About the REST APIs
Weebly APIs are provided using REST over HTTPS and utilize the HTTP verbs GET, POST, PUT, PATCH and DELETE. We provide a number of client libraries to help get you started.
See the following sections for more general information about using our APIs.
See the following sections for more general information about using our APIs.
in this topic:
Client Libraries
Looking for an easy way to get started with our API rather than having to piece it all together yourself? Install one of our client libraries! These libraries make it easy to interact with our API:
Download our libraries on GitHub here:
- Language-specific calls that process the HTTP for you so you can work directly with resources in your code. For example, our PHP library has a createUser method that you can use without having to provide HTTP header info. The returned new user is a resource you can work with directly, instead of having to process an HTTP response.
- Easier authorization.
- Fully documented, with robust examples.
Download our libraries on GitHub here:
Endpoint
The Weebly Cloud endpoint is https://api.weeblycloud.com.
Note: Previously, the endpoint was https://api.weeblycloud.com/hosts. If any existing code uses this endpoint, it will continue to work.
Schema
All API access is over HTTPS, and accessed from the api.weeblycloud.com domain. All data is sent and received as JSON. Blank fields are included as null instead of being omitted. Dates and times are unix epoch timestamps.
HTTP Redirects
We may issue redirects. Any call may result in a redirect, at which point you should make an identical call, but to the newly provided resource URL.
HTTP Verbs
- GET
Used for retrieving resources. - POST
Used for creating resources. - PATCH
Used for updating resources with partial JSON data. - PUT
Used for replacing resources or entire collections. Fields will be replaced with given values and any fields without given values will be reset to their default. Any fields without defaults, for example ID fields, will remain unchanged. - DELETE
Used for deleting resources.
Signing and Authenticating Requests
Weebly validates every API call to ensure a trusted source is accessing the API on behalf of a user. Every API call must contain the following in the header:
- Your API key: Sent in the header as as X-Public-Key, this key is found in the Settings tab of the Cloud Admin and is used to identify your account.
- A private HMAC Hash of the request contents: Sent in the header as X-Signed-Request-Hash, this hash is a base-64 encoded HMAC-SHA256 hash of the request that includes the following:
- Type of call (for example POST or PUT)
- The endpoint URL (for example, user/234256/loginLink)
- Any request data (for example, { 'plan_id': 34 }).
(Don't include data in the hash if the request doesn't require it)
Your API Secret (also found on the settings tab) is the key for the hash. Because your secret is known only to you and Weebly Cloud, we are able to validate your request by generating the same HMAC-SHA256 signature and matching it against the hash you sent.
Note: Your API secret is a shared secret known only to you and Weebly Cloud. Do not share your API secret.
For example, here's code that might be used to generate the hash:
Example request made using HMAC-SHA256 with PHP
This is the line that generates the hash:
Tip: Don't include $content if the request doesn't require data ($data), for example in a GET request.
Tip: We recommend using an online encoder to verify your hash, like the one found here.
Here's the API call, using an example API key and hash (YOURAPIKEY and YOURSECRETHASH are placeholders for the actual API key and hash).
Example Request Header
Any requests that do not contain a valid signature will be rejected.
Search Parameters
Some endpoints allow you to use search parameters in order to filter your results. When using parameters, do not add that query string to your HMAC Hash.
Pagination
Pagination of certain resources in list view happens automatically. Information about the total number of resources, like the total count, are provided in headers.
X-Resultset-Total shows the total number of records for the request.
X-Resultset-Page shows the page for the call.
X-Resultset-Limit shows the record limit for the page (i.e. each call - the default is 25, the max is 200).
If there are additional pages to be returned, a Link header will be included that has links to the first, previous, next and last pages.
The following endpoints support pagination:
For example, a response from the Site API might return the following in the header, showing that there are a total of 44 records to be returned, this is the first page, and that 25 is the record limit:
X-Resultset-Total shows the total number of records for the request.
X-Resultset-Page shows the page for the call.
X-Resultset-Limit shows the record limit for the page (i.e. each call - the default is 25, the max is 200).
If there are additional pages to be returned, a Link header will be included that has links to the first, previous, next and last pages.
The following endpoints support pagination:
- GET /user/USER_ID/site/SITE_ID/form
- GET /user/USER_ID/site/SITE_ID/form/FORM_ID/entry
- GET /user/USER_ID/site/SITE_ID/member
- GET /user/USER_ID/site/SITE_ID/group
- GET /user/USER_ID/site/SITE_ID/page
- GET /user/USER_ID/site
- GET /user/USER_ID/site/SITE_ID/store/category
- GET /user/USER_ID/site/SITE_ID/store/coupon
- GET /user/USER_ID/site/SITE_ID/store/order
- GET /user/USER_ID/site/SITE_ID/store/product
For example, a response from the Site API might return the following in the header, showing that there are a total of 44 records to be returned, this is the first page, and that 25 is the record limit:
When you expect the result set to be greater than 25, use these parameters to determine the pages to return and to increase the limit:
- page (int)
Which page of results to return. Starts at 1. - limit (int)
Number of results per page. Default 25, Max 200. Don't forget that raising the limit may affect performance.
Note: Only the first 25 results are returned by default. If the result set is expected to be over 25, you must implement pagination.
For example, this CURL request to the Site API returns the second page of result sets.
Errors
Error response from a bad request
Error code summary
100 |
Invalid hash provided. The hash does not match the request |
101 |
Unknown API key provided. Check the Admin portal to verify that your key still exists. |
102 |
This Weebly account doesn't have API access. |
200 |
This Weebly account doesn't have access to this user. |
201 |
This Weebly account doesn't have access to this site. |
300 |
Query cannot be routed. |
900 |
Invalid request. |
999 |
An unknown error occurred. |
-32001 |
Invalid namespace or function name. |
-32002 |
Class not found. |
32404 |
Invalid request. |
32600 |
Invalid request. |
32601 |
Method not found. |
32602 |
Invalid parameters - too few. |