Service Exposure
How Can I Publish a REST API?
Whether you want full control of the API you implement or you just want to generate a back-end for your mobile application in a few minutes, Mendix can do it.
You can define your services in a Published REST Service document. Simply add or drag-and-drop the data or microflow from your app that you want to expose as REST API.
An OpenAPI contract will also be generated.
How Can I Publish a SOAP Service or Web Service?
You can publish your microflows as web service operations in Published Web Services document.
Drag and drop your microflow you want to expose to the published web services document.
For each operation, you can configure the parameters and return type based on the microflow.
How Can I Publish an OData Service?
OData APIs are REST APIs implemented according to the OData standards for REST APIs. You can expose your app data, queries (view entities), and microflow logic as OData by creating a Published OData Service document. The OData REST API out of the box provides support for filtering, sorting, pagination, expanding associations, all read and write operations. Depending on the availability of certain functionality of the data exposed, counting, sorting, and other functionality can be configured. You can also define one or more key attributes.
Publishing View Entities as OData resources give you additional control over the data exposed by your application. This helps you improve performance of the API, limit the data clients can receive, and evolve your internal data model without breaking your APIa and clients.
Similar to Published REST, an OpenAPI contract will be generated.
How can I create a GraphQL API in Mendix?
You have the option to expose OData APIs as GraphQL APIs by selecting “Supports GraphQL” in the published OData document. The entities which you exposed as OData resources will now also be available as GraphQL resources. You can get resources by id, specify attributes required, and associations available in the graph of resources. GraphQL APIs provide runtime introspection, so you developer tools can discover what data and functionality is available in the GraphQL API running in your Mendix app.
How Does Mendix Support Swagger and OpenAPI?
Mendix supports both publishing APIs with Swagger and OpenAPI contracts, and consuming OpenAI contracts. For service exposure:
- When publishing a REST API, it generates an OpenAPI contract that provides documentation and schema validation.
- Similarly, when publishing an OData API, it generates both an OpenAPI contract and an OData $metadata contract.
In 2025, Mendix plans to introduce support for starting from an OpenAPI contract in its interactive REST client. Furthermore, the Mendix Connect Catalog can register OpenAPI contracts from apps deployed in the Mendix cloud and allows for manually uploading OpenAPI contracts for non mendix apps.ith manual registration options available until then.
How Can I Secure My APIs?
API authentication can be done using basic authentication, tokens or custom logic.
The OIDC SSO module can validate OAuth Access Tokens issued by an OAuth Authorisation Server (e.g. Entra ID), either opaque or JWT. Mendix uses same security model for human users (userroles, entity access, etc) and ‘machine identities’. Authorized userroles are assigned based on e.g the scopes in the Access Token or customized logic can be applied. Machine identities can be provisioned on-the-fly. No API-keys or passwords need to be managed in the consumed API.