Skip to main content
Version: 8.3

Web Modeler API (REST)

Web Modeler provides a REST API at /api/*. Clients can access this API by passing a JWT access token in an authorization header Authorization: Bearer <JWT>.

OpenAPI documentation

A detailed API description is available as OpenAPI specification at for SaaS and at http://localhost:8070/swagger-ui.html for Self-Managed installations.


To authenticate for the API, generate a JWT token depending on your environment and pass it in each request:

  1. Create client credentials by clicking Console > Manage (Organization) > Console API > Create New Credentials.
  2. Add permissions to this client for Web Modeler API.
  3. After creating the client, you can download a shell script to obtain a token.
  4. When you run it, you will get something like the following:
    "access_token": "eyJhbG...",
    "expires_in": 300,
    "refresh_expires_in": 0,
    "token_type": "Bearer",
    "not-before-policy": 0

Example usage

  1. Take the access_token value from the response object and store it as your token.

  2. Send the token as an authorization header in each request. In this case, call the Web Modeler endpoint to validate the token.

    To use the JWT token in the cloud, use the following command:

    curl -o - '' -H 'Authorization: Bearer eyJhb...'

    When using a Self-Managed installation, you can use the following command instead:

    curl -o - 'http://localhost:8070/api/v1/info' -H 'Authorization: Bearer eyJhb...'
  3. You will get something like the following:

    "version": "v1",
    "authorizedOrganization": "12345678-ABCD-DCBA-ABCD-123456789ABC",
    "createPermission": true,
    "readPermission": true,
    "updatePermission": true,
    "deletePermission": false


When using Web Modeler API:

  • You will not receive a warning when deleting a file, a folder, or a project. This is important, because deletion cannot be undone.
  • You will not receive a warning about breaking call activity links or business rule task links when moving files or folders to another project. Breaking these links is considered harmless. The broken links can be manually removed or restored in Web Modeler. This operation is also reversible - simply move the files or folders back to their original location.

Rate Limiting

In SaaS, the Web Modeler API uses rate limiting to control traffic. The limit is 240 requests per minute. Surpassing this limit will result into a HTTP 429 Too Many Requests response.

On Self-Managed instances no limits are enforced.


What is the difference between simplePath and canonicalPath?

In Web Modeler you can have multiple files with the same name, multiple folders with the same name, and even multiple projects with the same name. Internally, duplicate names are disambiguated by unique ids.

The API gives you access to the names, as well as the ids. For example, when requesting a file you will get the following information:

  • simplePath contains the human-readable path. This path may be ambiguous or may have ambiguous elements (e.g. folders) in it.
  • canonicalPath contains the unique path. It is a list of PathElementDto objects which contain the id and the name of the element.

Internally, the ids are what matters. You can rename files or move files between folders and projects and the id will stay the same.

How do I migrate from the beta API to the v1 API?

To migrate, change the base URL from /api/beta to /api/v1.

Breaking changes
  • GET /api/beta/projects/{projectId}/files was removed. Use POST /api/v1/files/search instead.
  • GET /api/beta/files/{fileId}/milestones was removed. Use POST /api/v1/milestones/search instead.
  • GET /api/beta/projects was removed. Use POST /api/v1/projects/search instead.

Refer to the OpenAPI documentation for details.


Web Modeler's beta API is deprecated and will be removed in the 8.5 release of Web Modeler.