The Project Quay application programming interface (API) is an OAuth 2 RESTful API that consists of a set of endpoints for adding, displaying, changing and deleting features for Project Quay.

Project Quay abides by the Semantic Versioning (SemVer) specifications. The following conditions are met with each major, minor, and patch release:

  • Major versions of Project Quay might include incompatible API changes. For example, the API of Project Quay 2.0 differs from Project Quay 3.0.

  • Minor versions of Project Quay, for example, 3.y, adds functionality in a backwards compatible manner.

  • Patch versions of Project Quay, for example, 3.y.z, introduces backwards compatible bug fixes.

Currently, Project Quay uses the api/v1 endpoint for 3.y.z releases.

This guide describes the api/v1 endpoints and the browser-based examples for accessing those endpoints.

Using the Project Quay API

Project Quay provides a full OAuth 2, RESTful API that:

  • Is available from endpoints of each Project Quay instance from the URL https://<yourquayhost>/api/v1

  • Lets you connect to endpoints, via a browser, to get, delete, post, and put Project Quay settings by enabling the Swagger UI

  • Can be accessed by applications that make API calls and use OAuth tokens

  • Sends and receives data as JSON

The following text describes how to access the Project Quay API and use it to view and modify setting in your Project Quay cluster. The next section lists and describes API endpoints.

Accessing the Quay API from Quay.io

If you don’t have your own Project Quay cluster running yet, you can explore the Project Quay API available from Quay.io from your web browser:

https://docs.quay.io/api/swagger/

The API Explorer that appears shows Quay.io API endpoints. You will not see superuser API endpoints or endpoints for Project Quay features that are not enabled on Quay.io (such as Repository Mirroring).

From API Explorer, you can get, and sometimes change, information on:

  • Billing, subscriptions, and plans

  • Repository builds and build triggers

  • Error messages and global messages

  • Repository images, manifests, permissions, notifications, vulnerabilities, and image signing

  • Usage logs

  • Organizations, members and OAuth applications

  • User and robot accounts

  • and more…​

Select to open an endpoint to view the Model Schema for each part of the endpoint. Open an endpoint, enter any required parameters (such as a repository name or image), then select the Try it out! button to query or change settings associated with a Quay.io endpoint.

Create OAuth access token

To create an OAuth access token so you can access the API for your organization:

  1. Log in to Project Quay and select your Organization (or create a new one).

  2. Select the Applications icon from the left navigation.

  3. Select Create New Application and give the new application a name when prompted.

  4. Select the new application.

  5. Select Generate Token from the left navigation.

  6. Select the checkboxes to set the scope of the token and select Generate Access Token.

  7. Review the permissions you are allowing and select Authorize Application to approve it.

  8. Copy the newly generated token to use to access the API.

Accessing your Quay API from a web browser

By enabling Swagger, you can access the API for your own Project Quay instance through a web browser. This URL exposes the Project Quay API explorer via the Swagger UI and this URL:

https://<yourquayhost>/api/v1/discovery.

That way of accessing the API does not include superuser endpoints that are available on Project Quay installations. Here is an example of accessing a Project Quay API interface running on the local system by running the swagger-ui container image:

# export SERVER_HOSTNAME=<yourhostname>
# sudo podman run -p 8888:8080 -e API_URL=https://$SERVER_HOSTNAME:8443/api/v1/discovery docker.io/swaggerapi/swagger-ui

With the swagger-ui container running, open your web browser to localhost port 8888 to view API endpoints via the swagger-ui container.

To avoid errors in the log such as "API calls must be invoked with an X-Requested-With header if called from a browser," add the following line to the config.yaml on all nodes in the cluster and restart Project Quay:

BROWSER_API_CALLS_XHR_ONLY: false

Accessing the Project Quay API from the command line

You can use the curl command to GET, PUT, POST, or DELETE settings via the API for your Project Quay cluster. Replace <token> with the OAuth access token you created earlier to get or change settings in the following examples.

Get superuser information

$ curl -X GET -H "Authorization: Bearer <token_here>" \
    "https://<yourquayhost>/api/v1/superuser/users/"

For example:

$ curl -X GET -H "Authorization: Bearer mFCdgS7SAIoMcnTsHCGx23vcNsTgziAa4CmmHIsg" http://quay-server:8080/api/v1/superuser/users/ | jq

{
  "users": [
    {
      "kind": "user",
      "name": "quayadmin",
      "username": "quayadmin",
      "email": "quayadmin@example.com",
      "verified": true,
      "avatar": {
        "name": "quayadmin",
        "hash": "357a20e8c56e69d6f9734d23ef9517e8",
        "color": "#5254a3",
        "kind": "user"
      },
      "super_user": true,
      "enabled": true
    }
  ]
}

Creating a superuser using the API

  • Configure a superuser name, as described in the Deploy Quay book:

    • Use the configuration editor UI or

    • Edit the config.yaml file directly, with the option of using the configuration API to validate (and download) the updated configuration bundle

  • Create the user account for the superuser name:

    • Obtain an authorization token as detailed above, and use curl to create the user:

      $ curl -H "Content-Type: application/json"  -H "Authorization: Bearer Fava2kV9C92p1eXnMawBZx9vTqVnksvwNm0ckFKZ" -X POST --data '{
       "username": "quaysuper",
       "email": "quaysuper@example.com"
      }'  http://quay-server:8080/api/v1/superuser/users/ | jq
    • The returned content includes a generated password for the new user account:

      {
        "username": "quaysuper",
        "email": "quaysuper@example.com",
        "password": "EH67NB3Y6PTBED8H0HC6UVHGGGA3ODSE",
        "encrypted_password": "fn37AZAUQH0PTsU+vlO9lS0QxPW9A/boXL4ovZjIFtlUPrBz9i4j9UDOqMjuxQ/0HTfy38goKEpG8zYXVeQh3lOFzuOjSvKic2Vq7xdtQsU="
      }

Now, when you request the list of users , it will show quaysuper as a superuser:

$ curl -X GET -H "Authorization: Bearer mFCdgS7SAIoMcnTsHCGx23vcNsTgziAa4CmmHIsg" http://quay-server:8080/api/v1/superuser/users/ | jq

{
  "users": [
  {
      "kind": "user",
      "name": "quayadmin",
      "username": "quayadmin",
      "email": "quayadmin@example.com",
      "verified": true,
      "avatar": {
        "name": "quayadmin",
        "hash": "357a20e8c56e69d6f9734d23ef9517e8",
        "color": "#5254a3",
        "kind": "user"
      },
      "super_user": true,
      "enabled": true
    },
    {
      "kind": "user",
      "name": "quaysuper",
      "username": "quaysuper",
      "email": "quaysuper@example.com",
      "verified": true,
      "avatar": {
        "name": "quaysuper",
        "hash": "c0e0f155afcef68e58a42243b153df08",
        "color": "#969696",
        "kind": "user"
      },
      "super_user": true,
      "enabled": true
    }
  ]
}

List usage logs

An intrnal API, /api/v1/superuser/logs, is available to list the usage logs for the current system. The results are paginated, so in the following example, more than 20 repos were created to show how to use multiple invocations to access the entire result set.

Example for pagination
First invocation
$ curl -X GET -k -H "Authorization: Bearer qz9NZ2Np1f55CSZ3RVOvxjeUdkzYuCp0pKggABCD" https://example-registry-quay-quay-enterprise.apps.example.com/api/v1/superuser/logs | jq
Initial output
{
  "start_time": "Sun, 12 Dec 2021 11:41:55 -0000",
  "end_time": "Tue, 14 Dec 2021 11:41:55 -0000",
  "logs": [
    {
      "kind": "create_repo",
      "metadata": {
        "repo": "t21",
        "namespace": "namespace1"
      },
      "ip": "10.131.0.13",
      "datetime": "Mon, 13 Dec 2021 11:41:16 -0000",
      "performer": {
        "kind": "user",
        "name": "user1",
        "is_robot": false,
        "avatar": {
          "name": "user1",
          "hash": "5d40b245471708144de9760f2f18113d75aa2488ec82e12435b9de34a6565f73",
          "color": "#ad494a",
          "kind": "user"
        }
      },
      "namespace": {
        "kind": "org",
        "name": "namespace1",
        "avatar": {
          "name": "namespace1",
          "hash": "6cf18b5c19217bfc6df0e7d788746ff7e8201a68cba333fca0437e42379b984f",
          "color": "#e377c2",
          "kind": "org"
        }
      }
    },
    {
      "kind": "create_repo",
      "metadata": {
        "repo": "t20",
        "namespace": "namespace1"
      },
      "ip": "10.131.0.13",
      "datetime": "Mon, 13 Dec 2021 11:41:05 -0000",
      "performer": {
        "kind": "user",
        "name": "user1",
        "is_robot": false,
        "avatar": {
          "name": "user1",
          "hash": "5d40b245471708144de9760f2f18113d75aa2488ec82e12435b9de34a6565f73",
          "color": "#ad494a",
          "kind": "user"
        }
      },
      "namespace": {
        "kind": "org",
        "name": "namespace1",
        "avatar": {
          "name": "namespace1",
          "hash": "6cf18b5c19217bfc6df0e7d788746ff7e8201a68cba333fca0437e42379b984f",
          "color": "#e377c2",
          "kind": "org"
        }
      }
    },
...

   {
      "kind": "create_repo",
      "metadata": {
        "repo": "t2",
        "namespace": "namespace1"
      },
      "ip": "10.131.0.13",
      "datetime": "Mon, 13 Dec 2021 11:25:17 -0000",
      "performer": {
        "kind": "user",
        "name": "user1",
        "is_robot": false,
        "avatar": {
          "name": "user1",
          "hash": "5d40b245471708144de9760f2f18113d75aa2488ec82e12435b9de34a6565f73",
          "color": "#ad494a",
          "kind": "user"
        }
      },
      "namespace": {
        "kind": "org",
        "name": "namespace1",
        "avatar": {
          "name": "namespace1",
          "hash": "6cf18b5c19217bfc6df0e7d788746ff7e8201a68cba333fca0437e42379b984f",
          "color": "#e377c2",
          "kind": "org"
        }
      }
    }
  ],
  "next_page": "gAAAAABhtzGDsH38x7pjWhD8MJq1_2FAgqUw2X9S2LoCLNPH65QJqB4XAU2qAxYb6QqtlcWj9eI6DUiMN_q3e3I0agCvB2VPQ8rY75WeaiUzM3rQlMc4i6ElR78t8oUxVfNp1RMPIRQYYZyXP9h6E8LZZhqTMs0S-SedaQJ3kVFtkxZqJwHVjgt23Ts2DonVoYwtKgI3bCC5"
}
Second invocation using next_page
$ curl -X GET -k -H "Authorization: Bearer qz9NZ2Np1f55CSZ3RVOvxjeUdkzYuCp0pKggABCD" https://example-registry-quay-quay-enterprise.apps.example.com/api/v1/superuser/logs?next_page=gAAAAABhtzGDsH38x7pjWhD8MJq1_2FAgqUw2X9S2LoCLNPH65QJqB4XAU2qAxYb6QqtlcWj9eI6DUiMN_q3e3I0agCvB2VPQ8rY75WeaiUzM3rQlMc4i6ElR78t8oUxVfNp1RMPIRQYYZyXP9h6E8LZZhqTMs0S-SedaQJ3kVFtkxZqJwHVjgt23Ts2DonVoYwtKgI3bCC5 | jq
Output from second invocation
{
  "start_time": "Sun, 12 Dec 2021 11:42:46 -0000",
  "end_time": "Tue, 14 Dec 2021 11:42:46 -0000",
  "logs": [
    {
      "kind": "create_repo",
      "metadata": {
        "repo": "t1",
        "namespace": "namespace1"
      },
      "ip": "10.131.0.13",
      "datetime": "Mon, 13 Dec 2021 11:25:07 -0000",
      "performer": {
        "kind": "user",
        "name": "user1",
        "is_robot": false,
        "avatar": {
          "name": "user1",
          "hash": "5d40b245471708144de9760f2f18113d75aa2488ec82e12435b9de34a6565f73",
          "color": "#ad494a",
          "kind": "user"
        }
      },
      "namespace": {
        "kind": "org",
        "name": "namespace1",
        "avatar": {
          "name": "namespace1",
          "hash": "6cf18b5c19217bfc6df0e7d788746ff7e8201a68cba333fca0437e42379b984f",
          "color": "#e377c2",
          "kind": "org"
        }
      }
    },
    ...
  ]
}

Directory synchronization

To enable directory synchronization for the team newteam in organization testadminorg, where the corresponding group name in LDAP is ldapgroup:

$ curl -X POST -H "Authorization: Bearer 9rJYBR3v3pXcj5XqIA2XX6Thkwk4gld4TCYLLWDF" \
       -H "Content-type: application/json" \
       -d '{"group_dn": "cn=ldapgroup,ou=Users"}' \
       http://quay1-server:8080/api/v1/organization/testadminorg/team/newteam/syncing

To disable synchronization for the same team:

$ curl -X DELETE -H "Authorization: Bearer 9rJYBR3v3pXcj5XqIA2XX6Thkwk4gld4TCYLLWDF" \
       http://quay1-server:8080/api/v1/organization/testadminorg/team/newteam/syncing

Create a repository build via API

In order to build a repository from the specified input and tag the build with custom tags, users can use requestRepoBuild endpoint. It takes the following data:

{
"docker_tags": [
   "string"
],
"pull_robot": "string",
"subdirectory": "string",
"archive_url": "string"
}

The archive_url parameter should point to a tar or zip archive that includes the Dockerfile and other required files for the build. The file_id parameter was apart of our older build system. It cannot be used anymore. If Dockerfile is in a sub-directory it needs to be specified as well.

The archive should be publicly accessible. OAuth app should have "Administer Organization" scope because only organization admins have access to the robots' account tokens. Otherwise, someone could get robot permissions by simply granting a build access to a robot (without having access themselves), and use it to grab the image contents. In case of errors, check the json block returned and ensure the archive location, pull robot, and other parameters are being passed correctly. Click "Download logs" on the top-right of the individual build’s page to check the logs for more verbose messaging.

Create an org robot

$ curl -X PUT https://quay.io/api/v1/organization/{orgname}/robots/{robot shortname} \
   -H 'Authorization: Bearer <token>''

Trigger a build

$ curl -X POST https://quay.io/api/v1/repository/YOURORGNAME/YOURREPONAME/build/ \
   -H 'Authorization: Bearer <token>'

Python with requests

import requests
r = requests.post('https://quay.io/api/v1/repository/example/example/image', headers={'content-type': 'application/json', 'Authorization': 'Bearer <redacted>'}, data={[<request-body-contents>})
print(r.text)

Create a private repository

$ curl -X POST https://quay.io/api/v1/repository \
    -H 'Authorization: Bearer {token}' \
    -H 'Content-Type: application/json' \
    -d '{"namespace":"yournamespace", "repository":"yourreponame",
    "description":"descriptionofyourrepo", "visibility": "private"}' | jq

Project Quay Application Programming Interface (API)

This API allows you to perform many of the operations required to work with Project Quay repositories, users, and organizations.

Authorization

oauth2_implicit

Scopes

The following scopes are used to control access to the API endpoints:

Scope Description

repo:read

This application will be able to view and pull all repositories visible to the granting user or robot account

repo:write

This application will be able to view, push and pull to all repositories to which the granting user or robot account has write access

repo:admin

This application will have administrator access to all repositories to which the granting user or robot account has access

repo:create

This application will be able to create repositories in to any namespaces that the granting user or robot account is allowed to create repositories

user:read

This application will be able to read user information such as username and email address.

org:admin

This application will be able to administer your organizations including creating robots, creating teams, adjusting team membership, and changing billing settings. You should have absolute trust in the requesting application before granting this permission.

super:user

This application will be able to administer your installation including managing users, managing organizations and other features found in the superuser panel. You should have absolute trust in the requesting application before granting this permission.

user:admin

This application will be able to administer your account including creating robots and granting them permissions to your repositories. You should have absolute trust in the requesting application before granting this permission.

appspecifictokens

Manages app specific tokens for the current user.

listAppTokens

Lists the app specific tokens for the user.

GET /api/v1/user/apptoken

Authorizations: oauth2_implicit (user:admin)

Query parameters
Type Name Description Schema

query

expiring
optional

If true, only returns those tokens expiring soon

boolean

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

createAppToken

Create a new app specific token for user.

POST /api/v1/user/apptoken

Authorizations: oauth2_implicit (user:admin)

Request body schema (application/json)

Description of a new token.

Name Description Schema

friendlyName
optional

Friendly name to help identify the token

string

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getAppToken

Returns a specific app token for the user.

GET /api/v1/user/apptoken/{token_uuid}

Authorizations: oauth2_implicit (user:admin)

Path parameters
Type Name Description Schema

path

token_uuid
required

The uuid of the app specific token

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

revokeAppToken

Revokes a specific app token for the user.

DELETE /api/v1/user/apptoken/{token_uuid}

Authorizations: oauth2_implicit (user:admin)

Path parameters
Type Name Description Schema

path

token_uuid
required

The uuid of the app specific token

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

build

Create, list, cancel and get status/logs of repository builds.

getRepoBuildStatus

Return the status for the builds specified by the build uuids.

GET /api/v1/repository/{repository}/build/{build_uuid}/status

Authorizations: oauth2_implicit (repo:read)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

build_uuid
required

The UUID of the build

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getRepoBuildLogs

Return the build logs for the build specified by the build uuid.

GET /api/v1/repository/{repository}/build/{build_uuid}/logs

Authorizations: oauth2_implicit (repo:read)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

build_uuid
required

The UUID of the build

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getRepoBuild

Returns information about a build.

GET /api/v1/repository/{repository}/build/{build_uuid}

Authorizations: oauth2_implicit (repo:read)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

build_uuid
required

The UUID of the build

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

cancelRepoBuild

Cancels a repository build.

DELETE /api/v1/repository/{repository}/build/{build_uuid}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

build_uuid
required

The UUID of the build

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getRepoBuilds

Get the list of repository builds.

GET /api/v1/repository/{repository}/build/

Authorizations: oauth2_implicit (repo:read)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Query parameters
Type Name Description Schema

query

since
optional

Returns all builds since the given unix timecode

integer

query

limit
optional

The maximum number of builds to return

integer

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

requestRepoBuild

Request that a repository be built and pushed from the specified input.

POST /api/v1/repository/{repository}/build/

Authorizations: oauth2_implicit (repo:write)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Request body schema (application/json)

Description of a new repository build.

Name Description Schema

file_id
optional

The file id that was generated when the build spec was uploaded

string

archive_url
optional

The URL of the .tar.gz to build. Must start with "http" or "https".

string

subdirectory
optional

Subdirectory in which the Dockerfile can be found. You can only specify this or dockerfile_path

string

dockerfile_path
optional

Path to a dockerfile. You can only specify this or subdirectory.

string

context
optional

Pass in the context for the dockerfile. This is optional.

string

pull_robot
optional

Username of a Quay robot account to use as pull credentials

string

docker_tags
optional

The tags to which the built images will be pushed. If none specified, "latest" is used.

array of string
non-empty unique

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

discovery

API discovery information.

discovery

List all of the API endpoints available in the swagger API format.

GET /api/v1/discovery

Authorizations: 

Query parameters
Type Name Description Schema

query

internal
optional

Whether to include internal APIs.

boolean

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

error

Error details API.

getErrorDescription

Get a detailed description of the error.

GET /api/v1/error/{error_type}

Authorizations: 

Path parameters
Type Name Description Schema

path

error_type
required

The error code identifying the type of error.

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

globalmessages

Messages API.

getGlobalMessages

Return a super users messages.

GET /api/v1/messages

Authorizations: 

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

createGlobalMessage

Create a message.

POST /api/v1/messages

Authorizations: oauth2_implicit (super:user)

Request body schema (application/json)

Create a new message

Name Description Schema

message
optional

A single message

object

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteGlobalMessage

Delete a message.

DELETE /api/v1/message/{uuid}

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

uuid
required

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

logs

Access usage logs for organizations or repositories.

getAggregateUserLogs

Returns the aggregated logs for the current user.

GET /api/v1/user/aggregatelogs

Authorizations: oauth2_implicit (user:admin)

Query parameters
Type Name Description Schema

query

performer
optional

Username for which to filter logs.

string

query

endtime
optional

Latest time for logs. Format: "%m/%d/%Y" in UTC.

string

query

starttime
optional

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

exportUserLogs

Returns the aggregated logs for the current user.

POST /api/v1/user/exportlogs

Authorizations: oauth2_implicit (user:admin)

Query parameters
Type Name Description Schema

query

endtime
optional

Latest time for logs. Format: "%m/%d/%Y" in UTC.

string

query

starttime
optional

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

string

Request body schema (application/json)

Configuration for an export logs operation

Name Description Schema

callback_url
optional

The callback URL to invoke with a link to the exported logs

string

callback_email
optional

The e-mail address at which to e-mail a link to the exported logs

string

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

listUserLogs

List the logs for the current user.

GET /api/v1/user/logs

Authorizations: oauth2_implicit (user:admin)

Query parameters
Type Name Description Schema

query

next_page
optional

The page token for the next page

string

query

performer
optional

Username for which to filter logs.

string

query

endtime
optional

Latest time for logs. Format: "%m/%d/%Y" in UTC.

string

query

starttime
optional

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getAggregateOrgLogs

Gets the aggregated logs for the specified organization.

GET /api/v1/organization/{orgname}/aggregatelogs

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

orgname
required

The name of the organization

string

Query parameters
Type Name Description Schema

query

performer
optional

Username for which to filter logs.

string

query

endtime
optional

Latest time for logs. Format: "%m/%d/%Y" in UTC.

string

query

starttime
optional

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

exportOrgLogs

Exports the logs for the specified organization.

POST /api/v1/organization/{orgname}/exportlogs

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

orgname
required

The name of the organization

string

Query parameters
Type Name Description Schema

query

endtime
optional

Latest time for logs. Format: "%m/%d/%Y" in UTC.

string

query

starttime
optional

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

string

Request body schema (application/json)

Configuration for an export logs operation

Name Description Schema

callback_url
optional

The callback URL to invoke with a link to the exported logs

string

callback_email
optional

The e-mail address at which to e-mail a link to the exported logs

string

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

listOrgLogs

List the logs for the specified organization.

GET /api/v1/organization/{orgname}/logs

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

orgname
required

The name of the organization

string

Query parameters
Type Name Description Schema

query

next_page
optional

The page token for the next page

string

query

performer
optional

Username for which to filter logs.

string

query

endtime
optional

Latest time for logs. Format: "%m/%d/%Y" in UTC.

string

query

starttime
optional

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getAggregateRepoLogs

Returns the aggregated logs for the specified repository.

GET /api/v1/repository/{repository}/aggregatelogs

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Query parameters
Type Name Description Schema

query

endtime
optional

Latest time for logs. Format: "%m/%d/%Y" in UTC.

string

query

starttime
optional

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

exportRepoLogs

Queues an export of the logs for the specified repository.

POST /api/v1/repository/{repository}/exportlogs

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Query parameters
Type Name Description Schema

query

endtime
optional

Latest time for logs. Format: "%m/%d/%Y" in UTC.

string

query

starttime
optional

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

string

Request body schema (application/json)

Configuration for an export logs operation

Name Description Schema

callback_url
optional

The callback URL to invoke with a link to the exported logs

string

callback_email
optional

The e-mail address at which to e-mail a link to the exported logs

string

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

listRepoLogs

List the logs for the specified repository.

GET /api/v1/repository/{repository}/logs

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Query parameters
Type Name Description Schema

query

next_page
optional

The page token for the next page

string

query

endtime
optional

Latest time for logs. Format: "%m/%d/%Y" in UTC.

string

query

starttime
optional

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

manifest

Manage the manifests of a repository.

getManifestLabel

Retrieves the label with the specific ID under the manifest.

GET /api/v1/repository/{repository}/manifest/{manifestref}/labels/{labelid}

Authorizations: oauth2_implicit (repo:read)

Path parameters
Type Name Description Schema

path

manifestref
required

The digest of the manifest

string

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

labelid
required

The ID of the label

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteManifestLabel

Deletes an existing label from a manifest.

DELETE /api/v1/repository/{repository}/manifest/{manifestref}/labels/{labelid}

Authorizations: oauth2_implicit (repo:write)

Path parameters
Type Name Description Schema

path

manifestref
required

The digest of the manifest

string

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

labelid
required

The ID of the label

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

listManifestLabels

GET /api/v1/repository/{repository}/manifest/{manifestref}/labels

Authorizations: oauth2_implicit (repo:read)

Path parameters
Type Name Description Schema

path

manifestref
required

The digest of the manifest

string

path

repository
required

The full path of the repository. e.g. namespace/name

string

Query parameters
Type Name Description Schema

query

filter
optional

If specified, only labels matching the given prefix will be returned

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

addManifestLabel

Adds a new label into the tag manifest.

POST /api/v1/repository/{repository}/manifest/{manifestref}/labels

Authorizations: oauth2_implicit (repo:write)

Path parameters
Type Name Description Schema

path

manifestref
required

The digest of the manifest

string

path

repository
required

The full path of the repository. e.g. namespace/name

string

Request body schema (application/json)

Adds a label to a manifest

Name Description Schema

key
optional

The key for the label

string

value
optional

The value for the label

string

media_type
optional

The media type for this label

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getRepoManifest

GET /api/v1/repository/{repository}/manifest/{manifestref}

Authorizations: oauth2_implicit (repo:read)

Path parameters
Type Name Description Schema

path

manifestref
required

The digest of the manifest

string

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

mirror

syncCancel

Update the sync_status for a given Repository’s mirroring configuration.

POST /api/v1/repository/{repository}/mirror/sync-cancel

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

syncNow

Update the sync_status for a given Repository’s mirroring configuration.

POST /api/v1/repository/{repository}/mirror/sync-now

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getRepoMirrorConfig

Return the Mirror configuration for a given Repository.

GET /api/v1/repository/{repository}/mirror

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

createRepoMirrorConfig

Create a RepoMirrorConfig for a given Repository.

POST /api/v1/repository/{repository}/mirror

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Request body schema (application/json)

Create the repository mirroring configuration.

Name Description Schema

is_enabled
optional

Used to enable or disable synchronizations.

boolean

external_reference
optional

Location of the external repository.

string

external_registry_username
optional

Username used to authenticate with external registry.

external_registry_password
optional

Password used to authenticate with external registry.

sync_start_date
optional

Determines the next time this repository is ready for synchronization.

string

sync_interval
optional

Number of seconds after next_start_date to begin synchronizing.

integer

robot_username
optional

Username of robot which will be used for image pushes.

string

root_rule
optional

A list of glob-patterns used to determine which tags should be synchronized.

object

external_registry_config
optional

object

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

changeRepoMirrorConfig

Allow users to modifying the repository’s mirroring configuration.

PUT /api/v1/repository/{repository}/mirror

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Request body schema (application/json)

Update the repository mirroring configuration.

Name Description Schema

is_enabled
optional

Used to enable or disable synchronizations.

boolean

external_reference
optional

Location of the external repository.

string

external_registry_username
optional

Username used to authenticate with external registry.

external_registry_password
optional

Password used to authenticate with external registry.

sync_start_date
optional

Determines the next time this repository is ready for synchronization.

string

sync_interval
optional

Number of seconds after next_start_date to begin synchronizing.

integer

robot_username
optional

Username of robot which will be used for image pushes.

string

root_rule
optional

A list of glob-patterns used to determine which tags should be synchronized.

object

external_registry_config
optional

object

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

namespacequota

listUserQuota

GET /api/v1/user/quota

Authorizations: oauth2_implicit (user:admin)

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getOrganizationQuotaLimit

GET /api/v1/organization/{orgname}/quota/{quota_id}/limit/{limit_id}

Authorizations: 

Path parameters
Type Name Description Schema

path

quota_id
required

string

path

limit_id
required

string

path

orgname
required

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

changeOrganizationQuotaLimit

PUT /api/v1/organization/{orgname}/quota/{quota_id}/limit/{limit_id}

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

quota_id
required

string

path

limit_id
required

string

path

orgname
required

string

Request body schema (application/json)

Description of changing organization quota limit

Name Description Schema

type
optional

Type of quota limit: "Warning" or "Reject"

string

threshold_percent
optional

Quota threshold, in percent of quota

integer

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteOrganizationQuotaLimit

DELETE /api/v1/organization/{orgname}/quota/{quota_id}/limit/{limit_id}

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

quota_id
required

string

path

limit_id
required

string

path

orgname
required

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

listOrganizationQuotaLimit

GET /api/v1/organization/{orgname}/quota/{quota_id}/limit

Authorizations: 

Path parameters
Type Name Description Schema

path

quota_id
required

string

path

orgname
required

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

createOrganizationQuotaLimit

POST /api/v1/organization/{orgname}/quota/{quota_id}/limit

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

quota_id
required

string

path

orgname
required

string

Request body schema (application/json)

Description of a new organization quota limit

Name Description Schema

type
optional

Type of quota limit: "Warning" or "Reject"

string

threshold_percent
optional

Quota threshold, in percent of quota

integer

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getUserQuotaLimit

GET /api/v1/user/quota/{quota_id}/limit/{limit_id}

Authorizations: oauth2_implicit (user:admin)

Path parameters
Type Name Description Schema

path

quota_id
required

string

path

limit_id
required

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

listUserQuotaLimit

GET /api/v1/user/quota/{quota_id}/limit

Authorizations: oauth2_implicit (user:admin)

Path parameters
Type Name Description Schema

path

quota_id
required

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getOrganizationQuota

GET /api/v1/organization/{orgname}/quota/{quota_id}

Authorizations: 

Path parameters
Type Name Description Schema

path

quota_id
required

string

path

orgname
required

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

changeOrganizationQuota

PUT /api/v1/organization/{orgname}/quota/{quota_id}

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

quota_id
required

string

path

orgname
required

string

Request body schema (application/json)

Description of a new organization quota

Name Description Schema

limit_bytes
optional

Number of bytes the organization is allowed

integer

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteOrganizationQuota

DELETE /api/v1/organization/{orgname}/quota/{quota_id}

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

quota_id
required

string

path

orgname
required

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

listOrganizationQuota

GET /api/v1/organization/{orgname}/quota

Authorizations: 

Path parameters
Type Name Description Schema

path

orgname
required

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

createOrganizationQuota

Create a new organization quota.

POST /api/v1/organization/{orgname}/quota

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

orgname
required

string

Request body schema (application/json)

Description of a new organization quota

Name Description Schema

limit_bytes
optional

Number of bytes the organization is allowed

integer

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getUserQuota

GET /api/v1/user/quota/{quota_id}

Authorizations: oauth2_implicit (user:admin)

Path parameters
Type Name Description Schema

path

quota_id
required

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

organization

Manage organizations, members and OAuth applications.

createOrganization

Create a new organization.

POST /api/v1/organization/

Authorizations: oauth2_implicit (user:admin)

Request body schema (application/json)

Description of a new organization.

Name Description Schema

name
optional

Organization username

string

email
optional

Organization contact email

string

recaptcha_response
optional

The (may be disabled) recaptcha response code for verification

string

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

validateProxyCacheConfig

POST /api/v1/organization/{orgname}/validateproxycache

Authorizations: 

Path parameters
Type Name Description Schema

path

orgname
required

string

Request body schema (application/json)

Proxy cache configuration for an organization

Name Description Schema

upstream_registry
optional

Name of the upstream registry that is to be cached

string

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getOrganizationCollaborators

List outside collaborators of the specified organization.

GET /api/v1/organization/{orgname}/collaborators

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

orgname
required

The name of the organization

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getOrganizationApplication

Retrieves the application with the specified client_id under the specified organization.

GET /api/v1/organization/{orgname}/applications/{client_id}

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

client_id
required

The OAuth client ID

string

path

orgname
required

The name of the organization

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

updateOrganizationApplication

Updates an application under this organization.

PUT /api/v1/organization/{orgname}/applications/{client_id}

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

client_id
required

The OAuth client ID

string

path

orgname
required

The name of the organization

string

Request body schema (application/json)

Description of an updated application.

Name Description Schema

name
optional

The name of the application

string

redirect_uri
optional

The URI for the application’s OAuth redirect

string

application_uri
optional

The URI for the application’s homepage

string

description
optional

The human-readable description for the application

string

avatar_email
optional

The e-mail address of the avatar to use for the application

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteOrganizationApplication

Deletes the application under this organization.

DELETE /api/v1/organization/{orgname}/applications/{client_id}

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

client_id
required

The OAuth client ID

string

path

orgname
required

The name of the organization

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getOrganizationApplications

List the applications for the specified organization.

GET /api/v1/organization/{orgname}/applications

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

orgname
required

The name of the organization

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

createOrganizationApplication

Creates a new application under this organization.

POST /api/v1/organization/{orgname}/applications

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

orgname
required

The name of the organization

string

Request body schema (application/json)

Description of a new organization application.

Name Description Schema

name
optional

The name of the application

string

redirect_uri
optional

The URI for the application’s OAuth redirect

string

application_uri
optional

The URI for the application’s homepage

string

description
optional

The human-readable description for the application

string

avatar_email
optional

The e-mail address of the avatar to use for the application

string

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getProxyCacheConfig

Retrieves the proxy cache configuration of the organization.

GET /api/v1/organization/{orgname}/proxycache

Authorizations: 

Path parameters
Type Name Description Schema

path

orgname
required

The name of the organization

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

createProxyCacheConfig

Creates proxy cache configuration for the organization.

POST /api/v1/organization/{orgname}/proxycache

Authorizations: 

Path parameters
Type Name Description Schema

path

orgname
required

The name of the organization

string

Request body schema (application/json)

Proxy cache configuration for an organization

Name Description Schema

upstream_registry
optional

Name of the upstream registry that is to be cached

string

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteProxyCacheConfig

Delete proxy cache configuration for the organization.

DELETE /api/v1/organization/{orgname}/proxycache

Authorizations: 

Path parameters
Type Name Description Schema

path

orgname
required

The name of the organization

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getOrganizationMember

Retrieves the details of a member of the organization.

GET /api/v1/organization/{orgname}/members/{membername}

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

membername
required

The username of the organization member

string

path

orgname
required

The name of the organization

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

removeOrganizationMember

Removes a member from an organization, revoking all its repository priviledges and removing it from all teams in the organization.

DELETE /api/v1/organization/{orgname}/members/{membername}

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

membername
required

The username of the organization member

string

path

orgname
required

The name of the organization

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getOrganizationMembers

List the human members of the specified organization.

GET /api/v1/organization/{orgname}/members

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

orgname
required

The name of the organization

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getOrganization

Get the details for the specified organization.

GET /api/v1/organization/{orgname}

Authorizations: 

Path parameters
Type Name Description Schema

path

orgname
required

The name of the organization

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

changeOrganizationDetails

Change the details for the specified organization.

PUT /api/v1/organization/{orgname}

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

orgname
required

The name of the organization

string

Request body schema (application/json)

Description of updates for an existing organization

Name Description Schema

email
optional

Organization contact email

string

invoice_email
optional

Whether the organization desires to receive emails for invoices

boolean

invoice_email_address
optional

The email address at which to receive invoices

tag_expiration_s
optional

The number of seconds for tag expiration

integer

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteAdminedOrganization

Deletes the specified organization.

DELETE /api/v1/organization/{orgname}

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

orgname
required

The name of the organization

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getApplicationInformation

Get information on the specified application.

GET /api/v1/app/{client_id}

Authorizations: 

Path parameters
Type Name Description Schema

path

client_id
required

The OAuth client ID

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

permission

Manage repository permissions.

getUserTransitivePermission

Get the fetch the permission for the specified user.

GET /api/v1/repository/{repository}/permissions/user/{username}/transitive

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

username
required

The username of the user to which the permissions apply

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getUserPermissions

Get the permission for the specified user.

GET /api/v1/repository/{repository}/permissions/user/{username}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

username
required

The username of the user to which the permission applies

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

changeUserPermissions

Update the perimssions for an existing repository.

PUT /api/v1/repository/{repository}/permissions/user/{username}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

username
required

The username of the user to which the permission applies

string

Request body schema (application/json)

Description of a user permission.

Name Description Schema

role
optional

Role to use for the user

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteUserPermissions

Delete the permission for the user.

DELETE /api/v1/repository/{repository}/permissions/user/{username}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

username
required

The username of the user to which the permission applies

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getTeamPermissions

Fetch the permission for the specified team.

GET /api/v1/repository/{repository}/permissions/team/{teamname}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

teamname
required

The name of the team to which the permission applies

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

changeTeamPermissions

Update the existing team permission.

PUT /api/v1/repository/{repository}/permissions/team/{teamname}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

teamname
required

The name of the team to which the permission applies

string

Request body schema (application/json)

Description of a team permission.

Name Description Schema

role
optional

Role to use for the team

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteTeamPermissions

Delete the permission for the specified team.

DELETE /api/v1/repository/{repository}/permissions/team/{teamname}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

teamname
required

The name of the team to which the permission applies

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

listRepoTeamPermissions

List all team permission.

GET /api/v1/repository/{repository}/permissions/team/

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

listRepoUserPermissions

List all user permissions.

GET /api/v1/repository/{repository}/permissions/user/

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

prototype

Manage default permissions added to repositories.

updateOrganizationPrototypePermission

Update the role of an existing permission prototype.

PUT /api/v1/organization/{orgname}/prototypes/{prototypeid}

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

prototypeid
required

The ID of the prototype

string

path

orgname
required

The name of the organization

string

Request body schema (application/json)

Description of a the new prototype role

Name Description Schema

role
optional

Role that should be applied to the permission

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteOrganizationPrototypePermission

Delete an existing permission prototype.

DELETE /api/v1/organization/{orgname}/prototypes/{prototypeid}

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

prototypeid
required

The ID of the prototype

string

path

orgname
required

The name of the organization

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getOrganizationPrototypePermissions

List the existing prototypes for this organization.

GET /api/v1/organization/{orgname}/prototypes

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

orgname
required

The name of the organization

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

createOrganizationPrototypePermission

Create a new permission prototype.

POST /api/v1/organization/{orgname}/prototypes

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

orgname
required

The name of the organization

string

Request body schema (application/json)

Description of a new prototype

Name Description Schema

role
optional

Role that should be applied to the delegate

string

activating_user
optional

Repository creating user to whom the rule should apply

object

delegate
optional

Information about the user or team to which the rule grants access

object

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

repository

List, create and manage repositories.

listRepos

Fetch the list of repositories visible to the current user under a variety of situations.

GET /api/v1/repository

Authorizations: oauth2_implicit (repo:read)

Query parameters
Type Name Description Schema

query

next_page
optional

The page token for the next page

string

query

repo_kind
optional

The kind of repositories to return

string

query

popularity
optional

Whether to include the repository’s popularity metric.

boolean

query

last_modified
optional

Whether to include when the repository was last modified.

boolean

query

public
optional

Adds any repositories visible to the user by virtue of being public

boolean

query

starred
optional

Filters the repositories returned to those starred by the user

boolean

query

namespace
optional

Filters the repositories returned to this namespace

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

createRepo

Create a new repository.

POST /api/v1/repository

Authorizations: oauth2_implicit (repo:create)

Request body schema (application/json)

Description of a new repository

Name Description Schema

repository
optional

Repository name

string

visibility
optional

Visibility which the repository will start with

string

namespace
optional

Namespace in which the repository should be created. If omitted, the username of the caller is used

string

description
optional

Markdown encoded description for the repository

string

repo_kind
optional

The kind of repository

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

changeRepoVisibility

Change the visibility of a repository.

POST /api/v1/repository/{repository}/changevisibility

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Request body schema (application/json)

Change the visibility for the repository.

Name Description Schema

visibility
optional

Visibility which the repository will start with

string

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

changeRepoState

Change the state of a repository.

PUT /api/v1/repository/{repository}/changestate

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Request body schema (application/json)

Change the state of the repository.

Name Description Schema

state
optional

Determines whether pushes are allowed.

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getRepo

Fetch the specified repository.

GET /api/v1/repository/{repository}

Authorizations: oauth2_implicit (repo:read)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Query parameters
Type Name Description Schema

query

includeTags
optional

Whether to include repository tags

boolean

query

includeStats
optional

Whether to include action statistics

boolean

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

updateRepo

Update the description in the specified repository.

PUT /api/v1/repository/{repository}

Authorizations: oauth2_implicit (repo:write)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Request body schema (application/json)

Fields which can be updated in a repository.

Name Description Schema

description
optional

Markdown encoded description for the repository

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteRepository

Delete a repository.

DELETE /api/v1/repository/{repository}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

repositorynotification

List, create and manage repository events/notifications.

testRepoNotification

Queues a test notification for this repository.

POST /api/v1/repository/{repository}/notification/{uuid}/test

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

uuid
required

The UUID of the notification

string

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getRepoNotification

Get information for the specified notification.

GET /api/v1/repository/{repository}/notification/{uuid}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

uuid
required

The UUID of the notification

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

resetRepositoryNotificationFailures

Resets repository notification to 0 failures.

POST /api/v1/repository/{repository}/notification/{uuid}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

uuid
required

The UUID of the notification

string

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteRepoNotification

Deletes the specified notification.

DELETE /api/v1/repository/{repository}/notification/{uuid}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

uuid
required

The UUID of the notification

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

listRepoNotifications

List the notifications for the specified repository.

GET /api/v1/repository/{repository}/notification/

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

createRepoNotification

POST /api/v1/repository/{repository}/notification/

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Request body schema (application/json)

Information for creating a notification on a repository

Name Description Schema

event
optional

The event on which the notification will respond

string

method
optional

The method of notification (such as email or web callback)

string

config
optional

JSON config information for the specific method of notification

object

eventConfig
optional

JSON config information for the specific event of notification

object

title
optional

The human-readable title of the notification

string

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

repotoken

Manage repository access tokens (DEPRECATED).

getTokens

Fetch the specified repository token information.

GET /api/v1/repository/{repository}/tokens/{code}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

code
required

The token code

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

changeToken

Update the permissions for the specified repository token.

PUT /api/v1/repository/{repository}/tokens/{code}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

code
required

The token code

string

Request body schema (application/json)

Description of a token permission

Name Description Schema

role
optional

Role to use for the token

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteToken

Delete the repository token.

DELETE /api/v1/repository/{repository}/tokens/{code}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

code
required

The token code

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

listRepoTokens

List the tokens for the specified repository.

GET /api/v1/repository/{repository}/tokens/

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

createToken

Create a new repository token.

POST /api/v1/repository/{repository}/tokens/

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Request body schema (application/json)

Description of a new token.

Name Description Schema

friendlyName
optional

Friendly name to help identify the token

string

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

robot

Manage user and organization robot accounts.

getUserRobots

List the available robots for the user.

GET /api/v1/user/robots

Authorizations: oauth2_implicit (user:admin)

Query parameters
Type Name Description Schema

query

limit
optional

If specified, the number of robots to return.

integer

query

token
optional

If false, the robot’s token is not returned.

boolean

query

permissions
optional

Whether to include repositories and teams in which the robots have permission.

boolean

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getOrgRobotPermissions

Returns the list of repository permissions for the org’s robot.

GET /api/v1/organization/{orgname}/robots/{robot_shortname}/permissions

Authorizations: oauth2_implicit (user:admin)

Path parameters
Type Name Description Schema

path

robot_shortname
required

The short name for the robot, without any user or organization prefix

string

path

orgname
required

The name of the organization

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

regenerateOrgRobotToken

Regenerates the token for an organization robot.

POST /api/v1/organization/{orgname}/robots/{robot_shortname}/regenerate

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

robot_shortname
required

The short name for the robot, without any user or organization prefix

string

path

orgname
required

The name of the organization

string

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getUserRobotPermissions

Returns the list of repository permissions for the user’s robot.

GET /api/v1/user/robots/{robot_shortname}/permissions

Authorizations: oauth2_implicit (user:admin)

Path parameters
Type Name Description Schema

path

robot_shortname
required

The short name for the robot, without any user or organization prefix

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

regenerateUserRobotToken

Regenerates the token for a user’s robot.

POST /api/v1/user/robots/{robot_shortname}/regenerate

Authorizations: oauth2_implicit (user:admin)

Path parameters
Type Name Description Schema

path

robot_shortname
required

The short name for the robot, without any user or organization prefix

string

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getOrgRobot

Returns the organization’s robot with the specified name.

GET /api/v1/organization/{orgname}/robots/{robot_shortname}

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

robot_shortname
required

The short name for the robot, without any user or organization prefix

string

path

orgname
required

The name of the organization

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

createOrgRobot

Create a new robot in the organization.

PUT /api/v1/organization/{orgname}/robots/{robot_shortname}

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

robot_shortname
required

The short name for the robot, without any user or organization prefix

string

path

orgname
required

The name of the organization

string

Request body schema (application/json)

Optional data for creating a robot

Name Description Schema

description
optional

Optional text description for the robot

string

unstructured_metadata
optional

Optional unstructured metadata for the robot

object

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteOrgRobot

Delete an existing organization robot.

DELETE /api/v1/organization/{orgname}/robots/{robot_shortname}

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

robot_shortname
required

The short name for the robot, without any user or organization prefix

string

path

orgname
required

The name of the organization

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getOrgRobots

List the organization’s robots.

GET /api/v1/organization/{orgname}/robots

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

orgname
required

The name of the organization

string

Query parameters
Type Name Description Schema

query

limit
optional

If specified, the number of robots to return.

integer

query

token
optional

If false, the robot’s token is not returned.

boolean

query

permissions
optional

Whether to include repostories and teams in which the robots have permission.

boolean

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getUserRobot

Returns the user’s robot with the specified name.

GET /api/v1/user/robots/{robot_shortname}

Authorizations: oauth2_implicit (user:admin)

Path parameters
Type Name Description Schema

path

robot_shortname
required

The short name for the robot, without any user or organization prefix

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

createUserRobot

Create a new user robot with the specified name.

PUT /api/v1/user/robots/{robot_shortname}

Authorizations: oauth2_implicit (user:admin)

Path parameters
Type Name Description Schema

path

robot_shortname
required

The short name for the robot, without any user or organization prefix

string

Request body schema (application/json)

Optional data for creating a robot

Name Description Schema

description
optional

Optional text description for the robot

string

unstructured_metadata
optional

Optional unstructured metadata for the robot

object

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteUserRobot

Delete an existing robot.

DELETE /api/v1/user/robots/{robot_shortname}

Authorizations: oauth2_implicit (user:admin)

Path parameters
Type Name Description Schema

path

robot_shortname
required

The short name for the robot, without any user or organization prefix

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

Conduct searches against all registry context.

conductRepoSearch

Get a list of apps and repositories that match the specified query.

GET /api/v1/find/repositories

Authorizations: 

Query parameters
Type Name Description Schema

query

includeUsage
optional

Whether to include usage metadata

boolean

query

page
optional

The page.

integer

query

query
optional

The search query.

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

conductSearch

Get a list of entities and resources that match the specified query.

GET /api/v1/find/all

Authorizations: oauth2_implicit (repo:read)

Query parameters
Type Name Description Schema

query

query
optional

The search query.

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getMatchingEntities

Get a list of entities that match the specified prefix.

GET /api/v1/entities/{prefix}

Authorizations: 

Path parameters
Type Name Description Schema

path

prefix
required

string

Query parameters
Type Name Description Schema

query

includeOrgs
optional

Whether to include orgs names.

boolean

query

includeTeams
optional

Whether to include team names.

boolean

query

namespace
optional

Namespace to use when querying for org entities.

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

secscan

List and manage repository vulnerabilities and other security information.

getRepoManifestSecurity

GET /api/v1/repository/{repository}/manifest/{manifestref}/security

Authorizations: oauth2_implicit (repo:read)

Path parameters
Type Name Description Schema

path

manifestref
required

The digest of the manifest

string

path

repository
required

The full path of the repository. e.g. namespace/name

string

Query parameters
Type Name Description Schema

query

vulnerabilities
optional

Include vulnerabilities informations

boolean

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

superuser

Superuser API.

listAllUsers

Returns a list of all users in the system.

GET /api/v1/superuser/users/

Authorizations: oauth2_implicit (super:user)

Query parameters
Type Name Description Schema

query

disabled
optional

If false, only enabled users will be returned.

boolean

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

createInstallUser

Creates a new user.

POST /api/v1/superuser/users/

Authorizations: oauth2_implicit (super:user)

Request body schema (application/json)

Data for creating a user

Name Description Schema

username
optional

The username of the user being created

string

email
optional

The email address of the user being created

string

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

listAllLogs

List the usage logs for the current system.

GET /api/v1/superuser/logs

Authorizations: oauth2_implicit (super:user)

Query parameters
Type Name Description Schema

query

next_page
optional

The page token for the next page

string

query

page
optional

The page number for the logs

integer

query

endtime
optional

Latest time to which to get logs (%m/%d/%Y %Z)

string

query

starttime
optional

Earliest time from which to get logs (%m/%d/%Y %Z)

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

listServiceKeys

GET /api/v1/superuser/keys

Authorizations: oauth2_implicit (super:user)

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

createServiceKey

POST /api/v1/superuser/keys

Authorizations: oauth2_implicit (super:user)

Request body schema (application/json)

Description of creation of a service key

Name Description Schema

service
optional

The service authenticating with this key

string

name
optional

The friendly name of a service key

string

metadata
optional

The key/value pairs of this key’s metadata

object

notes
optional

If specified, the extra notes for the key

string

expiration
optional

The expiration date as a unix timestamp

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

changeUserQuotaSuperUser

PUT /api/v1/superuser/organization/{namespace}/quota/{quota_id}

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

namespace
required

string

path

quota_id
required

string

Request body schema (application/json)

Description of a new organization quota

Name Description Schema

limit_bytes
optional

Number of bytes the organization is allowed

integer

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteUserQuotaSuperUser

DELETE /api/v1/superuser/organization/{namespace}/quota/{quota_id}

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

namespace
required

string

path

quota_id
required

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

listUserQuotaSuperUser

GET /api/v1/superuser/organization/{namespace}/quota

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

namespace
required

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

createUserQuotaSuperUser

POST /api/v1/superuser/organization/{namespace}/quota

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

namespace
required

string

Request body schema (application/json)

Description of a new organization quota

Name Description Schema

limit_bytes
optional

Number of bytes the organization is allowed

integer

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

changeOrganizationQuotaSuperUser

PUT /api/v1/superuser/users/{namespace}/quota/{quota_id}

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

namespace
required

string

path

quota_id
required

string

Request body schema (application/json)

Description of a new organization quota

Name Description Schema

limit_bytes
optional

Number of bytes the organization is allowed

integer

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteOrganizationQuotaSuperUser

DELETE /api/v1/superuser/users/{namespace}/quota/{quota_id}

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

namespace
required

string

path

quota_id
required

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

listOrganizationQuotaSuperUser

GET /api/v1/superuser/users/{namespace}/quota

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

namespace
required

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

createOrganizationQuotaSuperUser

POST /api/v1/superuser/users/{namespace}/quota

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

namespace
required

string

Request body schema (application/json)

Description of a new organization quota

Name Description Schema

limit_bytes
optional

Number of bytes the organization is allowed

integer

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

changeOrganization

Updates information about the specified user.

PUT /api/v1/superuser/organizations/{name}

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

name
required

The name of the organizaton being managed

string

Request body schema (application/json)

Description of updates for an existing organization

Name Description Schema

email
optional

Organization contact email

string

invoice_email
optional

Whether the organization desires to receive emails for invoices

boolean

invoice_email_address
optional

The email address at which to receive invoices

tag_expiration_s
optional

The number of seconds for tag expiration

integer

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteOrganization

Deletes the specified organization.

DELETE /api/v1/superuser/organizations/{name}

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

name
required

The name of the organizaton being managed

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

approveServiceKey

POST /api/v1/superuser/approvedkeys/{kid}

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

kid
required

The unique identifier for a service key

string

Request body schema (application/json)

Information for approving service keys

Name Description Schema

notes
optional

Optional approval notes

string

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getServiceKey

GET /api/v1/superuser/keys/{kid}

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

kid
required

The unique identifier for a service key

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

updateServiceKey

PUT /api/v1/superuser/keys/{kid}

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

kid
required

The unique identifier for a service key

string

Request body schema (application/json)

Description of updates for a service key

Name Description Schema

name
optional

The friendly name of a service key

string

metadata
optional

The key/value pairs of this key’s metadata

object

expiration
optional

The expiration date as a unix timestamp

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteServiceKey

DELETE /api/v1/superuser/keys/{kid}

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

kid
required

The unique identifier for a service key

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getRepoBuildStatusSuperUser

Return the status for the builds specified by the build uuids.

GET /api/v1/superuser/{build_uuid}/status

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

build_uuid
required

The UUID of the build

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getRepoBuildSuperUser

Returns information about a build.

GET /api/v1/superuser/{build_uuid}/build

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

build_uuid
required

The UUID of the build

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getRepoBuildLogsSuperUser

Return the build logs for the build specified by the build uuid.

GET /api/v1/superuser/{build_uuid}/logs

Authorizations: oauth2_implicit (super:user)

Path parameters
Type Name Description Schema

path

build_uuid
required

The UUID of the build

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

tag

Manage the tags of a repository.

restoreTag

Restores a repository tag back to a previous image in the repository.

POST /api/v1/repository/{repository}/tag/{tag}/restore

Authorizations: oauth2_implicit (repo:write)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

tag
required

The name of the tag

string

Request body schema (application/json)

Restores a tag to a specific image

Name Description Schema

manifest_digest
optional

If specified, the manifest digest that should be used

string

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

changeTag

Change which image a tag points to or create a new tag.

PUT /api/v1/repository/{repository}/tag/{tag}

Authorizations: oauth2_implicit (repo:write)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

tag
required

The name of the tag

string

Request body schema (application/json)

Makes changes to a specific tag

Name Description Schema

manifest_digest
optional

(If specified) The manifest digest to which the tag should point

expiration
optional

(If specified) The expiration for the image

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteFullTag

Delete the specified repository tag.

DELETE /api/v1/repository/{repository}/tag/{tag}

Authorizations: oauth2_implicit (repo:write)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

tag
required

The name of the tag

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

listRepoTags

GET /api/v1/repository/{repository}/tag/

Authorizations: oauth2_implicit (repo:read)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Query parameters
Type Name Description Schema

query

onlyActiveTags
optional

Filter to only active tags.

boolean

query

page
optional

Page index for the results. Default 1.

integer

query

limit
optional

Limit to the number of results to return per page. Max 100.

integer

query

specificTag
optional

Filters the tags to the specific tag.

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

team

Create, list and manage an organization’s teams.

getOrganizationTeamPermissions

Returns the list of repository permissions for the org’s team.

GET /api/v1/organization/{orgname}/team/{teamname}/permissions

Authorizations: 

Path parameters
Type Name Description Schema

path

teamname
required

The name of the team

string

path

orgname
required

The name of the organization

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

updateOrganizationTeamMember

Adds or invites a member to an existing team.

PUT /api/v1/organization/{orgname}/team/{teamname}/members/{membername}

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

teamname
required

The name of the team

string

path

membername
required

The username of the team member

string

path

orgname
required

The name of the organization

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteOrganizationTeamMember

Delete a member of a team.

If the user is merely invited to join the team, then the invite is removed instead.
DELETE /api/v1/organization/{orgname}/team/{teamname}/members/{membername}

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

teamname
required

The name of the team

string

path

membername
required

The username of the team member

string

path

orgname
required

The name of the organization

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getOrganizationTeamMembers

Retrieve the list of members for the specified team.

GET /api/v1/organization/{orgname}/team/{teamname}/members

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

teamname
required

The name of the team

string

path

orgname
required

The name of the organization

string

Query parameters
Type Name Description Schema

query

includePending
optional

Whether to include pending members

boolean

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

updateOrganizationTeam

Update the org-wide permission for the specified team.

PUT /api/v1/organization/{orgname}/team/{teamname}

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

teamname
required

The name of the team

string

path

orgname
required

The name of the organization

string

Request body schema (application/json)

Description of a team

Name Description Schema

role
optional

Org wide permissions that should apply to the team

string

description
optional

Markdown description for the team

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteOrganizationTeam

Delete the specified team.

DELETE /api/v1/organization/{orgname}/team/{teamname}

Authorizations: oauth2_implicit (org:admin)

Path parameters
Type Name Description Schema

path

teamname
required

The name of the team

string

path

orgname
required

The name of the organization

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

trigger

Create, list and manage build triggers.

activateBuildTrigger

Activate the specified build trigger.

POST /api/v1/repository/{repository}/trigger/{trigger_uuid}/activate

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

trigger_uuid
required

The UUID of the build trigger

string

Request body schema (application/json)
Name Description Schema

config
optional

Arbitrary json.

object

pull_robot
optional

The name of the robot that will be used to pull images.

string

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

listTriggerRecentBuilds

List the builds started by the specified trigger.

GET /api/v1/repository/{repository}/trigger/{trigger_uuid}/builds

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

trigger_uuid
required

The UUID of the build trigger

string

Query parameters
Type Name Description Schema

query

limit
optional

The maximum number of builds to return

integer

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

manuallyStartBuildTrigger

Manually start a build from the specified trigger.

POST /api/v1/repository/{repository}/trigger/{trigger_uuid}/start

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

trigger_uuid
required

The UUID of the build trigger

string

Request body schema (application/json)

Optional run parameters for activating the build trigger

Name Description Schema

branch_name
optional

(SCM only) If specified, the name of the branch to build.

string

commit_sha
optional

(Custom Only) If specified, the ref/SHA1 used to checkout a git repository.

string

refs
optional

(SCM Only) If specified, the ref to build.

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getBuildTrigger

Get information for the specified build trigger.

GET /api/v1/repository/{repository}/trigger/{trigger_uuid}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

trigger_uuid
required

The UUID of the build trigger

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

updateBuildTrigger

Updates the specified build trigger.

PUT /api/v1/repository/{repository}/trigger/{trigger_uuid}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

trigger_uuid
required

The UUID of the build trigger

string

Request body schema (application/json)

Options for updating a build trigger

Name Description Schema

enabled
optional

Whether the build trigger is enabled

boolean

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteBuildTrigger

Delete the specified build trigger.

DELETE /api/v1/repository/{repository}/trigger/{trigger_uuid}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

trigger_uuid
required

The UUID of the build trigger

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

listBuildTriggers

List the triggers for the specified repository.

GET /api/v1/repository/{repository}/trigger/

Authorizations: oauth2_implicit (repo:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

user

Manage the current user.

listStarredRepos

List all starred repositories.

GET /api/v1/user/starred

Authorizations: oauth2_implicit (user:admin)

Query parameters
Type Name Description Schema

query

next_page
optional

The page token for the next page

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

createStar

Star a repository.

POST /api/v1/user/starred

Authorizations: oauth2_implicit (repo:read)

Request body schema (application/json)
Name Description Schema

namespace
optional

Namespace in which the repository belongs

string

repository
optional

Repository name

string

Responses
HTTP Code Description Schema

201

Successful creation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getLoggedInUser

Get user information for the authenticated user.

GET /api/v1/user/

Authorizations: oauth2_implicit (user:read)

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

deleteStar

Removes a star from a repository.

DELETE /api/v1/user/starred/{repository}

Authorizations: oauth2_implicit (user:admin)

Path parameters
Type Name Description Schema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP Code Description Schema

204

Deleted

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

getUserInformation

Get user information for the specified user.

GET /api/v1/users/{username}

Authorizations: 

Path parameters
Type Name Description Schema

path

username
required

string

Responses
HTTP Code Description Schema

200

Successful invocation

400

Bad Request

401

Session required

403

Unauthorized access

404

Not found

Definitions

ApiError

Name Description Schema

status
optional

Status code of the response.

integer

type
optional

Reference to the type of the error.

string

detail
optional

Details about the specific instance of the error.

string

title
optional

Unique error code to identify the type of error.

string

error_message
optional

Deprecated; alias for detail

string

error_type
optional

Deprecated; alias for detail

string

UserView

Name Description Schema

verified
optional

Whether the user’s email address has been verified

boolean

anonymous
optional

true if this user data represents a guest user

boolean

email
optional

The user’s email address

string

avatar
optional

Avatar data representing the user’s icon

object

organizations
optional

Information about the organizations in which the user is a member

array of object

logins
optional

The list of external login providers against which the user has authenticated

array of object

can_create_repo
optional

Whether the user has permission to create repositories

boolean

preferred_namespace
optional

If true, the user’s namespace is the preferred namespace to display

boolean

ViewMirrorConfig

Name Description Schema

is_enabled
optional

Used to enable or disable synchronizations.

boolean

external_reference
optional

Location of the external repository.

string

external_registry_username
optional

Username used to authenticate with external registry.

external_registry_password
optional

Password used to authenticate with external registry.

sync_start_date
optional

Determines the next time this repository is ready for synchronization.

string

sync_interval
optional

Number of seconds after next_start_date to begin synchronizing.

integer

robot_username
optional

Username of robot which will be used for image pushes.

string

root_rule
optional

A list of glob-patterns used to determine which tags should be synchronized.

object

external_registry_config
optional

object

ApiErrorDescription

Name Description Schema

type
optional

A reference to the error type resource

string

title
optional

The title of the error. Can be used to uniquely identify the kind of error.

string

description
optional

A more detailed description of the error that may include help for fixing the issue.

string

API configuration examples

external_registry_config object reference
{
        "is_enabled": True,
        "external_reference": "quay.io/redhat/quay",
        "sync_interval": 5000,
        "sync_start_date": datetime(2020, 0o1, 0o2, 6, 30, 0),
        "external_registry_username": "fakeUsername",
        "external_registry_password": "fakePassword",
        "external_registry_config": {
            "verify_tls": True,
            "unsigned_images": False,
            "proxy": {
                "http_proxy": "http://insecure.proxy.corp",
                "https_proxy": "https://secure.proxy.corp",
                "no_proxy": "mylocalhost",
            },
        },
    }
rule_rule object reference
    {
            "root_rule": {"rule_kind": "tag_glob_csv", "rule_value": ["latest", "foo", "bar"]},
        }