Red Hat Quay API guide


Red Hat Quay 3.13

Red Hat Quay API Guide

Red Hat OpenShift Documentation Team

Abstract

Use the Red Hat Quay API

Preface

The Red Hat Quay application programming interface (API) provides a comprehensive, RESTful interface for managing and automating tasks within Red Hat Quay. Designed around the OAuth 2.0 protocol, this API enables secure, fine-grained access to Red Hat Quay resources, and allows administrators and users to perform such actions as creating repositories, managing images, setting permissions, and more.

Red Hat Quay follows Semantic Versioning (SemVer) principles, ensuring predictable API stability across releases, such as:

  • Major releases: Introduce new capabilities. Might include breaking changes to API compatibility. For example, the API of Red Hat Quay 2.0 differs from Red Hat Quay 3.0.
  • Minor releases: Add new functionality in a backward-compatible manner. For example, a 3.y release adds functionality to the version 3. release.
  • Patch releases: Deliver bug fixes and improvements while preserving backward compatibility with minor releases, such as 3.y.z.

The following guide describes the Red Hat Quay API in more detail, and provides details on the following topics:

  • OAuth 2 access tokens and how they compare to traditional API tokens and Red Hat Quay’s robot tokens
  • Generating an OAuth 2 access token
  • Best practices for token management
  • OAuth 2 access token capabilities
  • Using the Red Hat Quay API
  • Red Hat Quay API configuration examples

This guide is accompanied with a second guide, . . ., that provides information about all api/v1 endpoints and how to access those endpoints with example commands.

Chapter 1. Introduction to Red Hat Quay OAuth 2.0 tokens

The Red Hat Quay OAuth2 token system provides a secure, standards-based method for accessing Red Hat Quay’s API and other relevant resources. The Red Hat Quay OAuth2 token-based approaches provides a secure method for handling authentication and authorization for complex environments. Compared to more traditional API tokens, Red Hat Quay’s OAuth2 token system offers the following enhancements:

  • Standards-based security, which adheres to the OAuth 2.0 protocol.
  • Revocable access by way of deleting the application in which the OAuth2 token exists.
  • Fine-grained access control, which allows Red Hat Quay administrators the ability to assign specific permissions to tokens.
  • Delegated access, which allows third-party applications and services to act on behalf of a user.
  • Future-proofing, which helps ensure that Red Hat Quay remains compatible with other services, platforms, and integrations.

The following sections provide more tails about the token types available with Red Hat Quay.

1.1. Red Hat Quay token types

Red Hat Quay primarily supports two types of tokens: OAuth2 access tokens and robot account tokens. A third token type, an OCI referrers access token, that is required to list OCI referrers of a manifest under a repository, is also available when warranted.

OAuth2 access tokens

OAuth 2 access tokens enable user-authenticated access to the Red Hat Quay API, suitable for applications that require user identity verification. These tokens are obtained through an OAuth2 authorization process, where a Red Hat Quay administrator generates a token on behalf of themselves or another user to access Red Hat Quay API endpoints. OAuth 2 tokens authorize actions on API endpoints based on the scopes defined for the token.

Note

Although OAuth 2 tokens authorize actions on API endpoints based on the scopes defined for the token, access to the resources themselves is governed by Red Hat Quay’s role-based access control (RBAC) mechanisms. Actions can be created on a resource, for example, a repository, provided that you have the proper role (Admin or Creator) to do so for that namespace. This is true even if the API token was granted the repo:admin scope.

Currently, the following options can be selected for a token holder:

  • Administer Organization. When selected, allows the user to be able to administer organizations, including creating robots, creating teams, adjusting team membership, and changing billing settings.
  • Administer Repositories. When selected, provides the user administrator access to all repositories to which the granting user has access.
  • Create Repositories. When selected, provides the user the ability to create repositories in any namespaces that the granting user is allowed to create repositories.
  • View all visible repositories. When selected, provides the user the ability to view and pull all repositories visible to the granting user.
  • Read/Write to any accessible repositories. When selected, provides the user the ability to view, push and pull to all repositories to which the granting user has write access.
  • Super User Access. When selected, provides the user the ability to administer your installation including managing users, managing organizations and other features found in the superuser panel.
  • Administer User When selected, provides the user the ability to administer your account including creating robots and granting them permissions to your repositories.
  • Read User Information. When selected, provides the user the ability to read user information such as username and email address.

Token distributors should be mindful of the permissions that they are granting when generating a token on behalf of a user, and should have absolute trust in a user before granting such permissions as Administer organization, Super User Access, and Administer User.

OAuth2 access tokens are passed as a Bearer token in the Authorization header of an API call and, as a result, are used to provide authentication and authorization to the defined API endpoint, such as an image tag, a repository, an organization, and so on.

With Red Hat Quay, there is currently no way to set an expiration time on an OAuth2 access token, and the token lifespan is 10 years. Tokens can be deleted by deleting the applications in which they were created in the event that they are compromised, however, this deletes all tokens that were made within that specific application.

Note

In practice, Red Hat Quay administrators could create a new OAuth application on the Applications page of their organization each time they wanted to create a new OAuth token for a user. This would ensure that a single application is not responsible for all OAuth tokens. As a result, in the event that a user’s token is compromised, the administrator would delete the application of the compromised token. This would help avoid disruption for other users whose tokens might be part of the same application.

Robot account tokens

Robot account tokens are essentially password-type credentials used to access a Red Hat Quay registry via normal Docker v2 endpoints; these are defined as tokens on the UI because the password itself is encrypted.

Robot account tokens are persistent tokens designed for automation and continuous integration workflows. By default, Red Hat Quay’s robot account tokens do not expire and do not require user interaction, which makes robot accounts ideal for non-interactive use cases.

Robot account tokens are automatically generated at the time of a robot’s creation and are non-user specific; that is, they are connected to the user and organization namespace where where they are created. for example, a robot named project_tools+<robot_name> is associated with the project_tools namespace.

Robot account tokens provide access without needing a user’s personal credentials. How the robot account is configured, for example, with one of READ, WRITE, or ADMIN permissions, ultimately defines the actions that the robot account can take.

Because robot account tokens are persistent and do not expire by default, they are ideal for automated workflows that require consistent access to Red Hat Quay without manual renewal. Despite this, robot account tokens can be easily re-generated by using the the UI or the proper API endpoint via the CLI. To enhance the security of your Red Hat Quay deployment, administrators should regularly refresh robot account tokens. Additionally, with the newly-implemented keyless authentication with robot accounts feature, robot account tokens can be exchanged for external OIDC tokens and leveraged so that they only last one hour, enhancing the security of your registry.

When a namespace gets deleted, or when the robot account is deleted itself, they are garbage collected when the collector is scheduled to run.

OCI referrers OAuth access token

In some cases, depending on the features that your Red Hat Quay deployment is configured to use, you might need to leverage an OCI referrers OAuth access token. OCI referrers OAuth access tokens are used to list OCI referrers of a manifest under a repository, and uses a curl command to make a GET request to the Red Hat Quay v2/auth endpoint.

These tokens are obtained via basic HTTP authentication, wherein the user provides a username and password encoded in Base64 to authenticate directly with the v2/auth API endpoint. As such, they are based directly on the user’s credentials aod do not follow the same detailed authorization flow as OAuth2, but still allow a user to authorize API requests.

OCI referrers OAuth access tokens do not offer scope-based permissions and do not expire. They are solely used to list OCI referrers of a manifest under a repository.

Chapter 2. Using the Red Hat Quay API

Red Hat Quay provides a full OAuth 2, RESTful API. [OAuth 2] RESTful API provides the following benefits:

  • It is available from endpoint /api/v1 endpoint of your Red Hat Quay host. For example, https://<quay-server.example.com>/api/v1.
  • It allows users to connect to endpoints through their browser to GET, POST, DELETE, and PUT Red Hat Quay settings by enabling the Swagger UI.
  • It can be accessed by applications that make API calls and use OAuth tokens.
  • It sends and receives data as JSON.

The following section describes how to access the Red Hat Quay API so that it can be used with your deployment.

2.1. Accessing the Quay API from Quay.io

If you don’t have your own Red Hat Quay cluster running yet, you can explore the Red Hat Quay API available from Quay.io from your web browser:

https://docs.quay.io/api/swagger/

The API Explorer that appears shows Quay.io API endpoints. You will not see superuser API endpoints or endpoints for Red Hat Quay features that are not enabled on Quay.io (such as Repository Mirroring).

From API Explorer, you can get, and sometimes change, information on:

  • Billing, subscriptions, and plans
  • Repository builds and build triggers
  • Error messages and global messages
  • Repository images, manifests, permissions, notifications, vulnerabilities, and image signing
  • Usage logs
  • Organizations, members and OAuth applications
  • User and robot accounts
  • and more…​

Select to open an endpoint to view the Model Schema for each part of the endpoint. Open an endpoint, enter any required parameters (such as a repository name or image), then select the Try it out! button to query or change settings associated with a Quay.io endpoint.

2.2. Creating a v1 OAuth access token

OAuth access tokens are credentials that allow you to access protected resources in a secure manner. With Red Hat Quay, you must create an OAuth access token before you can access the API endpoints of your organization.

Use the following procedure to create an OAuth access token.

Prerequisites

  • You have logged in to Red Hat Quay as an administrator.

Procedure

  1. On the main page, select an Organization.
  2. In the navigation pane, select Applications.
  3. Click Create New Application and provide a new application name, then press Enter.
  4. On the OAuth Applications page, select the name of your application.
  5. Optional. Enter the following information:

    1. Application Name
    2. Homepage URL
    3. Description
    4. Avatar E-mail
    5. Redirect/Callback URL prefix
  6. In the navigation pane, select Generate Token.
  7. Check the boxes for the following options:

    1. Administer Organization
    2. Administer Repositories
    3. Create Repositories
    4. View all visible repositories
    5. Read/Write to any accessible repositories
    6. Super User Access
    7. Administer User
    8. Read User Information
  8. Click Generate Access Token. You are redirected to a new page.
  9. Review the permissions that you are allowing, then click Authorize Application. Confirm your decision by clicking Authorize Application.
  10. You are redirected to the Access Token page. Copy and save the access token.

    Important

    This is the only opportunity to copy and save the access token. It cannot be reobtained after leaving this page.

2.3. Creating an OCI referrers OAuth access token

In some cases, you might want to create an OCI referrers OAuth access token. This token is used to list OCI referrers of a manifest under a repository.

Procedure

  1. Update your config.yaml file to include the FEATURE_REFERRERS_API: true field. For example:

    # ...
    FEATURE_REFERRERS_API: true
    # ...
  2. Enter the following command to Base64 encode your credentials:

    $ echo -n '<username>:<password>' | base64

    Example output

    abcdeWFkbWluOjE5ODlraWROZXQxIQ==

  3. Enter the following command to use the base64 encoded string and modify the URL endpoint to your Red Hat Quay server:

    $ curl --location '<quay-server.example.com>/v2/auth?service=<quay-server.example.com>&scope=repository:quay/listocireferrs:pull,push' --header 'Authorization: Basic <base64_username:password_encode_token>' -k | jq

    Example output

    {
      "token": "<example_secret>
    }

2.4. Reassigning an OAuth access token

Organization administrators can assign OAuth API tokens to be created by other user’s with specific permissions. This allows the audit logs to be reflected accurately when the token is used by a user that has no organization administrative permissions to create an OAuth API token.

Note

The following procedure only works on the current Red Hat Quay UI. It is not currently implemented in the Red Hat Quay v2 UI.

Prerequisites

  • You are logged in as a user with organization administrative privileges, which allows you to assign an OAuth API token.

    Note

    OAuth API tokens are used for authentication and not authorization. For example, the user that you are assigning the OAuth token to must have the Admin team role to use administrative API endpoints. For more information, see Managing access to repositories.

Procedure

  1. Optional. If not already, update your Red Hat Quay config.yaml file to include the FEATURE_ASSIGN_OAUTH_TOKEN: true field:

    # ...
    FEATURE_ASSIGN_OAUTH_TOKEN: true
    # ...
  2. Optional. Restart your Red Hat Quay registry.
  3. Log in to your Red Hat Quay registry as an organization administrator.
  4. Click the name of the organization in which you created the OAuth token for.
  5. In the navigation pane, click Applications.
  6. Click the proper application name.
  7. In the navigation pane, click Generate Token.
  8. Click Assign another user and enter the name of the user that will take over the OAuth token.
  9. Check the boxes for the desired permissions that you want the new user to have. For example, if you only want the new user to be able to create repositories, click Create Repositories.

    Important

    Permission control is defined by the team role within an organization and must be configured regardless of the options selected here. For example, the user that you are assigning the OAuth token to must have the Admin team role to use administrative API endpoints.

    Solely checking the Super User Access box does not actually grant the user this permission. Superusers must be configured via the config.yaml file and the box must be checked here.

  10. Click Assign token. A popup box appears that confirms authorization with the following message and shows you the approved permissions:

    This will prompt user <username> to generate a token with the following permissions:
    repo:create
  11. Click Assign token in the popup box. You are redirected to a new page that displays the following message:

    Token assigned successfully

Verification

  1. After reassigning an OAuth token, the assigned user must accept the token to receive the bearer token, which is required to use API endpoints. Request that the assigned user logs into the Red Hat Quay registry.
  2. After they have logged in, they must click their username under Users and Organizations.
  3. In the navigation pane, they must click External Logins And Applications.
  4. Under Authorized Applications, they must confirm the application by clicking Authorize Application. They are directed to a new page where they must reconfirm by clicking Authorize Application.
  5. They are redirected to a new page that reveals their bearer token. They must save this bearer token, as it cannot be viewed again.

2.5. Accessing your Quay API from a web browser

By enabling Swagger, you can access the API for your own Red Hat Quay instance through a web browser. This URL exposes the Red Hat Quay API explorer via the Swagger UI and this URL:

https://<yourquayhost>/api/v1/discovery.

That way of accessing the API does not include superuser endpoints that are available on Red Hat Quay installations. Here is an example of accessing a Red Hat Quay API interface running on the local system by running the swagger-ui container image:

# export SERVER_HOSTNAME=<yourhostname>
# sudo podman run -p 8888:8080 -e API_URL=https://$SERVER_HOSTNAME:8443/api/v1/discovery docker.io/swaggerapi/swagger-ui

With the swagger-ui container running, open your web browser to localhost port 8888 to view API endpoints via the swagger-ui container.

To avoid errors in the log such as "API calls must be invoked with an X-Requested-With header if called from a browser," add the following line to the config.yaml on all nodes in the cluster and restart Red Hat Quay:

BROWSER_API_CALLS_XHR_ONLY: false

2.6. Accessing the Red Hat Quay API from the command line

You can use the curl command to GET, PUT, POST, or DELETE settings via the API for your Red Hat Quay cluster. Replace <token> with the OAuth access token you created earlier to get or change settings in the following examples.

Chapter 3. Red Hat Quay Application Programming Interface (API)

This API allows you to perform many of the operations required to work with Red Hat Quay repositories, users, and organizations.

3.1. Authorization

oauth2_implicit

Scopes

The following scopes are used to control access to the API endpoints:

ScopeDescription

repo:read

This application will be able to view and pull all repositories visible to the granting user or robot account

repo:write

This application will be able to view, push and pull to all repositories to which the granting user or robot account has write access

repo:admin

This application will have administrator access to all repositories to which the granting user or robot account has access

repo:create

This application will be able to create repositories in to any namespaces that the granting user or robot account is allowed to create repositories

user:read

This application will be able to read user information such as username and email address.

org:admin

This application will be able to administer your organizations including creating robots, creating teams, adjusting team membership, and changing billing settings. You should have absolute trust in the requesting application before granting this permission.

super:user

This application will be able to administer your installation including managing users, managing organizations and other features found in the superuser panel. You should have absolute trust in the requesting application before granting this permission.

user:admin

This application will be able to administer your account including creating robots and granting them permissions to your repositories. You should have absolute trust in the requesting application before granting this permission.

3.2. appspecifictokens

Manages app specific tokens for the current user.

3.2.1. createAppToken

Create a new app specific token for user.

POST /api/v1/user/apptoken

Authorizations: oauth2_implicit (user:admin)

Request body schema (application/json)

Description of a new token.

NameDescriptionSchema

title
required

Friendly name to help identify the token

string

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.2.2. listAppTokens

Lists the app specific tokens for the user.

GET /api/v1/user/apptoken

Authorizations: oauth2_implicit (user:admin)

Query parameters
TypeNameDescriptionSchema

query

expiring
optional

If true, only returns those tokens expiring soon

boolean

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.2.3. getAppToken

Returns a specific app token for the user.

GET /api/v1/user/apptoken/{token_uuid}

Authorizations: oauth2_implicit (user:admin)

Path parameters
TypeNameDescriptionSchema

path

token_uuid
required

The uuid of the app specific token

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.2.4. revokeAppToken

Revokes a specific app token for the user.

DELETE /api/v1/user/apptoken/{token_uuid}

Authorizations: oauth2_implicit (user:admin)

Path parameters
TypeNameDescriptionSchema

path

token_uuid
required

The uuid of the app specific token

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.3. build

Create, list, cancel and get status/logs of repository builds.

3.3.1. getRepoBuildStatus

Return the status for the builds specified by the build uuids.

GET /api/v1/repository/{repository}/build/{build_uuid}/status

Authorizations: oauth2_implicit (repo:read)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

build_uuid
required

The UUID of the build

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.3.2. getRepoBuildLogs

Return the build logs for the build specified by the build uuid.

GET /api/v1/repository/{repository}/build/{build_uuid}/logs

Authorizations: oauth2_implicit (repo:read)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

build_uuid
required

The UUID of the build

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.3.3. getRepoBuild

Returns information about a build.

GET /api/v1/repository/{repository}/build/{build_uuid}

Authorizations: oauth2_implicit (repo:read)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

build_uuid
required

The UUID of the build

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.3.4. cancelRepoBuild

Cancels a repository build.

DELETE /api/v1/repository/{repository}/build/{build_uuid}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

build_uuid
required

The UUID of the build

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.3.5. requestRepoBuild

Request that a repository be built and pushed from the specified input.

POST /api/v1/repository/{repository}/build/

Authorizations: oauth2_implicit (repo:write)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Request body schema (application/json)

Description of a new repository build.

NameDescriptionSchema

file_id
optional

The file id that was generated when the build spec was uploaded

string

archive_url
optional

The URL of the .tar.gz to build. Must start with "http" or "https".

string

subdirectory
optional

Subdirectory in which the Dockerfile can be found. You can only specify this or dockerfile_path

string

dockerfile_path
optional

Path to a dockerfile. You can only specify this or subdirectory.

string

context
optional

Pass in the context for the dockerfile. This is optional.

string

pull_robot
optional

Username of a Quay robot account to use as pull credentials

string

tags
optional

The tags to which the built images will be pushed. If none specified, "latest" is used.

array of string
non-empty unique

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.3.6. getRepoBuilds

Get the list of repository builds.

GET /api/v1/repository/{repository}/build/

Authorizations: oauth2_implicit (repo:read)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Query parameters
TypeNameDescriptionSchema

query

since
optional

Returns all builds since the given unix timecode

integer

query

limit
optional

The maximum number of builds to return

integer

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.4. discovery

API discovery information.

3.4.1. discovery

List all of the API endpoints available in the swagger API format.

GET /api/v1/discovery

Authorizations: 

Query parameters
TypeNameDescriptionSchema

query

internal
optional

Whether to include internal APIs.

boolean

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.5. error

Error details API.

3.5.1. getErrorDescription

Get a detailed description of the error.

GET /api/v1/error/{error_type}

Authorizations: 

Path parameters
TypeNameDescriptionSchema

path

error_type
required

The error code identifying the type of error.

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

ApiErrorDescription

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.6. globalmessages

Messages API.

3.6.1. createGlobalMessage

Create a message.

POST /api/v1/messages

Authorizations: oauth2_implicit (super:user)

Request body schema (application/json)

Create a new message

NameDescriptionSchema

message
required

A single message

object

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.6.2. getGlobalMessages

Return a super users messages.

GET /api/v1/messages

Authorizations: 

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.6.3. deleteGlobalMessage

Delete a message.

DELETE /api/v1/message/{uuid}

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

uuid
required

 

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.7. logs

Access usage logs for organizations or repositories.

3.7.1. getAggregateUserLogs

Returns the aggregated logs for the current user.

GET /api/v1/user/aggregatelogs

Authorizations: oauth2_implicit (user:admin)

Query parameters
TypeNameDescriptionSchema

query

performer
optional

Username for which to filter logs.

string

query

endtime
optional

Latest time for logs. Format: "%m/%d/%Y" in UTC.

string

query

starttime
optional

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X GET \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Accept: application/json" \
  "<quay-server.example.com>/api/v1/user/aggregatelogs?performer=<username>&starttime=<MM/DD/YYYY>&endtime=<MM/DD/YYYY>"

3.7.2. exportUserLogs

Returns the aggregated logs for the current user.

POST /api/v1/user/exportlogs

Authorizations: oauth2_implicit (user:admin)

Query parameters
TypeNameDescriptionSchema

query

endtime
optional

Latest time for logs. Format: "%m/%d/%Y" in UTC.

string

query

starttime
optional

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

string

Request body schema (application/json)

Configuration for an export logs operation

NameDescriptionSchema

callback_url
optional

The callback URL to invoke with a link to the exported logs

string

callback_email
optional

The e-mail address at which to e-mail a link to the exported logs

string

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X POST \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{
        "starttime": "<MM/DD/YYYY>",
        "endtime": "<MM/DD/YYYY>",
        "callback_email": "your.email@example.com"
      }' \
  "http://<quay-server.example.com>/api/v1/user/exportlogs"

3.7.3. listUserLogs

List the logs for the current user.

GET /api/v1/user/logs

Authorizations: oauth2_implicit (user:admin)

Query parameters
TypeNameDescriptionSchema

query

next_page
optional

The page token for the next page

string

query

performer
optional

Username for which to filter logs.

string

query

endtime
optional

Latest time for logs. Format: "%m/%d/%Y" in UTC.

string

query

starttime
optional

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X GET   -H "Authorization: Bearer <bearer_token>"   -H "Accept: application/json"   "<quay-server.example.com>/api/v1/user/logs"

3.7.4. getAggregateOrgLogs

Gets the aggregated logs for the specified organization.

GET /api/v1/organization/{orgname}/aggregatelogs

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

orgname
required

The name of the organization

string

Query parameters
TypeNameDescriptionSchema

query

performer
optional

Username for which to filter logs.

string

query

endtime
optional

Latest time for logs. Format: "%m/%d/%Y" in UTC.

string

query

starttime
optional

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X GET \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Accept: application/json" \
  "<quay-server.example.com>/api/v1/organization/{orgname}/aggregatelogs"

3.7.5. exportOrgLogs

Exports the logs for the specified organization.

POST /api/v1/organization/{orgname}/exportlogs

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

orgname
required

The name of the organization

string

Query parameters
TypeNameDescriptionSchema

query

endtime
optional

Latest time for logs. Format: "%m/%d/%Y" in UTC.

string

query

starttime
optional

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

string

Request body schema (application/json)

Configuration for an export logs operation

NameDescriptionSchema

callback_url
optional

The callback URL to invoke with a link to the exported logs

string

callback_email
optional

The e-mail address at which to e-mail a link to the exported logs

string

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X POST \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{
        "starttime": "<MM/DD/YYYY>",
        "endtime": "<MM/DD/YYYY>",
        "callback_email": "org.logs@example.com"
      }' \
  "http://<quay-server.example.com>/api/v1/organization/{orgname}/exportlogs"

3.7.6. listOrgLogs

List the logs for the specified organization.

GET /api/v1/organization/{orgname}/logs

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

orgname
required

The name of the organization

string

Query parameters
TypeNameDescriptionSchema

query

next_page
optional

The page token for the next page

string

query

performer
optional

Username for which to filter logs.

string

query

endtime
optional

Latest time for logs. Format: "%m/%d/%Y" in UTC.

string

query

starttime
optional

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X GET \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Accept: application/json" \
  "http://<quay-server.example.com>/api/v1/organization/{orgname}/logs"

3.7.7. getAggregateRepoLogs

Returns the aggregated logs for the specified repository.

GET /api/v1/repository/{repository}/aggregatelogs

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Query parameters
TypeNameDescriptionSchema

query

endtime
optional

Latest time for logs. Format: "%m/%d/%Y" in UTC.

string

query

starttime
optional

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X GET \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Accept: application/json" \
  "<quay-server.example.com>/api/v1/repository/<repository_name>/<namespace>/aggregatelogs?starttime=2024-01-01&endtime=2024-06-18""

3.7.8. exportRepoLogs

Queues an export of the logs for the specified repository.

POST /api/v1/repository/{repository}/exportlogs

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Query parameters
TypeNameDescriptionSchema

query

endtime
optional

Latest time for logs. Format: "%m/%d/%Y" in UTC.

string

query

starttime
optional

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

string

Request body schema (application/json)

Configuration for an export logs operation

NameDescriptionSchema

callback_url
optional

The callback URL to invoke with a link to the exported logs

string

callback_email
optional

The e-mail address at which to e-mail a link to the exported logs

string

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X POST \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{
        "starttime": "2024-01-01",
        "endtime": "2024-06-18",
        "callback_url": "http://your-callback-url.example.com"
      }' \
  "http://<quay-server.example.com>/api/v1/repository/{repository}/exportlogs"

3.7.9. listRepoLogs

List the logs for the specified repository.

GET /api/v1/repository/{repository}/logs

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Query parameters
TypeNameDescriptionSchema

query

next_page
optional

The page token for the next page

string

query

endtime
optional

Latest time for logs. Format: "%m/%d/%Y" in UTC.

string

query

starttime
optional

Earliest time for logs. Format: "%m/%d/%Y" in UTC.

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X GET \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Accept: application/json" \
  "http://<quay-server.example.com>/api/v1/repository/{repository}/logs"

3.8. manifest

Manage the manifests of a repository.

3.8.1. getManifestLabel

Retrieves the label with the specific ID under the manifest.

GET /api/v1/repository/{repository}/manifest/{manifestref}/labels/{labelid}

Authorizations: oauth2_implicit (repo:read)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

manifestref
required

The digest of the manifest

string

path

labelid
required

The ID of the label

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X GET \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Accept: application/json" \
  https://<quay-server.example.com>/api/v1/repository/<repository>/manifest/<manifestref>/labels/<label_id>

3.8.2. deleteManifestLabel

Deletes an existing label from a manifest.

DELETE /api/v1/repository/{repository}/manifest/{manifestref}/labels/{labelid}

Authorizations: oauth2_implicit (repo:write)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

manifestref
required

The digest of the manifest

string

path

labelid
required

The ID of the label

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X DELETE \
  -H "Authorization: Bearer <bearer_token>" \
  https://<quay-server.example.com>/api/v1/repository/<repository>/manifest/<manifestref>/labels/<labelid>

3.8.3. addManifestLabel

Adds a new label into the tag manifest.

POST /api/v1/repository/{repository}/manifest/{manifestref}/labels

Authorizations: oauth2_implicit (repo:write)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

manifestref
required

The digest of the manifest

string

Request body schema (application/json)

Adds a label to a manifest

NameDescriptionSchema

key
required

The key for the label

string

value
required

The value for the label

string

media_type
required

The media type for this label

 
Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X POST \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Content-Type: application/json" \
  --data '{
    "key": "<key>",
    "value": "<value>",
    "media_type": "<media_type>"
  }' \
  https://<quay-server.example.com>/api/v1/repository/<repository>/manifest/<manifestref>/labels

3.8.4. listManifestLabels

GET /api/v1/repository/{repository}/manifest/{manifestref}/labels

Authorizations: oauth2_implicit (repo:read)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

manifestref
required

The digest of the manifest

string

Query parameters
TypeNameDescriptionSchema

query

filter
optional

If specified, only labels matching the given prefix will be returned

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X GET \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Accept: application/json" \
  https://<quay-server.example.com>/api/v1/repository/<repository>/manifest/<manifestref>/labels

3.8.5. getRepoManifest

GET /api/v1/repository/{repository}/manifest/{manifestref}

Authorizations: oauth2_implicit (repo:read)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

manifestref
required

The digest of the manifest

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X GET \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Accept: application/json" \
  https://<quay-server.example.com>/api/v1/repository/<repository>/manifest/<manifestref>

3.9. mirror

3.9.1. syncCancel

Update the sync_status for a given Repository’s mirroring configuration.

POST /api/v1/repository/{repository}/mirror/sync-cancel

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.9.2. syncNow

Update the sync_status for a given Repository’s mirroring configuration.

POST /api/v1/repository/{repository}/mirror/sync-now

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.9.3. getRepoMirrorConfig

Return the Mirror configuration for a given Repository.

GET /api/v1/repository/{repository}/mirror

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

ViewMirrorConfig

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.9.4. changeRepoMirrorConfig

Allow users to modifying the repository’s mirroring configuration.

PUT /api/v1/repository/{repository}/mirror

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Request body schema (application/json)

Update the repository mirroring configuration.

NameDescriptionSchema

is_enabled
optional

Used to enable or disable synchronizations.

boolean

external_reference
optional

Location of the external repository.

string

external_registry_username
optional

Username used to authenticate with external registry.

 

external_registry_password
optional

Password used to authenticate with external registry.

 

sync_start_date
optional

Determines the next time this repository is ready for synchronization.

string

sync_interval
optional

Number of seconds after next_start_date to begin synchronizing.

integer

robot_username
optional

Username of robot which will be used for image pushes.

string

root_rule
optional

A list of glob-patterns used to determine which tags should be synchronized.

object

external_registry_config
optional

 

object

Responses
HTTP CodeDescriptionSchema

201

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.9.5. createRepoMirrorConfig

Create a RepoMirrorConfig for a given Repository.

POST /api/v1/repository/{repository}/mirror

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Request body schema (application/json)

Create the repository mirroring configuration.

NameDescriptionSchema

is_enabled
optional

Used to enable or disable synchronizations.

boolean

external_reference
required

Location of the external repository.

string

external_registry_username
optional

Username used to authenticate with external registry.

 

external_registry_password
optional

Password used to authenticate with external registry.

 

sync_start_date
required

Determines the next time this repository is ready for synchronization.

string

sync_interval
required

Number of seconds after next_start_date to begin synchronizing.

integer

robot_username
required

Username of robot which will be used for image pushes.

string

root_rule
required

A list of glob-patterns used to determine which tags should be synchronized.

object

external_registry_config
optional

 

object

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.10. namespacequota

3.10.1. listUserQuota

GET /api/v1/user/quota

Authorizations: oauth2_implicit (user:admin)

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.10.2. getOrganizationQuotaLimit

GET /api/v1/organization/{orgname}/quota/{quota_id}/limit/{limit_id}

Authorizations: 

Path parameters
TypeNameDescriptionSchema

path

quota_id
required

 

string

path

limit_id
required

 

string

path

orgname
required

 

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.10.3. changeOrganizationQuotaLimit

PUT /api/v1/organization/{orgname}/quota/{quota_id}/limit/{limit_id}

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

quota_id
required

 

string

path

limit_id
required

 

string

path

orgname
required

 

string

Request body schema (application/json)

Description of changing organization quota limit

NameDescriptionSchema

type
optional

Type of quota limit: "Warning" or "Reject"

string

threshold_percent
optional

Quota threshold, in percent of quota

integer

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.10.4. deleteOrganizationQuotaLimit

DELETE /api/v1/organization/{orgname}/quota/{quota_id}/limit/{limit_id}

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

quota_id
required

 

string

path

limit_id
required

 

string

path

orgname
required

 

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.10.5. createOrganizationQuotaLimit

POST /api/v1/organization/{orgname}/quota/{quota_id}/limit

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

quota_id
required

 

string

path

orgname
required

 

string

Request body schema (application/json)

Description of a new organization quota limit

NameDescriptionSchema

type
required

Type of quota limit: "Warning" or "Reject"

string

threshold_percent
required

Quota threshold, in percent of quota

integer

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.10.6. listOrganizationQuotaLimit

GET /api/v1/organization/{orgname}/quota/{quota_id}/limit

Authorizations: 

Path parameters
TypeNameDescriptionSchema

path

quota_id
required

 

string

path

orgname
required

 

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.10.7. getUserQuotaLimit

GET /api/v1/user/quota/{quota_id}/limit/{limit_id}

Authorizations: oauth2_implicit (user:admin)

Path parameters
TypeNameDescriptionSchema

path

quota_id
required

 

string

path

limit_id
required

 

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.10.8. listUserQuotaLimit

GET /api/v1/user/quota/{quota_id}/limit

Authorizations: oauth2_implicit (user:admin)

Path parameters
TypeNameDescriptionSchema

path

quota_id
required

 

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.10.9. getOrganizationQuota

GET /api/v1/organization/{orgname}/quota/{quota_id}

Authorizations: 

Path parameters
TypeNameDescriptionSchema

path

quota_id
required

 

string

path

orgname
required

 

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.10.10. changeOrganizationQuota

PUT /api/v1/organization/{orgname}/quota/{quota_id}

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

quota_id
required

 

string

path

orgname
required

 

string

Request body schema (application/json)

Description of a new organization quota

NameDescriptionSchema

limit_bytes
optional

Number of bytes the organization is allowed

integer

limits
optional

Human readable storage capacity of the organization. Accepts SI units like Mi, Gi, or Ti, as well as non-standard units like GB or MB. Must be mutually exclusive with limit_bytes.

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.10.11. deleteOrganizationQuota

DELETE /api/v1/organization/{orgname}/quota/{quota_id}

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

quota_id
required

 

string

path

orgname
required

 

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.10.12. createOrganizationQuota

Create a new organization quota.

POST /api/v1/organization/{orgname}/quota

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

orgname
required

 

string

Request body schema (application/json)

Description of a new organization quota

NameDescriptionSchema

limit_bytes
required

Number of bytes the organization is allowed

integer

limits
optional

Human readable storage capacity of the organization. Accepts SI units like Mi, Gi, or Ti, as well as non-standard units like GB or MB. Must be mutually exclusive with limit_bytes.

string

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.10.13. listOrganizationQuota

GET /api/v1/organization/{orgname}/quota

Authorizations: 

Path parameters
TypeNameDescriptionSchema

path

orgname
required

 

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.10.14. getUserQuota

GET /api/v1/user/quota/{quota_id}

Authorizations: oauth2_implicit (user:admin)

Path parameters
TypeNameDescriptionSchema

path

quota_id
required

 

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.11. organization

Manage organizations, members and OAuth applications.

3.11.1. createOrganization

Create a new organization.

POST /api/v1/organization/

Authorizations: oauth2_implicit (user:admin)

Request body schema (application/json)

Description of a new organization.

NameDescriptionSchema

name
required

Organization username

string

email
optional

Organization contact email

string

recaptcha_response
optional

The (may be disabled) recaptcha response code for verification

string

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X POST   -H "Authorization: Bearer <bearer_token>" -H "Content-Type: application/json"   -d '{
    "name": "<new_organization_name>"
  }'   "https://<quay-server.example.com>/api/v1/organization/"

3.11.2. validateProxyCacheConfig

POST /api/v1/organization/{orgname}/validateproxycache

Authorizations: 

Path parameters
TypeNameDescriptionSchema

path

orgname
required

 

string

Request body schema (application/json)

Proxy cache configuration for an organization

NameDescriptionSchema

upstream_registry
required

Name of the upstream registry that is to be cached

string

Responses
HTTP CodeDescriptionSchema

202

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.11.3. getOrganizationCollaborators

List outside collaborators of the specified organization.

GET /api/v1/organization/{orgname}/collaborators

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.11.4. getOrganizationApplication

Retrieves the application with the specified client_id under the specified organization.

GET /api/v1/organization/{orgname}/applications/{client_id}

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

client_id
required

The OAuth client ID

string

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.11.5. updateOrganizationApplication

Updates an application under this organization.

PUT /api/v1/organization/{orgname}/applications/{client_id}

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

client_id
required

The OAuth client ID

string

path

orgname
required

The name of the organization

string

Request body schema (application/json)

Description of an updated application.

NameDescriptionSchema

name
required

The name of the application

string

redirect_uri
required

The URI for the application’s OAuth redirect

string

application_uri
required

The URI for the application’s homepage

string

description
optional

The human-readable description for the application

string

avatar_email
optional

The e-mail address of the avatar to use for the application

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.11.6. deleteOrganizationApplication

Deletes the application under this organization.

DELETE /api/v1/organization/{orgname}/applications/{client_id}

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

client_id
required

The OAuth client ID

string

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.11.7. createOrganizationApplication

Creates a new application under this organization.

POST /api/v1/organization/{orgname}/applications

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

orgname
required

The name of the organization

string

Request body schema (application/json)

Description of a new organization application.

NameDescriptionSchema

name
required

The name of the application

string

redirect_uri
optional

The URI for the application’s OAuth redirect

string

application_uri
optional

The URI for the application’s homepage

string

description
optional

The human-readable description for the application

string

avatar_email
optional

The e-mail address of the avatar to use for the application

string

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.11.8. getOrganizationApplications

List the applications for the specified organization.

GET /api/v1/organization/{orgname}/applications

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.11.9. getProxyCacheConfig

Retrieves the proxy cache configuration of the organization.

GET /api/v1/organization/{orgname}/proxycache

Authorizations: 

Path parameters
TypeNameDescriptionSchema

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.11.10. deleteProxyCacheConfig

Delete proxy cache configuration for the organization.

DELETE /api/v1/organization/{orgname}/proxycache

Authorizations: 

Path parameters
TypeNameDescriptionSchema

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.11.11. createProxyCacheConfig

Creates proxy cache configuration for the organization.

POST /api/v1/organization/{orgname}/proxycache

Authorizations: 

Path parameters
TypeNameDescriptionSchema

path

orgname
required

The name of the organization

string

Request body schema (application/json)

Proxy cache configuration for an organization

NameDescriptionSchema

upstream_registry
required

Name of the upstream registry that is to be cached

string

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.11.12. getOrganizationMember

Retrieves the details of a member of the organization.

GET /api/v1/organization/{orgname}/members/{membername}

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

membername
required

The username of the organization member

string

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.11.13. removeOrganizationMember

Removes a member from an organization, revoking all its repository priviledges and removing it from all teams in the organization.

DELETE /api/v1/organization/{orgname}/members/{membername}

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

membername
required

The username of the organization member

string

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.11.14. getOrganizationMembers

List the human members of the specified organization.

GET /api/v1/organization/{orgname}/members

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.11.15. getOrganization

Get the details for the specified organization.

GET /api/v1/organization/{orgname}

Authorizations: 

Path parameters
TypeNameDescriptionSchema

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X GET \
  -H "Authorization: Bearer <bearer_token>" \
  "<quay-server.example.com>/api/v1/organization/<organization_name>"

3.11.16. changeOrganizationDetails

Change the details for the specified organization.

PUT /api/v1/organization/{orgname}

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

orgname
required

The name of the organization

string

Request body schema (application/json)

Description of updates for an existing organization

NameDescriptionSchema

email
optional

Organization contact email

string

invoice_email
optional

Whether the organization desires to receive emails for invoices

boolean

invoice_email_address
optional

The email address at which to receive invoices

 

tag_expiration_s
optional

The number of seconds for tag expiration

integer

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.11.17. deleteAdminedOrganization

Deletes the specified organization.

DELETE /api/v1/organization/{orgname}

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X GET \
  -H "Authorization: Bearer <bearer_token>" \
  "<quay-server.example.com>/api/v1/organization/<organization_name>"

3.11.18. getApplicationInformation

Get information on the specified application.

GET /api/v1/app/{client_id}

Authorizations: 

Path parameters
TypeNameDescriptionSchema

path

client_id
required

The OAuth client ID

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.12. permission

Manage repository permissions.

3.12.1. getUserTransitivePermission

Get the fetch the permission for the specified user.

GET /api/v1/repository/{repository}/permissions/user/{username}/transitive

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

username
required

The username of the user to which the permissions apply

string

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.12.2. getUserPermissions

Get the permission for the specified user.

GET /api/v1/repository/{repository}/permissions/user/{username}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

username
required

The username of the user to which the permission applies

string

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.12.3. changeUserPermissions

Update the perimssions for an existing repository.

PUT /api/v1/repository/{repository}/permissions/user/{username}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

username
required

The username of the user to which the permission applies

string

path

repository
required

The full path of the repository. e.g. namespace/name

string

Request body schema (application/json)

Description of a user permission.

NameDescriptionSchema

role
required

Role to use for the user

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X PUT \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Content-Type: application/json" \
  -d '{"role": "admin"}' \
  https://<quay-server.example.com>/api/v1/repository/<namespace>/<repository>/permissions/user/<username>

3.12.4. deleteUserPermissions

Delete the permission for the user.

DELETE /api/v1/repository/{repository}/permissions/user/{username}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

username
required

The username of the user to which the permission applies

string

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X DELETE \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Accept: application/json" \
  https://<quay-server.example.com>/api/v1/repository/<namespace>/<repository>/permissions/user/<username>

3.12.5. getTeamPermissions

Fetch the permission for the specified team.

GET /api/v1/repository/{repository}/permissions/team/{teamname}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

teamname
required

The name of the team to which the permission applies

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.12.6. changeTeamPermissions

Update the existing team permission.

PUT /api/v1/repository/{repository}/permissions/team/{teamname}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

teamname
required

The name of the team to which the permission applies

string

Request body schema (application/json)

Description of a team permission.

NameDescriptionSchema

role
required

Role to use for the team

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.12.7. deleteTeamPermissions

Delete the permission for the specified team.

DELETE /api/v1/repository/{repository}/permissions/team/{teamname}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

teamname
required

The name of the team to which the permission applies

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.12.8. listRepoTeamPermissions

List all team permission.

GET /api/v1/repository/{repository}/permissions/team/

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.12.9. listRepoUserPermissions

List all user permissions.

GET /api/v1/repository/{repository}/permissions/user/

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X GET \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Accept: application/json" \
  https://<quay-server.example.com>/api/v1/repository/<namespace>/<repository>/permissions/user/<username>/

3.13. policy

3.13.1. createOrganizationAutoPrunePolicy

Creates an auto-prune policy for the organization

POST /api/v1/organization/{orgname}/autoprunepolicy/

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

orgname
required

The name of the organization

string

Request body schema (application/json)

The policy configuration that is to be applied to the user namespace

NameDescriptionSchema

method
required

The method to use for pruning tags (number_of_tags, creation_date)

string

value
required

The value to use for the pruning method (number of tags e.g. 10, time delta e.g. 7d (7 days))

 

tagPattern
optional

Tags only matching this pattern will be pruned

string

tagPatternMatches
optional

Determine whether pruned tags should or should not match the tagPattern

boolean

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.13.2. listOrganizationAutoPrunePolicies

Lists the auto-prune policies for the organization

GET /api/v1/organization/{orgname}/autoprunepolicy/

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.13.3. getOrganizationAutoPrunePolicy

Fetches the auto-prune policy for the organization

GET /api/v1/organization/{orgname}/autoprunepolicy/{policy_uuid}

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

policy_uuid
required

The unique ID of the policy

string

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.13.4. deleteOrganizationAutoPrunePolicy

Deletes the auto-prune policy for the organization

DELETE /api/v1/organization/{orgname}/autoprunepolicy/{policy_uuid}

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

policy_uuid
required

The unique ID of the policy

string

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.13.5. updateOrganizationAutoPrunePolicy

Updates the auto-prune policy for the organization

PUT /api/v1/organization/{orgname}/autoprunepolicy/{policy_uuid}

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

policy_uuid
required

The unique ID of the policy

string

path

orgname
required

The name of the organization

string

Request body schema (application/json)

The policy configuration that is to be applied to the user namespace

NameDescriptionSchema

method
required

The method to use for pruning tags (number_of_tags, creation_date)

string

value
required

The value to use for the pruning method (number of tags e.g. 10, time delta e.g. 7d (7 days))

 

tagPattern
optional

Tags only matching this pattern will be pruned

string

tagPatternMatches
optional

Determine whether pruned tags should or should not match the tagPattern

boolean

Responses
HTTP CodeDescriptionSchema

204

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.13.6. createRepositoryAutoPrunePolicy

Creates an auto-prune policy for the repository

POST /api/v1/repository/{repository}/autoprunepolicy/

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Request body schema (application/json)

The policy configuration that is to be applied to the user namespace

NameDescriptionSchema

method
required

The method to use for pruning tags (number_of_tags, creation_date)

string

value
required

The value to use for the pruning method (number of tags e.g. 10, time delta e.g. 7d (7 days))

 

tagPattern
optional

Tags only matching this pattern will be pruned

string

tagPatternMatches
optional

Determine whether pruned tags should or should not match the tagPattern

boolean

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.13.7. listRepositoryAutoPrunePolicies

Lists the auto-prune policies for the repository

GET /api/v1/repository/{repository}/autoprunepolicy/

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.13.8. getRepositoryAutoPrunePolicy

Fetches the auto-prune policy for the repository

GET /api/v1/repository/{repository}/autoprunepolicy/{policy_uuid}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

policy_uuid
required

The unique ID of the policy

string

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.13.9. deleteRepositoryAutoPrunePolicy

Deletes the auto-prune policy for the repository

DELETE /api/v1/repository/{repository}/autoprunepolicy/{policy_uuid}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

policy_uuid
required

The unique ID of the policy

string

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.13.10. updateRepositoryAutoPrunePolicy

Updates the auto-prune policy for the repository

PUT /api/v1/repository/{repository}/autoprunepolicy/{policy_uuid}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

policy_uuid
required

The unique ID of the policy

string

path

repository
required

The full path of the repository. e.g. namespace/name

string

Request body schema (application/json)

The policy configuration that is to be applied to the user namespace

NameDescriptionSchema

method
required

The method to use for pruning tags (number_of_tags, creation_date)

string

value
required

The value to use for the pruning method (number of tags e.g. 10, time delta e.g. 7d (7 days))

 

tagPattern
optional

Tags only matching this pattern will be pruned

string

tagPatternMatches
optional

Determine whether pruned tags should or should not match the tagPattern

boolean

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.13.11. createUserAutoPrunePolicy

Creates the auto-prune policy for the currently logged in user

POST /api/v1/user/autoprunepolicy/

Authorizations: oauth2_implicit (user:admin)

Request body schema (application/json)

The policy configuration that is to be applied to the user namespace

NameDescriptionSchema

method
required

The method to use for pruning tags (number_of_tags, creation_date)

string

value
required

The value to use for the pruning method (number of tags e.g. 10, time delta e.g. 7d (7 days))

 

tagPattern
optional

Tags only matching this pattern will be pruned

string

tagPatternMatches
optional

Determine whether pruned tags should or should not match the tagPattern

boolean

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.13.12. listUserAutoPrunePolicies

Lists the auto-prune policies for the currently logged in user

GET /api/v1/user/autoprunepolicy/

Authorizations: oauth2_implicit (user:admin)

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.13.13. getUserAutoPrunePolicy

Fetches the auto-prune policy for the currently logged in user

GET /api/v1/user/autoprunepolicy/{policy_uuid}

Authorizations: oauth2_implicit (user:admin)

Path parameters
TypeNameDescriptionSchema

path

policy_uuid
required

The unique ID of the policy

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.13.14. deleteUserAutoPrunePolicy

Deletes the auto-prune policy for the currently logged in user

DELETE /api/v1/user/autoprunepolicy/{policy_uuid}

Authorizations: oauth2_implicit (user:admin)

Path parameters
TypeNameDescriptionSchema

path

policy_uuid
required

The unique ID of the policy

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.13.15. updateUserAutoPrunePolicy

Updates the auto-prune policy for the currently logged in user

PUT /api/v1/user/autoprunepolicy/{policy_uuid}

Authorizations: oauth2_implicit (user:admin)

Path parameters
TypeNameDescriptionSchema

path

policy_uuid
required

The unique ID of the policy

string

Request body schema (application/json)

The policy configuration that is to be applied to the user namespace

NameDescriptionSchema

method
required

The method to use for pruning tags (number_of_tags, creation_date)

string

value
required

The value to use for the pruning method (number of tags e.g. 10, time delta e.g. 7d (7 days))

 

tagPattern
optional

Tags only matching this pattern will be pruned

string

tagPatternMatches
optional

Determine whether pruned tags should or should not match the tagPattern

boolean

Responses
HTTP CodeDescriptionSchema

204

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.14. prototype

Manage default permissions added to repositories.

3.14.1. updateOrganizationPrototypePermission

Update the role of an existing permission prototype.

PUT /api/v1/organization/{orgname}/prototypes/{prototypeid}

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

prototypeid
required

The ID of the prototype

string

path

orgname
required

The name of the organization

string

Request body schema (application/json)

Description of a the new prototype role

NameDescriptionSchema

role
optional

Role that should be applied to the permission

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X PUT \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Content-Type: application/json" \
  --data '{
    "role": "write"
  }' \
  https://<quay-server.example.com>/api/v1/organization/<organization_name>/prototypes/<prototypeid>

3.14.2. deleteOrganizationPrototypePermission

Delete an existing permission prototype.

DELETE /api/v1/organization/{orgname}/prototypes/{prototypeid}

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

prototypeid
required

The ID of the prototype

string

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
curl -X DELETE \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Accept: application/json" \
  https://<quay-server.example.com>/api/v1/organization/<organization_name>/prototypes/<prototype_id>

3.14.3. createOrganizationPrototypePermission

Create a new permission prototype.

POST /api/v1/organization/{orgname}/prototypes

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

orgname
required

The name of the organization

string

Request body schema (application/json)

Description of a new prototype

NameDescriptionSchema

role
required

Role that should be applied to the delegate

string

activating_user
optional

Repository creating user to whom the rule should apply

object

delegate
required

Information about the user or team to which the rule grants access

object

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X POST   -H "Authorization: Bearer <bearer_token>"   -H "Content-Type: application/json"   --data '{
    "role": "<admin_read_or_write>",
    "delegate": {
      "name": "<username>",
      "kind": "user"
    },
    "activating_user": {
      "name": "<robot_name>"
    }
  }'   https://<quay-server.example.com>/api/v1/organization/<organization_name>/prototypes

3.14.4. getOrganizationPrototypePermissions

List the existing prototypes for this organization.

GET /api/v1/organization/{orgname}/prototypes

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X GET \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Accept: application/json" \
  https://<quay-server.example.com>/api/v1/organization/<organization_name>/prototypes

3.15. referrers

List v2 API referrers

3.15.1. getReferrers

List v2 API referrers of an image digest.

GET /v2/{organization_name}/{repository_name}/referrers/{digest}
Request body schema (application/json)

Referrers of an image digest.

Type

Name

Description

Schema

path

orgname
required

The name of the organization

string

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

referrers
required

Looks up the OCI referrers of a manifest under a repository.

string

3.16. repository

List, create and manage repositories.

3.16.1. createRepo

Create a new repository.

POST /api/v1/repository

Authorizations: oauth2_implicit (repo:create)

Request body schema (application/json)

Description of a new repository

NameDescriptionSchema

repository
required

Repository name

string

visibility
required

Visibility which the repository will start with

string

namespace
optional

Namespace in which the repository should be created. If omitted, the username of the caller is used

string

description
required

Markdown encoded description for the repository

string

repo_kind
optional

The kind of repository

 
Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X POST \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "repository": "<new_repository_name>",
    "visibility": "<public>",
    "description": "<This is a description of the new repository>."
  }' \
  "https://quay-server.example.com/api/v1/repository"

3.16.2. listRepos

Fetch the list of repositories visible to the current user under a variety of situations.

GET /api/v1/repository

Authorizations: oauth2_implicit (repo:read)

Query parameters
TypeNameDescriptionSchema

query

next_page
optional

The page token for the next page

string

query

repo_kind
optional

The kind of repositories to return

string

query

popularity
optional

Whether to include the repository’s popularity metric.

boolean

query

last_modified
optional

Whether to include when the repository was last modified.

boolean

query

public
required

Adds any repositories visible to the user by virtue of being public

boolean

query

starred
required

Filters the repositories returned to those starred by the user

boolean

query

namespace
required

Filters the repositories returned to this namespace

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.16.3. changeRepoVisibility

Change the visibility of a repository.

POST /api/v1/repository/{repository}/changevisibility

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Request body schema (application/json)

Change the visibility for the repository.

NameDescriptionSchema

visibility
required

Visibility which the repository will start with

string

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.16.4. changeRepoState

Change the state of a repository.

PUT /api/v1/repository/{repository}/changestate

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Request body schema (application/json)

Change the state of the repository.

NameDescriptionSchema

state
required

Determines whether pushes are allowed.

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.16.5. getRepo

Fetch the specified repository.

GET /api/v1/repository/{repository}

Authorizations: oauth2_implicit (repo:read)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Query parameters
TypeNameDescriptionSchema

query

includeTags
optional

Whether to include repository tags

boolean

query

includeStats
optional

Whether to include action statistics

boolean

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X GET -H "Authorization: Bearer <bearer_token>" "<quay-server.example.com>/api/v1/repository/<namespace>/<repository_name>"

3.16.6. updateRepo

Update the description in the specified repository.

PUT /api/v1/repository/{repository}

Authorizations: oauth2_implicit (repo:write)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Request body schema (application/json)

Fields which can be updated in a repository.

NameDescriptionSchema

description
required

Markdown encoded description for the repository

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.16.7. deleteRepository

Delete a repository.

DELETE /api/v1/repository/{repository}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X DELETE   -H "Authorization: Bearer <bearer_token>" "<quay-server.example.com>/api/v1/repository/<namespace>/<repository_name>"

3.17. repositorynotification

List, create and manage repository events/notifications.

3.17.1. testRepoNotification

Queues a test notification for this repository.

POST /api/v1/repository/{repository}/notification/{uuid}/test

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

uuid
required

The UUID of the notification

string

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X POST \
  -H "Authorization: Bearer <bearer_token>" \
  https://<quay-server.example.com>/api/v1/repository/<repository>/notification/<uuid>/test

3.17.2. getRepoNotification

Get information for the specified notification.

GET /api/v1/repository/{repository}/notification/{uuid}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

uuid
required

The UUID of the notification

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X POST \
  -H "Authorization: Bearer <bearer_token>" \
  https://<quay-server.example.com>/api/v1/repository/<repository>/notification/<uuid>

3.17.3. deleteRepoNotification

Deletes the specified notification.

DELETE /api/v1/repository/{repository}/notification/{uuid}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

uuid
required

The UUID of the notification

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X DELETE \
  -H "Authorization: Bearer <bearer_token>" \
  https://<quay-server.example.com>/api/v1/repository/<namespace>/<repository_name>/notification/<uuid>

3.17.4. resetRepositoryNotificationFailures

Resets repository notification to 0 failures.

POST /api/v1/repository/{repository}/notification/{uuid}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

uuid
required

The UUID of the notification

string

Responses
HTTP CodeDescriptionSchema

204

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.17.5. createRepoNotification

POST /api/v1/repository/{repository}/notification/

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Request body schema (application/json)

Information for creating a notification on a repository

NameDescriptionSchema

event
required

The event on which the notification will respond

string

method
required

The method of notification (such as email or web callback)

string

config
required

JSON config information for the specific method of notification

object

eventConfig
required

JSON config information for the specific event of notification

object

title
optional

The human-readable title of the notification

string

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X POST \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Content-Type: application/json" \
  --data '{
    "event": "<event>",
    "method": "<method>",
    "config": {
      "<config_key>": "<config_value>"
    },
    "eventConfig": {
      "<eventConfig_key>": "<eventConfig_value>"
    }
  }' \
  https://<quay-server.example.com>/api/v1/repository/<namespace>/<repository_name>/notification/

3.17.6. listRepoNotifications

List the notifications for the specified repository.

GET /api/v1/repository/{repository}/notification/

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.18. robot

Manage user and organization robot accounts.

3.18.1. getUserRobots

List the available robots for the user.

GET /api/v1/user/robots

Authorizations: oauth2_implicit (user:admin)

Query parameters
TypeNameDescriptionSchema

query

limit
optional

If specified, the number of robots to return.

integer

query

token
optional

If false, the robot’s token is not returned.

boolean

query

permissions
optional

Whether to include repositories and teams in which the robots have permission.

boolean

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.18.2. getOrgRobotPermissions

Returns the list of repository permissions for the org’s robot.

GET /api/v1/organization/{orgname}/robots/{robot_shortname}/permissions

Authorizations: oauth2_implicit (user:admin)

Path parameters
TypeNameDescriptionSchema

path

robot_shortname
required

The short name for the robot, without any user or organization prefix

string

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.18.3. regenerateOrgRobotToken

Regenerates the token for an organization robot.

POST /api/v1/organization/{orgname}/robots/{robot_shortname}/regenerate

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

robot_shortname
required

The short name for the robot, without any user or organization prefix

string

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X POST \
  -H "Authorization: Bearer <bearer_token>" \
  "<quay-server.example.com>/api/v1/organization/<orgname>/robots/<robot_shortname>/regenerate"

3.18.4. getUserRobotPermissions

Returns the list of repository permissions for the user’s robot.

GET /api/v1/user/robots/{robot_shortname}/permissions

Authorizations: oauth2_implicit (user:admin)

Path parameters
TypeNameDescriptionSchema

path

robot_shortname
required

The short name for the robot, without any user or organization prefix

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.18.5. regenerateUserRobotToken

Regenerates the token for a user’s robot.

POST /api/v1/user/robots/{robot_shortname}/regenerate

Authorizations: oauth2_implicit (user:admin)

Path parameters
TypeNameDescriptionSchema

path

robot_shortname
required

The short name for the robot, without any user or organization prefix

string

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X POST \
  -H "Authorization: Bearer <bearer_token>" \
  "<quay-server.example.com>/api/v1/user/robots/<robot_shortname>/regenerate"

3.18.6. getOrgRobot

Returns the organization’s robot with the specified name.

GET /api/v1/organization/{orgname}/robots/{robot_shortname}

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

robot_shortname
required

The short name for the robot, without any user or organization prefix

string

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.18.7. createOrgRobot

Create a new robot in the organization.

PUT /api/v1/organization/{orgname}/robots/{robot_shortname}

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

robot_shortname
required

The short name for the robot, without any user or organization prefix

string

path

orgname
required

The name of the organization

string

Request body schema (application/json)

Optional data for creating a robot

NameDescriptionSchema

description
optional

Optional text description for the robot

string

unstructured_metadata
optional

Optional unstructured metadata for the robot

object

Responses
HTTP CodeDescriptionSchema

201

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X PUT   -H "Authorization: Bearer <bearer_token>" "https://<quay-server.example.com>/api/v1/organization/<organization_name>/robots/<robot_name>"

3.18.8. deleteOrgRobot

Delete an existing organization robot.

DELETE /api/v1/organization/{orgname}/robots/{robot_shortname}

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

robot_shortname
required

The short name for the robot, without any user or organization prefix

string

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
curl -X DELETE \
  -H "Authorization: Bearer <bearer_token>" \
  "<quay-server.example.com>/api/v1/organization/<organization_name>/robots/<robot_shortname>"

3.18.9. getOrgRobots

List the organization’s robots.

GET /api/v1/organization/{orgname}/robots

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

orgname
required

The name of the organization

string

Query parameters
TypeNameDescriptionSchema

query

limit
optional

If specified, the number of robots to return.

integer

query

token
optional

If false, the robot’s token is not returned.

boolean

query

permissions
optional

Whether to include repositories and teams in which the robots have permission.

boolean

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X GET -H "Authorization: Bearer <bearer_token>" "https://<quay-server.example.com>/api/v1/organization/<organization_name>/robots"

3.18.10. getUserRobot

Returns the user’s robot with the specified name.

GET /api/v1/user/robots/{robot_shortname}

Authorizations: oauth2_implicit (user:admin)

Path parameters
TypeNameDescriptionSchema

path

robot_shortname
required

The short name for the robot, without any user or organization prefix

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X GET \
  -H "Authorization: Bearer <bearer_token>" \
  "<quay-server.example.com>/api/v1/user/robots/<robot_shortname>"

3.18.11. createUserRobot

Create a new user robot with the specified name.

PUT /api/v1/user/robots/{robot_shortname}

Authorizations: oauth2_implicit (user:admin)

Path parameters
TypeNameDescriptionSchema

path

robot_shortname
required

The short name for the robot, without any user or organization prefix

string

Request body schema (application/json)

Optional data for creating a robot

NameDescriptionSchema

description
optional

Optional text description for the robot

string

unstructured_metadata
optional

Optional unstructured metadata for the robot

object

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X PUT   -H "Authorization: Bearer <bearer_token>" "https://<quay-server.example.com>/api/v1/user/robots/<robot_name>"

3.18.12. deleteUserRobot

Delete an existing robot.

DELETE /api/v1/user/robots/{robot_shortname}

Authorizations: oauth2_implicit (user:admin)

Path parameters
TypeNameDescriptionSchema

path

robot_shortname
required

The short name for the robot, without any user or organization prefix

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X DELETE \
  -H "Authorization: Bearer <bearer_token>" \
  "<quay-server.example.com>/api/v1/user/robots/<robot_shortname>"

3.18.13. Auth Federated Robot Token

Return an expiring robot token using the robot identity federation mechanism.

GET oauth2/federation/robot/token

Authorizations: oauth2_implicit (robot:auth)

Responses
HTTP CodeDescriptionSchema

200

Successful authentication and token generation

{ "token": "string" }

401

Unauthorized: missing or invalid authentication

{ "error": "string" }

Request Body
TypeNameDescriptionSchema

body

auth_result
required

The result of the authentication process, containing information about the robot identity.

{ "missing": "boolean", "error_message": "string", "context": { "robot": "RobotObject" } }

3.18.14. createOrgRobotFederation

Create a federation configuration for the specified organization robot.

POST /api/v1/organization/{orgname}/robots/{robot_shortname}/federation

Retrieve the federation configuration for the specified organization robot.

Authorizations: oauth2_implicit (user:admin)

Path parameters
TypeNameDescriptionSchema

path

orgname + robot_shortnamerequired

The name of the organization and the short name for the robot, without any user or organization prefix

string

Responses
HTTP CodeDescriptionSchema

201

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

3.20. secscan

List and manage repository vulnerabilities and other security information.

3.20.1. getRepoManifestSecurity

GET /api/v1/repository/{repository}/manifest/{manifestref}/security

Authorizations: oauth2_implicit (repo:read)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

manifestref
required

The digest of the manifest

string

Query parameters
TypeNameDescriptionSchema

query

vulnerabilities
optional

Include vulnerabilities informations

boolean

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X GET \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Accept: application/json" \
  "https://quay-server.example.com/api/v1/repository/<namespace>/<repository>/manifest/<manifest_digest>/security?vulnerabilities=<true_or_false>"

3.21. superuser

Superuser API.

3.21.1. createInstallUser

Creates a new user.

POST /api/v1/superuser/users/

Authorizations: oauth2_implicit (super:user)

Request body schema (application/json)

Data for creating a user

NameDescriptionSchema

username
required

The username of the user being created

string

email
optional

The email address of the user being created

string

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X POST -H "Authorization: Bearer <bearer_token>" -H "Content-Type: application/json" -d '{
  "username": "newuser",
  "email": "newuser@example.com"
}' "https://<quay-server.example.com>/api/v1/superuser/users/"

3.21.2. deleteInstallUser

Deletes a user.

DELETE /api/v1/superuser/users/{username}

Authorizations: oauth2_implicit (super:user)

Request body schema (application/json)

Data for deleting a user

NameDescriptionSchema

username
required

The username of the user being deleted

string

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X DELETE -H "Authorization: Bearer <bearer_token>" "https://<quay-server.example.com>/api/v1/superuser/users/{username}"

3.21.3. listAllUsers

Returns a list of all users in the system.

GET /api/v1/superuser/users/

Authorizations: oauth2_implicit (super:user)

Query parameters
TypeNameDescriptionSchema

query

next_page
optional

The page token for the next page

string

query

limit
optional

Limit to the number of results to return per page. Max 100.

integer

query

disabled
optional

If false, only enabled users will be returned.

boolean

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X GET -H "Authorization: Bearer <bearer_token>" "https://<quay-server.example.com>/api/v1/superuser/users/"

3.21.4. listAllLogs

List the usage logs for the current system.

GET /api/v1/superuser/logs

Authorizations: oauth2_implicit (super:user)

Query parameters
TypeNameDescriptionSchema

query

next_page
optional

The page token for the next page

string

query

page
optional

The page number for the logs

integer

query

endtime
optional

Latest time to which to get logs (%m/%d/%Y %Z)

string

query

starttime
optional

Earliest time from which to get logs (%m/%d/%Y %Z)

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.21.5. listAllOrganizations

List the organizations for the current system.

GET /api/v1/superuser/organizations

Authorizations: oauth2_implicit (super:user)

Query parameters
TypeNameDescriptionSchema

path

name
required

The name of the organization being managed

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X GET -H "Authorization: Bearer <bearer_token>" "https://<quay-server.example.com>/api/v1/superuser/organizations/"

3.21.6. createServiceKey

POST /api/v1/superuser/keys

Authorizations: oauth2_implicit (super:user)

Request body schema (application/json)

Description of creation of a service key

NameDescriptionSchema

service
required

The service authenticating with this key

string

name
optional

The friendly name of a service key

string

metadata
optional

The key/value pairs of this key’s metadata

object

notes
optional

If specified, the extra notes for the key

string

expiration
required

The expiration date as a unix timestamp

 
Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.21.7. listServiceKeys

GET /api/v1/superuser/keys

Authorizations: oauth2_implicit (super:user)

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.21.8. changeUserQuotaSuperUser

PUT /api/v1/superuser/organization/{namespace}/quota/{quota_id}

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

namespace
required

 

string

path

quota_id
required

 

string

Request body schema (application/json)

Description of a new organization quota

NameDescriptionSchema

limit_bytes
optional

Number of bytes the organization is allowed

integer

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.21.9. deleteUserQuotaSuperUser

DELETE /api/v1/superuser/organization/{namespace}/quota/{quota_id}

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

namespace
required

 

string

path

quota_id
required

 

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.21.10. createUserQuotaSuperUser

POST /api/v1/superuser/organization/{namespace}/quota

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

namespace
required

 

string

Request body schema (application/json)

Description of a new organization quota

NameDescriptionSchema

limit_bytes
required

Number of bytes the organization is allowed

integer

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.21.11. listUserQuotaSuperUser

GET /api/v1/superuser/organization/{namespace}/quota

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

namespace
required

 

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.21.12. changeOrganizationQuotaSuperUser

PUT /api/v1/superuser/users/{namespace}/quota/{quota_id}

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

namespace
required

 

string

path

quota_id
required

 

string

Request body schema (application/json)

Description of a new organization quota

NameDescriptionSchema

limit_bytes
optional

Number of bytes the organization is allowed

integer

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.21.13. deleteOrganizationQuotaSuperUser

DELETE /api/v1/superuser/users/{namespace}/quota/{quota_id}

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

namespace
required

 

string

path

quota_id
required

 

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.21.14. createOrganizationQuotaSuperUser

POST /api/v1/superuser/users/{namespace}/quota

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

namespace
required

 

string

Request body schema (application/json)

Description of a new organization quota

NameDescriptionSchema

limit_bytes
optional

Number of bytes the organization is allowed

integer

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.21.15. listOrganizationQuotaSuperUser

GET /api/v1/superuser/users/{namespace}/quota

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

namespace
required

 

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.21.16. changeOrganization

Updates information about the specified user.

PUT /api/v1/superuser/organizations/{name}

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

name
required

The name of the organizaton being managed

string

Request body schema (application/json)

Description of updates for an existing organization

NameDescriptionSchema

email
optional

Organization contact email

string

invoice_email
optional

Whether the organization desires to receive emails for invoices

boolean

invoice_email_address
optional

The email address at which to receive invoices

 

tag_expiration_s
optional

The number of seconds for tag expiration

integer

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.21.17. deleteOrganization

Deletes the specified organization.

DELETE /api/v1/superuser/organizations/{name}

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

name
required

The name of the organizaton being managed

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.21.18. approveServiceKey

POST /api/v1/superuser/approvedkeys/{kid}

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

kid
required

The unique identifier for a service key

string

Request body schema (application/json)

Information for approving service keys

NameDescriptionSchema

notes
optional

Optional approval notes

string

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.21.19. deleteServiceKey

DELETE /api/v1/superuser/keys/{kid}

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

kid
required

The unique identifier for a service key

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.21.20. updateServiceKey

PUT /api/v1/superuser/keys/{kid}

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

kid
required

The unique identifier for a service key

string

Request body schema (application/json)

Description of updates for a service key

NameDescriptionSchema

name
optional

The friendly name of a service key

string

metadata
optional

The key/value pairs of this key’s metadata

object

expiration
optional

The expiration date as a unix timestamp

 
Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.21.21. getServiceKey

GET /api/v1/superuser/keys/{kid}

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

kid
required

The unique identifier for a service key

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.21.22. getRepoBuildStatusSuperUser

Return the status for the builds specified by the build uuids.

GET /api/v1/superuser/{build_uuid}/status

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

build_uuid
required

The UUID of the build

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.21.23. getRepoBuildSuperUser

Returns information about a build.

GET /api/v1/superuser/{build_uuid}/build

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

build_uuid
required

The UUID of the build

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.21.24. getRepoBuildLogsSuperUser

Return the build logs for the build specified by the build uuid.

GET /api/v1/superuser/{build_uuid}/logs

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

build_uuid
required

The UUID of the build

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.21.25. getRegistrySize

GET /api/v1/superuser/registrysize/

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

namespace
required

 

string

Description of a image registry size

NameDescriptionSchema

size_bytes*
optional

Number of bytes the organization is allowed

integer

last_ran

 

integer

queued

 

boolean

running

 

boolean

Responses
HTTP CodeDescriptionSchema

200

CREATED

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.21.26. postRegistrySize

POST /api/v1/superuser/registrysize/

Authorizations: oauth2_implicit (super:user)

Path parameters
TypeNameDescriptionSchema

path

namespace
required

 

string

Request body schema (application/json)

Description of a image registry size

NameDescriptionSchema

last_ran

 

integer

queued

 

boolean

running

 

boolean

Responses
HTTP CodeDescriptionSchema

201

CREATED

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.22. tag

Manage the tags of a repository.

3.22.1. restoreTag

Restores a repository tag back to a previous image in the repository.

POST /api/v1/repository/{repository}/tag/{tag}/restore

Authorizations: oauth2_implicit (repo:write)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

tag
required

The name of the tag

string

Request body schema (application/json)

Restores a tag to a specific image

NameDescriptionSchema

manifest_digest
required

If specified, the manifest digest that should be used

string

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X POST \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Content-Type: application/json" \
  --data '{
    "manifest_digest": <manifest_digest>
  }' \
  quay-server.example.com/api/v1/repository/quayadmin/busybox/tag/test/restore

3.22.2. changeTag

Change which image a tag points to or create a new tag.

PUT /api/v1/repository/{repository}/tag/{tag}

Authorizations: oauth2_implicit (repo:write)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

tag
required

The name of the tag

string

Request body schema (application/json)

Makes changes to a specific tag

NameDescriptionSchema

manifest_digest
optional

(If specified) The manifest digest to which the tag should point

 

expiration
optional

(If specified) The expiration for the image

 
Responses
HTTP CodeDescriptionSchema

201

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X PUT \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Content-Type: application/json" \
  --data '{
    "manifest_digest": "<manifest_digest>"
  }' \
  https://<quay-server.example.com>/api/v1/repository/<namespace>/<repository_name>/tag/<tag>

3.22.3. deleteFullTag

Delete the specified repository tag.

DELETE /api/v1/repository/{repository}/tag/{tag}

Authorizations: oauth2_implicit (repo:write)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

path

tag
required

The name of the tag

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.22.4. listRepoTags

GET /api/v1/repository/{repository}/tag/

Authorizations: oauth2_implicit (repo:read)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Query parameters
TypeNameDescriptionSchema

query

onlyActiveTags
optional

Filter to only active tags.

boolean

query

page
optional

Page index for the results. Default 1.

integer

query

limit
optional

Limit to the number of results to return per page. Max 100.

integer

query

filter_tag_name
optional

Syntax: <op>:<name> Filters the tag names based on the operation.<op> can be 'like' or 'eq'.

string

query

specificTag
optional

Filters the tags to the specific tag.

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X GET \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Accept: application/json" \
  https://<quay-server.example.com>/api/v1/repository/<namespace>/<repository_name>/tag/

3.23. team

Create, list and manage an organization’s teams.

3.23.1. getOrganizationTeamPermissions

Returns the list of repository permissions for the org’s team.

GET /api/v1/organization/{orgname}/team/{teamname}/permissions

Authorizations: 

Path parameters
TypeNameDescriptionSchema

path

teamname
required

The name of the team

string

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.23.2. updateOrganizationTeamMember

Adds or invites a member to an existing team.

PUT /api/v1/organization/{orgname}/team/{teamname}/members/{membername}

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

teamname
required

The name of the team

string

path

membername
required

The username of the team member

string

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X PUT \
  -H "Authorization: Bearer <your_access_token>" \
  "<quay-server.example.com>/api/v1/organization/<organization_name>/team/<team_name>/members/<member_name>"

3.23.3. deleteOrganizationTeamMember

Delete a member of a team.

If the user is merely invited to join the team, then the invite is removed instead.
DELETE /api/v1/organization/{orgname}/team/{teamname}/members/{membername}

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

teamname
required

The name of the team

string

path

membername
required

The username of the team member

string

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X DELETE \
  -H "Authorization: Bearer <your_access_token>" \
  "<quay-server.example.com>/api/v1/organization/<organization_name>/team/<team_name>/members/<member_name>"

3.23.4. getOrganizationTeamMembers

Retrieve the list of members for the specified team.

GET /api/v1/organization/{orgname}/team/{teamname}/members

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

teamname
required

The name of the team

string

path

orgname
required

The name of the organization

string

Query parameters
TypeNameDescriptionSchema

query

includePending
optional

Whether to include pending members

boolean

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X GET \
  -H "Authorization: Bearer <your_access_token>" \
  "<quay-server.example.com>/api/v1/organization/<organization_name>/team/<team_name>/members"

3.23.5. inviteTeamMemberEmail

Invites an email address to an existing team.

PUT /api/v1/organization/{orgname}/team/{teamname}/invite/{email}

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

email
required

 

string

path

teamname
required

 

string

path

orgname
required

 

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X PUT \
  -H "Authorization: Bearer <your_access_token>" \
  "<quay-server.example.com>/api/v1/organization/<organization_name>/team/<team_name>/invite/<email>"

3.23.6. deleteTeamMemberEmailInvite

Delete an invite of an email address to join a team.

DELETE /api/v1/organization/{orgname}/team/{teamname}/invite/{email}

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

email
required

 

string

path

teamname
required

 

string

path

orgname
required

 

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command

+

$ curl -X DELETE \
  -H "Authorization: Bearer <your_access_token>" \
  "<quay-server.example.com>/api/v1/organization/<organization_name>/team/<team_name>/invite/<email>"

3.23.7. updateOrganizationTeam

Update the org-wide permission for the specified team.

Note

This API is also used to create a team.

PUT /api/v1/organization/{orgname}/team/{teamname}

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

teamname
required

The name of the team

string

path

orgname
required

The name of the organization

string

Request body schema (application/json)

Description of a team

NameDescriptionSchema

role
required

Org wide permissions that should apply to the team

string

description
optional

Markdown description for the team

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -k -X PUT -H 'Accept: application/json' -H 'Content-Type: application/json' -H "Authorization: Bearer <bearer_token>"  --data '{"role": "creator"}' https://<quay-server.example.com>/api/v1/organization/<organization_name>/team/<team_name>

3.23.8. deleteOrganizationTeam

Delete the specified team.

DELETE /api/v1/organization/{orgname}/team/{teamname}

Authorizations: oauth2_implicit (org:admin)

Path parameters
TypeNameDescriptionSchema

path

teamname
required

The name of the team

string

path

orgname
required

The name of the organization

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command
$ curl -X DELETE \
  -H "Authorization: Bearer <your_access_token>" \
  "<quay-server.example.com>/api/v1/organization/<organization_name>/team/<team_name>"

3.24. trigger

Create, list and manage build triggers.

3.24.1. activateBuildTrigger

Activate the specified build trigger.

POST /api/v1/repository/{repository}/trigger/{trigger_uuid}/activate

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

trigger_uuid
required

The UUID of the build trigger

string

path

repository
required

The full path of the repository. e.g. namespace/name

string

Request body schema (application/json)
NameDescriptionSchema

config
required

Arbitrary json.

object

pull_robot
optional

The name of the robot that will be used to pull images.

string

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.24.2. listTriggerRecentBuilds

List the builds started by the specified trigger.

GET /api/v1/repository/{repository}/trigger/{trigger_uuid}/builds

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

trigger_uuid
required

The UUID of the build trigger

string

path

repository
required

The full path of the repository. e.g. namespace/name

string

Query parameters
TypeNameDescriptionSchema

query

limit
optional

The maximum number of builds to return

integer

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.24.3. manuallyStartBuildTrigger

Manually start a build from the specified trigger.

POST /api/v1/repository/{repository}/trigger/{trigger_uuid}/start

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

trigger_uuid
required

The UUID of the build trigger

string

path

repository
required

The full path of the repository. e.g. namespace/name

string

Request body schema (application/json)

Optional run parameters for activating the build trigger

NameDescriptionSchema

branch_name
optional

(SCM only) If specified, the name of the branch to build.

string

commit_sha
optional

(Custom Only) If specified, the ref/SHA1 used to checkout a git repository.

string

refs
optional

(SCM Only) If specified, the ref to build.

 
Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.24.4. getBuildTrigger

Get information for the specified build trigger.

GET /api/v1/repository/{repository}/trigger/{trigger_uuid}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

trigger_uuid
required

The UUID of the build trigger

string

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.24.5. updateBuildTrigger

Updates the specified build trigger.

PUT /api/v1/repository/{repository}/trigger/{trigger_uuid}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

trigger_uuid
required

The UUID of the build trigger

string

path

repository
required

The full path of the repository. e.g. namespace/name

string

Request body schema (application/json)

Options for updating a build trigger

NameDescriptionSchema

enabled
required

Whether the build trigger is enabled

boolean

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.24.6. deleteBuildTrigger

Delete the specified build trigger.

DELETE /api/v1/repository/{repository}/trigger/{trigger_uuid}

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

trigger_uuid
required

The UUID of the build trigger

string

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.24.7. listBuildTriggers

List the triggers for the specified repository.

GET /api/v1/repository/{repository}/trigger/

Authorizations: oauth2_implicit (repo:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.25. user

Manage the current user.

3.25.1. createStar

Star a repository.

POST /api/v1/user/starred

Authorizations: oauth2_implicit (repo:read)

Request body schema (application/json)
NameDescriptionSchema

namespace
required

Namespace in which the repository belongs

string

repository
required

Repository name

string

Responses
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.25.2. listStarredRepos

List all starred repositories.

GET /api/v1/user/starred

Authorizations: oauth2_implicit (user:admin)

Query parameters
TypeNameDescriptionSchema

query

next_page
optional

The page token for the next page

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.25.3. getLoggedInUser

Get user information for the authenticated user.

GET /api/v1/user/

Authorizations: oauth2_implicit (user:read)

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

UserView

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.25.4. deleteStar

Removes a star from a repository.

DELETE /api/v1/user/starred/{repository}

Authorizations: oauth2_implicit (user:admin)

Path parameters
TypeNameDescriptionSchema

path

repository
required

The full path of the repository. e.g. namespace/name

string

Responses
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.25.5. getUserInformation

Get user information for the specified user.

GET /api/v1/users/{username}

Authorizations: 

Path parameters
TypeNameDescriptionSchema

path

username
required

 

string

Responses
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

3.26. Definitions

3.26.1. ApiError

NameDescriptionSchema

status
optional

Status code of the response.

integer

type
optional

Reference to the type of the error.

string

detail
optional

Details about the specific instance of the error.

string

title
optional

Unique error code to identify the type of error.

string

error_message
optional

Deprecated; alias for detail

string

error_type
optional

Deprecated; alias for detail

string

3.26.2. UserView

NameDescriptionSchema

verified
optional

Whether the user’s email address has been verified

boolean

anonymous
optional

true if this user data represents a guest user

boolean

email
optional

The user’s email address

string

avatar
optional

Avatar data representing the user’s icon

object

organizations
optional

Information about the organizations in which the user is a member

array of object

logins
optional

The list of external login providers against which the user has authenticated

array of object

can_create_repo
optional

Whether the user has permission to create repositories

boolean

preferred_namespace
optional

If true, the user’s namespace is the preferred namespace to display

boolean

3.26.3. ViewMirrorConfig

NameDescriptionSchema

is_enabled
optional

Used to enable or disable synchronizations.

boolean

external_reference
optional

Location of the external repository.

string

external_registry_username
optional

Username used to authenticate with external registry.

 

external_registry_password
optional

Password used to authenticate with external registry.

 

sync_start_date
optional

Determines the next time this repository is ready for synchronization.

string

sync_interval
optional

Number of seconds after next_start_date to begin synchronizing.

integer

robot_username
optional

Username of robot which will be used for image pushes.

string

root_rule
optional

A list of glob-patterns used to determine which tags should be synchronized.

object

external_registry_config
optional

 

object

3.26.4. ApiErrorDescription

NameDescriptionSchema

type
optional

A reference to the error type resource

string

title
optional

The title of the error. Can be used to uniquely identify the kind of error.

string

description
optional

A more detailed description of the error that may include help for fixing the issue.

string

Chapter 4. API configuration examples

4.1. external_registry_config object reference

{
        "is_enabled": True,
        "external_reference": "quay.io/redhat/quay",
        "sync_interval": 5000,
        "sync_start_date": datetime(2020, 0o1, 0o2, 6, 30, 0),
        "external_registry_username": "fakeUsername",
        "external_registry_password": "fakePassword",
        "external_registry_config": {
            "verify_tls": True,
            "unsigned_images": False,
            "proxy": {
                "http_proxy": "http://insecure.proxy.corp",
                "https_proxy": "https://secure.proxy.corp",
                "no_proxy": "mylocalhost",
            },
        },
    }

4.2. rule_rule object reference

    {
            "root_rule": {"rule_kind": "tag_glob_csv", "rule_value": ["latest", "foo", "bar"]},
        }

Legal Notice

Copyright © 2024 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.