The primary REST API for Zenodo allowing programmatic deposit creation, file upload, record publication, and record search and retrieval. Supports personal access token authentication via OAuth 2.0 Bearer tokens. Provides endpoints for deposits, records, files, communities, funders, grants, and licenses.
openapi: 3.0.3
info:
title: Zenodo REST API
description: >
REST API for Zenodo, the free open research data repository operated by CERN
and built on InvenioRDM. Provides programmatic access to deposits (draft records),
published records, file management, communities, vocabularies, OAI-PMH sets,
requests, users, groups, statistics, and audit logs. Every published record
receives a DOI for persistent citation. Authenticate with a personal access token
passed as a Bearer token.
version: 12.0.0
contact:
name: Zenodo Developer Documentation
url: https://developers.zenodo.org/
license:
name: MIT License
url: https://opensource.org/licenses/MIT
x-upstream-spec: https://github.com/inveniosoftware/invenio-openapi
servers:
- url: https://zenodo.org
description: Zenodo production instance
- url: https://sandbox.zenodo.org
description: Zenodo sandbox (testing)
security:
- BearerAuth: []
tags:
- name: Records
description: Record and draft management endpoints
- name: Drafts
description: Draft record management
- name: Drafts Files upload
description: Draft file upload workflow
- name: Records Files
description: File management operations on published records
- name: Records Versions
description: Record version management
- name: Communities
description: Community management endpoints
- name: Featured Communities
description: Featured communities management
- name: Communities Members
description: Community membership management
- name: Communities Invitations
description: Community invitation management
- name: Communities logo
description: Community logo management
- name: Users
description: User management endpoints
- name: Groups
description: Group management endpoints
- name: Avatars
description: User and group avatars
- name: Requests
description: Request management endpoints
- name: Request Actions
description: Request actions and lifecycle management
- name: Comments
description: Request comments and discussions
- name: Timeline
description: Request timeline and history
- name: Vocabularies
description: Vocabulary and controlled terms endpoints
- name: OAI-PMH
description: OAI-PMH protocol endpoints
- name: OAI-PMH Sets
description: OAI-PMH set management
- name: Export
description: Record export functionality
- name: Statistics
description: Statistics and analytics endpoints
- name: Access
description: Access control and sharing
- name: Audit Logs
description: Audit log entries and search
paths:
/api/records:
post:
summary: Create a draft record
tags:
- Records
operationId: createADraftRecord
requestBody:
required: true
content:
application/json:
schema:
type: object
example:
access:
record: public
files: public
files:
enabled: true
metadata:
creators:
- person_or_org:
family_name: Doe
given_name: John
identifiers:
- identifier: 0000-0000-0000-0000
scheme: orcid
name: Doe, John
type: personal
affiliations:
- name: Example Organization
role:
id: other
publication_date: "2020-06-01"
resource_type:
id: dataset
title: Example dataset
responses:
"201":
$ref: "#/components/responses/Created"
"400":
$ref: "#/components/responses/BadRequest"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
get:
summary: Search records
tags:
- Records
operationId: searchRecords
parameters:
- name: q
in: query
required: false
schema:
type: string
description: Search query using ElasticSearch query string syntax.
- name: sort
in: query
required: false
schema:
type: string
description: >
Sort results. Options: bestmatch, newest, oldest, updated-desc,
updated-asc, version, mostviewed, mostdownloaded.
example: newest
- name: size
in: query
required: false
schema:
type: string
description: Number of items per page (default 10).
- name: page
in: query
required: false
schema:
type: string
description: Page number.
- name: allversions
in: query
required: false
schema:
type: string
description: Include all versions (default False).
example: "True"
responses:
"200":
$ref: "#/components/responses/Success"
"400":
$ref: "#/components/responses/BadRequest"
"401":
$ref: "#/components/responses/Unauthorized"
"500":
$ref: "#/components/responses/InternalServerError"
/api/records/{recordId}:
get:
summary: Get a record by ID
tags:
- Records
operationId: getARecordById
parameters:
- name: recordId
in: path
required: true
schema:
type: string
description: Unique record identifier
responses:
"200":
$ref: "#/components/responses/Success"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
/api/records/{recordId}/communities:
delete:
summary: Remove a record from a community
tags:
- Records
operationId: deleteRecordCommunity
parameters:
- name: recordId
in: path
required: true
schema:
type: string
responses:
"200":
$ref: "#/components/responses/Success"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
/api/records/{draftId}/draft:
get:
summary: Get a draft record
tags:
- Drafts
operationId: getADraftRecord
parameters:
- name: draftId
in: path
required: true
schema:
type: string
responses:
"200":
$ref: "#/components/responses/Success"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
put:
summary: Update a draft record
tags:
- Drafts
operationId: updateADraftRecord
parameters:
- name: draftId
in: path
required: true
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
type: object
responses:
"200":
$ref: "#/components/responses/Success"
"400":
$ref: "#/components/responses/BadRequest"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
post:
summary: Edit a published record (create draft from published)
tags:
- Drafts
operationId: editAPublishedRecord
parameters:
- name: draftId
in: path
required: true
schema:
type: string
responses:
"201":
$ref: "#/components/responses/Created"
"400":
$ref: "#/components/responses/BadRequest"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
delete:
summary: Delete/discard a draft record
tags:
- Drafts
operationId: deleteADraftRecord
parameters:
- name: draftId
in: path
required: true
schema:
type: string
responses:
"200":
$ref: "#/components/responses/Success"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
/api/records/{draftId}/draft/actions/publish:
post:
summary: Publish a draft record
tags:
- Drafts
operationId: publishADraftRecord
parameters:
- name: draftId
in: path
required: true
schema:
type: string
responses:
"201":
$ref: "#/components/responses/Created"
"400":
$ref: "#/components/responses/BadRequest"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
/api/records/{draftId}/draft/actions/files-import:
post:
summary: Link files from previous version
tags:
- Drafts
operationId: linkFilesFromPreviousVersion
parameters:
- name: draftId
in: path
required: true
schema:
type: string
responses:
"201":
$ref: "#/components/responses/Created"
"400":
$ref: "#/components/responses/BadRequest"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
/api/records/{draftId}/draft/review:
get:
summary: Get a review request for a draft
tags:
- Drafts
operationId: getAReviewRequest
parameters:
- name: draftId
in: path
required: true
schema:
type: string
responses:
"200":
$ref: "#/components/responses/Success"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
put:
summary: Create or update a review request
tags:
- Drafts
operationId: createUpdateAReviewRequest
parameters:
- name: draftId
in: path
required: true
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
type: object
example:
receiver:
community: "community-id"
type: community-submission
responses:
"200":
$ref: "#/components/responses/Success"
"400":
$ref: "#/components/responses/BadRequest"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
delete:
summary: Delete a review request
tags:
- Drafts
operationId: deleteAReviewRequest
parameters:
- name: draftId
in: path
required: true
schema:
type: string
responses:
"200":
$ref: "#/components/responses/Success"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
/api/records/{draftId}/draft/actions/submit-review:
post:
summary: Submit a draft for community review
tags:
- Drafts
operationId: submitARecordForReview
parameters:
- name: draftId
in: path
required: true
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
type: object
example:
payload:
content: Thank you in advance for the review.
format: html
responses:
"201":
$ref: "#/components/responses/Created"
"400":
$ref: "#/components/responses/BadRequest"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
/api/records/{draftId}/draft/pids/doi:
post:
summary: Reserve a DOI for a draft
tags:
- Drafts
operationId: reserveADoi
parameters:
- name: draftId
in: path
required: true
schema:
type: string
responses:
"201":
$ref: "#/components/responses/Created"
"400":
$ref: "#/components/responses/BadRequest"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
delete:
summary: Delete a reserved DOI
tags:
- Drafts
operationId: deleteADoi
parameters:
- name: draftId
in: path
required: true
schema:
type: string
responses:
"200":
$ref: "#/components/responses/Success"
"400":
$ref: "#/components/responses/BadRequest"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
/api/records/{draftId}/draft/files:
post:
summary: "Step 1: Start draft file uploads"
tags:
- Drafts Files upload
operationId: startDraftFileUploads
parameters:
- name: draftId
in: path
required: true
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
type: array
items:
type: object
properties:
key:
type: string
example:
- key: "filename.csv"
responses:
"201":
$ref: "#/components/responses/Created"
"400":
$ref: "#/components/responses/BadRequest"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
get:
summary: List draft files
tags:
- Drafts
operationId: listDraftFiles
parameters:
- name: draftId
in: path
required: true
schema:
type: string
responses:
"200":
$ref: "#/components/responses/Success"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
/api/records/{draftId}/draft/files/{file-name}/content:
put:
summary: "Step 2: Upload draft file content"
tags:
- Drafts Files upload
operationId: uploadDraftFileContent
parameters:
- name: draftId
in: path
required: true
schema:
type: string
- name: file-name
in: path
required: true
schema:
type: string
requestBody:
required: true
content:
application/octet-stream:
schema:
type: string
format: binary
responses:
"200":
$ref: "#/components/responses/Success"
"400":
$ref: "#/components/responses/BadRequest"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
get:
summary: Download a draft file
tags:
- Drafts
operationId: downloadADraftFile
parameters:
- name: draftId
in: path
required: true
schema:
type: string
- name: file-name
in: path
required: true
schema:
type: string
responses:
"200":
$ref: "#/components/responses/Success"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
/api/records/{draftId}/draft/files/{file-name}/commit:
post:
summary: "Step 3: Complete a draft file upload"
tags:
- Drafts Files upload
operationId: completeDraftFileUpload
parameters:
- name: draftId
in: path
required: true
schema:
type: string
- name: file-name
in: path
required: true
schema:
type: string
responses:
"201":
$ref: "#/components/responses/Created"
"400":
$ref: "#/components/responses/BadRequest"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
/api/records/{draftId}/draft/files/{file-name}:
get:
summary: Get draft file metadata
tags:
- Drafts
operationId: getDraftFileMetadata
parameters:
- name: draftId
in: path
required: true
schema:
type: string
- name: file-name
in: path
required: true
schema:
type: string
responses:
"200":
$ref: "#/components/responses/Success"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
delete:
summary: Delete a draft file
tags:
- Drafts
operationId: deleteADraftFile
parameters:
- name: draftId
in: path
required: true
schema:
type: string
- name: file-name
in: path
required: true
schema:
type: string
responses:
"200":
$ref: "#/components/responses/Success"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
/api/records/{recordId}/files:
get:
summary: List a record's files
tags:
- Records Files
operationId: listRecordFiles
parameters:
- name: recordId
in: path
required: true
schema:
type: string
responses:
"200":
$ref: "#/components/responses/Success"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
/api/records/{recordId}/files/{file-name}:
get:
summary: Get a record file's metadata
tags:
- Records Files
operationId: getRecordFileMetadata
parameters:
- name: recordId
in: path
required: true
schema:
type: string
- name: file-name
in: path
required: true
schema:
type: string
responses:
"200":
$ref: "#/components/responses/Success"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
/api/records/{recordId}/files/{file-name}/content:
get:
summary: Download a record file
tags:
- Records Files
operationId: downloadRecordFile
parameters:
- name: recordId
in: path
required: true
schema:
type: string
- name: file-name
in: path
required: true
schema:
type: string
responses:
"200":
$ref: "#/components/responses/Success"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
/api/records/{recordId}/versions:
post:
summary: Create a new record version
tags:
- Records Versions
operationId: createANewVersion
parameters:
- name: recordId
in: path
required: true
schema:
type: string
responses:
"201":
$ref: "#/components/responses/Created"
"400":
$ref: "#/components/responses/BadRequest"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
get:
summary: Get all versions of a record
tags:
- Records Versions
operationId: getAllVersions
parameters:
- name: recordId
in: path
required: true
schema:
type: string
responses:
"200":
$ref: "#/components/responses/Success"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
/api/records/{recordId}/versions/latest:
get:
summary: Get the latest version of a record
tags:
- Records Versions
operationId: getLatestVersion
parameters:
- name: recordId
in: path
required: true
schema:
type: string
responses:
"200":
$ref: "#/components/responses/Success"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
/api/records/{recordId}/access/links:
post:
summary: Create an access link
tags:
- Records
- Access
operationId: createAnAccessLink
parameters:
- name: recordId
in: path
required: true
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
type: object
example:
permission: view
expires_at: "2024-11-06"
responses:
"201":
$ref: "#/components/responses/Created"
"400":
$ref: "#/components/responses/BadRequest"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
get:
summary: List access links
tags:
- Records
- Access
operationId: listAccessLinks
parameters:
- name: recordId
in: path
required: true
schema:
type: string
responses:
"200":
$ref: "#/components/responses/Success"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
/api/records/{recordId}/access/links/{linkId}:
get:
summary: Get an access link by ID
tags:
- Records
- Access
operationId: getAnAccessLinkById
parameters:
- name: recordId
in: path
required: true
schema:
type: string
- name: linkId
in: path
required: true
schema:
type: string
responses:
"200":
$ref: "#/components/responses/Success"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
patch:
summary: Update an access link
tags:
- Records
- Access
operationId: updateAnAccessLink
parameters:
- name: recordId
in: path
required: true
schema:
type: string
- name: linkId
in: path
required: true
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
type: object
example:
permission: edit
expires_at: "2024-11-06"
responses:
"200":
$ref: "#/components/responses/Success"
"400":
$ref: "#/components/responses/BadRequest"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
delete:
summary: Delete an access link
tags:
- Records
- Access
operationId: deleteAnAccessLink
parameters:
- name: recordId
in: path
required: true
schema:
type: string
- name: linkId
in: path
required: true
schema:
type: string
responses:
"200":
$ref: "#/components/responses/Success"
"401":
$ref: "#/components/responses/Unauthorized"
"403":
$ref: "#/components/responses/Forbidden"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
security:
- BearerAuth: []
/api/records/{recordId}/export/json:
get:
summary: Export record as JSON
tags:
- Export
operationId: exportRecordAsJson
parameters:
- name: recordId
in: path
required: true
schema:
type: string
responses:
"200":
$ref: "#/components/responses/Success"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
/api/records/{recordId}/export/dublincore:
get:
summary: Export record as Dublin Core XML
tags:
- Export
operationId: exportRecordAsDublinCore
parameters:
- name: recordId
in: path
required: true
schema:
type: string
responses:
"200":
$ref: "#/components/responses/Success"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
/api/records/{recordId}/export/datacite-xml:
get:
summary: Export record as DataCite XML
tags:
- Export
operationId: exportRecordAsDataCiteXml
parameters:
- name: recordId
in: path
required: true
schema:
type: string
responses:
"200":
$ref: "#/components/responses/Success"
"404":
$ref: "#/components/responses/NotFound"
"500":
$ref: "#/components/responses/InternalServerError"
/api/records/{recordId}/export/datacite-json:
get:
summary: Export record as DataCite JSON
tags:
- Export
operationId: exportRecordAsDataCiteJson
parameters:
- name: recordId
in
# --- truncated at 32 KB (78 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/zenodo/refs/heads/main/openapi/zenodo-rest-api-openapi.yml