Download OpenAPI specification:Download
The RepoForge.io REST API provides you with a standardized interface that lets you programmatically
modify permissions of, and delete packages supported by RepoForge.io. This API is NOT intended to
be compatible with standard tooling libraries such as pip
, npm
, and the docker
cli.
The REST API also allows you to create and manage non-package system resources, such as access tokens, roles and access logs.
In order to use the RepoForge.io REST API, you must first generate an auth token via the RepoForge.io dashboard. You can authenticate your requests to the RepoForge.io REST API as shown below:
import requests
auth_token = '...' # generated from the RepoForge.io dashboard
session = requests.Session()
session.headers.update(Authorization=f'Bearer {auth_token}')
response = session.get("https://api.repoforge.io/rest/v1/access-logs")
assert response.status_code == 200
Access logs are generated whenever a user attempts to create, update or read a package, whether a Python package, Docker image or NPM project. This is a read-only endpoint - there is no way of creating, editing or deleting access log objects with the API.
This endpoint lets you read your RepoForge.io Access Logs. You can optionally use query parameters to filter the logs
# without filtering (get all logs)
response = session.get('https://api.repoforge.io/rest/v1/access-logs')
print(response.json())
# with filtering
from datetime import datetime, timedelta
query = {
"limit": 1,
"start_time": (datetime.now() - timedelta(hours=24)).isoformat(),
"end_time": (datetime.now() - timedelta(hours=2)).isoformat(),
"access_type": "Python",
"package_name": "mypackage",
}
response = session.get(f"https://api.repoforge.io/rest/v1/access-logs?{urlencode(query)}")
Limit (integer) or Limit (null) (Limit) Example: limit=1 Limit the number of responses | |
Start Time (string) or Start Time (null) (Start Time) Examples: start_time=2024-11-22T14:00:21.270520 Filter for all events after this timestamp | |
End Time (string) or End Time (null) (End Time) Examples: end_time=2024-11-22T14:00:21.270575 Filter for all events before this timestamp | |
AccessType (string) or Access Type (null) (Access Type) Examples: access_type=Python Filter for packages of a certain type | |
Package Name (string) or Package Name (null) (Package Name) Examples: package_name=mypackage Filter for packages with a specific name |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
[- {
- "id": "1234",
- "user": "info@repoforge.io",
- "package_type": "Python",
- "created": "2019-08-24T14:15:22Z",
- "object_id": "my-package",
- "action": "Write",
- "status_code": 0,
- "path": "string",
- "request_method": "string"
}
]
The Access Token endpoint lets you create, read, rotate and delete RepoForge.io Access Tokens.
Important: For security reasons, the token attribute is only visible when you initially create a new access token, or when you rotate an existing one. Whenever you call a GET request on this endpoint, you'll see a
value. You cannot rotate or delete the Access Token you are currently using to authenticate the REST API
payload = dict(
name="A new token",
roles=["d8b787be-bd91-42a0-865c-df97d5b8e5ac"]
)
response = session.post('https://api.repoforge.io/rest/v1/access-tokens', json=payload)
print(response.json()["token"])
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
name required | string (Name) The user-readable name for this access token - this must be unique |
roles required | Array of strings <uuid> (Roles) [ items <uuid > ] The UUIDs of roles that this access token may assume |
{- "name": "string",
- "roles": [
- "497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}
{- "name": "string",
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "token": "string"
}
Returns a list of all RepoForge.io access tokens currently being managed by your organisation.
response = session.get('https://api.repoforge.io/rest/v1/access-tokens')
print(response.json())
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
[- {
- "name": "string",
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "roles": [
- {
- "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
- "name": "string",
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "actions": [
- "Write"
], - "access_type": "Python"
}
], - "token": "<MASKED>"
}
]
Retrieves a single access token by its UUID
response = session.get('https://api.repoforge.io/rest/v1/access-tokens/2211bded-b41b-4313-a96c-f955dd12aa8b')
print(response.json())
uuid required | string <uuid> (Uuid) The UUID of the token that you want to retrieve |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
{- "name": "string",
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "roles": [
- {
- "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
- "name": "string",
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "actions": [
- "Write"
], - "access_type": "Python"
}
], - "token": "<MASKED>"
}
Finds an access token by its UUID and deletes it. The deleted token value will no longer be valid, and you will no longer be able to use it to authenticate.
You CANNOT delete the access token that you are currently using to authenticate the REST API
token_uuid = "uuid-of-token"
response = session.delete(f"https://api.repoforge.io/rest/v1/access-tokens/{token_uuid}")
assert response.status_code == 200
uuid required | string <uuid> (Uuid) The UUID of the token that you want to rotate |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
{- "ok": true
}
Finds an access token by its UUID and rotates it. The old token value will no longer be valid, and you will no longer be able to use it to authenticate. The token roles will remain unchanged.
You CANNOT rotate the access token that you are currently using to authenticate the REST API
token_uuid = "uuid-of-token"
response = session.patch(f"https://api.repoforge.io/rest/v1/access-tokens/{token_uuid}/rotate")
assert response.status_code == 200
new_token = response.json()["token"]
uuid required | string <uuid> (Uuid) The UUID of the token that you want to rotate |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
{- "name": "string",
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "token": "string"
}
These endpoints let you view, modify permissions or delete the NPM packages managed by your organisation
This endpoint lists all NPM packages belonging to your organisation.
response = session.get("https://api.repoforge.io/rest/v1/npm")
assert response.status_code == 200
print(response.json())
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
[- {
- "hash_id": "string",
- "sort_key": "string",
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "public": false,
- "permissions_mode": "DEFAULT",
- "name": "string",
- "registry_name": "string",
- "package_name": "string"
}
]
This endpoint retrieves a single NPM package by its registry name and package name.
response = session.get("https://api.repoforge.io/rest/v1/npm/@repoforge/my-package")
assert response.status_code == 200
print(response.json())
registry_name required | string (Registry Name) |
package_name required | string (Package Name) |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
{- "hash_id": "string",
- "sort_key": "string",
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "public": false,
- "permissions_mode": "DEFAULT",
- "name": "string",
- "registry_name": "string",
- "package_name": "string"
}
This endpoint lets you update the permissions of a single NPM package by its registry name and package name.
You must supply either public
(true
|false
) or permissions_mode
(PACKAGE_LEVEL
|DEFAULT
) in the
payload.
Packages marked as public
can be installed/downloaded using the NPM client without providing any credentials.
Non-public packages that use the DEFAULT
permissions mode can be installed by any authenticated user
with the relevant role - e.g one with the permissions to Download NPM packages for your organisation.
Packages that use PACKAGE_LEVEL
permissions can only be accessed by those authenticated users that
have been explicitly assigned to the relevant roles created for that specific package.
Setting the permissions mode to PACKAGE_LEVEL
will always cause the package to be non-public.
# making a package public
payload = dict(
public=True
)
response = session.patch("https://api.repoforge.io/rest/v1/npm/@repoforge/npm-package", json=payload)
assert response.status_code == 200
assert response.json()['public'] == True
payload = dict(
permissions_mode="PACKAGE_LEVEL"
)
response = session.patch("https://api.repoforge.io/rest/v1/npm/@repoforge/npm-package", json=payload)
assert response.status_code == 200
registry_name required | string (Registry Name) |
package_name required | string (Package Name) |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Public (boolean) or Public (null) (Public) | |
PermissionsMode (string) or null |
{- "public": true,
- "permissions_mode": "DEFAULT"
}
{- "hash_id": "string",
- "sort_key": "string",
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "public": false,
- "permissions_mode": "DEFAULT",
- "name": "string",
- "registry_name": "string",
- "package_name": "string"
}
Deletes a NPM version by its registry name, package name and version number. If no other versions exist under the same parent NPM package, then the NPM package will be deleted, too.
response = session.delete("https://api.repoforge.io/rest/v1/npm/@repoforge/mypackage/1.0.0")
assert response.status_code == 200
registry_name required | string (Registry Name) |
package_name required | string (Package Name) |
version_number required | string (Version Number) |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
{- "ok": true
}
These endpoints let you view, modify permissions or delete the Python packages managed by your organisation.
Returns a list of all Python packages owned owned by your organisation.
response = session.get("https://api.repoforge.io/rest/v1/python")
assert response.status_code == 200
print(response.json())
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
[- {
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "name": "string",
- "latest_version": "string",
- "total_file_size": 0,
- "versions": [
- {
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "number": "string",
- "file_type": "string",
- "file_name": "string",
- "file_size": 0,
- "metadata": { },
- "file_url": "string"
}
], - "public": true,
- "permissions_mode": "DEFAULT"
}
]
Retrieves a single Python package by its name
response = session.get("https://api.repoforge.io/rest/v1/python/my-package")
assert response.status_code == 200
print(response.json())
package_name required | string (Package Name) |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
{- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "name": "string",
- "latest_version": "string",
- "total_file_size": 0,
- "versions": [
- {
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "number": "string",
- "file_type": "string",
- "file_name": "string",
- "file_size": 0,
- "metadata": { },
- "file_url": "string"
}
], - "public": true,
- "permissions_mode": "DEFAULT"
}
This endpoint lets you update the permissions of a single Python package by its package name.
You must supply either public
(true
|false
) or permissions_mode
(PACKAGE_LEVEL
|DEFAULT
) in the
payload.
Packages marked as public
can be installed/downloaded using the NPM client without providing any credentials.
Non-public packages that use the DEFAULT
permissions mode can be installed by any authenticated user
with the relevant role - e.g one with the permissions to Download Python packages for your organisation.
Packages that use PACKAGE_LEVEL
permissions can only be accessed by those authenticated users that
have been explicitly assigned to the relevant roles created for that specific package.
Setting the permissions mode to PACKAGE_LEVEL
will always cause the package to be non-public.
# Marking a package as public
payload = dict(
public=True
)
response = session.patch("https://api.repoforge.io/rest/v1/python/my-package", json=payload)
assert response.status_code == 200
assert response.json()['public'] == True
# changing the permissions mode
payload = dict(
permissions_mode="PACKAGE_LEVEL"
)
response = session.patch("https://api.repoforge.io/rest/v1/python/my-package", json=payload)
assert response.status_code == 200
package_name required | string (Package Name) |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Public (boolean) or Public (null) (Public) | |
PermissionsMode (string) or null |
{- "public": true,
- "permissions_mode": "DEFAULT"
}
{- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "name": "string",
- "latest_version": "string",
- "total_file_size": 0,
- "versions": [
- {
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "number": "string",
- "file_type": "string",
- "file_name": "string",
- "file_size": 0,
- "metadata": { },
- "file_url": "string"
}
], - "public": true,
- "permissions_mode": "DEFAULT"
}
Deletes a version from a Python package by the package name, file type and version. If this is the last remaining version of the parent package, then the parent package will also be deleted.
response = session.delete(
"{host}/rest/v1/python/my-package/bdist_wheel/1.0.0/mypackage-3.7-py3-none-any.whl"
)
assert response.status_code == 200
package_name required | string (Package Name) |
file_type required | string (File Type) |
file_name required | string (File Name) |
version required | string (Version) |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
{- "ok": true
}
These endpoints let you view, modify permissions or delete the Docker registries managed by your organisation.
Returns a list of all Docker registries managed by your organisation.
response = session.get("https://api.repoforge.io/rest/v1/docker")
assert response.status_code == 200
print(response.json())
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
[- {
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "name": "string",
- "public": false,
- "permissions_mode": "DEFAULT",
- "groups": [
- {
- "hash_id": "string",
- "sort_key": "string",
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "entity_type": "Role",
- "actions": [
- "Write"
], - "access_type": "Python",
- "group_name": "string",
- "package_sort_key": "string"
}
], - "tags": [
- {
- "refs": [
- "string"
], - "size": 0,
- "sha": "string",
- "last_modified": "2019-08-24T14:15:22Z",
- "uri": "string"
}
]
}
]
Retrieves a single docker registry by its name
response = session.get("https://api.repoforge.io/rest/v1/docker/my-registry")
assert response.status_code == 200
print(response.json())
registry_name required | string (Registry Name) |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
{- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "name": "string",
- "public": false,
- "permissions_mode": "DEFAULT",
- "groups": [
- {
- "hash_id": "string",
- "sort_key": "string",
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "entity_type": "Role",
- "actions": [
- "Write"
], - "access_type": "Python",
- "group_name": "string",
- "package_sort_key": "string"
}
], - "tags": [
- {
- "refs": [
- "string"
], - "size": 0,
- "sha": "string",
- "last_modified": "2019-08-24T14:15:22Z",
- "uri": "string"
}
]
}
This endpoint lets you update the permissions of a single Docker registry by its registry name.
You must supply either public
(true
|false
) or permissions_mode
(PACKAGE_LEVEL
|DEFAULT
) in the
payload.
Registries marked as public
can be installed/downloaded using the NPM client without providing any
credentials.
Non-public registries that use the DEFAULT
permissions mode can be installed by any authenticated user
with the relevant role - e.g one with the permissions to Download Python packages for your organisation.
Registries that use PACKAGE_LEVEL
permissions can only be accessed by those authenticated users that
have been explicitly assigned to the relevant roles created for that specific registry.
Setting the permissions mode to PACKAGE_LEVEL
will always cause the package to be non-public.
payload = dict(
public=True
)
response = session.patch("https://api.repoforge.io/rest/v1/docker/my-registry", json=payload)
assert response.status_code == 200
assert response.json()['public'] == True
registry_name required | string (Registry Name) |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Public (boolean) or Public (null) (Public) | |
PermissionsMode (string) or null |
{- "public": true,
- "permissions_mode": "DEFAULT"
}
{- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "name": "string",
- "public": false,
- "permissions_mode": "DEFAULT",
- "groups": [
- {
- "hash_id": "string",
- "sort_key": "string",
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "entity_type": "Role",
- "actions": [
- "Write"
], - "access_type": "Python",
- "group_name": "string",
- "package_sort_key": "string"
}
], - "tags": [
- {
- "refs": [
- "string"
], - "size": 0,
- "sha": "string",
- "last_modified": "2019-08-24T14:15:22Z",
- "uri": "string"
}
]
}
Deletes a version from a Docker tag by the registry name and tag reference.
response = session.delete("https://api.repoforge.io/rest/v1/docker/my-registry/latest")
assert response.status_code == 200
registry_name required | string (Registry Name) |
reference required | string (Reference) |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
{- "ok": true
}
List all available system roles. Roles are managed by the system and cannot be created or changed, but can be associated with access token objects to control resources within RepoForge.io.
response = session.get('https://api.repoforge.io/rest/v1/roles')
print(response.json())
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
[- {
- "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
- "name": "string",
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "actions": [
- "Write"
], - "access_type": "Python"
}
]
These endpoints let you view, modify permissions or delete the Debian packages managed by your organisation.
Returns a list of all Debian packages managed by your organisation
response = session.get("http://localhost:5001/rest/v1/debian")
assert response.status_code == 200, response.text
print(response.json())
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
[- {
- "name": "mypackage",
- "versions": [
- {
- "version": "1.0",
- "architecture": "amd64",
- "filename": "mypackage_1.0_arm64.deb",
- "size": 1024,
- "md5_sum": "09c5571835f4951a1680af80df0f5c96",
- "sha1": "da12b96ab5a942d3286bd441f41b6d53470a9859",
- "sha256": "f9fa2734d78fac5d7953cd308d3b8ddbae5e4c92285617213e550673e91b5f89",
- "metadata": {
- "installed-size": "0",
- "license": "unknown",
- "maintainer": "chris@repoforge.io",
- "priority": "optional",
- "section": "default",
- "vendor": "none"
}
}
], - "date": "2019-08-24T14:15:22Z",
- "description": "string",
- "public": false,
- "permissions_mode": "DEFAULT"
}
]
Retrieves a single Debian package by its name
response = session.get("http://localhost:5001/rest/v1/debian/mypackage")
assert response.status_code == 200, response.text
print(response.json())
name required | string (Name) |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
{- "name": "mypackage",
- "versions": [
- {
- "version": "1.0",
- "architecture": "amd64",
- "filename": "mypackage_1.0_arm64.deb",
- "size": 1024,
- "md5_sum": "09c5571835f4951a1680af80df0f5c96",
- "sha1": "da12b96ab5a942d3286bd441f41b6d53470a9859",
- "sha256": "f9fa2734d78fac5d7953cd308d3b8ddbae5e4c92285617213e550673e91b5f89",
- "metadata": {
- "installed-size": "0",
- "license": "unknown",
- "maintainer": "chris@repoforge.io",
- "priority": "optional",
- "section": "default",
- "vendor": "none"
}
}
], - "date": "2019-08-24T14:15:22Z",
- "description": "string",
- "public": false,
- "permissions_mode": "DEFAULT"
}
This endpoint lets you update the permissions of a single Debian package by its package name.
You must supply either public
(true
|false
) or permissions_mode
(PACKAGE_LEVEL
|DEFAULT
) in the
payload.
Packages marked as public
can be installed/downloaded using the NPM client without providing any credentials.
Non-public packages that use the DEFAULT
permissions mode can be installed by any authenticated user
with the relevant role - e.g one with the permissions to Download Debian packages for your organisation.
Packages that use PACKAGE_LEVEL
permissions can only be accessed by those authenticated users that
have been explicitly assigned to the relevant roles created for that specific package.
Setting the permissions mode to PACKAGE_LEVEL
will always cause the package to be non-public.
# Marking a package as public
payload = dict(
public=True
)
response = session.patch("http://localhost:5001/rest/v1/debian/my-package", json=payload)
assert response.status_code == 200
assert response.json()['public'] == True
# changing the permissions mode
payload = dict(
permissions_mode="PACKAGE_LEVEL"
)
response = session.patch("http://localhost:5001/rest/v1/debian/my-package", json=payload)
assert response.status_code == 200
name required | string (Name) |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Public (boolean) or Public (null) (Public) | |
PermissionsMode (string) or null |
{- "public": true,
- "permissions_mode": "DEFAULT"
}
null
Deletes a file from a Debian package by its architecture and name
response = session.delete("http://localhost:5001/rest/v1/debian/mypackage/arm64/mypackage_1.0_all.deb")
assert response.status_code == 200, response.text
print(response.json())
name required | string (Name) |
architecture required | string (Architecture) |
filename required | string (Filename) |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
{- "ok": true
}
This section of the API docs covers the package APIs - e.g. the Python, NPM, Docker and Debian endpoints used to integrate with standard tooling, e.g. pip/twine
, npm/pnpm/yarn
, docker cli
and apt
. This section ONLY includes RESTFUL endpoints - It does NOT document HTML endpoints used widely in the Debian and Python registries.
RepoForge.io's Debian endpoints are primarily HTML based. Most of them can be found by navigating the folder structure at https://api.repoforge.io/debian/unique-hash-id/. There are only two RESTFUL endpoints for the Debian package API - for fetching the Public GPG key, and for uploading Debian packages into RepoForge.io, which are documented below.
This endpoint lets you create a new Debian package, or add a new version to an existing Debian package, if a package with the same name already exists for your account.
This endpoint accepts a single uploaded file under the content
key, which must be a valid Debian package
containing included valid metadata
hash_id required | string (Hash Id) Example: unique-hash-id |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} |
content required | string <binary> (Content) |
{- "hash_id": "unique-hash-id",
- "name": "mypackage",
- "architecture": "arm64",
- "version": "1.0.0",
- "filename": "mypackage_1.0.0_all.deb",
- "size": 0,
- "key": "string",
- "md5_sum": "string",
- "sha1": "string",
- "sha256": "string",
- "metadata": { },
- "sort_key": "string"
}
The RepoForge.io Docker registry follows the specification defined here.
This endpoint verifies the auth token and returns an empty response. This endpoint essentially controls authentication and permissions to the entire docker registry
Returns a 401 if token is invalid
Authorization (string) or Authorization (null) (Authorization) |
null
Start a new Docker upload. This endpoint just generates a UUID and returns an empty response
with two response headers - docker-upload-uuid
, the generated ID, and Location
, which
is the path to where the client should send blobs to upload.
hash_id required | string (Hash Id) Example: unique-hash-id |
name required | string (Name) Docker registry name |
null
This method creates or updates a blob in S3 at a path containing a given UUID. It supports multipart uploads via the content-range header.
hash_id required | string (Hash Id) |
name required | string (Name) Docker registry name |
uuid required | string (Uuid) The |
content-range | string (Content-Range) Default: 0-0 The starting position of the uploaded object |
null
This method is used to finalise the multipart upload of a blob stored at a path in S3 based on a given UUID.
It first creates/updates the blob on S3 in a similar way to the patch_blobs
endpoint. Once done, it then
moves the blob from its UUID path on s3 to a path based on the content digest.
hash_id required | string (Hash Id) Example: unique-hash-id |
name required | string (Name) Registry name |
uuid required | string (Uuid) Example: 2d856e0c-fe6b-43f0-a8e6-71c4b6e6b03d The Docker upload UUID |
digest required | string (Digest) The Docker content digest |
content-length required | string (Content-Length) |
Content-Range (string) or Content-Range (null) (Content-Range) |
null
Very simple function that just checks if a blob exists based on a given hash id, name and digest. Returns an empty response.
hash_id required | string (Hash Id) Example: unique-hash-id |
name required | string (Name) Registry name |
digest required | string (Digest) The Docker content digest |
null
Gets a blob from S3 by the given hash id, name and digest, and returns a streaming response back to the user
hash_id required | string (Hash Id) Example: unique-hash-id |
name required | string (Name) Registry name |
digest required | string (Digest) The Docker content digest |
null
Simple function to check to see whether a manifest exists and returns the content type and digest headers in the response
hash_id required | string (Hash Id) Example: unique-hash-id |
name required | string (Name) Registry name |
reference required | string (Reference) Example: latest The Docker reference |
Authorization (string) or Authorization (null) (Authorization) |
null
Similar to the head_manifest endpoint above, but this one actually returns the content of the manifest as well
hash_id required | string (Hash Id) Example: unique-hash-id |
name required | string (Name) Registry name |
reference required | string (Reference) |
Authorization (string) or Authorization (null) (Authorization) |
null
Creates a new Docker manifest
hash_id required | string (Hash Id) Example: unique-hash-id |
name required | string (Name) Registry name |
reference required | string (Reference) Example: latest The Docker reference |
Authorization (string) or Authorization (null) (Authorization) |
null
Scope (string) or Scope (null) (Scope) Required scope for the token | |
Service (string) or Service (null) (Service) Service name |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} |
null
The NPM spec used by RepoForge.io is compliant with the API specification provided
here. It supports standard NodeJS packaging
tooling such as npm
, pnpm
, yarn
etc.
In order to create/update NPM packages, or pull non-pubic NPM packages, requests must be authenticated using a valid RepoForge.io token that assumes the NPM - Full access or NPM - Read only role as necessary.
The method for providing auth credentials varies depending on the packaging tools you are using, but for NPM/PNPM, it can be set as follows:
npm init --scope=@myscope
npm config set @myscope/registry https://api.repoforge.io/npm/my-hash-id/
npm config set //api.repoforge.io/npm/my-hash-id/:_authToken $MY_NPM_ACCESS_TOKEN
Setting the config as the above means that requests to RepoForge will be sent with
the header {"Authorization": "Bearer ${MY_NPM_ACCESS_TOKEN}"}
when trying to push
or pull a package with a name prefixed by @myscope
This endpoint allows the creation of new NPM packages. If an NPM package with the same name and scope already exists, then it will either add new versions to that package (if the given version number does not already exist), or overwrite the existing versions of that version number.
hash_id required | string (Hash Id) Example: my-hash-id |
registry_name required | string (Registry Name) Example: @myscope |
package_name required | string (Package Name) Example: mypackage |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
_id required | string ( Id) A unique identifier for your package containing the scope and package name separatedby a forward slash. The value of this field is always identical to the |
name required | string (Name) A unique identifier for your package containing the scope and package name separatedby a forward slash. The value of this field is always identical to the |
Description (string) or Description (null) (Description) Default: "" A description of the package you are uploading | |
required | object (Dist-Tags) An array containing tagged versions |
readme | string (Readme) Default: "" |
required | object ( Attachments) |
required | object (Versions) A dictionary of versions of this package |
{- "_id": "@repoforge/mypackage",
- "name": "@repoforge/mypackage",
- "description": "",
- "dist-tags": {
- "latest": "1.0.0"
}, - "readme": "ERROR: No README data found!",
- "_attachments": {
- "1.0.0": {
- "content_type": "application/javascript",
- "data": "...",
- "length": 100
}
}, - "versions": {
- "1.0.0": {
- "author": "",
- "dependencies": {
- "@scope/myproject": "^1.0.0"
}, - "description": "",
- "dist": {
- "integrity": "sha512-7fey422PMK372NuMmxKv7Z2+nrjAj7a/dq6lo363PUuJG9BA9U5ED1wx0m20cAXAbVljDgNS0rX3A2oFSOuLKw==",
- "shasum": "37001f6f28365fd758e6f533a5c8954c115c63bd",
}, - "id": "@scope/myproject@1.0.0",
- "license": "ISC",
- "main": "index.js",
- "name": "@scope/myproject",
- "nodeVersion": "12.22.12",
- "npmVersion": "6.14.16",
- "readme": "ERROR: No README data found!",
- "scripts": {
- "test": "echo \"Error: no test specified\" && exit 1"
}, - "version": "1.0.0"
}
}
}
{- "hash_id": "string",
- "sort_key": "string",
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "public": false,
- "permissions_mode": "DEFAULT",
- "metadata": {
- "_id": "@repoforge/mypackage",
- "name": "@repoforge/mypackage",
- "description": "",
- "dist-tags": {
- "latest": "1.0.0"
}, - "readme": "ERROR: No README data found!",
- "versions": {
- "1.0.0": {
- "author": "",
- "dependencies": {
- "@scope/myproject": "^1.0.0"
}, - "description": "",
- "dist": {
- "integrity": "sha512-7fey422PMK372NuMmxKv7Z2+nrjAj7a/dq6lo363PUuJG9BA9U5ED1wx0m20cAXAbVljDgNS0rX3A2oFSOuLKw==",
- "shasum": "37001f6f28365fd758e6f533a5c8954c115c63bd",
}, - "id": "@scope/myproject@1.0.0",
- "key": "gjlU57upq/@scope/myproject/1.0.0/myproject-1.0.0.tgz",
- "license": "ISC",
- "main": "index.js",
- "name": "@scope/myproject",
- "nodeVersion": "12.22.12",
- "npmVersion": "6.14.16",
- "readme": "ERROR: No README data found!",
- "scripts": {
- "test": "echo \"Error: no test specified\" && exit 1"
}, - "size": 266,
- "updated": "2024-10-17T23:21:35.913640Z",
- "version": "1.0.0"
}
}
}, - "entity_type": "NPMPackage",
- "role_uuids": [ ],
- "name": "string",
- "registry_name": "string",
- "package_name": "string",
- "roles": [
- {
- "hash_id": "string",
- "sort_key": "string",
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "entity_type": "Role",
- "actions": [
- "Write"
], - "access_type": "Python",
- "group_name": "string",
- "package_sort_key": "string"
}
]
}
This method finds and returns an NPMPackage by its scope and name
hash_id required | string (Hash Id) Example: my-hash-id |
registry_name required | string (Registry Name) Example: @myscope |
package_name required | string (Package Name) Example: mypackage |
{- "_id": "@repoforge/mypackage",
- "name": "@repoforge/mypackage",
- "description": "",
- "dist-tags": {
- "latest": "1.0.0"
}, - "readme": "ERROR: No README data found!",
- "versions": {
- "1.0.0": {
- "author": "",
- "dependencies": {
- "@scope/myproject": "^1.0.0"
}, - "description": "",
- "dist": {
- "integrity": "sha512-7fey422PMK372NuMmxKv7Z2+nrjAj7a/dq6lo363PUuJG9BA9U5ED1wx0m20cAXAbVljDgNS0rX3A2oFSOuLKw==",
- "shasum": "37001f6f28365fd758e6f533a5c8954c115c63bd",
}, - "id": "@scope/myproject@1.0.0",
- "key": "gjlU57upq/@scope/myproject/1.0.0/myproject-1.0.0.tgz",
- "license": "ISC",
- "main": "index.js",
- "name": "@scope/myproject",
- "nodeVersion": "12.22.12",
- "npmVersion": "6.14.16",
- "readme": "ERROR: No README data found!",
- "scripts": {
- "test": "echo \"Error: no test specified\" && exit 1"
}, - "size": 266,
- "updated": "2024-10-17T23:21:35.913640Z",
- "version": "1.0.0"
}
}
}
This endpoint generates a presigned file download URL for the given package and returns a RedirectResponse to it.
version required | string (Version) |
hash_id required | string (Hash Id) Example: my-hash-id |
registry_name required | string (Registry Name) Example: @myscope |
package_name required | string (Package Name) Example: mypackage |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
null
As is the case with the Debian API, RepoForge.io's Python endpoints are primarily HTML based on a directory structure, which can be navigated from https://api.repoforge.io/unique-hash-id/. Once again,there are only two RESTFUL endpoints - one for creating packages using tools such as twine
, and one for downloading them using tools such as pip
.
hash_id required | string (Hash Id) Example: unique-hash-id |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} |
content required | string <binary> (Content) |
null
hash_id required | string (Hash Id) Example: unique-hash-id |
package_name required | string (Package Name) Example: mypackage |
version required | string (Version) Example: 1.0.0 |
file_type required | string (File Type) Examples: bdist_wheel sdist |
filename required | string (Filename) Example: mypackage-1.0-py3-none-any.whl |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} |
The RepoForge.io Conda repo provisions three simple JSON-based Conda channels - one foruploading a package to a channel, one for listing the packages stored on a channel,and one for actually downloading Conda package files.
Takes an uploaded file, extracts the metadata, saves the package to the database and S3 bucket, and returns the metadata of the saved package.
hash_id required | string (Hash Id) Unique hash id of your RepoForge.io account |
channel_name required | string (Channel Name) Examples: my-channel The name of the channel you want to upload to. If the channel doesn't exist, this endpoint will return a 404 response |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} |
file required | string <binary> (File) A valid conda package file, either in the .tar.bz2 or .conda file type. If the Conda file is invalid, then a 422 response will be returned. |
{- "platform": "linux",
- "arch": "x86_64",
- "build": "py311",
- "build_number": 0,
- "depends": [
- "python >=3.11"
], - "license": "MIT",
- "name": "mypackage",
- "timestamp": 1698496167,
- "version": "1.0.0",
- "filename": "mypackage-1.0.0-py311_0.tar.bz2",
- "md5": "0123456789abcdef0123456789abcdef",
- "sha256": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abc",
- "size": 123456789,
- "subdir": "string"
}
Retrieves a list of Conda packages for the given hash_id.
hash_id required | string (Hash Id) |
channel_name required | string (Channel Name) |
subdir required | string (Subdir) |
{- "info": {
- "subdir": "string"
}, - "packages": {
- "property1": {
- "platform": "linux",
- "arch": "x86_64",
- "build": "py311",
- "build_number": 0,
- "depends": [
- "python >=3.11"
], - "license": "MIT",
- "name": "mypackage",
- "timestamp": 1698496167,
- "version": "1.0.0",
- "filename": "mypackage-1.0.0-py311_0.tar.bz2",
- "md5": "0123456789abcdef0123456789abcdef",
- "sha256": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abc",
- "size": 123456789,
- "subdir": "string"
}, - "property2": {
- "platform": "linux",
- "arch": "x86_64",
- "build": "py311",
- "build_number": 0,
- "depends": [
- "python >=3.11"
], - "license": "MIT",
- "name": "mypackage",
- "timestamp": 1698496167,
- "version": "1.0.0",
- "filename": "mypackage-1.0.0-py311_0.tar.bz2",
- "md5": "0123456789abcdef0123456789abcdef",
- "sha256": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abc",
- "size": 123456789,
- "subdir": "string"
}
}
}
Gets a download URL for a given package and 302 redirects to it
hash_id required | string (Hash Id) |
channel_name required | string (Channel Name) |
subdir required | string (Subdir) |
filename required | string (Filename) |
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} |
null