Kentico CMS 7.0 Developer's Guide

Configuration for REST

Configuration for REST

Previous topic Next topic Mail us feedback on this topic!  

Configuration for REST

Previous topic Next topic JavaScript is required for the print function Mail us feedback on this topic!  

Once you meet the pre-requisites for using the REST service, you need to make additional settings on the level of the Kentico CMS instance:


1. Edit your application's web.config file, find the system.webServer section directly under the root (i.e. not under a specific <location> element) and add the following attribute to the <modules> element:


<modules runAllManagedModulesForAllRequests="true">


2. Go to Site Manager -> Settings -> Integration -> REST and adjust related settings.


The following settings are available:


Service enabled

Enables or disables the Kentico CMS REST service.

Service enabled for

Choose if the REST service allows access to objects, documents, or both.

Authentication type

Determines which type of authentication the REST service uses. Supported types are Basic and Forms authentication.


Note: You can authenticate REST requests using the hash query string parameter in both modes.

Always check document security

If disabled, security is not checked when accessing published versions of documents. If enabled, security is always checked.

Document access is read only

If enabled, the REST service only allows GET requests for documents (documents cannot be modified).

Object access is read only

If enabled, the REST service only allows GET requests for objects (objects cannot be modified).

Allowed document types

Specifies a list of document types that the REST service is allowed to access. Enter the names of document types separated by semicolons.


If empty, all document types are allowed.

Allowed object types

Specifies a list of objects types that the REST service is allowed to access. If empty, all object types are allowed.

Generate authentication hash for URL

Click the link to generate an authentication hash for specific REST URLs.


Enter the full absolute URL of the REST request, including the protocol, website domain name, virtual directory, REST path, and query string parameters. For example:


The system adds the authentication hash parameter to the URL. You can copy the URL and use it to perform the REST request without any other type of authentication.




Only works for GET requests (read only data retrieval)

You cannot use hash parameter authentication for /all object retrieval requests (~/rest/<objecttype>/all).

Default encoding

Sets the character encoding that the REST service uses for requests that do not contain a supported Accept-Charset header.




Additional configuration for large-size data upload


If you are planning to upload large-size data into Kentico CMS through the REST service, it is necessary to specify the required data size limit in the application's web.config file. This can be done by adding the following pieces of code into the <system.serviceModel> section at the end of the web.config file:


1. Insert a <webHttpBinding> element into the <bindings> sub-section as shown below:


 <!-- Limits set to 10 MB (specified value in bytes) -->
 <binding name="RESTQuotaBinding" maxReceivedMessageSize="10485760" maxBufferPoolSize="10485760" maxBufferSize="10485760" closeTimeout="00:03:00" openTimeout="00:03:00" receiveTimeout="00:10:00" sendTimeout="00:03:00">
   <readerQuotas maxDepth="32" maxStringContentLength="10485760" maxArrayLength="10485760" maxBytesPerRead="10485760" />
   <security mode="None" />


Please note that this sample sets all limits to 10 MB. You may need to enter different values according to your specific needs.


2. Then add a <service> element under the <services> sub-section according to the following:


<service name="CMS.WebServices.RESTService">
     <add baseAddress="http://localhost/KenticoCMS/rest" />
 <endpoint address="" bindingConfiguration="RESTQuotaBinding" binding="webHttpBinding" contract="CMS.WebServices.IRESTService" />


The baseAddress in the code above only contains a sample value and needs to be replaced with the actual root address of the REST service (depending on your website's domain name).