Update field values on a resource
/resources/{ref}/fieldsApplies field values to an existing resource. Requires the write
scope, view access to the resource, and edit access under the linked
user's edit filter / archive-state permissions — the same
authorisation as editing in the app.
Field keys are field names (see POST /resources for naming and
value conventions — the same rules apply). All names are validated
against the resource's type before anything is written; an unknown
name fails the whole request with 400. Value-level failures on
list-type fields (e.g. a nonexistent option name) are reported
per-field in fieldErrors while the other fields still save.
Updates are audit-logged and reindexed exactly like internal edits, and the title field's denormalised copy is kept in sync.
Authorization
apiKey Issued to you when your integration is provisioned. Determines which catalogue resources are visible and which AI tools are available.
In: header
Path Parameters
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
application/json
application/json
application/json
application/json
curl -X PATCH "https://example.com/resources/0/fields" \ -H "Content-Type: application/json" \ -d '{ "fields": { "title": "Small Animal Surgery, 3rd Edition", "keywords": "veterinary, surgery, orthopaedics" } }'{ "data": { "ref": 9001, "updated": [ "title", "keywords" ], "fieldErrors": { "property1": "string", "property2": "string" } }}{ "success": false, "status": "fail", "message": "string", "error": { "message": "API key is required", "code": "NO_API_KEY" }}{ "success": false, "status": "fail", "message": "API key is required", "error": { "code": "NO_API_KEY", "message": "API key is required" }}{ "success": false, "status": "fail", "message": "string", "error": { "message": "API key is required", "code": "NO_API_KEY" }}{ "success": false, "status": "fail", "message": "string", "error": { "message": "API key is required", "code": "NO_API_KEY" }}Archive a resource DELETE
Archives (soft-deletes) a resource: it is moved to the deletion archive state, disappears from search and normal views, and remains recoverable by an administrator in-app. This mirrors the internal delete behaviour. **Permanent (hard) deletion is not available on the external API.** Requires the `write` scope and edit access to the resource under the linked user. Archiving an already-archived resource succeeds and reports `already_in_deletion_state` in `details`.
Create a resource POST
Creates a metadata-only resource of the named type, optionally setting field values in the same call. Requires the `write` scope. ### Names, not refs `type` is a resource type NAME (see `GET /resources/types`); field keys are field names as returned by `GET /resources/fields?type={ref}` (the `name` key; field titles are accepted as a case-insensitive fallback). Type and field refs differ per server — always address by name. Unknown names return 400 with the offending name in the message (`UNKNOWN_TYPE` / `UNKNOWN_FIELD`). ### Values Field values are strings, numbers, booleans, or null (null clears the field). For list-type fields (dropdowns, checkboxes, category trees) pass the option NAMES — either comma-separated in one string or as a JSON array of strings. Options that don't exist are reported per-field in `fieldErrors` without failing the create. The resource is created under the linked user with the same archive state, usergroup scoping, and permission walls as an in-app upload. The title field participates in the same denormalised title handling as internal edits. ### Idempotency Pass an `Idempotency-Key` header (a unique random string per logical create, e.g. a UUID) to make retries safe. The first successful response with a given key is cached for 24 hours; replays return the same body byte-for-byte with `Idempotent-Replayed: true`. Reusing the key with a different request body returns 422 `IDEMPOTENCY_KEY_CONFLICT`.