Encoding Query and Body Parameters

Calls to the resource endpoint usually involves sending query and/or body parameters, usually enclosed in brackets {}. Everything between and including the brackets {} must be encoded. While some clients automatically encode the URL and the body, in many other cases it may remain your responsibility to do the encoding. Your programming language may provide a way for encoding strings. Various interactive web based encoders are also available and can be found using a search engine.

As an example encoded {"where":"Name='Mike'"} is %7B%22where%22%3A%22Name%3D'Mike'%22%7D and encoded {"Status":"Updated"} is %7B%22Status%22%3A%22Updated%22%7D.


The following limits apply to REST API operations: 

  • A call can return a maximum of 1,000 records. 
  • The maximum length of a request URI is 2047 characters. 

Only HTTPS Allowed

Calls to Caspio REST API URLs must be made using the HTTPS protocol.

PK_ID Fields

In addition to the user-defined fields, all Caspio tables and views have a field called PK_ID. Its data type is long integer in tables and string containing the list of tables’ PK_IDs in views. This field is created and maintained automatically by Caspio. You cannot delete or alter this field or change its value neither via REST API nor via Caspio interface.

Password Fields

Password fields are special data type fields that are meant for storing  encrypted values. You cannot obtain the value stored in password fields. All requests that attempt to get their values via Select or in other ways such as in Criteria, cause an error. When all fields of a table or view are returned via "Select *" or empty field list, password fields are skipped.

Password fields can be set to their initial value during an Insert operation. However, their values cannot be changed using the standard Update method. A special password update method is available to change the value of password fields.

Response Date Format

All dates in Caspio REST API response are in ISO 8601 format.

Alternatives to PUT and DELETE Methods

If PUT and DELETE methods are prohibited in your client, you can use the custom header X-HTTP-Method-Override to make such requests using POST. To do this, just add the following header to a POST request. For example:

Parameter Name:  X-HTTP-Method-Override
Parameter Value: PUT    or   DELETE