Shortcut operations

The following operations are defined on the 🔧 Bootstrapper endpoint in addition to the 🔧 Ecosystem endpoint. They are provided on the 🔧 Bootstrapper endpoint as shortcuts to reduce HTTP round trips for native applications that use the Bootstrapper. They are equivalent to calling Bootstrap then using the EcosystemUrl to immediately execute an operation on the 🔧 Ecosystem endpoint.

For example, in order to get the root container, a WOPI client might execute the following operations:

  1. Call Bootstrap

  2. Using the EcosystemUrl from the Bootstrap response, call the GetRootContainer (ecosystem) operation

However, using the GetRootContainer (bootstrapper) shortcut operation, the WOPI client can skip calling Bootstrap, and instead get the root container directly using an OAuth 2.0 token.


Implementing shortcut operations is optional. If a host does not implement them, they should simply respond to the request as though it is a standard Bootstrap request. In other words, a host that doesn’t implement shortcut operations can simply ignore the X-WOPI-EcosystemOperation header and treat the request as a standard Bootstrap request.

WOPI clients must thus expect that some shortcut operations will not include the data expected, and should fall back to calling the appropriate operation on the 🔧 Ecosystem endpoint in such cases.

With this in mind, the responses for each ‘shortcut’ operation are a combination of the Bootstrap response and the response for the corresponding operation on the 🔧 Ecosystem endpoint. The Bootstrapper response is contained in the Bootstrap property, and the operation’s response is contained in a separate property with a name specific to the operation.

For example, the response to the GetRootContainer (bootstrapper) shortcut operation looks like this:

  "Bootstrap": {
    "EcosystemUrl": "http://.../wopi*/ecosystem?access_token=<ecosystem_token>",
    "UserId": "User ID",
    "SignInName": "",
    "UserFriendlyName": "User Name"
  "RootContainerInfo": {
    "ContainerPointer" : {
      "Url" : "http://.../wopi*/containers/<containerId>?access_token=<per_container_token>",
      "Name" : "Container Name"
    "ContainerInfo" : {
      "Name" : "Container Name",
      "HostUrl" : "http://contoso/324332",
      "SharingUrl" : "http://contoso/323432/efewos",
      "UserCanCreateChildContainer" : false,
      "UserCanCreateChildFile" : false,
      "UserCanDelete" : false,
      "UserCanRename" : false

Note that since these operations are exposed through the 🔧 Bootstrapper endpoint, they will be called using OAuth 2.0 access tokens, not WOPI access tokens.