From BaseX Documentation

Jump to: navigation, search

This page presents one of the Web Application services. It describes how to use the RESTXQ API of BaseX.

RESTXQ, introduced by Adam Retter, is an API that facilitates the use of XQuery as a server-side processing language for the Web. RESTXQ has been inspired by Java’s JAX-RS API: it defines a pre-defined set of XQuery 3.0 annotations for mapping HTTP requests to XQuery functions, which in turn generate and return HTTP responses.

Please note that BaseX provides various extensions to the original draft of the specification:




The RESTXQ service is accessible via http://localhost:8984/.

All RESTXQ annotations are assigned to the namespace, which is statically bound to the rest prefix. A Resource Function is an XQuery function that has been marked up with RESTXQ annotations. When an HTTP request comes in, a resource function will be invoked that matches the constraints indicated by its annotations.

If a RESTXQ URL is requested, the RESTXQPATH module directory and its sub-directories will be traversed, and all XQuery files will be parsed for functions with RESTXQ annotations. Sub-directories that include an .ignore file will be skipped. With Version 9.2, XQuery modules that cannot be parsed will be ignored as well.

To speed up processing, the functions of the existing XQuery modules are automatically cached in main memory:


A first RESTXQ function is shown below:

module namespace page = '';

declare %rest:path("hello/{$who}") %rest:GET function page:hello($who) {
    <title>Hello { $who }!</title>

If the URI http://localhost:8984/hello/World is accessed, the result will be:

  <title>Hello World!</title>

The next function demonstrates a POST request:

  %rest:form-param("message","{$message}", "(no message)")
  %rest:header-param("User-Agent", "{$agent}")
function page:hello-postman(
  $message as xs:string,
  $agent   as xs:string*
) as element(response) {
  <response type='form'>
    <message>{ $message }</message>
    <user-agent>{ $agent }</user-agent>

If you post something (e.g. using curl or the embedded form at http://localhost:8984/)...

curl -i -X POST --data "message='CONTENT'" http://localhost:8984/form will receive something similar to the following result:

HTTP/1.1 200 OK
Content-Type: application/xml; charset=UTF-8
Content-Length: 107
Server: Jetty(8.1.11.v20130520)
<response type="form">


This section shows how annotations are used to handle and process HTTP requests.


Constraints restrict the HTTP requests that a resource function may process.


A resource function must have a single Path Annotation with a single string as argument. The function will be called if a URL matches the path segments and templates of the argument. Path templates contain variables in curly brackets, and map the corresponding segments of the request path to the arguments of the resource function. The first slash in the path is optional.

The following example contains a path annotation with three segments and two templates. One of the function arguments is further specified with a data type, which means that the value for $variable will be cast to an xs:integer before being bound:

declare %rest:path("/a/path/{$with}/some/{$variable}")
  function page:test($with, $variable as xs:integer) { ... };

Variables can be enhanced by regular expressions:

(: Matches all paths with "app" as first, a number as second, and "order" as third segment :)
declare %rest:path("app/{$code=[0-9]+}/order")
  function page:order($code) { ... };

(: Matches all other all paths starting with "app/" :)
declare %rest:path("app/{$path=.+}")
  function page:others($path) { ... };

If multiple path candidates are found for the request, the one with more segments will be preferred.

Content Negotiation

Two following annotations can be used to restrict functions to specific content types:

%rest:consumes("application/xml", "text/xml")

By default, both content types are */*. Quality factors supplied by a client will also be considered in the path selection process. If a client supplies the following accept header…


…and if two RESTXQ functions exist with the same path annotation, one with the produces annotation */*, and another with text/html, the second function will be called, because the quality factor for text/html documents is highest.

Server-side quality factors are supported as well: If multiple function candidates are left over after the above steps, the qs parameter will be considered. The function with the highest quality factor will be favored:


Note that the annotation will not affect the content type of the actual response. You will need to supply an additional %output:media-type annotation.

HTTP Methods

Default Methods

The HTTP method annotations are equivalent to all HTTP request methods except TRACE and CONNECT. Zero or more methods may be used on a function; if none is specified, the function will be invoked for each method.

The following function will be called if GET or POST is used as request method:

declare %rest:GET %rest:POST %rest:path("/post")
  function page:post() { "This was a GET or POST request" };

The POST and PUT annotations may optionally take a string literal in order to map the HTTP request body to a function argument. Once again, the target variable must be embraced by curly brackets:

declare %rest:PUT("{$body}") %rest:path("/put")
  function page:put($body) { "Request body: " || $body };

Custom Methods

Custom HTTP methods can be specified with the %rest:method annotation. An optional body variable can be supplied as second argument:

  %rest:method("SIZE", "{$body}")
function page:patch(
  $body  as xs:base64Binary
) {
  "Request method: " || request:method(),
  "Size of body: " || bin:length($body)

Updated with Version 9.3:

If an OPTIONS request is received, and if no function is defined, an automatic response will be generated, which includes an Allow header with all supported methods.

If a HEAD request is received, and if no function is defined, the corresponding GET function will be processed, but the response body will be discarded.

Content Types

The body of a POST or PUT request will be converted to an XQuery item. Conversion can be controlled by specifying a content type. It can be further influenced by specifying additional content-type parameters:

Content-Type Parameters (;name=value) Type of resulting XQuery item
text/xml, application/xml document-node()
text/* xs:string
application/json JSON Options document-node() or map(*)
text/html HTML Options document-node()
text/comma-separated-values CSV Options document-node() or map(*)
others xs:base64Binary
multipart/* sequence (see next paragraph)

For example, if application/json;lax=yes is specified as content type, the input will be transformed to JSON, and the lax QName conversion rules will be applied, as described in the JSON Module.

Input options

Conversion options for JSON, CSV and HTML can also be specified via annotations with the input prefix. The following function interprets the input as text with the CP1252 encoding and treats the first line as header:

function page:store-csv($csv as document-node()) {
  "Number of rows: " || count($csv/csv/record)

Multipart Types

The single parts of a multipart message are represented as a sequence, and each part is converted to an XQuery item as described in the last paragraph.

A function that is capable of handling multipart types is identical to other RESTXQ functions:

  %rest:consumes("multipart/mixed") (: optional :)
function page:multipart($data as item()*) {
  "Number of items: " || count($data)


The following annotations can be used to bind request values to function arguments. Values will implicitly be cast to the type of the argument.

Query Parameters

The value of the first parameter, if found in the query component, will be assigned to the variable specified as second parameter. If no value is specified in the HTTP request, all additional parameters will be bound to the variable (if no additional parameter is given, an empty sequence will be bound):

  %rest:query-param("id", "{$id}")
  %rest:query-param("add", "{$add}", 42, 43, 44)
function page:params($id as xs:string?, $add as xs:integer+) {
  <result id="{ $id }" sum="{ sum($add) }"/>

HTML Form Fields

Form parameters are specified the same way as query parameters. Their values are the result of HTML forms submitted with the content type application/x-www-form-urlencoded.

%rest:form-param("parameter", "{$value}", "default")

File Uploads

Files can be uploaded to the server by using the content type multipart/form-data (the HTML5 multiple attribute enables the upload of multiple files):

<form action="/upload" method="POST" enctype="multipart/form-data">
  <input type="file" name="files"  multiple="multiple"/>
  <input type="submit"/>

The file contents are placed in a map, with the filename serving as key. The following example shows how uploaded files can be stored in a temporary directory:

  %rest:form-param("files", "{$files}")
function page:upload($files) {
  for $name    in map:keys($files)
  let $content := $files($name)
  let $path    := file:temp-dir() || $name
  return (
    file:write-binary($path, $content),
    <file name="{ $name }" size="{ file:size($path) }"/>

HTTP Headers

Header parameters are specified the same way as query parameters:

%rest:header-param("User-Agent", "{$user-agent}")
%rest:header-param("Referer", "{$referer}", "none")


Cookie parameters are specified the same way as query parameters:

%rest:cookie-param("username", "{$user}")
%rest:cookie-param("authentication", "{$auth}", "no_auth")

Query Execution

In many RESTXQ search scenarios, input from browser forms is processed and search results are returned. User experience can generally be made more interactive if an updated search request is triggered with each key click. However, this may lead to many expensive parallel requests, from which only the result of the last request will be relevant for the client.

With the %rest:single annotation, it can be enforced that only one instance of a function will be executed for the same client. If the same function will be called for the second time, the already running query will be stopped, and the HTTP error code 460 will be returned instead:

(: If fast enough, returns the result. Otherwise, if called again, raises 460 :)
  %rest:query-param("term", "{$term}")
function page:search($term as xs:string) {
    for $result in db:open('large-db')//*[text() = $term]
    return <li>{ $result }</li>

By specifying a string along with the annotation, functions can be bundled together, and one request can be canceled by calling another one.

This is shown by another example, in which the first function can be interrupted by the second one. If you call both functions in separate browser tabs, you will note that the first tab will return 460, and the second one will return <xml>stopped</xml>.

function local:compute() {
  (1 to 100000000000000)[. = 0]

function local:stop() {

The following things should be noted:


By default, a successful request is answered with the HTTP status code 200 (OK) and is followed by the given content. An erroneous request leads to an error code and an optional error message (e.g. 404 for “resource not found”).

Custom Response

Custom responses can be generated in XQuery by returning an rest:response element, an http:response child node that matches the syntax of the EXPath HTTP Client Module specification, and optional child nodes that will be serialized as usual. A function that yields a response on an unknown resource may look as follows:

declare %output:method("text") %rest:path("") function page:error404() {
    <http:response status="404">
      <http:header name="Content-Language" value="en"/>
      <http:header name="Content-Type" value="text/plain; charset=utf-8"/>
  "The requested resource is not available."

Forwards and Redirects

The two XML elements rest:forward and rest:redirect can be used in the context of Web Applications, precisely in the context of RESTXQ. These nodes allow e.g. multiple XQuery Updates in a row by redirecting to the RESTXQ path of updating functions. Both wrap a URL to a RESTXQ path. The wrapped URL should be properly encoded via fn:encode-for-uri().

Note that, currently, these elements are not part of RESTXQ specification.


Usage: wrap the location as follows

<rest:forward>{ $location }</rest:forward>

This results in a server-side forwarding, which as well reduces traffic among client and server. A forwarding of this kind will not change the URL seen from the client's perspective.

As an example, returning


would internally forward to http://localhost:8984/hello/universe


The function web:redirect can be used to create a redirect response element. Alternatively, the following element can be sent:

<rest:redirect>{ $location }</rest:redirect>

It is an abbreviation for:

  <http:response status="302">
    <http:header name="location" value="{ $location }"/>

The client decides whether to follow this redirection. Browsers usually will, tools like curl won’t unless -L is specified.


The content-type of a response can be influenced by the user via Serialization Parameters. The steps are described in the REST chapter. In RESTXQ, serialization parameters can be specified in the query prolog, via annotations, or within the REST response element:

Query Prolog

In main modules, serialization parameters may be specified in the query prolog. These parameters will then apply to all functions in a module. In the following example, the content type of the response is overwritten with the media-type parameter:

declare option output:media-type 'text/plain';

declare %rest:path("version1") function page:version1() {
  'Keep it simple, stupid'


Global serialization parameters can be overwritten via %output annotations. The following example serializes XML nodes as JSON, using the JsonML format:

function page:cities() {
  element cities {

The next function, when called, generates XHTML headers, and text/html will be set as content type:

  %output:doctype-public("-//W3C//DTD XHTML 1.0 Transitional//EN")  
function page:html() {
  <html xmlns="">

Response Element

Serialization parameters can also be specified in a REST reponse element in a query. Serialization parameters will be overwritten:

declare %rest:path("version3") function page:version3() {
      <output:media-type value='text/plain'/>
  'Not that simple anymore'

Error Handling

Raise Errors

Updated with Version 9.3:

If an error is raised during the evaluation of a RESTXQ function, an HTTP response with the status code 400 is generated. The response body contains the full error message and stack trace.

With the web:error function, you can abort query evaluation and enforce a premature HTTP response with the supplied status code and response body text:

function page:teapot() {
  web:error(418, "I'm a pretty teapot")

The XQuery error code and the stack trace will be suppressed in the body of the HTTP response.

Catch XQuery Errors

XQuery runtime errors can be processed via error annotations. Error annotations have one or more arguments, which represent the error codes to be caught. The codes equal the names of the XQuery 3.0 try/catch construct:

Precedence Syntax Example
1 prefix:name
2 prefix:*
3 *:name *:FORG0001
4 * *

All error codes that are specified for a function must have the same precedence. The following rules apply when catching errors:

Similar to try/catch, the pre-defined variables (code, description, value, module, line-number, column-number, additional) can be bound to variables via error parameter annotations, which are specified the same way as query parameters.

Errors may occur unexpectedly. However, they can also be triggered by a query, as demonstrated by the following example:

function page:check($user) {
  if($user = ('jack', 'lisa'))
  then 'User exists'
  else fn:error(xs:QName('err:user'), $user)

  %rest:error-param("description", "{$user}")
function page:user-error($user) {
  'User "' || $user || '" is unknown'

Catch HTTP Errors

Errors that occur outside RESTXQ can be caught by adding error-page elements with an error code and a target location to the web.xml configuration file (find more details in the Jetty Documentation):


The target location may be another RESTXQ function. The request:attribute function can be used to request details on the caught error:

declare %rest:path("/error404") function page:error404() {
  "URL: " || request:attribute("javax.servlet.error.request_uri") || ", " || 
  "Error message: " || request:attribute("javax.servlet.error.message")

User Authentication

If you want to provide restricted access to parts of a web applications, you will need to check permissions before returning a response to the client. The Permissions layer is a nice abstraction for defining permission checks.


The Request Module contains functions for accessing data related to the current HTTP request. Two modules exist for setting and retrieving server-side session data of the current user (Session Module) and all users known to the HTTP server (Sessions Module). The RESTXQ Module provides functions for requesting RESTXQ base URIs and generating a WADL description of all services. Please note that the namespaces of all of these modules must be explicitly specified via module imports in the query prolog.

The following example returns the current host name:

import module namespace request = "";

declare %rest:path("/host-name") function page:host() {
  'Remote host name: ' || request:remote-hostname()





Version 9.3
Version 9.2
Version 9.0
Version 8.4
Version 8.1
Version 8.0
Version 7.9
Version 7.7
Version 7.5
Personal tools