How to add rest api end point


Hi all,

I would like to add a custom endpoint for webservice rest api. I tried to add a new controller or add method in existing controller but it dose not recognize my route. Ex: "No route found for “GET /webservice/rest/article-list”
I’m new in Pimcore and symfony. Please help.



Be careful, you are working within the Pimcore directory, this stuff will go once you update! Never work in the Pimcore Directory.

To your question: It is not possible to add something to the Pimcore API, you can create your own one though.

For example, this is what I did in a project:

namespace AppBundle\Controller\Admin;

use Pimcore\Bundle\AdminBundle\Controller\Rest\AbstractRestController;
use Pimcore\Model\Asset;
use Pimcore\Model\DataObject;
use Symfony\Component\HttpFoundation\Request;

class MageController extends AbstractRestController
    public function productAssetsAction(Request $request)

        $id = $request->get('id');
        $object = DataObject\Concrete::getById($id);

        if (is_null($object)) {
            return $this->createErrorResponse([
                "msg" => "Object does not exist",
                "code" => -1

        $data = [];

        if ($object instanceof DataObject\SecurityProduct || $object instanceof DataObject\FashionProduct) {
            $fields = [

            foreach ($fields as $field) {
                $getter = "get" . ucfirst($field);

                if (method_exists($object, $getter)) {
                    $value = $object->$getter();

                    if (is_array($value)) {
                        foreach ($value as $val) {
                            $processedValue = $this->processAssetValue($val);

                            if ($processedValue) {
                                $data[$field][] = $processedValue;
                    } else {
                        $processedValue = $this->processAssetValue($value);

                        if ($processedValue) {
                            $data[$field] = $processedValue;

            return $this->adminJson(
                    'success' => true,
                    'data' => $data

        return $this->createErrorResponse([
            "msg" => sprintf("Object type %s not supported here", $object->getClassName()),
            "code" => -1

    protected function processAssetValue($value)
        $checksumAlgorithm = 'sha1';

        if ($value instanceof Asset) {
            return [
                "id" => $value->getId(),
                "name" => $value->getFilename(),
                "modificationDate" => $value->getModificationDate(),
                "path" => $value instanceof Asset\Image ? $value->getThumbnail("mage")->getPath() : $value->getFullPath(),
                "checksum" => $value instanceof Asset\Image ? $value->getThumbnail("mage")->getChecksum($checksumAlgorithm) : $value->getChecksum($checksumAlgorithm),
        if ($value instanceof DataObject\Data\ElementMetadata) {
            $element = $value->getElement();

            if ($element instanceof Asset) {
                return [
                    "id" => $element->getId(),
                    "name" => $element->getFilename(),
                    "modificationDate" => $element->getModificationDate(),
                    "path" => $element instanceof Asset\Image ? $element->getThumbnail("mage")->getPath() : $element->getFullPath(),
                    "checksum" => $element instanceof Asset\Image ? $element->getThumbnail("mage")->getChecksum($checksumAlgorithm) : $element->getChecksum($checksumAlgorithm),
                    "properties" => $value->data

        return false;

    path: /webservice/mage/product-assets
    defaults: { _controller: AppBundle\Controller\Admin\MageController::productAssetsAction }
    methods:  [GET]


Thanks for your support dpfaffenbauer,
I found out that i got “cache” issue. I’ve delete pimcore cache then the end point is recognized.


I would like to understand the meaning of the line


Do you ask permission to access object data? And how does the API-key play a role?
Do I have to set anything else than enabeling the Webservice in the backend and assigning an API-key to a user @dpfaffenbauer


$this->checkPermission(‘objects’); checks if the user behind the api-key has access to objects.

API-Key is assigned to a User -> User has Roles and/or Permission.

Nope, just enable the webservice, create a user and the API-Key.



you can find out permission in user setup

Hope this help


I thought that I have to manuelly check for permissions (whether the API Key is correct and so on), and thought this command does that.

Found out, that I only had a problem with my routing (using annotations). After fixing that, everything worked just fine.

Thank you @dpfaffenbauer for providing the insight of the AbstractRestController. I cannot find anything regarding this topic within the pimcore documentation…