Resource writes

Update field values on a resource

PATCH/resources/{ref}/fields

Applies field values to an existing resource. Requires the write scope, view access to the resource, and edit access under the linked user's edit filter / archive-state permissions — the same authorisation as editing in the app.

Field keys are field names (see POST /resources for naming and value conventions — the same rules apply). All names are validated against the resource's type before anything is written; an unknown name fails the whole request with 400. Value-level failures on list-type fields (e.g. a nonexistent option name) are reported per-field in fieldErrors while the other fields still save.

Updates are audit-logged and reindexed exactly like internal edits, and the title field's denormalised copy is kept in sync.

X-Api-Key<token>

Issued to you when your integration is provisioned. Determines which catalogue resources are visible and which AI tools are available.

In: header

Path Parameters

ref*integer

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

Response Body

application/json

application/json

application/json

application/json

application/json

curl -X PATCH "https://example.com/resources/0/fields" \  -H "Content-Type: application/json" \  -d '{    "fields": {      "title": "Small Animal Surgery, 3rd Edition",      "keywords": "veterinary, surgery, orthopaedics"    }  }'
{  "data": {    "ref": 9001,    "updated": [      "title",      "keywords"    ],    "fieldErrors": {      "property1": "string",      "property2": "string"    }  }}
{  "success": false,  "status": "fail",  "message": "string",  "error": {    "message": "API key is required",    "code": "NO_API_KEY"  }}

{  "success": false,  "status": "fail",  "message": "API key is required",  "error": {    "code": "NO_API_KEY",    "message": "API key is required"  }}

{  "success": false,  "status": "fail",  "message": "string",  "error": {    "message": "API key is required",    "code": "NO_API_KEY"  }}
{  "success": false,  "status": "fail",  "message": "string",  "error": {    "message": "API key is required",    "code": "NO_API_KEY"  }}

Archive a resource DELETE

Archives (soft-deletes) a resource: it is moved to the deletion archive state, disappears from search and normal views, and remains recoverable by an administrator in-app. This mirrors the internal delete behaviour. **Permanent (hard) deletion is not available on the external API.** Requires the `write` scope and edit access to the resource under the linked user. Archiving an already-archived resource succeeds and reports `already_in_deletion_state` in `details`.

Create a resource POST

Creates a metadata-only resource of the named type, optionally setting field values in the same call. Requires the `write` scope. ### Names, not refs `type` is a resource type NAME (see `GET /resources/types`); field keys are field names as returned by `GET /resources/fields?type={ref}` (the `name` key; field titles are accepted as a case-insensitive fallback). Type and field refs differ per server — always address by name. Unknown names return 400 with the offending name in the message (`UNKNOWN_TYPE` / `UNKNOWN_FIELD`). ### Values Field values are strings, numbers, booleans, or null (null clears the field). For list-type fields (dropdowns, checkboxes, category trees) pass the option NAMES — either comma-separated in one string or as a JSON array of strings. Options that don't exist are reported per-field in `fieldErrors` without failing the create. The resource is created under the linked user with the same archive state, usergroup scoping, and permission walls as an in-app upload. The title field participates in the same denormalised title handling as internal edits. ### Idempotency Pass an `Idempotency-Key` header (a unique random string per logical create, e.g. a UUID) to make retries safe. The first successful response with a given key is cached for 24 hours; replays return the same body byte-for-byte with `Idempotent-Replayed: true`. Reusing the key with a different request body returns 422 `IDEMPOTENCY_KEY_CONFLICT`.