Skip to content

APIs

All features that are available on the listmonk dashboard are also available as REST-like HTTP APIs that can be interacted with directly. Request and response bodies are JSON. This allows easy scripting of listmonk and integration with other systems, for instance, synchronisation with external subscriber databases.

Note

If you come across API calls that are yet to be documented, please consider contributing to docs.

Auth

HTTP API requests support BasicAuth and a Authorization token headers. API users and tokens with the required permissions can be created and managed on the admin UI (Admin -> Users).

BasicAuth example
curl -u "api_user:token" http://localhost:9000/api/lists
Authorization token example
curl -H "Authorization: token api_user:token" http://localhost:9000/api/lists

Permissions

User role: Permissions allowed for a user are defined as a User role (Admin -> User roles) and then attached to a user.

List role: Read / write permissions per-list can be defined as a List role (Admin -> User roles) and then attached to a user.

In a User role, lists:get_all or lists:manage_all permission supercede and override any list specific permissions for a user defined in a List role.

To manage lists and subscriber list subscriptions via API requests, ensure that the appropriate permissions are attached to the API user.


Response structure

Successful request

HTTP/1.1 200 OK
Content-Type: application/json

{
    "data": {}
}

All responses from the API server are JSON with the content-type application/json unless explicitly stated otherwise. A successful 200 OK response always has a JSON response body with a status key with the value success. The data key contains the full response payload.

Failed request

HTTP/1.1 500 Server error
Content-Type: application/json

{
    "message": "Error message"
}

A failure response is preceded by the corresponding 40x or 50x HTTP header. There may be an optional data key with additional payload.

Timestamps

All timestamp fields are in the format 2019-01-01T09:00:00.000000+05:30. The seconds component is suffixed by the milliseconds, followed by the + and the timezone offset.

Common HTTP error codes

Code
400 Missing or bad request parameters or values
403 Session expired or invalidate. Must relogin
404 Request resource was not found
405 Request method (GET, POST etc.) is not allowed on the requested endpoint
410 The requested resource is gone permanently
422 Unprocessable entity. Unable to process request as it contains invalid data
429 Too many requests to the API (rate limiting)
500 Something unexpected went wrong
502 The backend OMS is down and the API is unable to communicate with it
503 Service unavailable; the API is down
504 Gateway timeout; the API is unreachable

OpenAPI (Swagger) spec

The auto-generated OpenAPI (Swagger) specification site for the APIs are available at listmonk.app/docs/swagger