Appearance

Updating visuals

If you see any images containing outdated UI, please bear with us.

We are updating all content as quickly as possible to mirror our new UI.

API Endpoint settings

Every API Endpoint has settings that control how it's called and who can access it. These settings determine the API Endpoint's URL, HTTP method, and help your team understand what it does.

Name

Give your API Endpoint a clear, descriptive name that explains what it does. Good names make debugging easier and help teammates understand the codebase.

Examples:

  • Create Order
  • Update User Profile
  • Send Notification

Folder

You can organize API Endpoints into folders to keep related workflows together. Select a folder from the dropdown or leave it unassigned.

Example use cases:

  • Group all order-related API Endpoints in an Orders folder
  • Keep all user management API Endpoints in a Users folder
  • Organize admin operations in an Admin folder

Path

The path becomes part of your API Endpoint's URL. Keep it simple and consistent:

  • Use lowercase with underscores (e.g., submit_company_form)
  • Avoid special characters and spaces
  • Make it descriptive but not too long

Good path examples

  • create_order
  • update_profile
  • send_invite

Bad path examples

  • CreateOrder
    Use lowercase
  • submit form
    No spaces
  • do-stuff
    Not descriptive

AUTO-GENERATED PATHS

When you create a new API Endpoint, WeWeb automatically generates the path based on the API Endpoint name. For example, if you name your API Endpoint "Create Order", WeWeb will set create_order as the path. If you need to customize the path, you are able to manually change it.

Method

The HTTP method determines how the API Endpoint is called:

  • POST — For creating or updating data, or any operation that modifies state
  • GET — For read-only operations
  • PUT — For full updates of a resource
  • DELETE — For deleting resources

Most API Endpoints use POST since they often involve creating or updating data.

Security (Middleware)

Set who can call your API Endpoint in the Security panel:

  • Public — Anyone can call it, even without signing in. Only use for non-sensitive reads
  • Authenticated — Only signed-in users can call it. Good for user-specific operations
  • Role-based — Only users with a specific role (like admin) can call it. Perfect for privileged operations

You can also add custom middleware workflows for more granular security checks.

Choose the most restrictive level that still allows your app to function properly.

Learn more about securing API Endpoints →

Description

Write a clear description explaining:

  • What the API Endpoint does
  • What inputs it expects
  • What it returns
  • Any important business rules or validation

The description field supports rich text formatting, allowing you to add emphasis, lists, and links to make your documentation clearer.

Example:

Creates a new order for the current user.

Inputs:
- items (array) - List of product IDs
- delivery_address (string) - Full delivery address
- note (string, optional) - Special instructions

Returns:
- order_id (string) - ID of the created order
- total (number) - Order total in cents

Good descriptions help teammates understand the API Endpoint without reading the entire workflow.

CONTINUE LEARNING

Learn how to create your first API Endpoint and start building.

Create your first API Endpoint →