Product SiteDocumentation Site

5.38. API

MantisBT exposes a webservice API which allows remote clients to interact with MantisBT and perform many of the usual tasks, such as reporting issues, running filtered searches and retrieving attachments.
The SOAP API is enabled by default and available at /api/soap/mantisconnect.php below the MantisBT root. A WSDL file which describes the web service is available at /api/soap/mantisconnect.php?wsdl below the MantisBT root.
The REST API is enabled by default. A Swagger sandbox and documentation for REST API is available at /api/rest/swagger/ below the MantisBT root.
The following options are used to control the behaviour of the MantisBT SOAP API:
$g_webservice_readonly_access_level_threshold
Minimum global access level required to access webservice for readonly operations.
$g_webservice_readwrite_access_level_threshold
Minimum global access level required to access webservice for read/write operations.
$g_webservice_admin_access_level_threshold
Minimum global access level required to access the administrator webservices.
$g_webservice_specify_reporter_on_add_access_level_threshold
Minimum project access level required for caller to be able to specify reporter when adding issues or issue notes. Defaults to DEVELOPER.
$g_webservice_rest_enabled
Whether the REST API is enabled or not. Note that this flag only impacts API Token based auth. Hence, even if the API is disabled, it can still be used from the Web UI using cookie based authentication. Default ON.

5.38.1. Disabling the webservice API

If you wish to temporarily disable the webservice API it is sufficient to set the specific access thresholds to NOBODY:
$g_webservice_readonly_access_level_threshold = $g_webservice_readwrite_access_level_threshold = $g_webservice_admin_access_level_threshold = NOBODY;
While the SOAP API will still be accessible, it will not allow users to retrieve or modify data.