REST API Overview
The Jonas REST API provides modern, resource-oriented HTTP endpoints for task-focused integrations such as document upload & retrieval and Field Time time-entry exchange. It complements the SOAP-based Data Import/Export API documented elsewhere in this portal: use REST for new integrations and the operations listed under REST API (v1); use the SOAP API for the broader catalogue of business objects.
Base paths & versioning
Every REST endpoint lives under a /public/v1/ path segment. The public
segment separates externally supported routes from internal controllers, and the v1
segment lets Jonas introduce breaking changes under a future v2 without disturbing
existing integrations.
The base URI depends on the area being accessed. Documents and Time Entry endpoints are served
by the Jonas Web Server installation and follow the pattern
https://{JonasCustomerSubDomain}.jonasapp.com:8091/, where
{JonasCustomerSubDomain} is the subdomain assigned to the customer's tenant.
Authentication is handled by the shared identity service at a fixed base URI.
| Area | Base URI | Path |
|---|---|---|
| Authentication | https://identity.jonasapp.com | /token |
| Documents (DMS) | https://{JonasCustomerSubDomain}.jonasapp.com:8091 | /api/dms/public/v1/ |
| Time Entries (Field Time) | https://{JonasCustomerSubDomain}.jonasapp.com:8091 | /api/ft/public/v1/ |
Authentication
All REST resource endpoints are protected by OAuth 2.0 bearer tokens. A client first exchanges
its credentials for a signed JWT at the /token endpoint, then sends that token in the
Authorization header of every subsequent request:
Authorization: Bearer <access_token>
The service validates the token signature, the jpt (principal-type) claim, and the
caller's API license on every request. See Authentication
for how to obtain a token.
Request & response format
- Request and response bodies are
application/jsonunless an endpoint documents a binary or multipart payload (for example a document upload). - Complex queries are sent with
POSTand a JSON body rather than long query strings — filter values can exceed safe URL length limits (~2000 characters) and cannot be passed reliably as query parameters. - Resource creation returns
201 Createdwith aLocationheader pointing at the new resource.
Pagination
List and search endpoints page their results using two query parameters, even when the filter criteria are supplied in a JSON body:
| Parameter | Description |
|---|---|
page | 1-based page number. Defaults to 1. |
pageSize | Number of items per page. |
Error responses
Errors are returned as RFC 7807 problem
detail documents with the application/problem+json content type, giving integrators a
consistent, machine-readable error shape instead of ad-hoc envelopes or concatenated strings.
{
"type": "https://httpstatuses.io/404",
"title": "Not Found",
"status": 404,
"detail": "The requested resource was not found or is not visible to the caller.",
"instance": "/api/dms/public/v1/documents/123456"
}| Status | Meaning |
|---|---|
200 OK | Request succeeded; body contains the resource or result set. |
201 Created | Resource created; Location header references it. |
400 Bad Request | Malformed request or failed validation. |
401 Unauthorized | Missing, expired, or invalid bearer token. |
403 Forbidden | Valid token but the principal type or API license does not permit the operation. |
404 Not Found | Resource does not exist or is not visible to the caller. |
Next steps
- Authentication — obtain a bearer token.
- Documents (DMS) — upload, search, and retrieve documents.
- Time Entries (Field Time) — read and upsert time entries.