How to add rest api end point


Hi all,

I would like to add a custom endpoint for webservice rest api. I tried to add a new controller or add method in existing controller but it dose not recognize my route. Ex: "No route found for “GET /webservice/rest/article-list”
I’m new in Pimcore and symfony. Please help.


Pimcore4 Custom REST-API-endpoint for React

Be careful, you are working within the Pimcore directory, this stuff will go once you update! Never work in the Pimcore Directory.

To your question: It is not possible to add something to the Pimcore API, you can create your own one though.

For example, this is what I did in a project:

namespace AppBundle\Controller\Admin;

use Pimcore\Bundle\AdminBundle\Controller\Rest\AbstractRestController;
use Pimcore\Model\Asset;
use Pimcore\Model\DataObject;
use Symfony\Component\HttpFoundation\Request;

class MageController extends AbstractRestController
    public function productAssetsAction(Request $request)

        $id = $request->get('id');
        $object = DataObject\Concrete::getById($id);

        if (is_null($object)) {
            return $this->createErrorResponse([
                "msg" => "Object does not exist",
                "code" => -1

        $data = [];

        if ($object instanceof DataObject\SecurityProduct || $object instanceof DataObject\FashionProduct) {
            $fields = [

            foreach ($fields as $field) {
                $getter = "get" . ucfirst($field);

                if (method_exists($object, $getter)) {
                    $value = $object->$getter();

                    if (is_array($value)) {
                        foreach ($value as $val) {
                            $processedValue = $this->processAssetValue($val);

                            if ($processedValue) {
                                $data[$field][] = $processedValue;
                    } else {
                        $processedValue = $this->processAssetValue($value);

                        if ($processedValue) {
                            $data[$field] = $processedValue;

            return $this->adminJson(
                    'success' => true,
                    'data' => $data

        return $this->createErrorResponse([
            "msg" => sprintf("Object type %s not supported here", $object->getClassName()),
            "code" => -1

    protected function processAssetValue($value)
        $checksumAlgorithm = 'sha1';

        if ($value instanceof Asset) {
            return [
                "id" => $value->getId(),
                "name" => $value->getFilename(),
                "modificationDate" => $value->getModificationDate(),
                "path" => $value instanceof Asset\Image ? $value->getThumbnail("mage")->getPath() : $value->getFullPath(),
                "checksum" => $value instanceof Asset\Image ? $value->getThumbnail("mage")->getChecksum($checksumAlgorithm) : $value->getChecksum($checksumAlgorithm),
        if ($value instanceof DataObject\Data\ElementMetadata) {
            $element = $value->getElement();

            if ($element instanceof Asset) {
                return [
                    "id" => $element->getId(),
                    "name" => $element->getFilename(),
                    "modificationDate" => $element->getModificationDate(),
                    "path" => $element instanceof Asset\Image ? $element->getThumbnail("mage")->getPath() : $element->getFullPath(),
                    "checksum" => $element instanceof Asset\Image ? $element->getThumbnail("mage")->getChecksum($checksumAlgorithm) : $element->getChecksum($checksumAlgorithm),
                    "properties" => $value->data

        return false;

    path: /webservice/mage/product-assets
    defaults: { _controller: AppBundle\Controller\Admin\MageController::productAssetsAction }
    methods:  [GET]


Thanks for your support dpfaffenbauer,
I found out that i got “cache” issue. I’ve delete pimcore cache then the end point is recognized.


I would like to understand the meaning of the line


Do you ask permission to access object data? And how does the API-key play a role?
Do I have to set anything else than enabeling the Webservice in the backend and assigning an API-key to a user @dpfaffenbauer


$this->checkPermission(‘objects’); checks if the user behind the api-key has access to objects.

API-Key is assigned to a User -> User has Roles and/or Permission.

Nope, just enable the webservice, create a user and the API-Key.



you can find out permission in user setup

Hope this help


I thought that I have to manuelly check for permissions (whether the API Key is correct and so on), and thought this command does that.

Found out, that I only had a problem with my routing (using annotations). After fixing that, everything worked just fine.

Thank you @dpfaffenbauer for providing the insight of the AbstractRestController. I cannot find anything regarding this topic within the pimcore documentation…