Ibexa DXP v5: Introducing OpenAPI for REST API endpoints

Connectivity is a requirement for any contemporary web platform. Ibexa DXP has had strong support for remote usage through HTTP based APIs since it's inception. But there's always room to improve, so with version 5 we are happy to announce OpenAPI compatibility.
OpenAPI is a standard to describe available REST endpoints in a uniform way. It does not dictate how the APIs should should work, but rather provides structure to expose the available capabilities and how they work. This is useful to generate code and user interfaces to enable easy discovery for developers.
The REST and GraphQL APIs are widely used in projects.
As a developer platform, Ibexa DXP needs to take this into account, and it is important to note that API endpoints will continue to work as before. As such, there will be no breaking changes because of the introduction of OpenAPI.
You can rest assured that you can focus on other upgrades in case you're upgrading from Ibexa DXP 4.6 LTS or earlier.
Embracing standards with OpenAPI
OpenAPI will ship by default in all editions of Ibexa DXP. The default specification/documentation output will be available in three ways:
- On your Ibexa DXP installation(s) in the path /api/ibexa/v2/doc
- The REST schema will be exported as YAML for digestion by tooling
- Our public REST API reference will be generated with Redoc from Ibexa Commerce
Using these resources, any developer or application can quickly start using the RESTful APIs that Ibexa DXP offers. The OpenAPI specification has been adopted widely by the industry and it is widely supported by developer tooling.
With the documentation, using custom REST requests in Ibexa Connect will be easier than before. But where the real potential lies is automation. Since the standard describes the capabilities of the platform, coding assistants and AI agents can use the specification to learn about the function.
Powerful public APIs are a potential honeypot for hackers. But since the OpenAPI schema is just a reference to all the capabilities, you will still be guarded by the security guard rails provided by Ibexa DXP and the battle-tested API Platform package used as the foundation.
With a well-limited API user for general requests and well crafted permissions for individual user levels, this can't be used as an attack vector.