2018-06-25 14:12:46 +02:00
---
date: "2018-06-24:00:00+02:00"
title: "API Usage"
slug: "api-usage"
2023-07-26 06:53:13 +02:00
sidebar_position: 40
2020-12-09 07:47:06 +01:00
toc: false
2018-06-25 14:12:46 +02:00
draft: false
Refactor docs (#23752)
This was intended to be a small followup for
https://github.com/go-gitea/gitea/pull/23712, but...here we are.
1. Our docs currently use `slug` as the entire URL, which makes
refactoring tricky (see https://github.com/go-gitea/gitea/pull/23712).
Instead, this PR attempts to make future refactoring easier by using
slugs as an extension of the section. (Hugo terminology)
- What the above boils down to is this PR attempts to use directory
organization as URL management. e.g. `usage/comparison.en-us.md` ->
`en-us/usage/comparison/`, `usage/packages/overview.en-us.md` ->
`en-us/usage/packages/overview/`
- Technically we could even remove `slug`, as Hugo defaults to using
filename, however at least with this PR it means `slug` only needs to be
the name for the **current file** rather than an entire URL
2. This PR adds appropriate aliases (redirects) for pages, so anything
on the internet that links to our docs should hopefully not break.
3. A minor nit I've had for a while, renaming `seek-help` to `support`.
It's a minor thing, but `seek-help` has a strange connotation to it.
4. The commits are split such that you can review the first which is the
"actual" change, and the second is added redirects so that the first
doesn't break links elsewhere.
---------
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2023-04-28 05:33:41 +02:00
aliases:
- /en-us/api-usage
2018-06-25 14:12:46 +02:00
menu:
sidebar:
2023-03-23 16:18:24 +01:00
parent: "development"
2018-06-25 14:12:46 +02:00
name: "API Usage"
2023-07-26 06:53:13 +02:00
sidebar_position: 40
2018-06-25 14:12:46 +02:00
identifier: "api-usage"
---
2020-12-08 05:52:26 +01:00
# API Usage
2018-06-25 14:12:46 +02:00
## Enabling/configuring API access
2023-12-01 12:42:42 +01:00
By default, `ENABLE_SWAGGER` is true, and `MAX_RESPONSE_ITEMS` is set to 50. See [Config Cheat Sheet ](administration/config-cheat-sheet.md ) for more information.
2018-06-25 14:12:46 +02:00
2020-12-08 05:52:26 +01:00
## Authentication
2018-06-25 14:12:46 +02:00
Gitea supports these methods of API authentication:
- HTTP basic authentication
- `token=...` parameter in URL query string
- `access_token=...` parameter in URL query string
- `Authorization: token ...` header in HTTP headers
2020-12-09 07:47:06 +01:00
All of these methods accept the same API key token type. You can
2018-06-25 14:12:46 +02:00
better understand this by looking at the code -- as of this writing,
Gitea parses queries and headers to find the token in
[modules/auth/auth.go ](https://github.com/go-gitea/gitea/blob/6efdcaed86565c91a3dc77631372a9cc45a58e89/modules/auth/auth.go#L47 ).
2021-05-16 15:51:53 +02:00
## Generating and listing API tokens
A new token can be generated with a `POST` request to
`/users/:name/tokens` .
Note that `/users/:name/tokens` is a special endpoint and requires you
to authenticate using `BasicAuth` and a password, as follows:
```sh
2022-09-05 15:22:44 +02:00
$ curl -H "Content-Type: application/json" -d '{"name":"test"}' -u username:password https://gitea.your.host/api/v1/users/< username > /tokens
2021-05-16 15:51:53 +02:00
{"id":1,"name":"test","sha1":"9fcb1158165773dd010fca5f0cf7174316c3e37d","token_last_eight":"16c3e37d"}
```
The ``sha1`` (the token) is only returned once and is not stored in
plain-text. It will not be displayed when listing tokens with a `GET`
request; e.g.
```sh
2022-09-05 09:22:03 +02:00
$ curl --url https://yourusername:password@gitea.your.host/api/v1/users/< username > /tokens
2021-05-16 15:51:53 +02:00
[{"name":"test","sha1":"","token_last_eight:"........":},{"name":"dev","sha1":"","token_last_eight":"........"}]
```
To use the API with basic authentication with two factor authentication
enabled, you'll need to send an additional header that contains the one
time password (6 digitrotating token).
An example of the header is `X-Gitea-OTP: 123456` where `123456`
is where you'd place the code from your authenticator.
Here is how the request would look like in curl:
```sh
2022-09-05 09:22:03 +02:00
$ curl -H "X-Gitea-OTP: 123456" --url https://yourusername:yourpassword@gitea.your.host/api/v1/users/yourusername/tokens
2021-05-16 15:51:53 +02:00
```
You can also create an API key token via your Gitea installation's web
interface: `Settings | Applications | Generate New Token` .
2018-06-25 14:12:46 +02:00
2020-12-08 05:52:26 +01:00
## OAuth2 Provider
2019-04-14 10:42:11 +02:00
2023-08-27 13:59:12 +02:00
Access tokens obtained from Gitea's [OAuth2 provider ](development/oauth2-provider.md ) are accepted by these methods:
2019-04-14 10:42:11 +02:00
- `Authorization bearer ...` header in HTTP headers
- `token=...` parameter in URL query string
- `access_token=...` parameter in URL query string
2018-06-25 14:12:46 +02:00
### More on the `Authorization:` header
For historical reasons, Gitea needs the word `token` included before
2019-03-09 22:15:45 +01:00
the API key token in an authorization header, like this:
2018-06-25 14:12:46 +02:00
2020-12-09 07:47:06 +01:00
```sh
2018-06-25 14:12:46 +02:00
Authorization: token 65eaa9c8ef52460d22a93307fe0aee76289dc675
```
In a `curl` command, for instance, this would look like:
2020-12-09 07:47:06 +01:00
```sh
2022-09-05 09:22:03 +02:00
curl "http://localhost:4000/api/v1/repos/test1/test1/issues" \
2018-06-25 14:12:46 +02:00
-H "accept: application/json" \
-H "Authorization: token 65eaa9c8ef52460d22a93307fe0aee76289dc675" \
-H "Content-Type: application/json" -d "{ \"body\": \"testing\", \"title\": \"test 20\"}" -i
```
As mentioned above, the token used is the same one you would use in
the `token=` string in a GET request.
2022-08-10 03:58:55 +02:00
## Pagination
The API supports pagination. The `page` and `limit` parameters are used to specify the page number and the number of items per page. As well, the `Link` header is returned with the next, previous, and last page links if there are more than one pages. The `x-total-count` is also returned to indicate the total number of items.
```sh
curl -v "http://localhost/api/v1/repos/search?limit=1"
...
< link: < http: / / localhost / api / v1 / repos / search ? limit = 1&page=2 > ; rel="next",< http: / / localhost / api / v1 / repos / search ? limit = 1&page=5252 > ; rel="last"
...
< x-total-count: 5252
```
2023-05-05 05:11:54 +02:00
## API Guide
2019-10-10 14:42:01 +02:00
2020-10-22 19:04:23 +02:00
API Reference guide is auto-generated by swagger and available on:
2020-12-09 07:47:06 +01:00
`https://gitea.your.host/api/swagger`
2021-12-24 04:56:57 +01:00
or on the
2024-05-27 17:05:12 +02:00
[Gitea instance ](https://gitea.com/api/swagger )
2019-10-10 14:42:01 +02:00
2021-04-20 05:29:08 +02:00
The OpenAPI document is at:
`https://gitea.your.host/swagger.v1.json`
2018-09-07 05:31:29 +02:00
## Sudo
The API allows admin users to sudo API requests as another user. Simply add either a `sudo=` parameter or `Sudo:` request header with the username of the user to sudo.
2020-10-22 19:04:23 +02:00
## SDKs
2020-12-09 07:47:06 +01:00
- [Official go-sdk ](https://gitea.com/gitea/go-sdk )
- [more ](https://gitea.com/gitea/awesome-gitea#user-content-sdk )