Web Service API

REST API Endpoints

For the currently implemented REST request endpoints available under /api/v1, please refer to the automatically generated backend API documentation as well as the request forms and entity models in our public repository:

• https://pkg.go.dev/github.com/photoprism/photoprism/internal/api
• https://github.com/photoprism/photoprism/tree/develop/internal/api

API request bodies and responses are usually JSON-encoded, except for binary data and some of the OAuth2 endpoints. Note that the Content-Type header must be set to application/json for this, as the request may otherwise fail with error 400.

We welcome any contributions that help improve our API docs and make them easier to use for developers. To learn how to access the API while our Swagger documentation is not complete yet, we recommend checking the requests in the browser console that our JS frontend sends when you perform actions like creating an album - and then use the same method, URI, encoding, value names and types for sending requests with your own application.

Client Authentication

When clients have a valid access token, e.g. obtained through the POST /api/v1/session or POST /api/v1/oauth/token endpoint, they can use a standard Bearer Authorization header to authenticate their requests:

Authorization: Bearer <token>

Submitting the access token with a custom X-Auth-Token header is supported as well:

curl -H "X-Auth-Token: 7dbfa37b5a3db2a9e9dd186479018bfe2e3ce5a71fc2f955" \
http://localhost:2342/api/v1/photos?count=10

Besides using the API endpoints provided for this, you can also generate valid access tokens by running the photoprism auth add command in a terminal.

Learn more ›

App passwords can be used as access tokens in the Bearer Authorization header without first creating a session access token, and to obtain short-lived session access tokens through the POST /api/v1/session endpoint.

Service Discovery Endpoints

OAuth2 Authorization Server

/.well-known/oauth-authorization-server

↪ https://demo.photoprism.app/.well-known/oauth-authorization-server

Learn more ›

OpenID Configuration

It is not yet possible to use PhotoPrism as an OpenID Connect (OIDC) Identity Provider, since not all the required endpoints and grant types have been fully implemented. However, querying the /.well-known/openid-configuration endpoint shows what has already been implemented, so the missing capabilities can be identified and added over time.

↪ https://demo.photoprism.app/.well-known/openid-configuration

Learn more ›

Deprecation Policy

Our REST API endpoints are currently not covered by an official deprecation policy, so some routes and request parameters may change as we add new features in upcoming releases.

However, we avoid making breaking changes, especially to endpoints that we know other developers are using.