Ampache Provides an API for pulling out it's meta data in the form of simple XML documents. This was originally created for use by Amarok, but there is no reason it couldn't be used to create other front-ends to the Ampache data. Access to the API is controlled by the Internal Access Control Lists. The KEY defined in the ACL is the passphrase that must be used to establish an API session. Currently all requests are limited to a maximum of 5000 results for performance reasons. To get additional results pass offset as an additional parameter. If you have any questions or requests for this API please submit a Feature Request. All dates in the API calls should be passed as ISO 8601 dates.
- JSON API now available!
- Call xml as normal:
- Call the JSON server:
- Example XML and JSON responses available here
- Call xml as normal:
- NEW API functions
- get_similar: send artist or song id to get related objects from last.fm
- shares: get a list of shares you can access
- share: get a share by id
- share_create: create a share
- share_edit: edit an existing share
- share_delete: delete an existing share
- podcasts: get a list of podcasts you can access
- podcast: get a podcast by id
- podcast_episodes: get a list of podcast_episodes you can access
- podcast_episode: get a podcast_episode by id
- podcast_episode_delete: delete an existing podcast_episode
- podcast_create: create a podcast
- podcast_edit: edit an existing podcast
- podcast_delete: delete an existing podcast
- update_podcast: sync and download new episodes
- licenses: get a list of licenses you can access
- license: get a license by id
- catalogs: get all the catalogs
- catalog: get a catalog by id
- catalog_file: clean, add, verify using the file path (good for scripting)
- Api::advanced_search added parameter 'random' (0, 1) to shuffle your searches
Bump API version to 420000 (4.2.0)
All calls that return songs now include
<playlisttrack>which can be used to identify track order.
<playcount>added to objects with a playcount.
<license>added to song objects.
Don't gather art when adding songs
Added actions to catalog_action. 'verify_catalog' 'gather_art'
API function "playlist_edit": added ability to edit playlist items
- items = (string) comma-separated song_id's (replace existing items with a new object_id) //optional
- tracks = (string) comma-separated playlisttrack numbers matched to items in order //optional
Random albums will get songs for all disks if album_group enabled
Remove spaces from advanced_search rule names. (Backwards compatible with old names)
- 'has image' => 'has_image'
- 'image height' => 'image_height'
- 'image width' => 'image_width'
- 'filename' => 'file' (Video search)
- API Build number is depreciated (the last 3 digits of the api version)
- API5 will be released with a string version ("5.0.0-release")
- Tag in songs is depreciated and will be removed in API5.
- Use genre instead of tag, genre provides an ID as well as the name.
- Extra text in catalog API calls
- Don't fail the API calls when the database needs updating
- Filter in "playlist" and "playlist_songs" fixed
Sending Handshake Request
Multiple authentication methods are available, described in the next sections.
User / Password
The handshake is a combination of the following three things
- Encoded Passphrase
The key that must be passed to Ampache is
SHA256('PASSWORD'). Below is a PHP example
$time = time();
$key = hash('sha256', 'mypassword');
$passphrase = hash('sha256', $time . $key);
Once you've generated the encoded passphrase, you can call the following URL (localhost/ampache is the location of your Ampache installation)
The key that must be passed to Ampache is the API Key generated for a specific user (none by default, only the administrator can generate one). Then call the following URL (localhost/ampache is the location of your Ampache installation):
In API4 and higher; the key can be passed to Ampache using
SHA256('APIKEY'). Below is a PHP example
$user = 'username';
$key = hash('sha256', 'myapikey');
$passphrase = hash('sha256', $user . $key);
HTTP Header Authentication
Ampache supports sending your auth parameter to the server using a Bearer Token.
GET https://demo.ampache.dev/server/json.server.php?action=handshake&version=6.0.0 HTTP/1.1
Authorization: Bearer 000111112233334444455556667777788888899aaaaabbbbcccccdddeeeeeeff
Other handshake-related stuff
To standardize how to transfer Ampache connection information, the following Ampache scheme is defined.
By default Ampache uses USER_AGENT as application name but this could also be defined through http query string. Add
&client=YourAppName to override the application name. This parameter also works on stream sessions.
- Place name
Optionally, you can also provide geolocation information
&geo_latitude=$latitude&geo_longitude=$longitude, with an optional place name if you already know coordinates match
If your authenticated User and IP match a row in the Access List the following will be returned.
<?xml version="1.0" encoding="UTF-8" ?>
"auth": "%AUTHENTICATION TOKEN%",
All future interactions with the Ampache API must include the
AUTHENTICATION_TOKEN as a
GET variable named
All methods must be passed as
action=METHODNAME. All methods except the
handshake can take an optional
limit=XXX. The limit determines the maximum number of results returned. The offset will tell Ampache where to start in the result set. For example if there are 100 total results and you set the offset to 50, and the limit to 50 Ampache will return results between 50 and 100. The default limit is 5000. The default offset is 0.
You can also pass it
limit=none to overcome the
limit limitation and return all the matching elements.
For more in depth information regarding the different api servers you can view the following documentation pages.
Request URL Examples
For the purpose of this example the Ampache host is 'localhost' and the path to Ampache is /ampache
Requesting all genres whose name starts with Rock
Requesting all song titles, with an offset of 5000