The Manifest REST API provides endpoints for specific operations that complement the GraphQL API. REST endpoints are organized into client and admin routes.
Base URLs
REST endpoints are available at:
- Client endpoints:
/api/client/*
- Admin endpoints:
/api/admin/*
Authentication
Most REST endpoints require authentication. Include your authentication token in the request headers:
Authorization: Bearer YOUR_TOKEN
Some endpoints use cookie-based authentication for web sessions.
Client endpoints
Client endpoints provide functionality for end-user operations.
Authentication
POST /api/client/auth/sign-in - Sign in with credentials
POST /api/client/auth/sign-in-v2 - Sign in with credentials (v2, returns access and refresh tokens)
POST /api/client/auth/sign-up - Create new account
POST /api/client/auth/sign-out - Sign out
POST /api/client/auth/create-account - Create a self-service account
GET /api/client/auth/refresh - Refresh authentication token
POST /api/client/auth/refresh-token - Exchange a refresh token for a new access token
POST /api/client/auth/verify-two-factor - Verify two-factor authentication token
POST /api/client/auth/reset-two-factor - Reset two-factor secret
GET /api/client/auth/me - Get the current authenticated user
POST /api/client/auth/forgot - Request a password reset email
POST /api/client/auth/reset-password/:token - Reset password with a token
POST /api/client/auth/set-password/:token - Set initial password with a token
POST /api/client/auth/update-password - Update password
POST /api/client/auth/change-password - Change password
GET /api/client/auth/client-security-settings - Get client security settings
GET /api/client/auth/get-admin-email - Get the client admin email
GET /api/client/auth/client - Get client information
OAuth and SSO
GET /api/client/auth/oidc - OpenID Connect authentication
POST /api/client/auth/okta-saml - Okta SAML authentication
GET /api/client/auth/ms-dynamics - Microsoft Dynamics authentication
File operations
POST /api/client/upload - Upload files
GET /api/client/download-model/:type/:id - Download 3D models
GET /api/client/download-zipped-job-report/:id - Download job report as ZIP
Reports
The /api/client/reports endpoints are deprecated and have been removed. Use /api/client/meter-report and /api/client/meter-report-filters, or generate exports via the PDF endpoints below.
GET /api/client/meter-report - Get meter report
GET /api/client/meter-report-filters - Get available report filters
GET /api/client/reports - Removed. Previously returned report definitions.
POST /api/client/reports - Removed. Previously generated a report.
PDF generation
GET /api/client/get-as-pdf/getTemplateAsPdf/:id - Export template as PDF
GET /api/client/get-as-pdf/getJobHistoryAsPdf/:id - Export job history as PDF
Import/export
POST /api/client/import-zip - Import template from ZIP
POST /api/client/copy-entities - Copy entities between clients
POST /api/client/replaceFile - Replace existing file
Point cloud and alignment
GET /api/client/alignment-data - Get alignment data
POST /api/client/alignment-data - Upload alignment data
Bug reports and diagnostics
POST /api/client/add-bug-report - Submit bug report
POST /api/client/bug-report-web - Submit web bug report
POST /api/client/bug-report-github - Submit GitHub issue
POST /api/client/clear-diagnostics - Clear diagnostic data
GET /api/client/client-info - Get client configuration
GET /api/client/version - Get API version
GET /api/client/check-updates - Check for updates
GET /api/client/on-premise - Check if on-premise deployment
Localization
GET /api/client/translate - Get translations
GET /api/client/internalization/:lang - Get localization for language
Licensing
GET /api/client/license - Get license information
POST /api/client/license - Update license
EULA and agreements
GET /api/client/eula - Get EULA
POST /api/client/eula/accept - Accept EULA
GET /api/client/agreement - Get client agreement
POST /api/client/accept-msa - Accept the master services agreement (MSA) for the current client
GET /api/client/download-agreement - Download the current MSA document (rate limited to 20 requests per 15 minutes)
GET /api/client/have-client-accepted-msa - Check whether the current client has accepted the MSA
Bing Maps integration
GET /api/client/bingApi - Bing Maps API proxy
Oracle integration
GET /api/client/oracle - Oracle integration endpoints
POST /api/client/oracle - Sync with Oracle
Editorial analytics
GET /api/client/editorial - Get editorial analytics
POST /api/client/editorial - Track editorial events
Notifications
POST /api/client/turn-push-notification - Enable/disable mobile push notifications
Web push notifications
Browser-based push notifications use the standard Web Push protocol. Subscribe a browser, fetch the VAPID public key, and unsubscribe when no longer needed.
GET /api/client/push/vapid-key - Get the VAPID public key used to register a push subscription
POST /api/client/push/subscribe - Register a web push subscription for the authenticated user
DELETE /api/client/push/unsubscribe - Remove a web push subscription
Working together
GET /api/client/workingTogether/handOffStatuses - Get hand-off statuses
POST /api/client/workingTogether - Update collaboration status
Sensors and IoT
POST /api/client/update-sensors - Update sensor data
Job history
GET /api/client/job-history-users - Get users involved in job history
Tutorials
GET /api/client/get-tutorials-info - Get tutorial information
Logos and branding
GET /api/client/get-logo-by-owner - Get organization logo
WebRTC
POST /api/client/web-rtc-logs - Submit WebRTC logs
Customer portal
GET /api/client/customer-portal - Access customer portal (admin only)
Admin endpoints
Admin endpoints provide functionality for system administration.
Authentication
POST /api/admin/auth/sign-in - Admin sign in
POST /api/admin/auth/sign-out - Admin sign out
Client management
GET /api/admin/client - List clients
POST /api/admin/client - Create client
PUT /api/admin/client/:id - Update client
DELETE /api/admin/client/:id - Delete client
User management
GET /api/admin/user - List users
GET /api/admin/user/maker-users-report - Get the Maker users report
GET /api/admin/user/maker-users-report/xls-export - Export the Maker users report as an XLS file
GET /api/admin/user/:userId - Get user by ID
POST /api/admin/user - Create user
PUT /api/admin/user - Update user
DELETE /api/admin/user/:userId - Delete user
Create a user
Create a new user in the current client. Requires a token belonging to a Security Administrator (Account Owner).
POST /api/admin/user
Authorization: Bearer YOUR_TOKEN
Content-Type: application/json
{
"email": "new.user@example.com",
"firstName": "New",
"lastName": "User",
"title": "Field Technician",
"roles": ["<roleId>"],
"licenseType": "full",
"availableToOrg": ["<orgId>"]
}
| Field | Required | Description |
|---|
email | Yes | Email address the user signs in with. Must be unique within the client. |
roles | Yes | Array of role IDs to assign. See Manifest roles and permissions. |
licenseType | Yes | full or connect. Determines which roles can be assigned. |
firstName | No | User’s first name. |
lastName | No | User’s last name. |
title | No | User’s job title. |
availableToOrg | No | Array of Org IDs the user belongs to. Only used when Orgs are configured. See About Orgs. |
password | No | Set an initial password directly. If omitted, the user receives an email invitation to set their own. |
Roles and license types must match the allocation for the client. See User management for a walkthrough of the equivalent web UI fields.
Update a user
PUT /api/admin/user accepts the same fields as create, plus the id of the user to update. Omitted fields keep their existing values.
Common errors
401 Unauthorized - Missing or expired token. Sign in again to obtain a new access token.
403 Forbidden - The token does not belong to a Security Administrator.
409 Conflict - A user with the same email already exists in the client.
422 Unprocessable entity - Required field missing, or the requested role is not allowed for the selected license type.
License management
GET /api/admin/license - List licenses
POST /api/admin/license - Create license
PUT /api/admin/license/:id - Update license
DELETE /api/admin/license/:id - Delete license
On-premise licensing
GET /api/admin/license-on-prem - Get on-premise license
POST /api/admin/license-on-prem - Upload license key
Logs
GET /api/admin/logs - Get system logs
DELETE /api/admin/logs/:id - Delete log entry
Agreements
GET /api/admin/agreement - List agreements
POST /api/admin/agreement - Create agreement
PUT /api/admin/agreement/:id - Update agreement
Internationalization
GET /api/admin/internationalization - Get translations
POST /api/admin/internationalization - Add translation
PUT /api/admin/internationalization/:id - Update translation
Activity reports
GET /api/admin/activity-report - Get activity report
Docker notifications
POST /api/admin/docker-notification-center - Docker deployment notifications
File uploads
POST /api/admin/upload - Upload files (admin)
Success response
{
"success": true,
"data": {
// Response data
}
}
Error response
{
"success": false,
"error": {
"message": "Error description",
"code": "ERROR_CODE",
"details": {}
}
}
HTTP status codes
200 - Success
201 - Created
400 - Bad request
401 - Unauthorized
403 - Forbidden
404 - Not found
409 - Conflict
422 - Unprocessable entity
500 - Internal server error
503 - Service unavailable
Rate limiting
API requests may be rate limited. Check response headers for rate limit information:
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1640000000
File uploads
File upload endpoints accept multipart/form-data:
POST /api/client/upload
Content-Type: multipart/form-data
file: [binary data]
metadata: {"description": "File description"}
Next steps