Ibexa DXP v5: Introducing OpenAPI for REST API endpoints

30/09/2025, 12:00
| 2 Min read
Jani Tarvainen
Senior Product Advocate
Ibexa DXP v5: Introducing OpenAPI for REST API endpoints

Connectivity is a requirement for any contemporary web platform. Ibexa DXP has had strong support for remote usage through HTTP based APIs since it's inception. But there's always room to improve, so with version 5 we are happy to announce OpenAPI compatibility.

OpenAPI is a standard to describe available REST endpoints in a uniform way. It does not dictate how the APIs should should work, but rather provides structure to expose the available capabilities and how they work. This is useful to generate code and user interfaces to enable easy discovery for developers.

The REST and GraphQL APIs are widely used in projects. 

As a developer platform, Ibexa DXP needs to take this into account, and it is important to note that API endpoints will continue to work as before. As such, there will be no breaking changes because of the introduction of OpenAPI.

You can rest assured that you can focus on other upgrades in case you're upgrading from Ibexa DXP 4.6 LTS or earlier.

Embracing standards with OpenAPI 

OpenAPI will ship by default in all editions of Ibexa DXP. The default specification/documentation output will be available in three ways:

  • On your Ibexa DXP installation(s) in the path /api/ibexa/v2/doc
  • The REST schema will be exported as YAML for digestion by tooling
  • Our public REST API reference will be generated with Redoc from Ibexa Commerce
OpenAPI_Specification_Logo_Pantone.svg.png

Using these resources, any developer or application can quickly start using the RESTful APIs that Ibexa DXP offers. The OpenAPI specification has been adopted widely by the industry and it is widely supported by developer tooling.

With the documentation, using custom REST requests in Ibexa Connect will be easier than before. But where the real potential lies is automation. Since the standard describes the capabilities of the platform, coding assistants and AI agents can use the specification to learn about the function.

Powerful public APIs are a potential honeypot for hackers. But since the OpenAPI schema is just a reference to all the capabilities, you will still be guarded by the security guard rails provided by Ibexa DXP and the battle-tested API Platform package used as the foundation.

api-platform-example.png

With a well-limited API user for general requests and well crafted permissions for individual user levels, this can't be used as an attack vector.

Insights and News

Successfully breaking new ground - Ibexa, SNK & QUCOXX
By Tomás Seelow Santos
22/10/2025 | 3 Min read
Looking back at DMEXCO 2025 – Ibexa in the spotlight
By Tomás Seelow Santos
02/10/2025 | 5 Min read
What is a DXP, and how is it different from a CMS?
By Laura Bjerre Schwalbe
01/10/2025 | 7 Min read