Skip to content
REST/JSON interface for the OXID eShop with AngularJS frontend for testing
JavaScript PHP HTML Other
Branch: master
Clone or download
Pull request Compare This branch is 2 commits ahead, 6 commits behind shoptimax:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


What is it?

OXID|Json is a REST / JSON CRUD (Create, Read, Update, Delete) interface for the OXID eShop that comes with a fancy AngularJS frontend for playing around with the JSON data. It uses the Tonic PHP framework.

You can find a demo here. Login with username "mrjson", password "oxid".


PHP >= 5.3 required. You need an installed OXID eShop and an admin account (or a user assigned to a special group) for login. The OXID module also creates two new user groups "OXJSON Full" and "OXJSON Read-only", so you can assign users to these groups which then can use the REST interface with full (CRUD with POST, PUT, DELETE) access or read-only access (only GET allowed).

Copy "app/", "modules/", "oxrest/" and the other files to your shop root directory.

Activate the module in the shop backend. The module only adds two new groups to the oxgroups table ("oxjsonro" and "oxjsonfull"). Assign shop users to the new groups as required so they can login via the interface.

Get Composer, copy composer.phar to your shop directory. In the root directory of the shop, execute after changing the php executable path in it.

This will execute composer.phar with it's configuration file composer.json.

Composer will then create a "vendor" subdirectory, where it downloads and installs the TONIC REST framework.

The autoloader created in that vendor directory will then be used by the "/oxrest/oxrest.php" file.

In your OXID shop's main ".htaccess" file, add this:

If you use CGI-PHP, allow auth header forwarding:

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

Add the rewrite rule for the JSON interface:

RewriteCond %{REQUEST_URI} .*oxrest.*
RewriteCond %{REQUEST_URI} !oxrest\.php$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* oxrest/oxrest.php [L,QSA]

just before the line

RewriteCond %{REQUEST_URI} oxseo\.php$

If you have problems accessing the "/app" directory for the AngularJS frontend, try to change the DirectoryIndex order in .htaccess to this: DirectoryIndex index.html index.php

Using the REST interface

The REST interface can be reached through http://SHOP.URL/oxrest/SERVICE/WITH/PARAMETERS. Available services and parameters are explained below.


The REST interface expects a HTTP Authorization header in the following form:

Authorization: Ox base64_encode(username:password) which means you have to concatenate username and password with ":", Base64-encode that string and prepend the string "Ox ".

A simple cURL request could look like this:

$userName = "";
$passWord = "mypass";
// get oxid article list
$ch = curl_init('');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    // send custom auth header
    'Authorization: Ox ' . base64_encode($userName . ":" . $passWord))
$result = curl_exec($ch);
echo "<pre>";
echo "</pre>";

For JavaScript requests, you can use CryptJS to encode your username/password combination like this:

var secStr = CryptoJS.enc.Utf8.parse(user.username + ":" + user.password);
var base64 = CryptoJS.enc.Base64.stringify(secStr);
// and use it e.g. with AngularJS post():
$$rootScope.basePath + '/oxrest/action/login', jsonData, {
    headers : {
        // use custom auth header
        Authorization : 'Ox ' + base64
}) ...

Available services

The following URL formats are currently supported:








for lists and

/oxobject/:class/:oxid for single objects. All these URIs are callable via GET.

Important: if you use "/list/" URLs, you will get the "raw" data from the database, e.g. from the table "oxarticles". This is the fast version. If you need pre-computed OXID object data in your lists, e.g. fully loaded oxarticle object data, you can use "/oxlist/" URLs instead - this will load OXID objects and modifiy them with installed modules etc. So if you need "calculated" article prices e.g., you should use the "/oxlist/" URL mappings to retrieve data (GET), e.g.


Keep in mind that these requests will take more time to load and you are restricted to oxlist based objects. Of course you can also use your own, custom (oxList based) classes and any database tables.

:class can be any existing oxList object, e.g. oxuserlist, oxarticleslist ...

:page per default, ten items are returned per request. If a list contains more than ten items, paging is supported by this parameter. Page numbering starts at 0

:propertyName, :propertyValue and :comparator To filter list queries, two comparators are currently supported: "eq" transformes to MySQL ":propertyName = ':propertyValue'" "like" transformes to MySQL ":propertyName LIKE '%:propertyValue%'"

:propertyName can be any existing MySQL column for the list base object (oxarticlelist => oxarticle...)

:propertyValue can be any arbitrary string

Example service calls

















For saving lists and objects, you can use the corresponding PUT methods:

/list/:class /oxobject/:class/:oxid

and send the JSON data as content.

Of course POST and DELETE methods for creating and deleting objects are also supported.


Proud Sourcing GmbH 2015 /
shoptimax GmbH /
You can’t perform that action at this time.