redesign outdated-version notice (#7799) (#7804)
* docs: design spec for #7799 outdated-notice redesign

Per-pad first-author gating, dismissable gritter, minor-or-more rule, drop vulnerable UI.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs: implementation plan for #7799 outdated-notice redesign

12 bite-sized tasks, TDD-first where applicable; closes the spec end-to-end.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* feat(updater): add isMinorOrMoreBehind, drop major/vulnerable helpers

Adds isMinorOrMoreBehind(current, latest) which returns true only when
the latest release is at least one minor version ahead (patch-only deltas
return false). Removes isMajorBehind, parseVulnerableBelow, and
isVulnerable from versionCompare.ts — callers in updateStatus.ts,
VersionChecker.ts, and index.ts will be updated in subsequent tasks.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* refactor(updater): drop vulnerable-below directive and state field

Remove VulnerableBelowDirective type, UpdateState.vulnerableBelow field, and
all related scraping/checking logic (parseVulnerableBelow, isVulnerable imports).
Clean up Notifier, OpenAPI schema, and all test fixtures to match.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* refactor(updater): drop residual EmailSendLog vulnerable fields

Remove `vulnerableAt` and `vulnerableNewReleaseTag` from the
`EmailSendLog` interface, `EMPTY_STATE`, and the `isValidEmail`
validator — these backed the removed `vulnerable`/`vulnerable-new-release`
email kinds and are now dead code.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* feat(updater): add firstAuthorOf helper

Export firstAuthorOf() from updateStatus.ts — finds the lowest-numbered
author attrib in a pad's pool, skipping empty-string placeholders.
Covered by 6 vitest cases in tests/backend-new/specs/hooks/express/.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* feat(updater): add resolveRequestAuthor helper for HTTP GET

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* feat(updater): pad-aware /api/version-status with first-author gating

Replace global badge cache with a per-(padId, authorId) LRU cache. The
new response shape is {outdated: 'minor' | null, isFirstAuthor: boolean};
the old 'severe'/'vulnerable' enum is dropped entirely. computeOutdated
now resolves the pad's first author and compares it against the session
author before returning outdated:'minor', so the notice is only shown to
the person who created the pad.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(updater): switch isSevere signal from major-only to minor-or-more behind

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* test(updater): end-to-end coverage for /api/version-status

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs(openapi): /api/version-status pad-aware shape and gating

Add the /api/version-status GET operation to the admin OpenAPI spec with
the new pad-aware response shape: outdated enum reduced to [minor]|null,
isFirstAuthor boolean, and an optional padId query param.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* chore(pad): remove unused #version-badge template and CSS

* feat(pad): replace persistent badge with first-author outdated gritter

Renames pad_version_badge.ts → pad_outdated_notice.ts and rewrites it
as a fire-and-forget gritter notice that only shows when the API reports
outdated=minor AND the current user is the pad's first author.  Wires
the new maybeShowOutdatedNotice() call into pad.ts immediately after
showPrivacyBannerIfEnabled().

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* test(pad): playwright coverage for outdated notice gritter

Six Playwright specs exercise maybeShowOutdatedNotice: null response,
isFirstAuthor:false guard, positive appearance + text, X-dismiss,
500 server error tolerance, and 8 s auto-fade.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs(pad): outdated-notice redesign + drop vulnerable-below docs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* chore(test): remove stale specs for deleted #version-badge surface

Delete the GET /api/version-status describe block from the legacy mocha
spec (asserted outdated:null and outdated:'severe' — both no longer match
the new response shape). The new vitest spec at
tests/backend-new/specs/hooks/express/updateStatus.test.ts covers this
surface comprehensively.

Delete src/tests/frontend-new/specs/pad-version-badge.spec.ts entirely:
all three tests reference the #version-badge DOM element removed in Task 8
and stub 'severe'/'vulnerable' enum values that no longer exist.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* chore: clean stale references to vulnerable/severe in types, emails, docs

- Remove OutdatedLevel type (null|'severe') from types.ts — no consumers
  remain after the badge redesign removed the severe tier.
- Fix Notifier severe-email body: was "more than one major release behind"
  but isSevere now fires on minor-or-more, so update to "at least one
  minor release behind the latest published version".
- Drop "vulnerability directives" from the /admin/update/status OpenAPI
  description; replace with the actual response fields.
- Remove stale vulnerableBelow field from UpdateStatusPayload in
  admin/src/store/store.ts — server no longer sends it.
- Fix docs/admin/updates.md: "pad-side badge" → "pad-side notice".

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 12:23:40 +01:00

26 KiB

HTTP API

What can I do with this API?

The API gives another web application control of the pads. The basic functions are

  • create/delete pads
  • grant/forbid access to pads
  • get/set pad content

The API is designed in a way, so you can reuse your existing user system with their permissions, and map it to Etherpad. Means: Your web application still has to do authentication, but you can tell Etherpad via the api, which visitors should get which permissions. This allows Etherpad to fit into any web application and extend it with real-time functionality. You can embed the pads via an iframe into your website.

Take a look at HTTP API client libraries to check if a library in your favorite programming language is available.

OpenAPI

OpenAPI (formerly swagger) definitions are exposed under /api/openapi.json (latest) and /api/{version}/openapi.json. You can use official tools like Swagger Editor to view and explore them.

Examples

Example 1

A portal (such as WordPress) wants to give a user access to a new pad. Let's assume the user have the internal id 7 and his name is michael.

Portal maps the internal userid to an etherpad author.

Request

GET /api/1/createAuthorIfNotExistsFor?name=Michael&authorMapper=7

Response

{"code": 0, "message":"ok", "data": {"authorID": "a.s8oes9dhwrvt0zif"}}

Request

Portal maps the internal userid to an etherpad group:

GET http://pad.domain/api/1/createGroupIfNotExistsFor?groupMapper=7

Response

{"code": 0, "message":"ok", "data": {"groupID": "g.s8oes9dhwrvt0zif"}}

Portal creates a pad in the userGroup

Request

GET http://pad.domain/api/1/createGroupPad?groupID=g.s8oes9dhwrvt0zif&padName=samplePad&text=This is the first sentence in the pad

Response

{"code": 0, "message":"ok", "data": null}

Portal starts the session for the user on the group:

Request

GET http://pad.domain/api/1/createSession?groupID=g.s8oes9dhwrvt0zif&authorID=a.s8oes9dhwrvt0zif&validUntil=1312201246

Response

{"code": 0, "message":"ok", "data": {"sessionID": "s.s8oes9dhwrvt0zif"}}

Portal places the cookie "sessionID" with the given value on the client and creates an iframe including the pad.

Example 2

A portal (such as WordPress) wants to transform the contents of a pad that multiple admins edited into a blog post.

Portal retrieves the contents of the pad for entry into the db as a blog post:

Request: http://pad.domain/api/1/getText?&padID=g.s8oes9dhwrvt0zif$123

Response: {code: 0, message:"ok", data: {text:"Welcome Text"}}

Portal submits content into new blog post

Portal.AddNewBlog(content)

Usage

API version

The latest version is 1.3.1

The current version can be queried via /api.

Request Format

The API is accessible via HTTP. Starting from 1.8, API endpoints can be invoked indifferently via GET or POST.

The URL of the HTTP request is of the form: /api/$APIVERSION/$FUNCTIONNAME. $APIVERSION depends on the endpoint you want to use. Depending on the verb you use (GET or POST) parameters can be passed differently.

When invoking via GET (mandatory until 1.7.5 included), parameters must be included in the query string (example: /api/$APIVERSION/$FUNCTIONNAME?param1=value1). Please note that starting with nodejs 8.14+ the total size of HTTP request headers has been capped to 8192 bytes. This limits the quantity of data that can be sent in an API request.

Starting from Etherpad 1.8 it is also possible to invoke the HTTP API via POST. In this case, querystring parameters will still be accepted, but any parameter with the same name sent via POST will take precedence. If you need to send large chunks of text (for example, for setText()) it is advisable to invoke via POST.

Example with cURL using GET (toy example, no encoding):

curl "http://pad.domain/api/1/setText?padID=padname&text=this_text_will_NOT_be_encoded_by_curl_use_next_example"

Example with cURL using GET (better example, encodes text):

curl "http://pad.domain/api/1/setText?padID=padname" --get --data-urlencode "text=Text sent via GET with proper encoding. For big documents, please use POST"

Example with cURL using POST:

curl "http://pad.domain/api/1/setText?padID=padname" --data-urlencode "text=Text sent via POST with proper encoding. For big texts (>8 KB), use this method"

Response Format

Responses are valid JSON in the following format:

{
  "code": number,
  "message": string,
  "data": obj
}
  • code a return code
    • 0 everything ok
    • 1 wrong parameters
    • 2 internal error
    • 3 no such function
    • 4 no or wrong API Key
  • message a status message. It's ok if everything is fine, else it contains an error message
  • data the payload

Overview

API Overview

Data Types

  • groupID a string, the unique id of a group. Format is g.16RANDOMCHARS, for example g.s8oes9dhwrvt0zif
  • sessionID a string, the unique id of a session. Format is s.16RANDOMCHARS, for example s.s8oes9dhwrvt0zif
  • authorID a string, the unique id of an author. Format is a.16RANDOMCHARS, for example a.s8oes9dhwrvt0zif
  • readOnlyID a string, the unique id of a readonly relation to a pad. Format is r.16RANDOMCHARS, for example r.s8oes9dhwrvt0zif
  • padID a string, format is GROUPID$PADNAME, for example the pad test of group g.s8oes9dhwrvt0zif has padID g.s8oes9dhwrvt0zif$test

Authentication

Authentication works via an OAuth token that is sent with each request as an Authorization header, i.e. Authorization: Bearer YOUR_TOKEN. You can add new clients that can sign in via the API by adding new entries to the sso section in the settings.json.

Example for browser login clients

This example illustrates how to add a new client that can sign in via the API using the browser login method. This method is used for users trying to sign in to the API via the browser. You can log in with the users in the settings.json file. The redirect URI is the URL where the user is redirected after the login. This is normally your etherpad instance url.

      {
        "client_id": "admin_client",
        "client_secret": "admin",
        "grant_types": ["authorization_code"],
        "response_types": ["code"],
        "redirect_uris": ["http://my-etherpad-instance.com"],
      }

Example for services

This example illustrates how to add a new client that can sign in via the API using the client credentials method. This method is used for services trying to sign in to the API where there is no browser. E.g. a service that creates a pad for a user or a service that inserts a text into a pad. Just make sure that the secret is complex enough as anybody who knows the secret can access the API.

      {
  "client_id": "client_credentials",
  "redirect_uris": [],
  "response_types": [],
  "grant_types": ["code"],
  "client_secret": "client_credentials",
  "extraParams": [
    {
      "name": "admin",
      "value": "true"
    }
  ]
}

Obtain a Bearer token:

curl --request POST --url 'https://your.server.tld/oidc/token' --header 'content-type: application/x-www-form-urlencoded' --data grant_type=client_credentials --data client_id=client_credentials --data client_secret=client_credentials

Node Interoperability

All functions will also be available through a node module accessible from other node.js applications.

API Methods

Groups

Pads can belong to a group. The padID of grouppads is starting with a groupID like g.asdfasdfasdfasdf$test

createGroup()

  • API >= 1

creates a new group

Example returns:

  • {code: 0, message:"ok", data: {groupID: g.s8oes9dhwrvt0zif}}

createGroupIfNotExistsFor(groupMapper)

  • API >= 1

this functions helps you to map your application group ids to Etherpad group ids

Example returns:

  • {code: 0, message:"ok", data: {groupID: g.s8oes9dhwrvt0zif}}

deleteGroup(groupID)

  • API >= 1

deletes a group

Example returns:

  • {code: 0, message:"ok", data: null}
  • {code: 1, message:"groupID does not exist", data: null}

listPads(groupID)

  • API >= 1

returns all pads of this group

Example returns:

  • {code: 0, message:"ok", data: {padIDs : ["g.s8oes9dhwrvt0zif$test", "g.s8oes9dhwrvt0zif$test2"]}
  • {code: 1, message:"groupID does not exist", data: null}

createGroupPad(groupID, padName, [text], [authorId])

  • API >= 1
  • authorId in API >= 1.3.0

creates a new pad in this group

Example returns:

  • {code: 0, message:"ok", data: {padID: "g.s8oes9dhwrvt0zif$test"}
  • {code: 1, message:"padName does already exist", data: null}
  • {code: 1, message:"groupID does not exist", data: null}

listAllGroups()

  • API >= 1.1

lists all existing groups

Example returns:

  • {code: 0, message:"ok", data: {groupIDs: ["g.mKjkmnAbSMtCt8eL", "g.3ADWx6sbGuAiUmCy"]}}
  • {code: 0, message:"ok", data: {groupIDs: []}}

Author

These authors are bound to the attributes the users choose (color and name).

createAuthor([name])

  • API >= 1

creates a new author

Example returns:

  • {code: 0, message:"ok", data: {authorID: "a.s8oes9dhwrvt0zif"}}

createAuthorIfNotExistsFor(authorMapper [, name])

  • API >= 1

this functions helps you to map your application author ids to Etherpad author ids

Example returns:

  • {code: 0, message:"ok", data: {authorID: "a.s8oes9dhwrvt0zif"}}

listPadsOfAuthor(authorID)

  • API >= 1

returns an array of all pads this author contributed to

Example returns:

  • {code: 0, message:"ok", data: {padIDs: ["g.s8oes9dhwrvt0zif$test", "g.s8oejklhwrvt0zif$foo"]}}
  • {code: 1, message:"authorID does not exist", data: null}

getAuthorName(authorID)

  • API >= 1.1

Returns the Author Name of the author

Example returns:

  • {code: 0, message:"ok", data: {authorName: "John McLear"}}

-> can't be deleted cause this would involve scanning all the pads where this author was

Session

Sessions can be created between a group and an author. This allows an author to access more than one group. The sessionID will be set as a cookie to the client and is valid until a certain date. The session cookie can also contain multiple comma-separated sessionIDs, allowing a user to edit pads in different groups at the same time. Only users with a valid session for this group, can access group pads. You can create a session after you authenticated the user at your web application, to give them access to the pads. You should save the sessionID of this session and delete it after the user logged out.

createSession(groupID, authorID, validUntil)

  • API >= 1

creates a new session. validUntil is an unix timestamp in seconds

Example returns:

  • {code: 0, message:"ok", data: {sessionID: "s.s8oes9dhwrvt0zif"}}
  • {code: 1, message:"groupID doesn't exist", data: null}
  • {code: 1, message:"authorID doesn't exist", data: null}
  • {code: 1, message:"validUntil is in the past", data: null}

deleteSession(sessionID)

  • API >= 1

deletes a session

Example returns:

  • {code: 0, message:"ok", data: null}
  • {code: 1, message:"sessionID does not exist", data: null}

getSessionInfo(sessionID)

  • API >= 1

returns information about a session

Example returns:

  • {code: 0, message:"ok", data: {authorID: "a.s8oes9dhwrvt0zif", groupID: g.s8oes9dhwrvt0zif, validUntil: 1312201246}}
  • {code: 1, message:"sessionID does not exist", data: null}

listSessionsOfGroup(groupID)

  • API >= 1

returns all sessions of a group

Example returns:

  • {"code":0,"message":"ok","data":{"s.oxf2ras6lvhv2132":{"groupID":"g.s8oes9dhwrvt0zif","authorID":"a.akf8finncvomlqva","validUntil":2312905480}}}
  • {code: 1, message:"groupID does not exist", data: null}

listSessionsOfAuthor(authorID)

  • API >= 1

returns all sessions of an author

Example returns:

  • {"code":0,"message":"ok","data":{"s.oxf2ras6lvhv2132":{"groupID":"g.s8oes9dhwrvt0zif","authorID":"a.akf8finncvomlqva","validUntil":2312905480}}}
  • {code: 1, message:"authorID does not exist", data: null}

Pad Content

Pad content can be updated and retrieved through the API

getText(padID, [rev])

  • API >= 1

returns the text of a pad

Example returns:

  • {code: 0, message:"ok", data: {text:"Welcome Text"}}
  • {code: 1, message:"padID does not exist", data: null}

setText(padID, text, [authorId])

  • API >= 1
  • authorId in API >= 1.3.0

Sets the text of a pad.

If your text is long (>8 KB), please invoke via POST and include text parameter in the body of the request, not in the URL (since Etherpad 1.8).

Example returns:

  • {code: 0, message:"ok", data: null}
  • {code: 1, message:"padID does not exist", data: null}
  • {code: 1, message:"text too long", data: null}

appendText(padID, text, [authorId])

  • API >= 1.2.13
  • authorId in API >= 1.3.0

Appends text to a pad.

If your text is long (>8 KB), please invoke via POST and include text parameter in the body of the request, not in the URL (since Etherpad 1.8).

Example returns:

  • {code: 0, message:"ok", data: null}
  • {code: 1, message:"padID does not exist", data: null}
  • {code: 1, message:"text too long", data: null}

getHTML(padID, [rev])

  • API >= 1

returns the text of a pad formatted as HTML

Example returns:

  • {code: 0, message:"ok", data: {html:"Welcome Text<br>More Text"}}
  • {code: 1, message:"padID does not exist", data: null}

setHTML(padID, html, [authorId])

  • API >= 1
  • authorId in API >= 1.3.0

sets the text of a pad based on HTML, HTML must be well-formed. Malformed HTML will send a warning to the API log.

If html is long (>8 KB), please invoke via POST and include html parameter in the body of the request, not in the URL (since Etherpad 1.8).

Example returns:

  • {code: 0, message:"ok", data: null}
  • {code: 1, message:"padID does not exist", data: null}

getAttributePool(padID)

  • API >= 1.2.8

returns the attribute pool of a pad

Example returns:

  • { "code":0, "message":"ok", "data": { "pool":{ "numToAttrib":{ "0":["author","a.X4m8bBWJBZJnWGSh"], "1":["author","a.TotfBPzov54ihMdH"], "2":["author","a.StiblqrzgeNTbK05"], "3":["bold","true"] }, "attribToNum":{ "author,a.X4m8bBWJBZJnWGSh":0, "author,a.TotfBPzov54ihMdH":1, "author,a.StiblqrzgeNTbK05":2, "bold,true":3 }, "nextNum":4 } } }
  • {"code":1,"message":"padID does not exist","data":null}

getRevisionChangeset(padID, [rev])

  • API >= 1.2.8

get the changeset at a given revision, or last revision if 'rev' is not defined.

Example returns:

  • { "code" : 0, "message" : "ok", "data" : "Z:1>6b|5+6b$Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at https://etherpad.org\n" }
  • {"code":1,"message":"padID does not exist","data":null}
  • {"code":1,"message":"rev is higher than the head revision of the pad","data":null}

createDiffHTML(padID, startRev, endRev)

  • API >= 1.2.7

returns an object of diffs from 2 points in a pad

Example returns:

  • {"code":0,"message":"ok","data":{"html":"<style>\n.authora_HKIv23mEbachFYfH {background-color: #a979d9}\n.authora_n4gEeMLsv1GivNeh {background-color: #a9b5d9}\n.removed {text-decoration: line-through; -ms-filter:'progid:DXImageTransform.Microsoft.Alpha(Opacity=80)'; filter: alpha(opacity=80); opacity: 0.8; }\n</style>Welcome to Etherpad!<br><br>This pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!<br><br>Get involved with Etherpad at <a href=\"http&#x3a;&#x2F;&#x2F;etherpad&#x2e;org\">http:&#x2F;&#x2F;etherpad.org</a><br><span class=\"authora_HKIv23mEbachFYfH\">aw</span><br><br>","authors":["a.HKIv23mEbachFYfH",""]}}
  • {"code":4,"message":"no or wrong API Key","data":null}

restoreRevision(padId, rev, [authorId])

  • API >= 1.2.11

  • authorId in API >= 1.3.0

  • Example returns:*

  • {code:0, message:"ok", data:null}

  • {code: 1, message:"padID does not exist", data: null}

Chat

getChatHistory(padID, [start, end])

  • API >= 1.2.7

returns

  • a part of the chat history, when start and end are given
  • the whole chat history, when no extra parameters are given

Example returns:

  • {"code":0,"message":"ok","data":{"messages":[{"text":"foo","userId":"a.foo","time":1359199533759,"userName":"test"},{"text":"bar","userId":"a.foo","time":1359199534622,"userName":"test"}]}}
  • {code: 1, message:"start is higher or equal to the current chatHead", data: null}
  • {code: 1, message:"padID does not exist", data: null}

getChatHead(padID)

  • API >= 1.2.7

returns the chatHead (last number of the last chat-message) of the pad

Example returns:

  • {code: 0, message:"ok", data: {chatHead: 42}}
  • {code: 1, message:"padID does not exist", data: null}

appendChatMessage(padID, text, authorID [, time])

  • API >= 1.2.12

creates a chat message, saves it to the database and sends it to all connected clients of this pad

Example returns:

  • {code: 0, message:"ok", data: null}
  • {code: 1, message:"text is no string", data: null}

Pad

Group pads are normal pads, but with the name schema GROUPID$PADNAME. A security manager controls access of them and it's forbidden for normal pads to include a $ in the name.

createPad(padID, [text], [authorId])

  • API >= 1
  • authorId in API >= 1.3.0
  • returns deletionToken once, since the same release that added allowPadDeletionByAllUsers

creates a new (non-group) pad. Note that if you need to create a group Pad, you should call createGroupPad. You get an error message if you use one of the following characters in the padID: "/", "?", "&" or "#".

data.deletionToken is a one-shot recovery token tied to this pad. It is returned in plaintext on the first call for a given padID and is null on subsequent calls (the token itself is stored on the server as a sha256 hash). Pass it to deletePad (or the socket PAD_DELETE message) to delete the pad without the creator's author cookie.

Example returns:

  • {code: 0, message:"ok", data: {deletionToken: "…32-char random string…"}}
  • {code: 0, message:"ok", data: {deletionToken: null}} — pad already existed
  • {code: 1, message:"padID does already exist", data: null}
  • {code: 1, message:"malformed padID: Remove special characters", data: null}

getRevisionsCount(padID)

  • API >= 1

returns the number of revisions of this pad

Example returns:

  • {code: 0, message:"ok", data: {revisions: 56}}
  • {code: 1, message:"padID does not exist", data: null}

getSavedRevisionsCount(padID)

  • API >= 1.2.11

returns the number of saved revisions of this pad

Example returns:

  • {code: 0, message:"ok", data: {savedRevisions: 42}}
  • {code: 1, message:"padID does not exist", data: null}

listSavedRevisions(padID)

  • API >= 1.2.11

returns the list of saved revisions of this pad

Example returns:

  • {code: 0, message:"ok", data: {savedRevisions: [2, 42, 1337]}}
  • {code: 1, message:"padID does not exist", data: null}

saveRevision(padID [, rev])

  • API >= 1.2.11

saves a revision

Example returns:

  • {code: 0, message:"ok", data: null}
  • {code: 1, message:"padID does not exist", data: null}

padUsersCount(padID)

  • API >= 1

returns the number of user that are currently editing this pad

Example returns:

  • {code: 0, message:"ok", data: {padUsersCount: 5}}

padUsers(padID)

  • API >= 1.1

returns the list of users that are currently editing this pad

Example returns:

  • {code: 0, message:"ok", data: {padUsers: [{colorId:"#c1a9d9","name":"username1","timestamp":1345228793126,"id":"a.n4gEeMLsvg12452n"},{"colorId":"#d9a9cd","name":"Hmmm","timestamp":1345228796042,"id":"a.n4gEeMLsvg12452n"}]}}
  • {code: 0, message:"ok", data: {padUsers: []}}

deletePad(padID, [deletionToken])

  • API >= 1
  • deletionToken in the same release as allowPadDeletionByAllUsers

deletes a pad.

deletionToken is the one-shot recovery token returned by createPad / createGroupPad. An apikey-authenticated caller can pass any (or no) token and the call still succeeds — trusted admins bypass the check. An unauthenticated caller (or a caller that explicitly passes a wrong token) is rejected with invalid deletionToken unless the operator has set allowPadDeletionByAllUsers: true in settings.json, in which case the token is ignored.

Example returns:

  • {code: 0, message:"ok", data: null}
  • {code: 1, message:"padID does not exist", data: null}
  • {code: 1, message:"invalid deletionToken", data: null}

copyPad(sourceID, destinationID[, force=false])

  • API >= 1.2.8

copies a pad with full history and chat. If force is true and the destination pad exists, it will be overwritten.

Example returns:

  • {code: 0, message:"ok", data: null}
  • {code: 1, message:"padID does not exist", data: null}

copyPadWithoutHistory(sourceID, destinationID, [force=false], [authorId])

  • API >= 1.2.15
  • authorId in API >= 1.3.0

copies a pad without copying the history and chat. If force is true and the destination pad exists, it will be overwritten. Note that all the revisions will be lost! In most of the cases one should use copyPad API instead.

Example returns:

  • {code: 0, message:"ok", data: null}
  • {code: 1, message:"padID does not exist", data: null}

movePad(sourceID, destinationID[, force=false])

  • API >= 1.2.8

moves a pad. If force is true and the destination pad exists, it will be overwritten.

Example returns:

  • {code: 0, message:"ok", data: null}
  • {code: 1, message:"padID does not exist", data: null}

compactPad(padID, [keepRevisions])

  • API >= 1.3.1

collapses the pad's revision history to reclaim database space (issue #6194). Wraps the same Cleanup helper that powers the admin-settings UI, so admins can trigger compaction over the public API or via bin/compactPad without going through the admin UI.

Gated on settings.cleanup.enabled = true (matches the admin/Cleanup path). The endpoint returns an error if cleanup isn't enabled in settings.json, so the public API can't bypass the same opt-in switch the admin UI requires.

When keepRevisions is omitted (or null), all history is collapsed into a single base revision that reproduces the current pad text — equivalent to a freshly-imported pad. When set to a positive integer N, the pad keeps only its last N revisions.

Pad text and chat are preserved in both modes. Saved-revision bookmarks are cleared. This operation is destructive — export the pad first via getEtherpad if you need a backup.

Example returns:

  • {code: 0, message:"ok", data: {ok: true, mode: "all"}}
  • {code: 0, message:"ok", data: {ok: true, mode: "keepLast", keepRevisions: 50}}
  • {code: 1, message:"padID does not exist", data: null}
  • {code: 1, message:"keepRevisions must be a non-negative integer", data: null}
  • {code: 1, message:"compactPad requires cleanup.enabled = true in settings.json", data: null}

getReadOnlyID(padID)

  • API >= 1

returns the read only link of a pad

Example returns:

  • {code: 0, message:"ok", data: {readOnlyID: "r.s8oes9dhwrvt0zif"}}
  • {code: 1, message:"padID does not exist", data: null}

getPadID(readOnlyID)

  • API >= 1.2.10

returns the id of a pad which is assigned to the readOnlyID

Example returns:

  • {code: 0, message:"ok", data: {padID: "p.s8oes9dhwrvt0zif"}}
  • {code: 1, message:"padID does not exist", data: null}

setPublicStatus(padID, publicStatus)

  • API >= 1

sets a boolean for the public status of a group pad

Example returns:

  • {code: 0, message:"ok", data: null}
  • {code: 1, message:"padID does not exist", data: null}
  • {code: 1, message:"You can only get/set the publicStatus of pads that belong to a group", data: null}

getPublicStatus(padID)

  • API >= 1

return true of false

Example returns:

  • {code: 0, message:"ok", data: {publicStatus: true}}
  • {code: 1, message:"padID does not exist", data: null}
  • {code: 1, message:"You can only get/set the publicStatus of pads that belong to a group", data: null}

listAuthorsOfPad(padID)

  • API >= 1

returns an array of authors who contributed to this pad

The synthetic a.etherpad-system author (used internally when content is inserted without an explicit authorId — HTTP API setText/appendText/setHTML calls without authorId, server-side imports, plugins like ep_post_data) is omitted from the returned list.

Example returns:

  • {code: 0, message:"ok", data: {authorIDs : ["a.s8oes9dhwrvt0zif", "a.akf8finncvomlqva"]}
  • {code: 1, message:"padID does not exist", data: null}

getLastEdited(padID)

  • API >= 1

returns the timestamp of the last revision of the pad

Example returns:

  • {code: 0, message:"ok", data: {lastEdited: 1340815946602}}
  • {code: 1, message:"padID does not exist", data: null}

sendClientsMessage(padID, msg)

  • API >= 1.1

sends a custom message of type msg to the pad

Example returns:

{"code": 0, "message":"ok", "data": {}}
{"code": 1, "message":"padID does not exist", "data": null}

checkToken()

  • API >= 1.2

returns ok when the current api token is valid

Example returns:

{"code":0,"message":"ok","data":null}
{"code":4,"message":"no or wrong API Key","data":null}

Pads

listAllPads()

  • API >= 1.2.1

lists all pads on this epl instance

Example returns:

{"code": 0, "message":"ok", "data": {"padIDs": ["testPad", "thePadsOfTheOthers"]}}

Global

getStats()

  • API >= 1.2.14

get stats of the etherpad instance

Example returns

{"code":0,"message":"ok","data":{"totalPads":3,"totalSessions": 2,"totalActivePads": 1}}

GET /api/version-status

Returns an outdated-version signal intended for the pad-side gritter.

Query parameters:

name type required description
padId string no Pad whose first-author membership is being checked.

Response 200 (application/json):

{
  "outdated": "minor",
  "isFirstAuthor": true
}

outdated is "minor" only when the running server is at least one minor version behind the latest published release AND the request resolves to the pad's first author. Otherwise it is null. Result is cached per (padId, authorId) for 60s. The endpoint is disabled entirely when updates.tier = 'off'.