Collections
The /collections endpoint allows you to manage collections and their security permissions. Collections can be either static (with explicitly defined members) or dynamic (with members determined by a query).
Create Collection
Endpoint: /collections
Method: POST
Headers
| Header | Value |
|---|---|
Authorization | Bearer <YOUR_JWT_TOKEN> |
Input Parameters
| Parameter | Data Type | Description |
|---|---|---|
| name | string | (Required) The name of the collection. |
| dynamic | boolean | (Required) Whether this is a dynamic collection. Dynamic collections use queries to determine members, static collections have explicit member lists. |
| description | string | Description of the collection. |
| tags | string[] | A list of tags to associate with the collection. |
| type | string | The ID of the content type for this collection. Objects in the collection should match this type. |
| query | object | Query for dynamic collections. Only used when dynamic is true. Defines the criteria for automatic membership. |
| properties | object | Additional properties as key-value pairs. |
| parent | string | The ID of a parent collection. Collections can be organized hierarchically. |
| table_layout | ColumnLayout[] | Custom table layout configuration for displaying collection members. |
| allowed_types | string[] | Array of content type IDs that are allowed in this collection. |
Example Request
{
"name": "Project Documents",
"description": "All project-related documents",
"dynamic": false,
"type": "<CONTENT_TYPE_ID>",
"tags": ["project", "documents"],
"properties": {
"department": "Engineering",
"year": "2024"
}
}
Example Response
{
"id": "<COLLECTION_ID>",
"name": "Project Documents",
"description": "All project-related documents",
"dynamic": false,
"status": "active",
"type": {
"id": "<CONTENT_TYPE_ID>",
"name": "Document"
},
"tags": ["project", "documents"],
"properties": {
"department": "Engineering",
"year": "2024"
},
"created_by": "user:<USER_ID>",
"updated_by": "user:<USER_ID>",
"created_at": "2024-01-15T10:30:00.000Z",
"updated_at": "2024-01-15T10:30:00.000Z"
}
Code Example
Create Collection
curl -X POST \
https://api.vertesia.io/api/v1/collections \
-H 'Authorization: Bearer <YOUR_JWT_TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"name": "Project Documents",
"description": "All project-related documents",
"dynamic": false,
"type": "<CONTENT_TYPE_ID>",
"tags": ["project", "documents"],
"properties": {
"department": "Engineering",
"year": "2024"
}
}'
Retrieve Collection
Endpoint: /collections/:collectionId
Method: GET
Headers
| Header | Value |
|---|---|
Authorization | Bearer <YOUR_JWT_TOKEN> |
Path Parameters
| Parameter | Description |
|---|---|
| collectionId | (Required) The ID of the collection to retrieve. |
Query Parameters
| Parameter | Description |
|---|---|
| select | A string of space separated field names. Prefix a field name with "-" to exclude it from the result. |
Example Response
{
"id": "<COLLECTION_ID>",
"name": "Project Documents",
"description": "All project-related documents",
"dynamic": false,
"status": "active",
"type": {
"id": "<CONTENT_TYPE_ID>",
"name": "Document"
},
"tags": ["project", "documents"],
"properties": {
"department": "Engineering",
"year": "2024"
},
"created_by": "user:<USER_ID>",
"updated_by": "user:<USER_ID>",
"created_at": "2024-01-15T10:30:00.000Z",
"updated_at": "2024-01-15T10:30:00.000Z"
}
Code Example
Retrieve Collection
curl -X GET \
https://api.vertesia.io/api/v1/collections/<COLLECTION_ID> \
-H 'Authorization: Bearer <YOUR_JWT_TOKEN>'
Update Collection
Endpoint: /collections/:collectionId
Method: PUT
Headers
| Header | Value |
|---|---|
Authorization | Bearer <YOUR_JWT_TOKEN> |
Path Parameters
| Parameter | Description |
|---|---|
| collectionId | (Required) The ID of the collection to update. |
Requirements: User must have content:write permission on the collection.
Input Parameters
| Parameter | Data Type | Description |
|---|---|---|
| name | string | The name of the collection. |
| description | string | Description of the collection. |
| tags | string[] | A list of tags to associate with the collection. |
| type | string | The ID of the content type for this collection. Note: changing the type will clear existing properties. |
| dynamic | boolean | Whether this is a dynamic collection. |
| query | object | Query for dynamic collections. |
| properties | object | Additional properties. Note: properties are cleared when the type changes. |
| parent | string | The ID of a parent collection. |
| table_layout | ColumnLayout[] | Custom table layout configuration. |
| allowed_types | string[] | Array of content type IDs allowed in this collection. |
Example Request
{
"name": "Updated Project Documents",
"description": "Updated description for project documents",
"tags": ["project", "documents", "2024"]
}
Example Response
{
"id": "<COLLECTION_ID>",
"name": "Updated Project Documents",
"description": "Updated description for project documents",
"dynamic": false,
"status": "active",
"type": {
"id": "<CONTENT_TYPE_ID>",
"name": "Document"
},
"tags": ["project", "documents", "2024"],
"created_by": "user:<USER_ID>",
"updated_by": "user:<USER_ID>",
"created_at": "2024-01-15T10:30:00.000Z",
"updated_at": "2024-01-15T11:00:00.000Z"
}
Code Example
Update Collection
curl -X PUT \
https://api.vertesia.io/api/v1/collections/<COLLECTION_ID> \
-H 'Authorization: Bearer <YOUR_JWT_TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"name": "Updated Project Documents",
"description": "Updated description for project documents",
"tags": ["project", "documents", "2024"]
}'
Delete Collection
Endpoint: /collections/:collectionId
Method: DELETE
Headers
| Header | Value |
|---|---|
Authorization | Bearer <YOUR_JWT_TOKEN> |
Path Parameters
| Parameter | Description |
|---|---|
| collectionId | (Required) The ID of the collection to delete. |
Requirements: User must have content:delete permission on the collection.
Example Response
{
"id": "<COLLECTION_ID>",
"count": 1
}
Code Example
Delete Collection
curl -X DELETE \
https://api.vertesia.io/api/v1/collections/<COLLECTION_ID> \
-H 'Authorization: Bearer <YOUR_JWT_TOKEN>'
Search Collections
Endpoint: /collections/search
Method: POST
Headers
| Header | Value |
|---|---|
Authorization | Bearer <YOUR_JWT_TOKEN> |
Requirements: User must have content:read permission. Returns only collections the user has access to.
ComplexCollectionSearchQuery Fields
The search query supports multiple filtering criteria:
Basic Filters
| Field | Data Type | Description |
|---|---|---|
| name | string | Filter by collection name (partial match, case-insensitive). |
| status | string | Filter by status (e.g., "active", "archived"). |
| dynamic | boolean | Filter by collection type - true for dynamic collections, false for static collections. |
| type | string | Filter by content type ID. |
| types | string[] | Filter by multiple content type IDs. Use "Document" for collections without a specific type. |
| parent | string | Filter by parent collection ID. Returns direct children only. |
Pagination
| Field | Data Type | Description |
|---|---|---|
| limit | number | Maximum number of results to return. Default: 1000. |
| offset | number | Number of results to skip for pagination. Default: 0. |
Advanced Filters
| Field | Data Type | Description |
|---|---|---|
| match | object | Raw MongoDB query for advanced filtering. Allows direct database queries for complex scenarios. |
Example Request
{
"name": "project",
"dynamic": false,
"status": "active",
"type": "<CONTENT_TYPE_ID>",
"limit": 20,
"offset": 0
}
Example Response
[
{
"id": "<COLLECTION_ID>",
"name": "Project Documents",
"description": "All project-related documents",
"dynamic": false,
"status": "active",
"type": {
"id": "<CONTENT_TYPE_ID>",
"name": "Document"
},
"tags": ["project", "documents"],
"created_by": "user:<USER_ID>",
"updated_by": "user:<USER_ID>",
"created_at": "2024-01-15T10:30:00.000Z",
"updated_at": "2024-01-15T10:30:00.000Z"
}
]
Code Example
Search Collections
curl -X POST \
https://api.vertesia.io/api/v1/collections/search \
-H 'Authorization: Bearer <YOUR_JWT_TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"name": "project",
"dynamic": false,
"status": "active",
"type": "<CONTENT_TYPE_ID>",
"limit": 20,
"offset": 0
}'
Compute Facets
Endpoint: /collections/facets
Method: POST
Headers
| Header | Value |
|---|---|
Authorization | Bearer <YOUR_JWT_TOKEN> |
Requirements: User must have content:read permission.
Description: Compute faceted aggregations on collections. Useful for building filter UIs and understanding collection distribution.
Input Parameters
| Parameter | Data Type | Description |
|---|---|---|
| facets | FacetSpec[] | (Required) Array of facet specifications. Each spec defines a field to aggregate. |
| query | ComplexCollectionSearchQuery | Optional query to filter collections before computing facets. |
FacetSpec Structure
| Field | Data Type | Description |
|---|---|---|
| name | string | (Required) The name for this facet in the results. |
| field | string | (Required) The collection field to aggregate (e.g., "type", "status", "dynamic"). |
Example Request
{
"facets": [
{
"name": "by_type",
"field": "type"
},
{
"name": "by_status",
"field": "status"
}
],
"query": {
"dynamic": false
}
}
Example Response
{
"by_type": [
{
"_id": "<TYPE_ID>",
"count": 15
},
{
"_id": null,
"count": 5
}
],
"by_status": [
{
"_id": "active",
"count": 18
},
{
"_id": "archived",
"count": 2
}
],
"total": 20
}
Code Example
Compute Collection Facets
curl -X POST \
https://api.vertesia.io/api/v1/collections/facets \
-H 'Authorization: Bearer <YOUR_JWT_TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"facets": [
{
"name": "by_type",
"field": "type"
},
{
"name": "by_status",
"field": "status"
}
],
"query": {
"dynamic": false
}
}'
Update Collection Permissions
Endpoint: /collections/:collectionId/permissions
Method: PUT
Headers
| Header | Value |
|---|---|
Authorization | Bearer <YOUR_JWT_TOKEN> |
Path Parameters
| Parameter | Description |
|---|---|
| collectionId | (Required) The ID of the collection to update permissions for. |
Requirements: User must have content:admin or content:superadmin permission.
Input Parameters
The request body should be an object with permission keys and arrays of principals:
| Parameter | Data Type | Description |
|---|---|---|
| content:read | string[] | Array of principals with read access to the collection. |
| content:write | string[] | Array of principals with write access to the collection. |
| content:delete | string[] | Array of principals with delete access to the collection. |
Principal Format:
user:<userId>- Individual user accessgroup:<groupId>- Group accessrole:<roleId>- Role-based accessproject:*- Project-wide access (all project members)
Note: Dynamic collections cannot have permissions updated. For static collections, permissions automatically propagate to all member objects.
Example Request
{
"content:read": ["user:507f1f77bcf86cd799439011", "group:507f191e810c19729de860ea", "project:*"],
"content:write": ["user:507f1f77bcf86cd799439011", "project:*"],
"content:delete": ["user:507f1f77bcf86cd799439011"]
}
Example Response
{
"id": "<COLLECTION_ID>",
"security": {
"content:read": ["group:507f191e810c19729de860ea", "project:*", "user:507f1f77bcf86cd799439011"],
"content:write": ["project:*", "user:507f1f77bcf86cd799439011"],
"content:delete": ["user:507f1f77bcf86cd799439011"]
},
"objectsUpdated": 42
}
Code Example
Update Collection Permissions
curl -X PUT \
https://api.vertesia.io/api/v1/collections/<COLLECTION_ID>/permissions \
-H 'Authorization: Bearer <YOUR_JWT_TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"content:read": ["user:507f1f77bcf86cd799439011", "group:507f191e810c19729de860ea", "project:*"],
"content:write": ["user:507f1f77bcf86cd799439011", "project:*"],
"content:delete": ["user:507f1f77bcf86cd799439011"]
}'
Propagate Permissions
Endpoint: /collections/:collectionId/propagate-permissions
Method: POST
Headers
| Header | Value |
|---|---|
Authorization | Bearer <YOUR_JWT_TOKEN> |
Path Parameters
| Parameter | Description |
|---|---|
| collectionId | (Required) The ID of the collection to propagate permissions from. |
Requirements: User must have content:admin or content:superadmin permission.
Description: Manually triggers permission propagation from the collection to all its member objects. This is useful when permissions may be out of sync or need to be reapplied. Permissions are normally propagated automatically when changed, but this endpoint allows manual triggering.
Example Response
{
"id": "<COLLECTION_ID>",
"message": "Permissions propagated to 42 objects",
"security": {
"content:read": ["user:507f1f77bcf86cd799439011", "project:*"],
"content:write": ["user:507f1f77bcf86cd799439011"],
"content:delete": ["user:507f1f77bcf86cd799439011"]
},
"objectsUpdated": 42
}
Code Example
Propagate Permissions
curl -X POST \
https://api.vertesia.io/api/v1/collections/<COLLECTION_ID>/propagate-permissions \
-H 'Authorization: Bearer <YOUR_JWT_TOKEN>'
Add/Remove Collection Members
Endpoint: /collections/:collectionId/members
Method: POST
Headers
| Header | Value |
|---|---|
Authorization | Bearer <YOUR_JWT_TOKEN> |
Path Parameters
| Parameter | Description |
|---|---|
| collectionId | (Required) The ID of the static collection to modify. |
Requirements: User must have content:write permission on the collection.
Input Parameters
| Parameter | Data Type | Description |
|---|---|---|
| action | string | (Required) Either "add" or "delete". |
| members | string[] | (Required) Array of object IDs to add or remove. |
Important Notes:
- Only works with static collections (where
dynamicisfalse) - Objects can belong to a maximum of 5 "secured" collections (collections with specific user/group permissions)
- Collections with only
project:*permissions don't count toward this limit - When adding members, the collection's permissions automatically propagate to the objects
- When an object is in multiple collections, it inherits permissions from ALL collections (additive model)
Example Request
{
"action": "add",
"members": ["507f1f77bcf86cd799439011", "507f191e810c19729de860ea", "507f191e810c19729de860eb"]
}
Example Response
{
"id": "<COLLECTION_ID>",
"objectsUpdated": 3
}
Code Example
Add Collection Members
curl -X POST \
https://api.vertesia.io/api/v1/collections/<COLLECTION_ID>/members \
-H 'Authorization: Bearer <YOUR_JWT_TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"action": "add",
"members": ["507f1f77bcf86cd799439011", "507f191e810c19729de860ea", "507f191e810c19729de860eb"]
}'
Get Collection Members
Endpoint: /collections/:collectionId/members
Method: GET
Headers
| Header | Value |
|---|---|
Authorization | Bearer <YOUR_JWT_TOKEN> |
Path Parameters
| Parameter | Description |
|---|---|
| collectionId | (Required) The ID of the collection. |
Requirements: User must have content:read permission on the collection.
Query Parameters
| Parameter | Data Type | Description |
|---|---|---|
| status | string | Filter members by status. |
| type | string | Filter members by content type ID. |
| limit | number | Maximum number of results to return. Default: 100. |
| offset | number | Number of results to skip. Default: 0. |
Description: Returns the objects that are members of this collection. For dynamic collections, returns objects matching the collection's query. For static collections, returns explicitly added members. Users with the content:superadmin permission can access all collection members regardless of object-level permissions.
Example Response
[
{
"id": "<OBJECT_ID>",
"name": "Document 1",
"status": "processed",
"type": {
"id": "<TYPE_ID>",
"name": "Document"
},
"created_at": "2024-01-15T10:30:00.000Z",
"updated_at": "2024-01-15T10:30:00.000Z"
}
]
Code Example
Get Collection Members
curl -X GET \
'https://api.vertesia.io/api/v1/collections/<COLLECTION_ID>/members?limit=100&offset=0' \
-H 'Authorization: Bearer <YOUR_JWT_TOKEN>'
Search Collection Members
Endpoint: /collections/:collectionId/search
Method: POST
Headers
| Header | Value |
|---|---|
Authorization | Bearer <YOUR_JWT_TOKEN> |
Path Parameters
| Parameter | Description |
|---|---|
| collectionId | (Required) The ID of the collection. |
Requirements: User must have content:read permission on the collection.
Description: Performs advanced search on collection members with support for full-text search, vector similarity search, and complex filtering. The search is automatically scoped to the collection's members.
Input Parameters
The search accepts a ComplexSearchPayload with the following structure:
| Parameter | Data Type | Description |
|---|---|---|
| query | ComplexSearchQuery | The search query with filters, full-text search, and vector search. See Objects API for full query documentation. |
| limit | number | Maximum number of results to return. |
| offset | number | Number of results to skip. |
Example Request
{
"query": {
"name": "report",
"status": "processed",
"full_text": "quarterly financial",
"vector": {
"objectId": "<REFERENCE_OBJECT_ID>",
"config": { "text": true }
},
"weights": {
"text": 5,
"full_text": 3
}
},
"limit": 10,
"offset": 0
}
Code Example
Search Collection Members
curl -X POST \
https://api.vertesia.io/api/v1/collections/<COLLECTION_ID>/search \
-H 'Authorization: Bearer <YOUR_JWT_TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"query": {
"name": "report",
"status": "processed",
"full_text": "quarterly financial"
},
"limit": 10,
"offset": 0
}'
Compute Member Facets
Endpoint: /collections/:collectionId/facets
Method: POST
Headers
| Header | Value |
|---|---|
Authorization | Bearer <YOUR_JWT_TOKEN> |
Path Parameters
| Parameter | Description |
|---|---|
| collectionId | (Required) The ID of the collection. |
Requirements: User must have content:read permission on the collection.
Description: Compute faceted aggregations on collection members. Useful for building filter UIs and understanding member distribution within a collection.
Input Parameters
| Parameter | Data Type | Description |
|---|---|---|
| facets | FacetSpec[] | (Required) Array of facet specifications. |
| query | ComplexSearchQuery | Optional query to filter members before computing facets. |
Example Request
{
"facets": [
{
"name": "by_status",
"field": "status"
},
{
"name": "by_type",
"field": "type"
}
]
}
Code Example
Compute Member Facets
curl -X POST \
https://api.vertesia.io/api/v1/collections/<COLLECTION_ID>/facets \
-H 'Authorization: Bearer <YOUR_JWT_TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"facets": [
{
"name": "by_status",
"field": "status"
},
{
"name": "by_type",
"field": "type"
}
]
}'
Search Child Collections
Endpoint: /collections/:collectionId/children/search
Method: POST
Headers
| Header | Value |
|---|---|
Authorization | Bearer <YOUR_JWT_TOKEN> |
Path Parameters
| Parameter | Description |
|---|---|
| collectionId | (Required) The ID of the parent collection. |
Requirements: User must have content:read permission on the collection.
Description: Search for child collections of the specified parent collection. Collections can be organized hierarchically, and this endpoint returns direct children only.
Input Parameters
Accepts the same query parameters as Search Collections, with the parent field automatically set to the collection ID.
Example Request
{
"name": "sub",
"status": "active",
"limit": 10,
"offset": 0
}
Code Example
Search Child Collections
curl -X POST \
https://api.vertesia.io/api/v1/collections/<COLLECTION_ID>/children/search \
-H 'Authorization: Bearer <YOUR_JWT_TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"name": "sub",
"status": "active",
"limit": 10,
"offset": 0
}'
Add/Remove Child Collections
Endpoint: /collections/:collectionId/children
Method: POST
Headers
| Header | Value |
|---|---|
Authorization | Bearer <YOUR_JWT_TOKEN> |
Path Parameters
| Parameter | Description |
|---|---|
| collectionId | (Required) The ID of the parent collection. |
Requirements: User must have content:write permission on the collection.
Input Parameters
| Parameter | Data Type | Description |
|---|---|---|
| action | string | (Required) Either "add" or "delete". |
| children | string[] | (Required) Array of child collection IDs to add or remove. |
Note: A collection cannot be a child of itself. This validation is enforced by the API.
Example Request
{
"action": "add",
"children": ["507f1f77bcf86cd799439011", "507f191e810c19729de860ea"]
}
Example Response
{
"count": 2
}
Code Example
Add Child Collections
curl -X POST \
https://api.vertesia.io/api/v1/collections/<COLLECTION_ID>/children \
-H 'Authorization: Bearer <YOUR_JWT_TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"action": "add",
"children": ["507f1f77bcf86cd799439011", "507f191e810c19729de860ea"]
}'
Security Model
Additive Permission Model
When objects belong to multiple collections, they inherit permissions from ALL collections:
- Permission Merging: Object permissions are the UNION of all collection permissions
- Collection Limit: Maximum 5 secured collections per object (collections with specific user/group permissions)
- Project-wide Access: Collections with only
project:*don't count toward the limit - Revision Inheritance: All revisions inherit security from the root object
- Automatic Propagation: Permission changes automatically propagate to all member objects
Permission Types
content:read- View collection and its contentscontent:write- Modify collection and manage memberscontent:delete- Delete collectioncontent:admin- Manage collection permissionscontent:superadmin- Full access to all collections for management purposes
Access Control
- Users can only see collections they have at least
content:readpermission for - Super admins can see all collections for management purposes
- Permission changes propagate automatically to all member objects
- Objects inherit the union of permissions from all their collections
Examples
Single Collection:
- Object A is in Collection 1 with
["user:123", "project:*"]read permission - Object A inherits
["user:123", "project:*"]read permission
Multiple Collections:
- Object B is in Collection 1 with
["user:123"]read permission - Object B is in Collection 2 with
["user:456", "project:*"]read permission - Object B inherits
["user:123", "user:456", "project:*"]read permission (union of both)
Secured Collection Limit:
- Collections with only
project:*permissions are not counted - Objects can be in unlimited
project:*-only collections - Objects can be in maximum 5 collections with specific user/group permissions