Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 10. org_mirror

Organization-level repository mirroring API endpoints.

Enables users to configure a single mirroring task to replicate all repositories from a source namespace (e.g., Harbor project, Quay organization) into a target Quay organization.

10.1. createOrgMirrorConfig
Copy link

Create organization mirror configuration.

POST /api/v1/organization/{orgname}/mirror

Authorizations: oauth2_implicit (org:admin)

Request body schema (application/json)

Create organization mirror configuration

Expand
NameDescriptionSchema

external_registry_type
required

Type of source registry (e.g. quay, harbor)

string

external_registry_url
required

URL of the source registry

string

external_namespace
required

Source namespace/project name

string

robot_username
required

Robot account for creating repos (format: orgname+robotname)

string

visibility
required

Visibility for created repositories (public or private)

string

sync_interval
required

Seconds between syncs (minimum 60)

integer

sync_start_date
required

Initial sync time (ISO 8601 format, e.g. 2025-01-01T00:00:00Z)

string

is_enabled
optional

Enable or disable mirroring

boolean

external_registry_username
optional

Username for source registry authentication

 

external_registry_password
optional

Password for source registry authentication

 

external_registry_config
optional

TLS and proxy settings

object

repository_filters
optional

Glob patterns for filtering repositories

array of string

skopeo_timeout
optional

Timeout for Skopeo operations in seconds

integer

Responses

Expand
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command

$ curl -X POST \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{"external_registry_type": "quay", "external_registry_url": "https://quay.example.com", "external_namespace": "<source_namespace>", "robot_username": "<orgname>+<robotname>", "visibility": "private", "sync_interval": 3600, "sync_start_date": "2025-01-01T00:00:00Z", "is_enabled": true}' \
  https://<quay-server.example.com>/api/v1/organization/<orgname>/mirror

10.2. getOrgMirrorConfig
Copy link

Get the organization-level mirror configuration.

GET /api/v1/organization/{orgname}/mirror

Authorizations: oauth2_implicit (org:admin)

Responses

Expand
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command

$ curl -X GET \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Accept: application/json" \
  https://<quay-server.example.com>/api/v1/organization/<orgname>/mirror

10.3. listOrgMirrorRepositories
Copy link

List all discovered repositories from source namespace. 

Query Parameters:
    page (int): Page number, default 1
    limit (int): Items per page, default 100, max 500
 
Returns:
    JSON object with:
        - repositories: List of repository objects
        - page: Current page number
        - limit: Items per page
        - total: Total number of matching repositories
        - has_next: Whether there are more pages

GET /api/v1/organization/{orgname}/mirror/repositories

Authorizations: oauth2_implicit (org:admin)

Responses

Expand
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command

$ curl -X GET \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Accept: application/json" \
  "https://<quay-server.example.com>/api/v1/organization/<orgname>/mirror/repositories?page=1&limit=100"

10.4. syncOrgMirrorNow
Copy link

Trigger immediate discovery and sync for the organization. 

Sets sync_status to SYNC_NOW and sync_start_date to now for
immediate pickup by the repomirrorworker.
 
Returns 204 on success, 404 if config not found or already syncing.

POST /api/v1/organization/{orgname}/mirror/sync-now

Authorizations: oauth2_implicit (org:admin)

Responses

Expand
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command

$ curl -X POST \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Accept: application/json" \
  https://<quay-server.example.com>/api/v1/organization/<orgname>/mirror/sync-now

10.5. updateOrgMirrorConfig
Copy link

Update organization mirror configuration.

PUT /api/v1/organization/{orgname}/mirror

Authorizations: oauth2_implicit (org:admin)

Request body schema (application/json)

Update organization mirror configuration

Expand
NameDescriptionSchema

is_enabled
optional

 

boolean

external_registry_url
optional

 

string

external_namespace
optional

 

string

robot_username
optional

 

string

visibility
optional

 

string

sync_interval
optional

 

integer

sync_start_date
optional

 

string

external_registry_username
optional

  

external_registry_password
optional

  

external_registry_config
optional

 

object

repository_filters
optional

 

array of string

skopeo_timeout
optional

 

integer

Responses

Expand
HTTP CodeDescriptionSchema

200

Successful invocation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command

$ curl -X PUT \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{"is_enabled": true, "sync_interval": 7200}' \
  https://<quay-server.example.com>/api/v1/organization/<orgname>/mirror

10.6. verifyOrgMirrorConnection
Copy link

Verify connection to source registry. 

Tests connectivity, authentication, and TLS configuration without
triggering a full sync operation. Useful for validating configuration
before enabling mirroring.
 
Returns:
    JSON object with:
        - success: Boolean indicating if connection was successful
        - message: Human-readable status message

POST /api/v1/organization/{orgname}/mirror/verify

Authorizations: oauth2_implicit (org:admin)

Responses

Expand
HTTP CodeDescriptionSchema

200

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command

$ curl -X POST \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Accept: application/json" \
  https://<quay-server.example.com>/api/v1/organization/<orgname>/mirror/verify

10.7. cancelOrgMirrorSync
Copy link

Cancel ongoing discovery or sync operation. 

Transitions the config to CANCEL status from any state except already CANCEL.
The worker detects the CANCEL status and propagates it to associated repository
syncs during tag processing. Repo status changes are applied when the worker
picks up the cancellation request, not immediately.
 
Returns 204 on success, 404 if config not found, 400 if already cancelled.

POST /api/v1/organization/{orgname}/mirror/sync-cancel

Authorizations: oauth2_implicit (org:admin)

Responses

Expand
HTTP CodeDescriptionSchema

201

Successful creation

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command

$ curl -X POST \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Accept: application/json" \
  https://<quay-server.example.com>/api/v1/organization/<orgname>/mirror/sync-cancel

10.8. deleteOrgMirrorConfig
Copy link

Delete organization mirror configuration.

DELETE /api/v1/organization/{orgname}/mirror

Authorizations: oauth2_implicit (org:admin)

Responses

Expand
HTTP CodeDescriptionSchema

204

Deleted

 

400

Bad Request

ApiError

401

Session required

ApiError

403

Unauthorized access

ApiError

404

Not found

ApiError

Example command

$ curl -X DELETE \
  -H "Authorization: Bearer <bearer_token>" \
  -H "Accept: application/json" \
  https://<quay-server.example.com>/api/v1/organization/<orgname>/mirror
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Legal Notice

Theme

© 2026 Red HatBack to top