REST APIs

Qlik offers a set of REST APIs to observe and manage a Qlik Cloud tenant. These APIs are generally service-oriented and provide a way of configuring most capabilities in a tenant, enabling programmatic deployments, CI/CD, monitoring, and more.

For access to data in Qlik Sense apps, refer to the QIX API.

Namespaced APIs

Namespaced APIs are being introduced to support the growing number of APIs and services in the platform, and to unlock versioning support in the future.

This change makes it easier for you to find, understand, and use Qlik APIs by grouping related resources by context and standardizing interfaces.

For more information, see API namespaces and the changelog.

What are REST APIs?

REST (Representational State Transfer) is an architectural style for designing networked applications. Qlik REST APIs use a request-response model where a client sends a request to a service, and the service responds with the requested resource.

Authentication

Supported authentication methods

Qlik REST APIs support different authentication methods:

  • OAuth 2.0: the recommended method for nearly all use cases.
  • JSON Web Tokens (JWT): used for legacy embedding solutions where a proxy is in use, or third-party cookie blocking isn’t a concern.
  • API keys: a simple way of providing access to APIs with the same permissions of the creating user.

For more information about how to authenticate your requests, see the Authentication Guide.

CSRF token

When calling Qlik REST APIs in a browser context, you must send a CSRF token with your request. If the CSRF token is missing or invalid, the API will reject the request.

The CSRF token is used to prevent cross-site request forgery (CSRF) attacks. These attacks happen when a malicious website tricks your browser into performing actions, like sending a request, on another website where you’re authenticated, without your consent.

To send the CSRF token, include it in your request using the qlik-csrf-token header. For example:

Terminal window
GET /api/v1/<RESOURCE> HTTP/1.1
Host: <TENANT>.<REGION>.qlikcloud.com
Authorization: Bearer <ACCESS_TOKEN>
qlik-csrf-token: <CSRF_TOKEN>

You can retrieve the CSRF token using the CSRF token API. The response headers will include the CSRF token.

Resources and requests

Each resource is exposed by a uniform resource identifier (URI). You can send an HTTP request to the relevant URI to access a resource.

Each request is made up of the following:

  • HTTP method
  • URI
  • Headers
  • Request body

URI structure

The URI is the path to a resource. The URI is different for each resource, but the structure remains the same for all resources:

https://your-tenant.region.qlikcloud.com/api/v1/resource
  • your-tenant is the hostname of your tenant, generated during tenant creation (and cannot be changed), or a custom alias name that you can define.
  • region is the region where your tenant is deployed, for example eu or us.
  • resource is the resource you want to access, which could include query or path parameters.

For example, the URI to retrieve the current user info looks like this:

https://mytenant.us.qlikcloud.com/api/v1/users/me

HTTP methods

Qlik REST APIs use the following HTTP methods:

  • GET: retrieve a resource.
  • POST: create a new resource.
  • PUT: update an existing resource.
  • DELETE: remove a resource.

Headers

Commonly used headers are:

  • Authorization: specifies the token used to authorize the request. Example: Authorization: Bearer <token>
  • Content-type: specifies the format of the request body. Example: Content-Type: application/json

Rate limiting

To ensure fair usage, Qlik implements rate limiting on API requests. Be sure to handle rate limit errors (HTTP 429) in your applications.

For more information, see Rate limiting.

Pagination

Qlik uses cursor-based pagination to split results into subsets called pages. After retrieving the first subset of results, you can use the returned links.next URL in the response to retrieve the results from the next page.

For more information, see Pagination.

API reference documentation

IP Policies

IP policies let you control which IP addresses can access your Qlik Cloud tenant. Use this API to manage allowlisting rules by creating, listing, updating, and deleting IP policies. When allowlisting is enabled, only users connecting from allowed IPv4 addresses or ranges can access the tenant.
core

API keys

API keys can be used by developers to gain programmatic access to the Qlik platform, acting as their own user.

Apps

Apps are a core part of Qlik Cloud Analytics, and represent either an Analytics app (Qlik Sense or QlikView application) or a script (headless Qlik Sense application).

Assistants

Assistants provide a chat interface for asking questions and getting personalized, relevant answers for Qlik Answers.

Audits

Audits provides access to events emitted upon each action taken in your tenant, providing detailed access to what's happening in your tenant.

Automation connections

Automation Connections are used by Qlik Automate connectors during automation execution.

Automation connectors

Automation connectors let you integrate third-party services and applications into your data analytics workflows. Use this API to discover available connectors and understand billing characteristics.

Automations

Automations in Qlik Automate are no-code workflows which connect applications together.

AutoML dataset predictions

Use your ML deployment to generate batch data in file format to predict future outcomes on new data.

AutoML real-time predictions

Use your ML deployment to generate real-time results returned as JSON in a synchronous manner to predict future outcomes on new data.

Banners

Banners display short messages at the top of the client interface to share tenant-wide information, warnings, or issues. When embedding content, banners aren't shown inside qlik-embed UIs. The only embedding method that displays banners is an iFrame generated using the App Integration API.

Brands

Brands allow you to apply tenant level branding across most user interfaces.

Collections

Collections provide the framework to catalog various content a user has access to using tags, public and private collections, and favorites.

Conditions

Conditions are used by features such as data alerting and subscriptions to determine when action should be taken, based on data in a Qlik app.

CSP origins

CSP origins allow you to configure domains, or origins, that Qlik Sense client visualizations/extensions are allowed to communicate with.

CSRF token

A CSRF token is a secure random token (e.g., synchronizer token or challenge token) that is used to prevent CSRF attacks. This API retrieves the token for the current user session.

Data alerts

Supports chart sharing, chart monitoring and alerting features. The legacy sharing APIs refer to chart sharing and chart monitoring, which is a feature that allows the user to send an e-mail with an embedded chart either manually (chart sharing) or in a recurring manner (chart monitoring). It also stores the history related to these actions. The alerting/ data-alerts APIs support the alerting feature, where a user is able to create alerts that trigger notifications in case a condition in the dataset of an app is fulfilled.

Data assets

Data assets are part of the catalog in Qlik Cloud. A data asset is a member of a data store, and may contain multiple data sets.

Data connections

Data connections are used by analytics apps and gateways to connect to external data sources. Credentials are stored in data-credentials.

Data credentials

Data credentials are the stored credentials leveraged by the data-connections service to connect to external data sources.

Data files

Data files represent the flat file storage associated with spaces in your Qlik Cloud tenant. Each space will have a corresponding data files connection, which you can list with data-connections.

Data integration projects

Data integration projects are used to group and organize data tasks that move, transform, or prepare data for consumption.

Data qualities

API for triggering data quality computations and retrieving global results to assess the quality of your datasets.

Data sets

Data sets are part of the catalog in Qlik Cloud. A data set is a member of a data asset.

Data sources

Lists data sources available on the tenant for the creation of analytics data connections.

Data stores

Data stores are part of the catalog in Qlik Cloud. A data store may contain one or more data stores, which in turn may contain multiple data sets.

Direct Access Agents

API for remotely managing configuration settings of Direct Access Gateway agents.

Email configuration

Transports supports configuration of the tenant-level SMTP service. For the SMTP service in Qlik Automate, review the automation-connections API.

Encryption

Tenants in Qlik Cloud can be encrypted with a key you provide via a supported KMS. This API allows you to configure and manage encryption keys.

Entitlement consumption

Tracks usage of entitled features in a tenant, used for the consumption metrics in the admin console in a tenant.

Extensions

Visualization extensions is a capability in Qlik Sense which allows third-party visualizations and other presentation objects to be used in the Qlik Sense client.

Glossaries

A glossary is a collection of common and agreed upon (business) terms, typically focused on defining the meaning of data and described in terms that everyone understands.

Groups

Groups is the resource representing a group in the system, to which space and tenant roles can be assigned to simplify access control management.

Identity providers

Identity providers define how your users authenticate to your tenant when attempting to access content.

Items

Items provides a list of core resources in the Qlik platform, including resources such as apps, automations, and data sets that a user has access to.

Knowledgebases

Knowledgebases are collections of individual data sources, that are indexed for use in generating responses to user questions via Assistants for Qlik Answers.

Licenses

Licenses define tenant and user entitlements, and can be used in conjunction with the consumption API to get a picture of entitlement usage.

Lineage graphs

Lineage-graphs represents the lineage information for a specific Qlik item.

Login

This API is used to initiate interactive logins, or to process JWT login requests.

Machine Learning

The Machine Learning API allows you to generate profile insights to analyze datasets, create and manage machine learning experiments, deploy models, and run predictions.

Natural language

Ask natural languages questions and context aware partial questions against applications enabled for conversational analytics or a specific app to receive Insight Advisor generated responses and suggestions

Notes

Notes provide a collaborative experience to support analytics consumption in your tenant. This API enables or disables notes.

Notifications

Notifications is the resource representing the various notifications that notification-prep can render

OAuth

Authorize OAuth client flows, and create and revoke OAuth tokens.

OAuth clients

Create and manage the configuration of OAuth clients in your tenant.

OAuth tokens

List and revoke active OAuth tokens issued for your tenant.

OAuth well-known configuration

Returns OAuth 2.0 metadata related to your tenant. Clients can use this information to programmatically configure their interactions with Qlik Cloud.

Pinned links

Pinned links are administrator-defined URLs which appear for all users under the More button in the global navigation menu.

Quotas

Quotas returns entitled attributes based on your license.

Reload tasks

Reloads tasks allow you to schedule reloads of analytics applications in your tenant.

Reloads

Reloads allows for triggering reloads of apps to refresh its data. Traditionally this has only been possible through the JSON-RPC WebSocket API, but can now also be done by using this REST API.

Report templates

Reports

Reports are downloadable assets generated from data in analytics applications.

Roles

Tenant roles are assigned to users or groups in the tenant, and define what permissions they have.

Sharing tasks

For scheduled capabilities such as reports, data alerts, subscriptions, and more, sharing tasks defines when these tasks execute, and tie together the resource definition with any conditions on execution.

Spaces

Spaces are logical containers within your tenant and control access for users and groups through space roles to what content users can access.

Tasks

API for managing tasks and task chains in Qlik Cloud. The requesting user needs the "reload" permission on the target resource to use this set of endpoints. A tenant admin can use GET /v1/tasks and DELETE /v1/tasks/{id} to perform administrative actions, even without the "reload" permission.

Temporary contents

Services such as app and data-files which may import or export larger files can opt to leverage the temporary contents service to handle these requests. Acts as a temporary file store.

Tenants

Tenants are the highest level of logical container, with this API supporting configuration of several key tenant settings.

Themes

Themes enable you to customize/style the Qlik Sense client experience.

Users

Users represent clients accessing the Qlik Cloud tenant.

Web integrations

A web integration is a resource representing a list of whitelisted origins that can make requests to a specified tenant. It is the implementation of the CORS mechanism within Qlik Cloud.

Web notifications

Web notifications is the resource representing a user's notification

Webhooks

Webhooks are a way for Qlik Cloud to provide other applications with real-time information.

Next steps

Was this page helpful?