Skip to main content
Skip table of contents


You can integrate LUY with other repositories or planning tools by using its REST API. A tool or integrating component can access the building block data (using the single element API or massdata API), the metamodel (using the metamodel API), the building block history data (using the history API) as well as attributes, attribute groups, users and roles (using the administration API).

A complete documentation of all REST endpoints (including interactive examples and model definitions) using the open API specification can be found here:

Session authentication

Each time a request is sent to the REST API without an existing session, a new session is started and initialized with the required setup data. REST API sessions which are no longer in use will time out after 5 minutes by default.

When performing a lot of API requests, it is advised to reuse an existing session as this has a beneficial effect on both the request time and the required memory of the LUY instance. Please see below examples how to handle sessions across different API calls with and without CSRF tokens.

Without CSRF tokens and a separate login, the following example with curl can be used:

curl -k -v --data "j_username=system&j_password=password" <LUY_URL>/api/j_luy_security_check -c cookies.txt -b cookies.txt

Reuse the session in the following request
curl -X PUT -H "Content-Type: application/json" --cookie cookies.txt --data "{\"name\" : [\"Test\"]}" <LUY_URL>/api/element/BusinessProcess/27

When using CSRF tokens, there is more to consider. You can get a CSRF token by GET requests, hence something like the following works:


curl -X  GET --user "system:password" "<LUY_URL>/api/element/BusinessProcess/15" --cookie-jar cookies.txt

while read line; do 
if [[ $line == *"XSRF-TOKEN"* ]] 
if [[ $line == *"JSESSIONID"* ]] 
done < "cookies.txt"

curl -i -f -k -X PUT "<LUY_URL>/api/element/BusinessProcess/15" -H "X-XSRF-TOKEN: $xsrf" -H "Connection:keep-alive" -H "Content-Type:application/json" -d "{\"name\" : [\"Test\"]}" --cookie "JSESSIONID= $jsessionid; XSRF-TOKEN=$xsrf"

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.