RepoForge.io REST API Documentation (3.35.0)
Download OpenAPI specification:Download
The RepoForge.io REST API provides you with a standardized interface that lets you programmatically
modify permissions of, and delete packages supported by RepoForge.io. This API is NOT intended to
be compatible with standard tooling libraries such as pip, npm, and the docker cli.
The REST API also allows you to create and manage non-package system resources, such as access tokens, roles and access logs.
In order to use the RepoForge.io REST API, you must first generate an auth token via the RepoForge.io dashboard. You can authenticate your requests to the RepoForge.io REST API as shown below:
import requests
auth_token = '...' # generated from the RepoForge.io dashboard
session = requests.Session()
session.headers.update(Authorization=f'Bearer {auth_token}')
response = session.get("https://api.repoforge.io/rest/v1/access-logs")
assert response.status_code == 200
Access logs are generated whenever a user attempts to create, update or read a package, whether a Python package, Docker image or NPM project. This is a read-only endpoint - there is no way of creating, editing or deleting access log objects with the API.
List Access Logs
This endpoint lets you read your RepoForge.io Access Logs. You can optionally use query parameters to filter the logs
Example
# without filtering (get all logs)
response = session.get('https://api.repoforge.io/rest/v1/access-logs')
print(response.json())
# with filtering
from datetime import datetime, timedelta
query = {
"limit": 1,
"start_time": (datetime.now() - timedelta(hours=24)).isoformat(),
"end_time": (datetime.now() - timedelta(hours=2)).isoformat(),
"access_type": "Python",
"package_name": "mypackage",
}
response = session.get(f"https://api.repoforge.io/rest/v1/access-logs?{urlencode(query)}")
query Parameters
Limit (integer) or Limit (null) (Limit) Example: limit=1 Limit the number of responses | |
Start Time (string) or Start Time (null) (Start Time) Examples: start_time=2024-12-10T11:01:45.054031 Filter for all events after this timestamp | |
End Time (string) or End Time (null) (End Time) Examples: end_time=2024-12-10T11:01:45.054112 Filter for all events before this timestamp | |
AccessType (string) or Access Type (null) (Access Type) Examples: access_type=Python Filter for packages of a certain type | |
Package Name (string) or Package Name (null) (Package Name) Examples: package_name=mypackage Filter for packages with a specific name |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Responses
Response samples
- 200
- 401
- 403
[- {
- "id": "1234",
- "user": "info@repoforge.io",
- "package_type": "Python",
- "created": "2019-08-24T14:15:22Z",
- "object_id": "my-package",
- "action": "Write",
- "status_code": 0,
- "path": "string",
- "request_method": "string"
}
]Create Access Token
The Access Token endpoint lets you create, read, rotate and delete RepoForge.io Access Tokens.
Important: For security reasons, the token attribute is only visible when you initially create a new access token, or when you rotate an existing one. Whenever you call a GET request on this endpoint, you'll see a
value. You cannot rotate or delete the Access Token you are currently using to authenticate the REST API
Example
payload = dict(
name="A new token",
roles=["d8b787be-bd91-42a0-865c-df97d5b8e5ac"]
)
response = session.post('https://api.repoforge.io/rest/v1/access-tokens', json=payload)
print(response.json()["token"])
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Request Body schema: application/jsonrequired
| name required | string (Name) The user-readable name for this access token - this must be unique |
| roles required | Array of strings <uuid> (Roles) [ items <uuid > ] The UUIDs of roles that this access token may assume |
Responses
Request samples
- Payload
{- "name": "string",
- "roles": [
- "497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}Response samples
- 200
- 401
- 403
{- "name": "string",
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "token": "string"
}List Access Tokens
Returns a list of all RepoForge.io access tokens currently being managed by your organisation.
Example
response = session.get('https://api.repoforge.io/rest/v1/access-tokens')
print(response.json())
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Responses
Response samples
- 200
- 401
- 403
[- {
- "name": "string",
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "roles": [
- {
- "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
- "name": "string",
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "actions": [
- "Write"
], - "access_type": "Python"
}
], - "token": "<MASKED>"
}
]Retrieve Access Token
Retrieves a single access token by its UUID
Example
response = session.get('https://api.repoforge.io/rest/v1/access-tokens/2211bded-b41b-4313-a96c-f955dd12aa8b')
print(response.json())
path Parameters
| uuid required | string <uuid> (Uuid) The UUID of the token that you want to retrieve |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Responses
Response samples
- 200
- 401
- 403
- 404
{- "name": "string",
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "roles": [
- {
- "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
- "name": "string",
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "actions": [
- "Write"
], - "access_type": "Python"
}
], - "token": "<MASKED>"
}Delete Access Token
Finds an access token by its UUID and deletes it. The deleted token value will no longer be valid, and you will no longer be able to use it to authenticate.
You CANNOT delete the access token that you are currently using to authenticate the REST API
Example
token_uuid = "uuid-of-token"
response = session.delete(f"https://api.repoforge.io/rest/v1/access-tokens/{token_uuid}")
assert response.status_code == 200
path Parameters
| uuid required | string <uuid> (Uuid) The UUID of the token that you want to rotate |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Responses
Response samples
- 200
- 401
- 403
- 404
{- "ok": true
}Rotate Access Token
Finds an access token by its UUID and rotates it. The old token value will no longer be valid, and you will no longer be able to use it to authenticate. The token roles will remain unchanged.
You CANNOT rotate the access token that you are currently using to authenticate the REST API
Example
token_uuid = "uuid-of-token"
response = session.patch(f"https://api.repoforge.io/rest/v1/access-tokens/{token_uuid}/rotate")
assert response.status_code == 200
new_token = response.json()["token"]
path Parameters
| uuid required | string <uuid> (Uuid) The UUID of the token that you want to rotate |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Responses
Response samples
- 200
- 401
- 403
- 404
{- "name": "string",
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "token": "string"
}These endpoints let you view, modify permissions or delete the NPM packages managed by your organisation
List NPM packages
This endpoint lists all NPM packages belonging to your organisation.
Example Usage
response = session.get("https://api.repoforge.io/rest/v1/npm")
assert response.status_code == 200
print(response.json())
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Responses
Response samples
- 200
- 401
- 403
[- {
- "hash_id": "string",
- "sort_key": "string",
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "public": false,
- "permissions_mode": "DEFAULT",
- "name": "string",
- "registry_name": "string",
- "package_name": "string"
}
]Retrieve NPM package
This endpoint retrieves a single NPM package by its registry name and package name.
Example Usage
response = session.get("https://api.repoforge.io/rest/v1/npm/@repoforge/my-package")
assert response.status_code == 200
print(response.json())
path Parameters
| registry_name required | string (Registry Name) |
| package_name required | string (Package Name) |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Responses
Response samples
- 200
- 401
- 403
- 404
{- "hash_id": "string",
- "sort_key": "string",
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "public": false,
- "permissions_mode": "DEFAULT",
- "name": "string",
- "registry_name": "string",
- "package_name": "string"
}Update NPM package
This endpoint lets you update the permissions of a single NPM package by its registry name and package name.
You must supply either public (true|false) or permissions_mode (PACKAGE_LEVEL|DEFAULT) in the
payload.
Packages marked as public can be installed/downloaded using the NPM client without providing any credentials.
Non-public packages that use the DEFAULT permissions mode can be installed by any authenticated user
with the relevant role - e.g one with the permissions to Download NPM packages for your organisation.
Packages that use PACKAGE_LEVEL permissions can only be accessed by those authenticated users that
have been explicitly assigned to the relevant roles created for that specific package.
Setting the permissions mode to PACKAGE_LEVEL will always cause the package to be non-public.
Example Usage
# making a package public
payload = dict(
public=True
)
response = session.patch("https://api.repoforge.io/rest/v1/npm/@repoforge/npm-package", json=payload)
assert response.status_code == 200
assert response.json()['public'] == True
changing the permissions mode to package_level
payload = dict(
permissions_mode="PACKAGE_LEVEL"
)
response = session.patch("https://api.repoforge.io/rest/v1/npm/@repoforge/npm-package", json=payload)
assert response.status_code == 200
path Parameters
| registry_name required | string (Registry Name) |
| package_name required | string (Package Name) |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Request Body schema: application/jsonrequired
Public (boolean) or Public (null) (Public) | |
PermissionsMode (string) or null |
Responses
Request samples
- Payload
{- "public": true,
- "permissions_mode": "DEFAULT"
}Response samples
- 200
- 401
- 403
- 404
{- "hash_id": "string",
- "sort_key": "string",
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "public": false,
- "permissions_mode": "DEFAULT",
- "name": "string",
- "registry_name": "string",
- "package_name": "string"
}Delete NPM version
Deletes a NPM version by its registry name, package name and version number. If no other versions exist under the same parent NPM package, then the NPM package will be deleted, too.
Example
response = session.delete("https://api.repoforge.io/rest/v1/npm/@repoforge/mypackage/1.0.0")
assert response.status_code == 200
path Parameters
| registry_name required | string (Registry Name) |
| package_name required | string (Package Name) |
| version_number required | string (Version Number) |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Responses
Response samples
- 200
- 401
- 403
- 404
{- "ok": true
}These endpoints let you view, modify permissions or delete the Python packages managed by your organisation.
List Python packages
Returns a list of all Python packages owned owned by your organisation.
Example Usage
response = session.get("https://api.repoforge.io/rest/v1/python")
assert response.status_code == 200
print(response.json())
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Responses
Response samples
- 200
- 401
- 403
[- {
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "name": "string",
- "latest_version": "string",
- "total_file_size": 0,
- "versions": [
- {
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "number": "string",
- "file_type": "string",
- "file_name": "string",
- "file_size": 0,
- "metadata": { },
- "file_url": "string"
}
], - "public": true,
- "permissions_mode": "DEFAULT"
}
]Retrieve Python package
Retrieves a single Python package by its name
Example Usage
response = session.get("https://api.repoforge.io/rest/v1/python/my-package")
assert response.status_code == 200
print(response.json())
path Parameters
| package_name required | string (Package Name) |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Responses
Response samples
- 200
- 401
- 403
- 404
{- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "name": "string",
- "latest_version": "string",
- "total_file_size": 0,
- "versions": [
- {
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "number": "string",
- "file_type": "string",
- "file_name": "string",
- "file_size": 0,
- "metadata": { },
- "file_url": "string"
}
], - "public": true,
- "permissions_mode": "DEFAULT"
}Update Python package
This endpoint lets you update the permissions of a single Python package by its package name.
You must supply either public (true|false) or permissions_mode (PACKAGE_LEVEL|DEFAULT) in the
payload.
Packages marked as public can be installed/downloaded using the NPM client without providing any credentials.
Non-public packages that use the DEFAULT permissions mode can be installed by any authenticated user
with the relevant role - e.g one with the permissions to Download Python packages for your organisation.
Packages that use PACKAGE_LEVEL permissions can only be accessed by those authenticated users that
have been explicitly assigned to the relevant roles created for that specific package.
Setting the permissions mode to PACKAGE_LEVEL will always cause the package to be non-public.
Example Usage
# Marking a package as public
payload = dict(
public=True
)
response = session.patch("https://api.repoforge.io/rest/v1/python/my-package", json=payload)
assert response.status_code == 200
assert response.json()['public'] == True
# changing the permissions mode
payload = dict(
permissions_mode="PACKAGE_LEVEL"
)
response = session.patch("https://api.repoforge.io/rest/v1/python/my-package", json=payload)
assert response.status_code == 200
path Parameters
| package_name required | string (Package Name) |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Request Body schema: application/jsonrequired
Public (boolean) or Public (null) (Public) | |
PermissionsMode (string) or null |
Responses
Request samples
- Payload
{- "public": true,
- "permissions_mode": "DEFAULT"
}Response samples
- 200
- 401
- 403
- 404
{- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "name": "string",
- "latest_version": "string",
- "total_file_size": 0,
- "versions": [
- {
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "number": "string",
- "file_type": "string",
- "file_name": "string",
- "file_size": 0,
- "metadata": { },
- "file_url": "string"
}
], - "public": true,
- "permissions_mode": "DEFAULT"
}Delete Python version
Deletes a version from a Python package by the package name, file type and version. If this is the last remaining version of the parent package, then the parent package will also be deleted.
Example Usage
response = session.delete(
"{host}/rest/v1/python/my-package/bdist_wheel/1.0.0/mypackage-3.7-py3-none-any.whl"
)
assert response.status_code == 200
path Parameters
| package_name required | string (Package Name) |
| file_type required | string (File Type) |
| file_name required | string (File Name) |
| version required | string (Version) |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Responses
Response samples
- 200
- 401
- 403
- 404
{- "ok": true
}These endpoints let you view, modify permissions or delete the Docker registries managed by your organisation.
List Docker registries
Returns a list of all Docker registries managed by your organisation.
Example Usage
response = session.get("https://api.repoforge.io/rest/v1/docker")
assert response.status_code == 200
print(response.json())
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Responses
Response samples
- 200
- 401
- 403
[- {
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "name": "string",
- "public": false,
- "permissions_mode": "DEFAULT",
- "groups": [
- {
- "hash_id": "string",
- "sort_key": "string",
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "entity_type": "Role",
- "actions": [
- "Write"
], - "access_type": "Python",
- "group_name": "string",
- "package_sort_key": "string"
}
], - "tags": [
- {
- "refs": [
- "string"
], - "size": 0,
- "sha": "string",
- "last_modified": "2019-08-24T14:15:22Z",
- "uri": "string"
}
]
}
]Retrieve Docker registry
Retrieves a single docker registry by its name
Example Usage
response = session.get("https://api.repoforge.io/rest/v1/docker/my-registry")
assert response.status_code == 200
print(response.json())
path Parameters
| registry_name required | string (Registry Name) |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Responses
Response samples
- 200
- 401
- 403
- 404
{- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "name": "string",
- "public": false,
- "permissions_mode": "DEFAULT",
- "groups": [
- {
- "hash_id": "string",
- "sort_key": "string",
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "entity_type": "Role",
- "actions": [
- "Write"
], - "access_type": "Python",
- "group_name": "string",
- "package_sort_key": "string"
}
], - "tags": [
- {
- "refs": [
- "string"
], - "size": 0,
- "sha": "string",
- "last_modified": "2019-08-24T14:15:22Z",
- "uri": "string"
}
]
}Update Docker registry
This endpoint lets you update the permissions of a single Docker registry by its registry name.
You must supply either public (true|false) or permissions_mode (PACKAGE_LEVEL|DEFAULT) in the
payload.
Registries marked as public can be installed/downloaded using the NPM client without providing any
credentials.
Non-public registries that use the DEFAULT permissions mode can be installed by any authenticated user
with the relevant role - e.g one with the permissions to Download Python packages for your organisation.
Registries that use PACKAGE_LEVEL permissions can only be accessed by those authenticated users that
have been explicitly assigned to the relevant roles created for that specific registry.
Setting the permissions mode to PACKAGE_LEVEL will always cause the package to be non-public.
Example Usage
payload = dict(
public=True
)
response = session.patch("https://api.repoforge.io/rest/v1/docker/my-registry", json=payload)
assert response.status_code == 200
assert response.json()['public'] == True
path Parameters
| registry_name required | string (Registry Name) |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Request Body schema: application/jsonrequired
Public (boolean) or Public (null) (Public) | |
PermissionsMode (string) or null |
Responses
Request samples
- Payload
{- "public": true,
- "permissions_mode": "DEFAULT"
}Response samples
- 200
- 401
- 403
- 404
{- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "name": "string",
- "public": false,
- "permissions_mode": "DEFAULT",
- "groups": [
- {
- "hash_id": "string",
- "sort_key": "string",
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "entity_type": "Role",
- "actions": [
- "Write"
], - "access_type": "Python",
- "group_name": "string",
- "package_sort_key": "string"
}
], - "tags": [
- {
- "refs": [
- "string"
], - "size": 0,
- "sha": "string",
- "last_modified": "2019-08-24T14:15:22Z",
- "uri": "string"
}
]
}Delete Docker tag
Deletes a version from a Docker tag by the registry name and tag reference.
Example Usage
response = session.delete("https://api.repoforge.io/rest/v1/docker/my-registry/latest")
assert response.status_code == 200
path Parameters
| registry_name required | string (Registry Name) |
| reference required | string (Reference) |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Responses
Response samples
- 200
- 401
- 403
- 404
{- "ok": true
}List Roles
List all available system roles. Roles are managed by the system and cannot be created or changed, but can be associated with access token objects to control resources within RepoForge.io.
Example
response = session.get('https://api.repoforge.io/rest/v1/roles')
print(response.json())
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Responses
Response samples
- 200
- 401
- 403
[- {
- "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
- "name": "string",
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "actions": [
- "Write"
], - "access_type": "Python"
}
]These endpoints let you view, modify permissions or delete the Debian packages managed by your organisation.
List Debian packages
Returns a list of all Debian packages managed by your organisation
Example usage
response = session.get("http://localhost:5001/rest/v1/debian")
assert response.status_code == 200, response.text
print(response.json())
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Responses
Response samples
- 200
- 401
- 403
[- {
- "name": "mypackage",
- "versions": [
- {
- "version": "1.0",
- "architecture": "amd64",
- "filename": "mypackage_1.0_arm64.deb",
- "size": 1024,
- "md5_sum": "09c5571835f4951a1680af80df0f5c96",
- "sha1": "da12b96ab5a942d3286bd441f41b6d53470a9859",
- "sha256": "f9fa2734d78fac5d7953cd308d3b8ddbae5e4c92285617213e550673e91b5f89",
- "metadata": {
- "installed-size": "0",
- "license": "unknown",
- "maintainer": "chris@repoforge.io",
- "priority": "optional",
- "section": "default",
- "vendor": "none"
}
}
], - "date": "2019-08-24T14:15:22Z",
- "description": "string",
- "public": false,
- "permissions_mode": "DEFAULT"
}
]Retrieve Debian packages
Retrieves a single Debian package by its name
Example usage
response = session.get("http://localhost:5001/rest/v1/debian/mypackage")
assert response.status_code == 200, response.text
print(response.json())
path Parameters
| name required | string (Name) |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Responses
Response samples
- 200
- 401
- 403
{- "name": "mypackage",
- "versions": [
- {
- "version": "1.0",
- "architecture": "amd64",
- "filename": "mypackage_1.0_arm64.deb",
- "size": 1024,
- "md5_sum": "09c5571835f4951a1680af80df0f5c96",
- "sha1": "da12b96ab5a942d3286bd441f41b6d53470a9859",
- "sha256": "f9fa2734d78fac5d7953cd308d3b8ddbae5e4c92285617213e550673e91b5f89",
- "metadata": {
- "installed-size": "0",
- "license": "unknown",
- "maintainer": "chris@repoforge.io",
- "priority": "optional",
- "section": "default",
- "vendor": "none"
}
}
], - "date": "2019-08-24T14:15:22Z",
- "description": "string",
- "public": false,
- "permissions_mode": "DEFAULT"
}Update Debian package
This endpoint lets you update the permissions of a single Debian package by its package name.
You must supply either public (true|false) or permissions_mode (PACKAGE_LEVEL|DEFAULT) in the
payload.
Packages marked as public can be installed/downloaded using the NPM client without providing any credentials.
Non-public packages that use the DEFAULT permissions mode can be installed by any authenticated user
with the relevant role - e.g one with the permissions to Download Debian packages for your organisation.
Packages that use PACKAGE_LEVEL permissions can only be accessed by those authenticated users that
have been explicitly assigned to the relevant roles created for that specific package.
Setting the permissions mode to PACKAGE_LEVEL will always cause the package to be non-public.
Example Usage
# Marking a package as public
payload = dict(
public=True
)
response = session.patch("http://localhost:5001/rest/v1/debian/my-package", json=payload)
assert response.status_code == 200
assert response.json()['public'] == True
# changing the permissions mode
payload = dict(
permissions_mode="PACKAGE_LEVEL"
)
response = session.patch("http://localhost:5001/rest/v1/debian/my-package", json=payload)
assert response.status_code == 200
path Parameters
| name required | string (Name) |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Request Body schema: application/jsonrequired
Public (boolean) or Public (null) (Public) | |
PermissionsMode (string) or null |
Responses
Request samples
- Payload
{- "public": true,
- "permissions_mode": "DEFAULT"
}Response samples
- 200
- 401
- 403
nullDelete Debian package
Deletes a file from a Debian package by its architecture and name
Example usage
response = session.delete("http://localhost:5001/rest/v1/debian/mypackage/arm64/mypackage_1.0_all.deb")
assert response.status_code == 200, response.text
print(response.json())
path Parameters
| name required | string (Name) |
| architecture required | string (Architecture) |
| filename required | string (Filename) |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Responses
Response samples
- 200
- 401
- 403
{- "ok": true
}This section of the API docs covers the package APIs - e.g. the Python, NPM, Docker and Debian endpoints used to integrate with standard tooling, e.g. pip/twine, npm/pnpm/yarn, docker cli and apt. This section ONLY includes RESTFUL endpoints - It does NOT document HTML endpoints used widely in the Debian and Python registries.
RepoForge.io's Debian endpoints are primarily HTML based. Most of them can be found by navigating the folder structure at https://api.repoforge.io/debian/unique-hash-id/. There are only two RESTFUL endpoints for the Debian package API - for fetching the Public GPG key, and for uploading Debian packages into RepoForge.io, which are documented below.
Create Debian package
This endpoint lets you create a new Debian package, or add a new version to an existing Debian package, if a package with the same name already exists for your account.
This endpoint accepts a single uploaded file under the content key, which must be a valid Debian package
containing included valid metadata
path Parameters
| hash_id required | string (Hash Id) Example: unique-hash-id |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} |
Request Body schema: multipart/form-datarequired
| content required | string <binary> (Content) |
Responses
Response samples
- 200
- 401
- 403
{- "hash_id": "unique-hash-id",
- "name": "mypackage",
- "architecture": "arm64",
- "version": "1.0.0",
- "filename": "mypackage_1.0.0_all.deb",
- "size": 0,
- "key": "string",
- "md5_sum": "string",
- "sha1": "string",
- "sha256": "string",
- "metadata": { },
- "sort_key": "string"
}The RepoForge.io Docker registry follows the specification defined here.
Docker root
This endpoint verifies the auth token and returns an empty response. This endpoint essentially controls authentication and permissions to the entire docker registry
Returns a 401 if token is invalid
header Parameters
Authorization (string) or Authorization (null) (Authorization) |
Responses
Response samples
- 200
- 401
nullPost Docker blob
Start a new Docker upload. This endpoint just generates a UUID and returns an empty response
with two response headers - docker-upload-uuid, the generated ID, and Location, which
is the path to where the client should send blobs to upload.
path Parameters
| hash_id required | string (Hash Id) Example: unique-hash-id |
| name required | string (Name) Docker registry name |
Responses
Response samples
- 202
nullPatch Docker blobs
This method creates or updates a blob in S3 at a path containing a given UUID. It supports multipart uploads via the content-range header.
path Parameters
| hash_id required | string (Hash Id) |
| name required | string (Name) Docker registry name |
| uuid required | string (Uuid) The |
header Parameters
| content-range | string (Content-Range) Default: 0-0 The starting position of the uploaded object |
Responses
Response samples
- 202
- 413
nullPut Docker blobs
This method is used to finalise the multipart upload of a blob stored at a path in S3 based on a given UUID.
It first creates/updates the blob on S3 in a similar way to the patch_blobs endpoint. Once done, it then
moves the blob from its UUID path on s3 to a path based on the content digest.
path Parameters
| hash_id required | string (Hash Id) Example: unique-hash-id |
| name required | string (Name) Registry name |
| uuid required | string (Uuid) Example: aff12a31-3a6b-4b88-98f5-c2211e45bb4a The Docker upload UUID |
query Parameters
| digest required | string (Digest) The Docker content digest |
header Parameters
| content-length required | string (Content-Length) |
Content-Range (string) or Content-Range (null) (Content-Range) |
Responses
Response samples
- 201
- 413
nullHead Docker blobs
Very simple function that just checks if a blob exists based on a given hash id, name and digest. Returns an empty response.
path Parameters
| hash_id required | string (Hash Id) Example: unique-hash-id |
| name required | string (Name) Registry name |
| digest required | string (Digest) The Docker content digest |
Responses
Response samples
- 200
nullGet Docker blob
Gets a blob from S3 by the given hash id, name and digest, and returns a streaming response back to the user
path Parameters
| hash_id required | string (Hash Id) Example: unique-hash-id |
| name required | string (Name) Registry name |
| digest required | string (Digest) The Docker content digest |
Responses
Response samples
- 200
nullHead Docker manifest
Simple function to check to see whether a manifest exists and returns the content type and digest headers in the response
path Parameters
| hash_id required | string (Hash Id) Example: unique-hash-id |
| name required | string (Name) Registry name |
| reference required | string (Reference) Example: latest The Docker reference |
header Parameters
Authorization (string) or Authorization (null) (Authorization) |
Responses
Response samples
- 200
nullGet Docker manifest
Similar to the head_manifest endpoint above, but this one actually returns the content of the manifest as well
path Parameters
| hash_id required | string (Hash Id) Example: unique-hash-id |
| name required | string (Name) Registry name |
| reference required | string (Reference) |
header Parameters
Authorization (string) or Authorization (null) (Authorization) |
Responses
Response samples
- 200
nullPut Docker manifest
Creates a new Docker manifest
path Parameters
| hash_id required | string (Hash Id) Example: unique-hash-id |
| name required | string (Name) Registry name |
| reference required | string (Reference) Example: latest The Docker reference |
header Parameters
Authorization (string) or Authorization (null) (Authorization) |
Responses
Response samples
- 201
nullCreate auth token for Docker registry
query Parameters
Scope (string) or Scope (null) (Scope) Required scope for the token | |
Service (string) or Service (null) (Service) Service name |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} |
Responses
Response samples
- 200
- 401
- 403
nullThe NPM spec used by RepoForge.io is compliant with the API specification provided
here. It supports standard NodeJS packaging
tooling such as npm, pnpm, yarn etc.
In order to create/update NPM packages, or pull non-pubic NPM packages, requests must be authenticated using a valid RepoForge.io token that assumes the NPM - Full access or NPM - Read only role as necessary.
The method for providing auth credentials varies depending on the packaging tools you are using, but for NPM/PNPM, it can be set as follows:
npm init --scope=@myscope
npm config set @myscope/registry https://api.repoforge.io/npm/my-hash-id/
npm config set //api.repoforge.io/npm/my-hash-id/:_authToken $MY_NPM_ACCESS_TOKEN
Setting the config as the above means that requests to RepoForge will be sent with
the header {"Authorization": "Bearer ${MY_NPM_ACCESS_TOKEN}"} when trying to push
or pull a package with a name prefixed by @myscope
Put NPM package
This endpoint allows the creation of new NPM packages. If an NPM package with the same name and scope already exists, then it will either add new versions to that package (if the given version number does not already exist), or overwrite the existing versions of that version number.
path Parameters
| hash_id required | string (Hash Id) Example: my-hash-id |
| registry_name required | string (Registry Name) Example: @myscope |
| package_name required | string (Package Name) Example: mypackage |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Request Body schema: application/jsonrequired
| _id required | string (Id) A unique identifier for your package containing the scope and package name separatedby a forward slash. The value of this field is always identical to the |
| name required | string (Name) A unique identifier for your package containing the scope and package name separatedby a forward slash. The value of this field is always identical to the |
Description (string) or Description (null) (Description) Default: "" A description of the package you are uploading | |
required | object (Dist-Tags) An array containing tagged versions |
| readme | string (Readme) Default: "" |
required | object (Attachments) |
required | object (Versions) A dictionary of versions of this package |
Responses
Request samples
- Payload
{- "_id": "@repoforge/mypackage",
- "name": "@repoforge/mypackage",
- "description": "",
- "dist-tags": {
- "latest": "1.0.0"
}, - "readme": "ERROR: No README data found!",
- "_attachments": {
- "1.0.0": {
- "content_type": "application/javascript",
- "data": "...",
- "length": 100
}
}, - "versions": {
- "1.0.0": {
- "author": "",
- "dependencies": {
- "@scope/myproject": "^1.0.0"
}, - "description": "",
- "dist": {
- "integrity": "sha512-7fey422PMK372NuMmxKv7Z2+nrjAj7a/dq6lo363PUuJG9BA9U5ED1wx0m20cAXAbVljDgNS0rX3A2oFSOuLKw==",
- "shasum": "37001f6f28365fd758e6f533a5c8954c115c63bd",
}, - "id": "@scope/myproject@1.0.0",
- "license": "ISC",
- "main": "index.js",
- "name": "@scope/myproject",
- "nodeVersion": "12.22.12",
- "npmVersion": "6.14.16",
- "readme": "ERROR: No README data found!",
- "scripts": {
- "test": "echo \"Error: no test specified\" && exit 1"
}, - "version": "1.0.0"
}
}
}Response samples
- 200
- 401
- 403
- 413
{- "hash_id": "string",
- "sort_key": "string",
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "public": false,
- "permissions_mode": "DEFAULT",
- "metadata": {
- "_id": "@repoforge/mypackage",
- "name": "@repoforge/mypackage",
- "description": "",
- "dist-tags": {
- "latest": "1.0.0"
}, - "readme": "ERROR: No README data found!",
- "versions": {
- "1.0.0": {
- "author": "",
- "dependencies": {
- "@scope/myproject": "^1.0.0"
}, - "description": "",
- "dist": {
- "integrity": "sha512-7fey422PMK372NuMmxKv7Z2+nrjAj7a/dq6lo363PUuJG9BA9U5ED1wx0m20cAXAbVljDgNS0rX3A2oFSOuLKw==",
- "shasum": "37001f6f28365fd758e6f533a5c8954c115c63bd",
}, - "id": "@scope/myproject@1.0.0",
- "key": "gjlU57upq/@scope/myproject/1.0.0/myproject-1.0.0.tgz",
- "license": "ISC",
- "main": "index.js",
- "name": "@scope/myproject",
- "nodeVersion": "12.22.12",
- "npmVersion": "6.14.16",
- "readme": "ERROR: No README data found!",
- "scripts": {
- "test": "echo \"Error: no test specified\" && exit 1"
}, - "size": 266,
- "updated": "2024-10-17T23:21:35.913640Z",
- "version": "1.0.0"
}
}
}, - "entity_type": "NPMPackage",
- "role_uuids": [ ],
- "name": "string",
- "registry_name": "string",
- "package_name": "string",
- "roles": [
- {
- "hash_id": "string",
- "sort_key": "string",
- "created": "2019-08-24T14:15:22Z",
- "updated": "2019-08-24T14:15:22Z",
- "entity_type": "Role",
- "actions": [
- "Write"
], - "access_type": "Python",
- "group_name": "string",
- "package_sort_key": "string"
}
]
}Get NPM package
This method finds and returns an NPMPackage by its scope and name
path Parameters
| hash_id required | string (Hash Id) Example: my-hash-id |
| registry_name required | string (Registry Name) Example: @myscope |
| package_name required | string (Package Name) Example: mypackage |
Responses
Response samples
- 200
- 404
{- "_id": "@repoforge/mypackage",
- "name": "@repoforge/mypackage",
- "description": "",
- "dist-tags": {
- "latest": "1.0.0"
}, - "readme": "ERROR: No README data found!",
- "versions": {
- "1.0.0": {
- "author": "",
- "dependencies": {
- "@scope/myproject": "^1.0.0"
}, - "description": "",
- "dist": {
- "integrity": "sha512-7fey422PMK372NuMmxKv7Z2+nrjAj7a/dq6lo363PUuJG9BA9U5ED1wx0m20cAXAbVljDgNS0rX3A2oFSOuLKw==",
- "shasum": "37001f6f28365fd758e6f533a5c8954c115c63bd",
}, - "id": "@scope/myproject@1.0.0",
- "key": "gjlU57upq/@scope/myproject/1.0.0/myproject-1.0.0.tgz",
- "license": "ISC",
- "main": "index.js",
- "name": "@scope/myproject",
- "nodeVersion": "12.22.12",
- "npmVersion": "6.14.16",
- "readme": "ERROR: No README data found!",
- "scripts": {
- "test": "echo \"Error: no test specified\" && exit 1"
}, - "size": 266,
- "updated": "2024-10-17T23:21:35.913640Z",
- "version": "1.0.0"
}
}
}Download NPM package
This endpoint generates a presigned file download URL for the given package and returns a RedirectResponse to it.
path Parameters
| version required | string (Version) |
| hash_id required | string (Hash Id) Example: my-hash-id |
| registry_name required | string (Registry Name) Example: @myscope |
| package_name required | string (Package Name) Example: mypackage |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} Valid API auth bearer token |
Responses
Response samples
- 200
- 401
- 403
- 404
nullAs is the case with the Debian API, RepoForge.io's Python endpoints are primarily HTML based on a directory structure, which can be navigated from https://api.repoforge.io/unique-hash-id/. Once again,there are only two RESTFUL endpoints - one for creating packages using tools such as twine, and one for downloading them using tools such as pip.
Upload
path Parameters
| hash_id required | string (Hash Id) Example: unique-hash-id |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} |
Request Body schema: multipart/form-datarequired
| content required | string <binary> (Content) |
Responses
Response samples
- 200
nullDownload
path Parameters
| hash_id required | string (Hash Id) Example: unique-hash-id |
| package_name required | string (Package Name) Example: mypackage |
| version required | string (Version) Example: 1.0.0 |
| file_type required | string (File Type) Examples: bdist_wheel sdist |
| filename required | string (Filename) Example: mypackage-1.0-py3-none-any.whl |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} |
Responses
The RepoForge.io Conda repo provisions three simple JSON-based Conda channels - one foruploading a package to a channel, one for listing the packages stored on a channel,and one for actually downloading Conda package files.
Create Conda package
Takes an uploaded file, extracts the metadata, saves the package to the database and S3 bucket, and returns the metadata of the saved package.
path Parameters
| hash_id required | string (Hash Id) Unique hash id of your RepoForge.io account |
| channel_name required | string (Channel Name) Examples: my-channel The name of the channel you want to upload to. If the channel doesn't exist, this endpoint will return a 404 response |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} |
Request Body schema: multipart/form-datarequired
| file required | string <binary> (File) |
Responses
Response samples
- 200
- 401
- 403
{- "platform": "linux",
- "arch": "x86_64",
- "build": "py311",
- "build_number": 0,
- "depends": [
- "python >=3.11"
], - "license": "MIT",
- "name": "mypackage",
- "timestamp": 1698496167,
- "version": "1.0.0",
- "filename": "mypackage-1.0.0-py311_0.tar.bz2",
- "md5": "0123456789abcdef0123456789abcdef",
- "sha256": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abc",
- "size": 123456789,
- "subdir": "string"
}List Conda packages
Retrieves a list of Conda packages for the given hash_id.
path Parameters
| hash_id required | string (Hash Id) |
| channel_name required | string (Channel Name) |
| subdir required | string (Subdir) |
Responses
Response samples
- 200
{- "info": {
- "subdir": "string"
}, - "packages": {
- "property1": {
- "platform": "linux",
- "arch": "x86_64",
- "build": "py311",
- "build_number": 0,
- "depends": [
- "python >=3.11"
], - "license": "MIT",
- "name": "mypackage",
- "timestamp": 1698496167,
- "version": "1.0.0",
- "filename": "mypackage-1.0.0-py311_0.tar.bz2",
- "md5": "0123456789abcdef0123456789abcdef",
- "sha256": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abc",
- "size": 123456789,
- "subdir": "string"
}, - "property2": {
- "platform": "linux",
- "arch": "x86_64",
- "build": "py311",
- "build_number": 0,
- "depends": [
- "python >=3.11"
], - "license": "MIT",
- "name": "mypackage",
- "timestamp": 1698496167,
- "version": "1.0.0",
- "filename": "mypackage-1.0.0-py311_0.tar.bz2",
- "md5": "0123456789abcdef0123456789abcdef",
- "sha256": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abc",
- "size": 123456789,
- "subdir": "string"
}
}
}Download Conda package
Gets a download URL for a given package and 302 redirects to it
path Parameters
| hash_id required | string (Hash Id) |
| channel_name required | string (Channel Name) |
| subdir required | string (Subdir) |
| filename required | string (Filename) |
header Parameters
Authorization (string) or Authorization (null) (Authorization) Example: Bearer {API_TOKEN} |
Responses
Response samples
- 200
- 401
- 403
null