Skip to content


Welcome to the Polarion REST API User Guide. This document is intended for developers, designers, architects, and anyone planning to use Polarion's Representational State Transfer (REST) API implementation.

The Polarion REST API gives external applications an integration layer with Polarion that gives you greater control over the information you use in both Polarion and the applications you use daily.

The Polarion REST API architecture follows Rest API community standards like the JSON and HTTP methods and the Open API Specification. (Formerly known as the Swagger Specification).

The Polarion REST API is based on JSON:API with some deviations (for example, bulk create, update and delete) from the JSON:API specification.

(So while the Polarion REST API is very similar to a JSON:API it deviates slightly from the standard.)

​​The Polarion REST API relies on the existing Java API to deliver functionality and has the same restrictions and behavior as the Java API.


The Polarion REST API relies on the existing Java API to deliver functionality and has the same restrictions and behavior. So, client-side features exclusively available on the user interface, like read-only fields, are unavailable through the REST API.

Additional resources

You can find these additional resources and documentation on your Polarion server in the embedded SDK documentation:


  • REST API Reference
  • REST API schema file (polarionrest.json)

(The API Reference and Swagger UI are both generated based on this file.)

General security warning

The data returned as part of Polarion REST API responses are provided "as is", and they correspond to the actual content stored by Polarion users via Polarion User Interfaces (UIs) or APIs. The usual caution needs to be exercised and REST API clients need to sanitize any data received from the server before rendering it or using it further.

In particular, note that HTML values of rich text and other special purpose fields (like Work Item descriptions, Document parts' content, the homePageContent field value in Documents, as well as other fields in other types of Polarion objects) are the internal raw data and are not intended to be used as ready-to-render HTML documents or snippets. Polarion cannot guarantee that such HTML content will be free from potentially malicious user-submitted scripts.

Similarly, when retrieving the attachment content via one of the content endpoints, please keep in mind that the actual attachment content is returned "as is", corresponding to the original octet stream previously uploaded to Polarion via UI or API. Polarion does not perform any validation, sanitization, or malware/virus scan upon uploading or downloading attachment files.


Connect and Collaborate with Industrial Professionals and Join the Community!

Click to load comments