Inspect the api-key and its scope
/whoamiReturns the identity of the api-key holder and, when the key has catalogue access, the access scope (group + permissions).
Use this as the first call from any new integration to verify the
key is active (cmsAccess: true) and that imageProviderDefault
matches what you expect.
Authorization
apiKey Issued to you when your integration is provisioned. Determines which catalogue resources are visible and which AI tools are available.
In: header
Query Parameters
When set to 1, the permissions array also includes the
(potentially noisy) field-level permission codes. Omit unless
you're debugging.
Value in
- "1"
Response Body
application/json
application/json
curl -X GET "https://example.com/whoami"{ "data": { "apiUser": { "ref": 1, "username": "customer_external_api", "accountName": "Customer External API", "enabled": true, "linkedUserRef": 0 }, "cmsUser": { "ref": 1024, "username": "api_service_account", "usergroup": 12, "usergroupName": "API consumers", "isAdmin": true, "permissions": [ "string" ] }, "cmsAccess": true, "imageProviderDefault": "openai" }}{ "success": false, "status": "fail", "message": "API key is required", "error": { "code": "NO_API_KEY", "message": "API key is required" }}Attach or replace the file on a resource POST
Uploads a file onto an existing resource, replacing any current file. Requires the **write** scope and a linked user with edit access to the resource. This runs the same pipeline as an interactive upload: the file extension is validated against the resource type's allowed list, the original filename is stored as resource metadata, previews are regenerated, document text is re-extracted, and any configured AI extraction job is queued. The maximum file size follows the server's upload limit (typically reported by the error when exceeded); oversized uploads fail with `413 FILE_TOO_LARGE`.
Poll one job GET
Returns the current state of a job the caller owns. A job belonging to another user (or that does not exist) returns `404 NOT_FOUND` — the two cases are deliberately indistinguishable. Requires the `read` scope.