REST APIs Qlik offers a set of REST APIs to observe and manage a Qlik Cloud tenant. These APIs are generally
service-oriented and provide a way of configuring most capabilities in a tenant, enabling
programmatic deployments, CI/CD, monitoring, and more.
For access to data in Qlik Sense apps, refer to the QIX API .
What are REST APIs?
REST (Representational State Transfer) is an architectural style for designing networked applications.
Qlik REST APIs use a request-response model where a client sends a request to a service, and the service responds with
the requested resource.
Authentication
Supported authentication methods
Qlik REST APIs support different authentication methods:
OAuth 2.0: the recommended method for nearly all use cases.
JSON Web Tokens (JWT): used for legacy embedding solutions where a proxy is in use, or third-party
cookie blocking isn’t a concern.
API keys: a simple way of providing access to APIs with the same permissions of
the creating user.
For more information about how to authenticate your requests, see the Authentication Guide .
CSRF token
When calling Qlik REST APIs in a browser context, you must send a CSRF token with your request. If the CSRF token is
missing or invalid, the API will reject the request.
The CSRF token is used to prevent cross-site request forgery (CSRF) attacks. These attacks happen when a malicious
website tricks your browser into performing actions, like sending a request, on another website where you’re
authenticated, without your consent.
To send the CSRF token, include it in your request using the qlik-csrf-token header. For example:
GET /api/v1/< RESOURCE> HTTP/1.1
Host: < TENANT> .< REGION> .qlikcloud.com
Authorization: Bearer < ACCESS_TOKEN>
qlik-csrf-token: < CSRF_TOKEN>
You can retrieve the CSRF token using the CSRF token API .
The response headers will include the CSRF token.
Resources and requests
Each resource is exposed by a uniform resource identifier (URI). You can send an HTTP request to the relevant URI to
access a resource.
Each request is made up of the following:
HTTP method
URI
Headers
Request body
URI structure
The URI is the path to a resource. The URI is different for each resource, but the structure remains the same for all
resources:
your-tenant is the hostname of your tenant, generated during tenant creation
(and cannot be changed), or a custom alias name that you can define.region is the region where your tenant is deployed, for example eu or us.resource is the resource you want to access, which could include query or path parameters.
For example, the URI to retrieve the current user info looks like this:
HTTP methods
Qlik REST APIs use the following HTTP methods:
GET: retrieve a resource.POST: create a new resource.PUT: update an existing resource.DELETE: remove a resource.
Commonly used headers are:
Authorization: specifies the token used to authorize the request. Example: Authorization: Bearer <token>Content-type: specifies the format of the request body. Example: Content-Type: application/json
Rate limiting
To ensure fair usage, Qlik implements rate limiting on API requests.
Be sure to handle rate limit errors (HTTP 429) in your applications.
For more information, see Rate limiting .
Qlik uses cursor-based pagination to split results into subsets called pages.
After retrieving the first subset of results, you can use the returned links.next URL in the response to retrieve
the results from the next page.
For more information, see Pagination .
API reference documentation
API keys can be used by developers to gain programmatic access to the Qlik platform, acting as their own user.
Apps are a core part of Qlik Cloud Analytics, and represent either an Analytics app (Qlik Sense or QlikView application) or a script (headless Qlik Sense application).
Assistants provide a chat interface for asking questions and getting personalized, relevant answers for Qlik Answers.
Audits provides access to events emitted upon each action taken in your tenant, providing detailed access to what's happening in your tenant.
Automation Connections are used by Application Automation connectors during automation execution.
Automations in Qlik Application Automation are no-code workflows which connect applications together.
AutoML dataset predictions Use your ML deployment to generate batch data in file format to predict future outcomes on new data.
AutoML real-time predictions Use your ML deployment to generate real-time results returned as JSON in a synchronous manner to predict future outcomes on new data.
Brands allow you to apply tenant level branding across most user interfaces.
Collections provide the framework to catalog various content a user has access to using tags, public and private collections, and favorites.
Conditions are used by features such as data alerting and subscriptions to determine when action should be taken, based on data in a Qlik app.
CSP origins allow you to configure domains, or origins, that Qlik Sense client visualizations/extensions are allowed to communicate with.
A CSRF token is a secure random token (e.g., synchronizer token or challenge token) that is used to prevent CSRF attacks. This API retrieves the token for the current user session.
Supports chart sharing, chart monitoring and alerting features. The legacy sharing APIs refer to chart sharing and chart monitoring, which is a feature that allows the user to send an e-mail with an embedded chart either manually (chart sharing) or in a recurring manner (chart monitoring). It also stores the history related to these actions. The alerting/ data-alerts APIs support the alerting feature, where a user is able to create alerts that trigger notifications in case a condition in the dataset of an app is fulfilled.
Data assets are part of the catalog in Qlik Cloud. A data asset is a member of a data store, and may contain multiple data sets.
Data connections are used by analytics apps and gateways to connect to external data sources. Credentials are stored in data-credentials.
Data credentials are the stored credentials leveraged by the data-connections service to connect to external data sources.
Data files represent the flat file storage associated with spaces in your Qlik Cloud tenant. Each space will have a corresponding data files connection, which you can list with data-connections.
Data integration projects Data integration projects are containers for data tasks and provide the context for building, monitoring, and controlling data integration pipelines.
Data sets are part of the catalog in Qlik Cloud. A data set is a member of a data asset.
Lists data sources available on the tenant for the creation of analytics data connections.
Data stores are part of the catalog in Qlik Cloud. A data store may contain one or more data stores, which in turn may contain multiple data sets.
Transports supports configuration of the tenant-level SMTP service. For the SMTP service in Qlik Application automation, review the automation-connections API.
Tenants in Qlik Cloud can be encrypted with a key you provide via a supported KMS. This API allows you to configure and manage encryption keys.
Tracks usage of entitled features in a tenant, used for the consumption metrics in the admin console in a tenant.
Visualization extensions is a capability in Qlik Sense which allows third-party visualizations and other presentation objects to be used in the Qlik Sense client.
A glossary is a collection of common and agreed upon (business) terms, typically focused on defining the meaning of data and described in terms that everyone understands.
Groups is the resource representing a group in the system, to which space and tenant roles can be assigned to simplify access control management.
Identity providers define how your users authenticate to your tenant when attempting to access content.
Items provides a list of core resources in the Qlik platform, including resources such as apps, automations, and data sets that a user has access to.
Knowledgebases are collections of individual data sources, that are indexed for use in generating responses to user questions via Assistants for Qlik Answers.
Licenses define tenant and user entitlements, and can be used in conjunction with the consumption API to get a picture of entitlement usage.
Lineage-graphs represents the lineage information for a specific Qlik item.
This API is used to initiate interactive logins, or to process JWT login requests.
The Machine Learning API allows you to generate profile insights to analyze datasets, create and manage machine learning experiments, deploy models, and run predictions.
Ask natural languages questions and context aware partial questions against applications enabled for conversational analytics or a specific app to receive Insight Advisor generated responses and suggestions
Notes provide a collaborative experience to support analytics consumption in your tenant. This API enables or disables notes.
Notifications is the resource representing the various notifications that notification-prep can render
Authorize OAuth client flows, and create and revoke OAuth tokens.
Create and manage the configuration of OAuth clients in your tenant.
List and revoke active OAuth tokens issued for your tenant.
OAuth well-known configuration Returns OAuth 2.0 metadata related to your tenant. Clients can use this information to programmatically configure their interactions with Qlik Cloud.
Pinned links are administrator-defined URLs which appear for all users under the More button in the global navigation menu.
Quotas returns entitled attributes based on your license.
Reloads tasks allow you to schedule reloads of analytics applications in your tenant.
Reloads allows for triggering reloads of apps to refresh its data. Traditionally this has only been possible through the JSON-RPC WebSocket API, but can now also be done by using this REST API.
Reports are downloadable assets generated from data in analytics applications.
Tenant roles are assigned to users or groups in the tenant, and define what permissions they have.
For scheduled capabilities such as reports, data alerts, subscriptions, and more, sharing tasks defines when these tasks execute, and tie together the resource definition with any conditions on execution.
Spaces are logical containers within your tenant and control access for users and groups through space roles to what content users can access.
Services such as app and data-files which may import or export larger files can opt to leverage the temporary contents service to handle these requests. Acts as a temporary file store.
Tenants are the highest level of logical container, with this API supporting configuration of several key tenant settings.
Themes enable you to customize/style the Qlik Sense client experience.
Users represent clients accessing the Qlik Cloud tenant.
A web integration is a resource representing a list of whitelisted origins that can make requests to a specified tenant. It is the implementation of the CORS mechanism within Qlik Cloud.
Web notifications is the resource representing a user's notification
Webhooks are a way for Qlik Cloud to provide other applications with real-time information.
Next steps