Adding keywords ("tags") via REST API

I've just recently released a knowledge base site that makes heavy use of keywords, to identify machinery being maintained.

The users were interested in having new machinery keywords created in the Plone site as soon as another process generated a new machine number.

I created a regular page (e.g., with ID new-keywords-page) and a REST API call is made to set the page's keywords.

The side effect of setting the page's (or any content item's) keywords is that Plone will create the keyword if it doesn't already exist.

I created a new user, e.g., keywordadder

I used the management interface's Security tab, created a new role REST API User, and assigned the plone.restapi: Use REST API permission to that new role.

I assigned the new role to the new user.

This command sets the keyword on the page. (The -k flag tells curl to ignore SSL certificate errors).

curl -k -i -X PATCH -u 'keywordadder:password' -H “Accept: application/json” -H “Content-Type: application/json” -d '{“subjects”:[“9999”]}' https://site.local/new-keywords-page

This command lists the keywords on that page (you can point it to any content item, to see the keywords on that item):

curl -k -s -u 'keywordadder:password' -H “Accept: application/json” https://site.local/new-keywords-page | jq .subjects

The response should look like this:

[
  "9999"
]

You can set multiple keywords in one command:

curl -k -i -X PATCH -u 'keywordadder:password' -H “Accept: application/json” -H “Content-Type: application/json” -d '{“subjects”:[“9999”, “1234”]}' https://site.local/new-keywords-page

When you query a content item's keywords, this is what it will look like if there is more than one keyword:

curl -k -s -u 'keywordadder:password' -H “Accept: application/json” https://site.local/new-keywords-page | jq .subjects
[
  "9999",
  "1234"
]
1 Like

Nice!

This page is private or not accessible to other users, so it does not show up in search results, right? The keyword is anyway available to all users, because it relies only on the index value.

Can anonymous user extract site keywords from a Plone site using a public rest api? That would mean showing keywords from private pages.

It could be, but in my case I put user instructions on it to explain how a site administrator can add keywords manually (with screenshots), so that page serves a dual purpose :slight_smile:

You make a good point: to avoid having the page show up in search results, I could add to the user and developer instructions to clear out the keyword(s) after it(they) are added.

Yes!

I don't think so, because to use the REST API you have to use a user that has the permission plone.restapi: Use REST API

If you are able to use the REST API, I don't think there is a distinction made between keywords used on published/viewable (to that user) content versus on not viewable (to that user) content.

curl -k -s  -u 'admin:admin'   -H "Accept: application/json" https://site.local/@vocabularies/plone.app.vocabularies.Keywords

returns keywords (I didn't check if they're only the ones on viewable content, but also in that example I'm using admin)

but this command fails:

curl -k -s -u 'keywordadder:password' -H "Accept: application/json" https://site.local/@vocabularies/plone.app.vocabularies.Keywords
{
  "error": {
    "message": "You are not authorized to access the vocabulary 'plone.app.vocabularies.Keywords'.",
    "type": "Not authorized"