README.md 5.92 KB
Newer Older
1
# GitLab API
Nihad Abbasov's avatar
Nihad Abbasov committed
2

3
## Resources
4 5 6 7 8 9 10 11

+ [Users](users.md)
+ [Session](session.md)
+ [Projects](projects.md)
+ [Project Snippets](project_snippets.md)
+ [Repositories](repositories.md)
+ [Repository Files](repository_files.md)
+ [Commits](commits.md)
12
+ [Branches](branches.md)
13 14 15
+ [Merge Requests](merge_requests.md)
+ [Issues](issues.md)
+ [Milestones](milestones.md)
16
+ [Notes](notes.md) (comments)
17 18 19 20 21 22 23
+ [Deploy Keys](deploy_keys.md)
+ [System Hooks](system_hooks.md)
+ [Groups](groups.md)

## Clients

+ [php-gitlab-api](https://github.com/m4tthumphrey/php-gitlab-api) - PHP
Adam Engebretson's avatar
Adam Engebretson committed
24
+ [Laravel API Wrapper for GitLab CE](https://github.com/adamgoose/gitlab) - PHP / [Laravel](http://laravel.com)
25 26 27
+ [Ruby Wrapper](https://github.com/NARKOZ/gitlab) - Ruby
+ [python-gitlab](https://github.com/Itxaka/python-gitlab) - Python
+ [java-gitlab-api](https://github.com/timols/java-gitlab-api) - Java
Manfred Touron's avatar
Manfred Touron committed
28
+ [node-gitlab](https://github.com/moul/node-gitlab) - Node.js
29 30 31

## Introduction

32
All API requests require authentication. You need to pass a `private_token` parameter by url or header. If passed as header, the header name must be "PRIVATE-TOKEN" (capital and with dash instead of underscore). You can find or reset your private token in your profile.
Nihad Abbasov's avatar
Nihad Abbasov committed
33

34
If no, or an invalid, `private_token` is provided then an error message will be returned with status code 401:
Nihad Abbasov's avatar
Nihad Abbasov committed
35 36 37 38 39 40 41

```json
{
  "message": "401 Unauthorized"
}
```

42
API requests should be prefixed with `api` and the API version. The API version is defined in `lib/api.rb`.
Nihad Abbasov's avatar
Nihad Abbasov committed
43

44
Example of a valid API request:
Nihad Abbasov's avatar
Nihad Abbasov committed
45 46

```
Riyad Preukschas's avatar
Riyad Preukschas committed
47
GET http://example.com/api/v3/projects?private_token=QVy1PB7sTxfy4pqfZM1U
Nihad Abbasov's avatar
Nihad Abbasov committed
48 49
```

50 51 52 53 54 55 56
Example for a valid API request using curl and authentication via header:

```
curl --header "PRIVATE-TOKEN: QVy1PB7sTxfy4pqfZM1U" "http://example.com/api/v3/projects"
```


Nihad Abbasov's avatar
Nihad Abbasov committed
57 58
The API uses JSON to serialize data. You don't need to specify `.json` at the end of API URL.

59 60 61 62


## Status codes

63 64 65 66
The API is designed to return different status codes according to context and action. In this way
if a request results in an error the caller is able to get insight into what went wrong, e.g.
status code `400 Bad Request` is returned if a required attribute is missing from the request.
The following list gives an overview of how the API functions generally behave.
67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86

API request types:

* `GET` requests access one or more resources and return the result as JSON
* `POST` requests return `201 Created` if the resource is successfully created and return the newly created resource as JSON
* `GET`, `PUT` and `DELETE` return `200 Ok` if the resource is accessed, modified or deleted successfully, the (modified) result is returned as JSON
* `DELETE` requests are designed to be idempotent, meaning a request a resource still returns `200 Ok` even it was deleted before or is not available. The reasoning behind it is the user is not really interested if the resource existed before or not.


The following list shows the possible return codes for API requests.

Return values:

* `200 Ok` - The `GET`, `PUT` or `DELETE` request was successful, the resource(s) itself is returned as JSON
* `201 Created` - The `POST` request was successful and the resource is returned as JSON
* `400 Bad Request` - A required attribute of the API request is missing, e.g. the title of an issue is not given
* `401 Unauthorized` - The user is not authenticated, a valid user token is necessary, see above
* `403 Forbidden` - The request is not allowed, e.g. the user is not allowed to delete a project
* `404 Not Found` - A resource could not be accessed, e.g. an ID for a resource could not be found
* `405 Method Not Allowed` - The request is not supported
87
* `409 Conflict` - A conflicting resource already exists, e.g. creating a project with a name that already exists
88 89
* `500 Server Error` - While handling the request something went wrong on the server side

90 91
## Sudo
All API requests support performing an api call as if you were another user, if your private token is for an administration account. You need to pass  `sudo` parameter by url or header with an id or username of the user you want to perform the operation as. If passed as header, the header name must be "SUDO" (capitals).
92

93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126
If a non administrative `private_token` is provided then an error message will be returned with status code 403:

```json
{
  "message": "403 Forbidden: Must be admin to use sudo"
}
```

If the sudo user id or username cannot be found then an error message will be returned with status code 404:

```json
{
  "message": "404 Not Found: No user id or username for: <id/username>"
}
```

Example of a valid API with sudo request:

```
GET http://example.com/api/v3/projects?private_token=QVy1PB7sTxfy4pqfZM1U&sudo=username
```
```
GET http://example.com/api/v3/projects?private_token=QVy1PB7sTxfy4pqfZM1U&sudo=23
```


Example for a valid API request with sudo using curl and authentication via header:

```
curl --header "PRIVATE-TOKEN: QVy1PB7sTxfy4pqfZM1U" --header "SUDO: username" "http://example.com/api/v3/projects"
```
```
curl --header "PRIVATE-TOKEN: QVy1PB7sTxfy4pqfZM1U" --header "SUDO: 23" "http://example.com/api/v3/projects"
```
127

Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
128
## Pagination
Nihad Abbasov's avatar
Nihad Abbasov committed
129 130 131 132

When listing resources you can pass the following parameters:

+ `page` (default: `1`) - page number
133
+ `per_page` (default: `20`, max: `100`) - number of items to list per page
Nihad Abbasov's avatar
Nihad Abbasov committed
134

135 136 137 138
[Link headers](http://www.w3.org/wiki/LinkHeader) are send back with each response.
These have `rel` prev/next/first/last and contain the relevant url.
Please use these instead of generating your own urls.

Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
139 140 141 142 143 144 145 146 147 148 149 150 151 152
## id vs iid

When you work with API you may notice two similar fields in api entites: id and iid. 
The main difference between them is scope. Example: 

Issue 
  id: 46
  iid: 5

* id - is uniq across all Issues table. It used for any api calls. 
* iid - is uniq only in scope of single project. When you browse issues or merge requests with Web UI - you see iid. 

So if you want to get issue with api you use `http://host/api/v3/.../issues/:id.json`
But when you want to create a link to web page - use  `http:://host/project/issues/:iid.json`