Protected packages API
DETAILS: Tier: Free, Premium, Ultimate Offering: GitLab.com, Self-managed Status: Experiment
- Introduced in GitLab 17.1 with a flag named
packages_protected_packages. Disabled by default.
FLAG: The availability of this feature is controlled by a feature flag. For more information, see the history. This feature is available for testing, but not ready for production use.
This API manages the protection rules for packages. This feature is an experiment.
List package protection rules
Gets a list of package protection rules from a project.
GET /api/v4/projects/:id/packages/protection/rulesSupported attributes:
| Attribute | Type | Required | Description |
|---|---|---|---|
id |
integer/string | Yes | ID or URL-encoded path of the project owned by the authenticated user. |
If successful, returns 200 and a list of package protection rules.
Can return the following status codes:
-
200 OK: A list of package protection rules. -
401 Unauthorized: The access token is invalid. -
403 Forbidden: The user does not have permission to list package protection rules for this project. -
404 Not Found: The project was not found.
Example request:
curl --header "PRIVATE-TOKEN: <your_access_token>" \
--url "https://gitlab.example.com/api/v4/projects/7/packages/protection/rules"Example response:
[
{
"id": 1,
"project_id": 7,
"package_name_pattern": "@flightjs/flight-package-0",
"package_type": "npm",
"minimum_access_level_for_push": "maintainer"
},
{
"id": 2,
"project_id": 7,
"package_name_pattern": "@flightjs/flight-package-1",
"package_type": "npm",
"minimum_access_level_for_push": "maintainer"
}
]Delete a package protection rule
Deletes a package protection rule from a project.
DELETE /api/v4/projects/:id/packages/protection/rules/:package_protection_rule_idSupported attributes:
| Attribute | Type | Required | Description |
|---|---|---|---|
id |
integer/string | Yes | ID or URL-encoded path of the project owned by the authenticated user. |
package_protection_rule_id |
integer | Yes | ID of the package protection rule to be deleted. |
If successful, returns 204 No Content.
Can return the following status codes:
-
204 No Content: The package protection rule was deleted successfully. -
400 Bad Request: Theidor thepackage_protection_rule_idare missing or are invalid. -
401 Unauthorized: The access token is invalid. -
403 Forbidden: The user does not have permission to delete the package protection rule. -
404 Not Found: The project or the package protection rule was not found.
Example request:
curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" \
--url "https://gitlab.example.com/api/v4/projects/7/packages/protection/rules/32"