Submit Feedback
Legacy Knowledge Base
Published Sep. 10, 2025

How can I invoke Liferay Objects REST APIs from a backend OSGI module?

Written By

Jorge Diaz

How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How To articles!

While we make every effort to ensure this Knowledge Base is accurate, it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack" publication program, made available for informational purposes. Articles in this program were published without a requirement for independent editing or verification and are provided"as is" without guarantee.

Before using any information from this article, independently verify its suitability for your situation and project.

Issue

We are implementing a backend OSGI module, where we have to call the Liferay Objects API.

We have noticed that the only available API of this functionality is the REST API / GraphQL API explained here: https://learn.liferay.com/w/dxp/building-applications/objects/understanding-object-integrations/headless-framework-integration

My questions:

  • How can I call this API from a backend OSGI module?
  • How can I authenticate when calling these REST APIs?

Environment

  • Liferay DXP 7.4

Resolution

How can you call this API from a backend OSGI module?

To call this REST API from a backend OSGI module, you have to use any java class or library that allows you to make HTTP requests, for example:

How can I authenticate when calling these REST APIs?

To authenticate when calling these REST APIs from the backend, you have just to add to the HTTP request the headers with the user session information and the Cross-Site Request Forgery (CSRF) token.

For example, a call using CURL to the REST service http://localhost:8080/o/object-admin/v1.0/object-definitions is done as follows:

curl -X 'GET' 'http://localhost:8080/o/object-admin/v1.0/object-definitions' -H 'accept: application/json' -H 'Cookie: JSESSIONID=FCCBB92E9A927DBDF9A7FB7E41002889' -H 'x-csrf-token: bgs4QRYa'

Where FCCBB92E9A927DBDF9A7FB7E41002889 is the user's current session andbgs4QRYa is the CSRF token.

From the backend code, this data can be easily obtained from the HttpServletRequest object containing the incoming HTTP request:

  1. JSESSIONID: httpServletRequest.getSession().getId();
  2. CSRF Token: AuthTokenUtil.getToken(request)

As an example, I have attached a groovy script example call_rest_api_get_method_from_backend.groovy that you can execute from Control Panel => System => Server Administration => Script

This groovy script:

  1. Gets the JSESSIONID and CSRF Token from the request

  2. Make a GET call to the http://localhost:8080/o/object-admin/v1.0/object-definitions service using the HttpUtil HTTP client provided by Liferay in portal-kernel

Additional Information

 

 

Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?