Admin API (Current)

License: Proprietary

Welcome to the documentation for the Admin API. This documentation describes the functionality available only in the current versions of API methods. You can also review the documentation for all API methods for information about both current and deprecated API methods.

Summary

For governance and security purposes, Quip makes available a set of APIs to enable specific users to see all content within a Quip site and to take actions against that content.

Requirements

This API requires that you have first followed the setup instructions for the Quip Automation API.

To call this API, the access token you use must be for a user who is an admin.

You must also have the admin API enabled for your quip instance. Ask your support representative if you would like this functionality enabled.

Rate Limit

Quip’s APIs are rate limited by number of requests per minute per user - with a default of 50 requests per minute. API responses include a few custom headers to aid programmers implement backoffs in their code. These headers are:

X-Ratelimit-Limit: The number of requests/min the user can make
X-Ratelimit-Remaining: The number of requests remaining this user can make within the minute - this number changes with each request.
X-Ratelimit-Reset: The UTC timestamp for when the rate limit will reset

Note: If you believe your application requires escalated rate limits please reach out to support and explain your use case and rationale.

REST API Versioning FAQ

Why do API methods get versioned?

To improve the quality and performance of API methods, Quip periodically releases new versions and deprecates older versions. Examples of changes that sometimes require creating new versions are:

  • Renaming an API method; or
  • Adding a required input field; or
  • Removing or renaming an input field; or
  • Removing an output field.

How do I know which version of an API method I’m using?

Versions are identified in the path for each API method. Examples:

How will I know when an API method is deprecated?

We inform you in a release note at least one year before support for an API method ends. In addition, we update the reference documentation to identify the current and deprecated versions of an API method. Our REST APIs have two versions of reference documentation:

  • Current: Describes the functionality available only in the current versions of methods in a REST API.
  • All: Describes the functionality available in both current and deprecated versions of methods in a REST API.

What should I do when an API method is deprecated?

Update your integrations so that they point to the current version instead of a deprecated version before support for an API method ends. Example scenario:

As needed, for your integrations, you can download the OpenAPI Specification (OAS) files for current and all versions of each REST API.

Authentication

OAuth2

Use an OAuth2 compatible mechanism for authentication. This approach follows RFC 6749.

API endpoints decorated with this security scheme accept authentication tokens as described in RFC 6750. In most cases, this means that they will accept an Authorization header with content "Bearer <token>", where <token> is the value of an access token obtained through the OAuth flow.

Security Scheme Type OAuth2
authorizationCode OAuth Flow
Authorization URL: https://platform.quip.com/1/oauth/login
Token URL: https://platform.quip.com/1/oauth/access_token
Refresh URL: https://platform.quip.com/1/oauth/access_token
Scopes:
  • ADMIN_MANAGE -
  • ADMIN_READ -
  • ADMIN_WRITE -

Threads

Get a Blob from a Thread

Returns the contents of specified blob from the thread.

Authorizations:
OAuth2 (ADMIN_READ)
path Parameters
thread_id
required
string

The ID of the thread that contains the desired blob.

blob_id
required
string

The ID of the blob to return.

query Parameters
company_id
required
string

The ID of the company to use.

header Parameters
If-None-Match
string

Header containing a 'blob_id'. If this ID matches the path parameter 'blob_id' and the blob exists, an HTTP status code 304 is returned.

Responses

Response samples

Content type
application/json
{
  • "error": "string",
  • "error_code": 304,
  • "error_description": "string"
}

Add a Blob to a Thread

Uploads an image or other blob to the given thread. Returns a url that may be used in the content field of Edit Document requests and an id that may be used in the attachment field of Add a Message.

Authorizations:
OAuth2 (ADMIN_WRITE)
path Parameters
thread_id
required
string

The ID of the thread to add the blob to.

Request Body schema: application/x-www-form-urlencoded
blob
required
string <binary>

The image or blob binary.

company_id
required
string

The ID of the company to use.

Responses

Response samples

Content type
application/json
{
  • "id": "DiPp1ZQyC8QUtvBT4vojzM",
  • "url": "/blob/LeSAAAqaCfc/DiPp1ZQyC8QUtvBT4vojzM"
}

Add People to a Thread or Add a Thread to Folders

The member_ids parameter must contain a list of folder IDs and user IDs. Specified users will be added to the document and the thread will be added to the specified folders.

Authorizations:
OAuth2 (ADMIN_MANAGE)
Request Body schema: application/x-www-form-urlencoded
One of
thread_id
required
string

The ID or secret path of the thread to add members to.

member_ids
required
string

A comma-separated list of folder IDs and user IDs. We add each user individually to the thread. We add the thread to each of the specified folder IDs. This field is required if you didn’t pass in a member_ids_by_access_level value. If you pass in a member_ids value instead of a member_ids_by_access_level, the access level defaults to Full Access.

Responses