RepoForge.io REST API Documentation (3.30.0)

Download OpenAPI specification:Download

Introduction to the RepoForge.io REST API

Introduction

The RepoForge.io REST API provides you with a standardized interface that lets you programmatically modify permissions of, and delete packages supported by RepoForge.io. This API is NOT intended to be compatible with standard tooling libraries such as pip, npm, and the docker cli.

The REST API also allows you to create and manage non-package system resources, such as access tokens, roles and access logs.

Authentication

In order to use the RepoForge.io REST API, you must first generate an auth token via the RepoForge.io dashboard. You can authenticate your requests to the RepoForge.io REST API as shown below:

import requests
auth_token = '...' # generated from the RepoForge.io dashboard

session = requests.Session()
session.headers.update(Authorization=f'Bearer {auth_token}')

response = session.get("https://api.repoforge.io/rest/v1/access-logs")
assert response.status_code == 200

Access Logs

Access logs are generated whenever a user attempts to create, update or read a package, whether a Python package, Docker image or NPM project. This is a read-only endpoint - there is no way of creating, editing or deleting access log objects with the API.

List Access Logs

This endpoint lets you read your RepoForge.io Access Logs. You can optionally use query parameters to filter the logs

Example

# without filtering (get all logs)
response = session.get('https://api.repoforge.io/rest/v1/access-logs')
print(response.json())

# with filtering
from datetime import datetime, timedelta
query = {
    "limit": 1,
    "start_time": (datetime.now() - timedelta(hours=24)).isoformat(),
    "end_time": (datetime.now() - timedelta(hours=2)).isoformat(),
    "access_type": "Python",
    "package_name": "mypackage",
}
response = session.get(f"https://api.repoforge.io/rest/v1/access-logs?{urlencode(query)}")
query Parameters
Limit (integer) or Limit (null) (Limit)
Example: limit=1

Limit the number of responses

Start Time (string) or Start Time (null) (Start Time)
Examples: start_time=2024-11-22T14:00:21.270520

Filter for all events after this timestamp

End Time (string) or End Time (null) (End Time)
Examples: end_time=2024-11-22T14:00:21.270575

Filter for all events before this timestamp

AccessType (string) or Access Type (null) (Access Type)
Examples: access_type=Python

Filter for packages of a certain type

Package Name (string) or Package Name (null) (Package Name)
Examples: package_name=mypackage

Filter for packages with a specific name

header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Access Tokens

Access tokens allow programmatic access to RepoForge.io APIs and resources.

Create Access Token

The Access Token endpoint lets you create, read, rotate and delete RepoForge.io Access Tokens.

Important: For security reasons, the token attribute is only visible when you initially create a new access token, or when you rotate an existing one. Whenever you call a GET request on this endpoint, you'll see a value. You cannot rotate or delete the Access Token you are currently using to authenticate the REST API

Example

payload = dict(
    name="A new token",
    roles=["d8b787be-bd91-42a0-865c-df97d5b8e5ac"]
)
response = session.post('https://api.repoforge.io/rest/v1/access-tokens', json=payload)
print(response.json()["token"])
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Request Body schema: application/json
required
name
required
string (Name)

The user-readable name for this access token - this must be unique

roles
required
Array of strings <uuid> (Roles) [ items <uuid > ]

The UUIDs of roles that this access token may assume

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "roles": [
    ]
}

Response samples

Content type
application/json
{
  • "name": "string",
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "token": "string"
}

List Access Tokens

Returns a list of all RepoForge.io access tokens currently being managed by your organisation.

Example

response = session.get('https://api.repoforge.io/rest/v1/access-tokens')
print(response.json())
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Retrieve Access Token

Retrieves a single access token by its UUID

Example

response = session.get('https://api.repoforge.io/rest/v1/access-tokens/2211bded-b41b-4313-a96c-f955dd12aa8b')
print(response.json())
path Parameters
uuid
required
string <uuid> (Uuid)

The UUID of the token that you want to retrieve

header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Responses

Response samples

Content type
application/json
{
  • "name": "string",
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "roles": [
    ],
  • "token": "<MASKED>"
}

Delete Access Token

Finds an access token by its UUID and deletes it. The deleted token value will no longer be valid, and you will no longer be able to use it to authenticate.

You CANNOT delete the access token that you are currently using to authenticate the REST API

Example

token_uuid = "uuid-of-token"
response = session.delete(f"https://api.repoforge.io/rest/v1/access-tokens/{token_uuid}")
assert response.status_code == 200
path Parameters
uuid
required
string <uuid> (Uuid)

The UUID of the token that you want to rotate

header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Responses

Response samples

Content type
application/json
{
  • "ok": true
}

Rotate Access Token

Finds an access token by its UUID and rotates it. The old token value will no longer be valid, and you will no longer be able to use it to authenticate. The token roles will remain unchanged.

You CANNOT rotate the access token that you are currently using to authenticate the REST API

Example

token_uuid = "uuid-of-token"
response = session.patch(f"https://api.repoforge.io/rest/v1/access-tokens/{token_uuid}/rotate")
assert response.status_code == 200
new_token = response.json()["token"]
path Parameters
uuid
required
string <uuid> (Uuid)

The UUID of the token that you want to rotate

header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Responses

Response samples

Content type
application/json
{
  • "name": "string",
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "token": "string"
}

NPM Packages

These endpoints let you view, modify permissions or delete the NPM packages managed by your organisation

List NPM packages

This endpoint lists all NPM packages belonging to your organisation.

Example Usage

response = session.get("https://api.repoforge.io/rest/v1/npm")
assert response.status_code == 200
print(response.json())
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Retrieve NPM package

This endpoint retrieves a single NPM package by its registry name and package name.

Example Usage

response = session.get("https://api.repoforge.io/rest/v1/npm/@repoforge/my-package")
assert response.status_code == 200

print(response.json())
path Parameters
registry_name
required
string (Registry Name)
package_name
required
string (Package Name)
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Responses

Response samples

Content type
application/json
{
  • "hash_id": "string",
  • "sort_key": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "updated": "2019-08-24T14:15:22Z",
  • "public": false,
  • "permissions_mode": "DEFAULT",
  • "name": "string",
  • "registry_name": "string",
  • "package_name": "string"
}

Update NPM package

This endpoint lets you update the permissions of a single NPM package by its registry name and package name. You must supply either public (true|false) or permissions_mode (PACKAGE_LEVEL|DEFAULT) in the payload.

Packages marked as public can be installed/downloaded using the NPM client without providing any credentials.

Non-public packages that use the DEFAULT permissions mode can be installed by any authenticated user with the relevant role - e.g one with the permissions to Download NPM packages for your organisation.

Packages that use PACKAGE_LEVEL permissions can only be accessed by those authenticated users that have been explicitly assigned to the relevant roles created for that specific package.

Setting the permissions mode to PACKAGE_LEVEL will always cause the package to be non-public.

Example Usage

# making a package public
payload = dict(
    public=True
)
response = session.patch("https://api.repoforge.io/rest/v1/npm/@repoforge/npm-package", json=payload)
assert response.status_code == 200

assert response.json()['public'] == True

changing the permissions mode to package_level

payload = dict(
    permissions_mode="PACKAGE_LEVEL"
)
response = session.patch("https://api.repoforge.io/rest/v1/npm/@repoforge/npm-package", json=payload)
assert response.status_code == 200
path Parameters
registry_name
required
string (Registry Name)
package_name
required
string (Package Name)
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Request Body schema: application/json
required
Public (boolean) or Public (null) (Public)
PermissionsMode (string) or null

Responses

Request samples

Content type
application/json
{
  • "public": true,
  • "permissions_mode": "DEFAULT"
}

Response samples

Content type
application/json
{
  • "hash_id": "string",
  • "sort_key": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "updated": "2019-08-24T14:15:22Z",
  • "public": false,
  • "permissions_mode": "DEFAULT",
  • "name": "string",
  • "registry_name": "string",
  • "package_name": "string"
}

Delete NPM version

Deletes a NPM version by its registry name, package name and version number. If no other versions exist under the same parent NPM package, then the NPM package will be deleted, too.

Example

response = session.delete("https://api.repoforge.io/rest/v1/npm/@repoforge/mypackage/1.0.0")
assert response.status_code == 200
path Parameters
registry_name
required
string (Registry Name)
package_name
required
string (Package Name)
version_number
required
string (Version Number)
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Responses

Response samples

Content type
application/json
{
  • "ok": true
}

Python Packages

These endpoints let you view, modify permissions or delete the Python packages managed by your organisation.

List Python packages

Returns a list of all Python packages owned owned by your organisation.

Example Usage

response = session.get("https://api.repoforge.io/rest/v1/python")
assert response.status_code == 200
print(response.json())
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Retrieve Python package

Retrieves a single Python package by its name

Example Usage

response = session.get("https://api.repoforge.io/rest/v1/python/my-package")
assert response.status_code == 200
print(response.json())
path Parameters
package_name
required
string (Package Name)
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Responses

Response samples

Content type
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "updated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "latest_version": "string",
  • "total_file_size": 0,
  • "versions": [
    ],
  • "public": true,
  • "permissions_mode": "DEFAULT"
}

Update Python package

This endpoint lets you update the permissions of a single Python package by its package name. You must supply either public (true|false) or permissions_mode (PACKAGE_LEVEL|DEFAULT) in the payload.

Packages marked as public can be installed/downloaded using the NPM client without providing any credentials.

Non-public packages that use the DEFAULT permissions mode can be installed by any authenticated user with the relevant role - e.g one with the permissions to Download Python packages for your organisation.

Packages that use PACKAGE_LEVEL permissions can only be accessed by those authenticated users that have been explicitly assigned to the relevant roles created for that specific package.

Setting the permissions mode to PACKAGE_LEVEL will always cause the package to be non-public.

Example Usage

# Marking a package as public
payload = dict(
    public=True
)
response = session.patch("https://api.repoforge.io/rest/v1/python/my-package", json=payload)
assert response.status_code == 200

assert response.json()['public'] == True

# changing the permissions mode
payload = dict(
    permissions_mode="PACKAGE_LEVEL"
)
response = session.patch("https://api.repoforge.io/rest/v1/python/my-package", json=payload)
assert response.status_code == 200
path Parameters
package_name
required
string (Package Name)
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Request Body schema: application/json
required
Public (boolean) or Public (null) (Public)
PermissionsMode (string) or null

Responses

Request samples

Content type
application/json
{
  • "public": true,
  • "permissions_mode": "DEFAULT"
}

Response samples

Content type
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "updated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "latest_version": "string",
  • "total_file_size": 0,
  • "versions": [
    ],
  • "public": true,
  • "permissions_mode": "DEFAULT"
}

Delete Python version

Deletes a version from a Python package by the package name, file type and version. If this is the last remaining version of the parent package, then the parent package will also be deleted.

Example Usage

response = session.delete(
    "{host}/rest/v1/python/my-package/bdist_wheel/1.0.0/mypackage-3.7-py3-none-any.whl"
)
assert response.status_code == 200
path Parameters
package_name
required
string (Package Name)
file_type
required
string (File Type)
file_name
required
string (File Name)
version
required
string (Version)
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Responses

Response samples

Content type
application/json
{
  • "ok": true
}

Docker Registries

These endpoints let you view, modify permissions or delete the Docker registries managed by your organisation.

List Docker registries

Returns a list of all Docker registries managed by your organisation.

Example Usage

response = session.get("https://api.repoforge.io/rest/v1/docker")
assert response.status_code == 200
print(response.json())
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Retrieve Docker registry

Retrieves a single docker registry by its name

Example Usage

response = session.get("https://api.repoforge.io/rest/v1/docker/my-registry")
assert response.status_code == 200
print(response.json())
path Parameters
registry_name
required
string (Registry Name)
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Responses

Response samples

Content type
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "updated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "public": false,
  • "permissions_mode": "DEFAULT",
  • "groups": [
    ],
  • "tags": [
    ]
}

Update Docker registry

This endpoint lets you update the permissions of a single Docker registry by its registry name. You must supply either public (true|false) or permissions_mode (PACKAGE_LEVEL|DEFAULT) in the payload.

Registries marked as public can be installed/downloaded using the NPM client without providing any credentials.

Non-public registries that use the DEFAULT permissions mode can be installed by any authenticated user with the relevant role - e.g one with the permissions to Download Python packages for your organisation.

Registries that use PACKAGE_LEVEL permissions can only be accessed by those authenticated users that have been explicitly assigned to the relevant roles created for that specific registry.

Setting the permissions mode to PACKAGE_LEVEL will always cause the package to be non-public.

Example Usage

payload = dict(
    public=True
)
response = session.patch("https://api.repoforge.io/rest/v1/docker/my-registry", json=payload)
assert response.status_code == 200
assert response.json()['public'] == True
path Parameters
registry_name
required
string (Registry Name)
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Request Body schema: application/json
required
Public (boolean) or Public (null) (Public)
PermissionsMode (string) or null

Responses

Request samples

Content type
application/json
{
  • "public": true,
  • "permissions_mode": "DEFAULT"
}

Response samples

Content type
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "updated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "public": false,
  • "permissions_mode": "DEFAULT",
  • "groups": [
    ],
  • "tags": [
    ]
}

Delete Docker tag

Deletes a version from a Docker tag by the registry name and tag reference.

Example Usage

response = session.delete("https://api.repoforge.io/rest/v1/docker/my-registry/latest")
assert response.status_code == 200
path Parameters
registry_name
required
string (Registry Name)
reference
required
string (Reference)
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Responses

Response samples

Content type
application/json
{
  • "ok": true
}

Roles

Roles let you control access to specific resources and functions in RepoForge.io.

List Roles

List all available system roles. Roles are managed by the system and cannot be created or changed, but can be associated with access token objects to control resources within RepoForge.io.

Example

response = session.get('https://api.repoforge.io/rest/v1/roles')
print(response.json())
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Debian Packages

These endpoints let you view, modify permissions or delete the Debian packages managed by your organisation.

List Debian packages

Returns a list of all Debian packages managed by your organisation

Example usage

response = session.get("http://localhost:5001/rest/v1/debian")
assert response.status_code == 200, response.text

print(response.json())
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Retrieve Debian packages

Retrieves a single Debian package by its name

Example usage

response = session.get("http://localhost:5001/rest/v1/debian/mypackage")
assert response.status_code == 200, response.text

print(response.json())
path Parameters
name
required
string (Name)
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Responses

Response samples

Content type
application/json
{
  • "name": "mypackage",
  • "versions": [],
  • "date": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "public": false,
  • "permissions_mode": "DEFAULT"
}

Update Debian package

This endpoint lets you update the permissions of a single Debian package by its package name. You must supply either public (true|false) or permissions_mode (PACKAGE_LEVEL|DEFAULT) in the payload.

Packages marked as public can be installed/downloaded using the NPM client without providing any credentials.

Non-public packages that use the DEFAULT permissions mode can be installed by any authenticated user with the relevant role - e.g one with the permissions to Download Debian packages for your organisation.

Packages that use PACKAGE_LEVEL permissions can only be accessed by those authenticated users that have been explicitly assigned to the relevant roles created for that specific package.

Setting the permissions mode to PACKAGE_LEVEL will always cause the package to be non-public.

Example Usage

# Marking a package as public
payload = dict(
    public=True
)
response = session.patch("http://localhost:5001/rest/v1/debian/my-package", json=payload)
assert response.status_code == 200

assert response.json()['public'] == True

# changing the permissions mode
payload = dict(
    permissions_mode="PACKAGE_LEVEL"
)
response = session.patch("http://localhost:5001/rest/v1/debian/my-package", json=payload)
assert response.status_code == 200
path Parameters
name
required
string (Name)
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Request Body schema: application/json
required
Public (boolean) or Public (null) (Public)
PermissionsMode (string) or null

Responses

Request samples

Content type
application/json
{
  • "public": true,
  • "permissions_mode": "DEFAULT"
}

Response samples

Content type
application/json
null

Delete Debian package

Deletes a file from a Debian package by its architecture and name

Example usage

response = session.delete("http://localhost:5001/rest/v1/debian/mypackage/arm64/mypackage_1.0_all.deb")
assert response.status_code == 200, response.text
print(response.json())
path Parameters
name
required
string (Name)
architecture
required
string (Architecture)
filename
required
string (Filename)
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Responses

Response samples

Content type
application/json
{
  • "ok": true
}

About the package APIs

This section of the API docs covers the package APIs - e.g. the Python, NPM, Docker and Debian endpoints used to integrate with standard tooling, e.g. pip/twine, npm/pnpm/yarn, docker cli and apt. This section ONLY includes RESTFUL endpoints - It does NOT document HTML endpoints used widely in the Debian and Python registries.

Debian

RepoForge.io's Debian endpoints are primarily HTML based. Most of them can be found by navigating the folder structure at https://api.repoforge.io/debian/unique-hash-id/. There are only two RESTFUL endpoints for the Debian package API - for fetching the Public GPG key, and for uploading Debian packages into RepoForge.io, which are documented below.

Get public key

Returns the RepoForge.io public key for GPG signing requests

path Parameters
hash_id
required
string (Hash Id)
Example: unique-hash-id

Responses

Create Debian package

This endpoint lets you create a new Debian package, or add a new version to an existing Debian package, if a package with the same name already exists for your account.

This endpoint accepts a single uploaded file under the content key, which must be a valid Debian package containing included valid metadata

path Parameters
hash_id
required
string (Hash Id)
Example: unique-hash-id
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}
Request Body schema: multipart/form-data
required
content
required
string <binary> (Content)

Responses

Response samples

Content type
application/json
{
  • "hash_id": "unique-hash-id",
  • "name": "mypackage",
  • "architecture": "arm64",
  • "version": "1.0.0",
  • "filename": "mypackage_1.0.0_all.deb",
  • "size": 0,
  • "key": "string",
  • "md5_sum": "string",
  • "sha1": "string",
  • "sha256": "string",
  • "metadata": { },
  • "sort_key": "string"
}

Docker

The RepoForge.io Docker registry follows the specification defined here.

Docker root

This endpoint verifies the auth token and returns an empty response. This endpoint essentially controls authentication and permissions to the entire docker registry

Returns a 401 if token is invalid

header Parameters
Authorization (string) or Authorization (null) (Authorization)

Responses

Response samples

Content type
application/json
null

Get Docker tags

Returns a list of tags for a given registry

path Parameters
hash_id
required
string (Hash Id)
Example: unique-hash-id
name
required
string (Name)

Registry name

query Parameters
N (integer) or N (null) (N)

The maximum number of tags to return

Last (string) or Last (null) (Last)

The name of the last name to return

Responses

Response samples

Content type
application/json
{
  • "name": "string",
  • "tags": [
    ]
}

Post Docker blob

Start a new Docker upload. This endpoint just generates a UUID and returns an empty response with two response headers - docker-upload-uuid, the generated ID, and Location, which is the path to where the client should send blobs to upload.

path Parameters
hash_id
required
string (Hash Id)
Example: unique-hash-id
name
required
string (Name)

Docker registry name

Responses

Response samples

Content type
application/json
null

Patch Docker blobs

This method creates or updates a blob in S3 at a path containing a given UUID. It supports multipart uploads via the content-range header.

path Parameters
hash_id
required
string (Hash Id)
name
required
string (Name)

Docker registry name

uuid
required
string (Uuid)

The docker-upload-uuid header returned by the Post blob endpoint

header Parameters
content-range
string (Content-Range)
Default: 0-0

The starting position of the uploaded object

Responses

Response samples

Content type
application/json
null

Put Docker blobs

This method is used to finalise the multipart upload of a blob stored at a path in S3 based on a given UUID. It first creates/updates the blob on S3 in a similar way to the patch_blobs endpoint. Once done, it then moves the blob from its UUID path on s3 to a path based on the content digest.

path Parameters
hash_id
required
string (Hash Id)
Example: unique-hash-id
name
required
string (Name)

Registry name

uuid
required
string (Uuid)
Example: 2d856e0c-fe6b-43f0-a8e6-71c4b6e6b03d

The Docker upload UUID

query Parameters
digest
required
string (Digest)

The Docker content digest

header Parameters
content-length
required
string (Content-Length)
Content-Range (string) or Content-Range (null) (Content-Range)

Responses

Response samples

Content type
application/json
null

Head Docker blobs

Very simple function that just checks if a blob exists based on a given hash id, name and digest. Returns an empty response.

path Parameters
hash_id
required
string (Hash Id)
Example: unique-hash-id
name
required
string (Name)

Registry name

digest
required
string (Digest)

The Docker content digest

Responses

Response samples

Content type
application/json
null

Get Docker blob

Gets a blob from S3 by the given hash id, name and digest, and returns a streaming response back to the user

path Parameters
hash_id
required
string (Hash Id)
Example: unique-hash-id
name
required
string (Name)

Registry name

digest
required
string (Digest)

The Docker content digest

Responses

Response samples

Content type
application/json
null

Head Docker manifest

Simple function to check to see whether a manifest exists and returns the content type and digest headers in the response

path Parameters
hash_id
required
string (Hash Id)
Example: unique-hash-id
name
required
string (Name)

Registry name

reference
required
string (Reference)
Example: latest

The Docker reference

header Parameters
Authorization (string) or Authorization (null) (Authorization)

Responses

Response samples

Content type
application/json
null

Get Docker manifest

Similar to the head_manifest endpoint above, but this one actually returns the content of the manifest as well

path Parameters
hash_id
required
string (Hash Id)
Example: unique-hash-id
name
required
string (Name)

Registry name

reference
required
string (Reference)
header Parameters
Authorization (string) or Authorization (null) (Authorization)

Responses

Response samples

Content type
application/json
null

Put Docker manifest

Creates a new Docker manifest

path Parameters
hash_id
required
string (Hash Id)
Example: unique-hash-id
name
required
string (Name)

Registry name

reference
required
string (Reference)
Example: latest

The Docker reference

header Parameters
Authorization (string) or Authorization (null) (Authorization)

Responses

Response samples

Content type
application/json
null

Create auth token for Docker registry

query Parameters
Scope (string) or Scope (null) (Scope)

Required scope for the token

Service (string) or Service (null) (Service)

Service name

header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Responses

Response samples

Content type
application/json
null

NPM

The NPM spec used by RepoForge.io is compliant with the API specification provided here. It supports standard NodeJS packaging tooling such as npm, pnpm, yarn etc.

In order to create/update NPM packages, or pull non-pubic NPM packages, requests must be authenticated using a valid RepoForge.io token that assumes the NPM - Full access or NPM - Read only role as necessary.

The method for providing auth credentials varies depending on the packaging tools you are using, but for NPM/PNPM, it can be set as follows:

npm init --scope=@myscope
npm config set @myscope/registry https://api.repoforge.io/npm/my-hash-id/
npm config set //api.repoforge.io/npm/my-hash-id/:_authToken $MY_NPM_ACCESS_TOKEN

Setting the config as the above means that requests to RepoForge will be sent with the header {"Authorization": "Bearer ${MY_NPM_ACCESS_TOKEN}"} when trying to push or pull a package with a name prefixed by @myscope

Put NPM package

This endpoint allows the creation of new NPM packages. If an NPM package with the same name and scope already exists, then it will either add new versions to that package (if the given version number does not already exist), or overwrite the existing versions of that version number.

path Parameters
hash_id
required
string (Hash Id)
Example: my-hash-id
registry_name
required
string (Registry Name)
Example: @myscope
package_name
required
string (Package Name)
Example: mypackage
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Request Body schema: application/json
required
_id
required
string ( Id)

A unique identifier for your package containing the scope and package name separatedby a forward slash. The value of this field is always identical to the name field

name
required
string (Name)

A unique identifier for your package containing the scope and package name separatedby a forward slash. The value of this field is always identical to the _id field

Description (string) or Description (null) (Description)
Default: ""

A description of the package you are uploading

required
object (Dist-Tags)

An array containing tagged versions

readme
string (Readme)
Default: ""
required
object ( Attachments)
required
object (Versions)

A dictionary of versions of this package

Responses

Request samples

Content type
application/json
{
  • "_id": "@repoforge/mypackage",
  • "name": "@repoforge/mypackage",
  • "description": "",
  • "dist-tags": {
    },
  • "readme": "ERROR: No README data found!",
  • "_attachments": {
    },
  • "versions": {
    }
}

Response samples

Content type
application/json
{
  • "hash_id": "string",
  • "sort_key": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "updated": "2019-08-24T14:15:22Z",
  • "public": false,
  • "permissions_mode": "DEFAULT",
  • "metadata": {
    },
  • "entity_type": "NPMPackage",
  • "role_uuids": [ ],
  • "name": "string",
  • "registry_name": "string",
  • "package_name": "string",
  • "roles": [
    ]
}

Get NPM package

This method finds and returns an NPMPackage by its scope and name

path Parameters
hash_id
required
string (Hash Id)
Example: my-hash-id
registry_name
required
string (Registry Name)
Example: @myscope
package_name
required
string (Package Name)
Example: mypackage

Responses

Response samples

Content type
application/json
{
  • "_id": "@repoforge/mypackage",
  • "name": "@repoforge/mypackage",
  • "description": "",
  • "dist-tags": {
    },
  • "readme": "ERROR: No README data found!",
  • "versions": {
    }
}

Download NPM package

This endpoint generates a presigned file download URL for the given package and returns a RedirectResponse to it.

path Parameters
version
required
string (Version)
hash_id
required
string (Hash Id)
Example: my-hash-id
registry_name
required
string (Registry Name)
Example: @myscope
package_name
required
string (Package Name)
Example: mypackage
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Responses

Response samples

Content type
application/json
null

Get NPM package tags

This endpoint is called whenever you run commands list npm dist-tags ls @myscope/mypackage. Running of this CLI command generates output like this:

latest: 1.0.0
path Parameters
hash_id
required
string (Hash Id)
Example: my-hash-id
registry_name
required
string (Registry Name)
Example: @myscope
package_name
required
string (Package Name)
Example: mypackage

Responses

Response samples

Content type
application/json
{
  • "latest": "1.0.0"
}

Put NPM package tag

When invoked by the CLI command, npm dist-tags add @myscope/mypackage@1.0.0 mytag this endpoint adds a tag to a given version.

path Parameters
tag
required
string (Tag)
Example: mytag
hash_id
required
string (Hash Id)
Example: my-hash-id
registry_name
required
string (Registry Name)
Example: @myscope
package_name
required
string (Package Name)
Example: mypackage
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Valid API auth bearer token

Responses

Response samples

Content type
application/json
{
  • "latest": "1.0.0"
}

Python

As is the case with the Debian API, RepoForge.io's Python endpoints are primarily HTML based on a directory structure, which can be navigated from https://api.repoforge.io/unique-hash-id/. Once again,there are only two RESTFUL endpoints - one for creating packages using tools such as twine, and one for downloading them using tools such as pip.

Upload

path Parameters
hash_id
required
string (Hash Id)
Example: unique-hash-id
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}
Request Body schema: multipart/form-data
required
content
required
string <binary> (Content)

Responses

Response samples

Content type
application/json
null

Download

path Parameters
hash_id
required
string (Hash Id)
Example: unique-hash-id
package_name
required
string (Package Name)
Example: mypackage
version
required
string (Version)
Example: 1.0.0
file_type
required
string (File Type)
Examples: bdist_wheel sdist
filename
required
string (Filename)
Example: mypackage-1.0-py3-none-any.whl
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Responses

Conda

The RepoForge.io Conda repo provisions three simple JSON-based Conda channels - one foruploading a package to a channel, one for listing the packages stored on a channel,and one for actually downloading Conda package files.

Create Conda package

Takes an uploaded file, extracts the metadata, saves the package to the database and S3 bucket, and returns the metadata of the saved package.

path Parameters
hash_id
required
string (Hash Id)

Unique hash id of your RepoForge.io account

channel_name
required
string (Channel Name)
Examples: my-channel

The name of the channel you want to upload to. If the channel doesn't exist, this endpoint will return a 404 response

header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}
Request Body schema: multipart/form-data
required
file
required
string <binary> (File)

A valid conda package file, either in the .tar.bz2 or .conda file type. If the Conda file is invalid, then a 422 response will be returned.

Responses

Response samples

Content type
application/json
{
  • "platform": "linux",
  • "arch": "x86_64",
  • "build": "py311",
  • "build_number": 0,
  • "depends": [
    ],
  • "license": "MIT",
  • "name": "mypackage",
  • "timestamp": 1698496167,
  • "version": "1.0.0",
  • "filename": "mypackage-1.0.0-py311_0.tar.bz2",
  • "md5": "0123456789abcdef0123456789abcdef",
  • "sha256": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abc",
  • "size": 123456789,
  • "subdir": "string"
}

List Conda packages

Retrieves a list of Conda packages for the given hash_id.

path Parameters
hash_id
required
string (Hash Id)
channel_name
required
string (Channel Name)
subdir
required
string (Subdir)

Responses

Response samples

Content type
application/json
{
  • "info": {
    },
  • "packages": {
    }
}

Download Conda package

Gets a download URL for a given package and 302 redirects to it

path Parameters
hash_id
required
string (Hash Id)
channel_name
required
string (Channel Name)
subdir
required
string (Subdir)
filename
required
string (Filename)
header Parameters
Authorization (string) or Authorization (null) (Authorization)
Example: Bearer {API_TOKEN}

Responses

Response samples

Content type
application/json
null