| = Gerrit Code Review - REST API |
| |
| Gerrit Code Review comes with a REST like API available over HTTP. |
| The API is suitable for automated tools to build upon, as well as |
| supporting some ad-hoc scripting use cases. |
| |
| See also: link:dev-rest-api.html[REST API Developers' Notes]. |
| |
| == Endpoints |
| link:rest-api-access.html[/access/]:: |
| Access Right related REST endpoints |
| link:rest-api-accounts.html[/accounts/]:: |
| Account related REST endpoints |
| link:rest-api-changes.html[/changes/]:: |
| Change related REST endpoints |
| link:rest-api-config.html[/config/]:: |
| Config related REST endpoints |
| link:rest-api-groups.html[/groups/]:: |
| Group related REST endpoints |
| link:rest-api-plugins.html[/plugins/]:: |
| Plugin related REST endpoints |
| link:rest-api-projects.html[/projects/]:: |
| Project related REST endpoints |
| link:rest-api-documentation.html[/Documentation/]:: |
| Documentation related REST endpoints |
| |
| == Protocol Details |
| |
| [[authentication]] |
| === Authentication |
| By default all REST endpoints assume anonymous access and filter |
| results to correspond to what anonymous users can read (which may |
| be nothing at all). |
| |
| Users (and programs) may authenticate using HTTP authentication by |
| supplying the HTTP password from the user's account settings page. |
| Gerrit by default uses HTTP digest authentication. To authenticate, |
| prefix the endpoint URL with `/a/`. For example to authenticate to |
| `/projects/` request URL `/a/projects/`. |
| |
| [[preconditions]] |
| === Preconditions |
| Clients can request PUT to create a new resource and not overwrite |
| an existing one by adding `If-None-Match: *` to the request HTTP |
| headers. If the named resource already exists the server will respond |
| with HTTP 412 Precondition Failed. |
| |
| [[output]] |
| === Output Format |
| Most APIs return pretty printed JSON by default. Compact JSON can be |
| requested by setting the `Accept` HTTP request header to include |
| `application/json`, for example: |
| |
| ---- |
| GET /projects/ HTTP/1.0 |
| Accept: application/json |
| ---- |
| |
| JSON responses are encoded using UTF-8 and use content type |
| `application/json`. |
| |
| To prevent against Cross Site Script Inclusion (XSSI) attacks, the JSON |
| response body starts with a magic prefix line that must be stripped before |
| feeding the rest of the response body to a JSON parser: |
| |
| ---- |
| )]}' |
| [ ... valid JSON ... ] |
| ---- |
| |
| The default JSON format is pretty, which uses extra whitespace to make |
| the output more readable for a human. Producing (and parsing) the |
| non-pretty compact format is more efficient so tools should request it |
| by using the `Accept: application/json` header or `pp=0` query |
| parameter whenever possible. |
| |
| Responses will be gzip compressed by the server if the HTTP |
| `Accept-Encoding` request header is set to `gzip`. This may |
| save on network transfer time for larger responses. |
| |
| [[timestamp]] |
| === Timestamp |
| Timestamps are given in UTC and have the format |
| "'yyyy-mm-dd hh:mm:ss.fffffffff'" where "'ffffffffff'" indicates the |
| nanoseconds. |
| |
| [[encoding]] |
| === Encoding |
| All IDs that appear in the URL of a REST call (e.g. project name, group name) |
| must be URL encoded. |
| |
| [[response-codes]] |
| === Response Codes |
| HTTP status codes are well defined and the Gerrit REST endpoints use |
| them as described in the HTTP spec. |
| |
| Here are examples for some HTTP status codes that show how they are |
| used in the context of the Gerrit REST API. |
| |
| ==== 400 Bad Request |
| `400 Bad Request` is used if the request is not understood by the |
| server due to malformed syntax. |
| |
| E.g. `400 Bad Request` is returned if JSON input is expected but the |
| 'Content-Type' of the request is not 'application/json' or the request |
| body doesn't contain valid JSON. |
| |
| `400 Bad Request` is also used if required input fields are not set or |
| if options are set which cannot be used together. |
| |
| ==== 403 Forbidden |
| `403 Forbidden` is used if the operation is not allowed because the |
| calling user has no sufficient permissions. |
| |
| E.g. some REST endpoints require that the calling user has certain |
| link:access-control.html#global_capabilities[global capabilities] |
| assigned. |
| |
| `403 Forbidden` is also used if `self` is used as account ID and the |
| REST call was done without authentication. |
| |
| ==== 404 Not Found |
| `404 Not Found` is returned if the resource that is specified by the |
| URL is not found or is not visible to the calling user. A resource |
| cannot be found if the URL contains a non-existing ID or view. |
| |
| ==== 405 Method Not Allowed |
| `405 Method Not Allowed` is used if the resource exists but doesn't |
| support the operation. |
| |
| E.g. some of the `/groups/` endpoints are only supported for Gerrit |
| internal groups, if they are invoked for an external group the response |
| is `405 Method Not Allowed`. |
| |
| ==== 409 Conflict |
| `409 Conflict` is used if the request cannot be completed because the |
| current state of the resource doesn't allow the operation. |
| |
| E.g. if you try to submit a change that is abandoned, this fails with |
| `409 Conflict` because the state of the change doesn't allow the submit |
| operation. |
| |
| `409 Conflict` is also used if you try to create a resource but the |
| name is already occupied by an existing resource. |
| |
| ==== 412 Precondition Failed |
| `412 Precondition Failed` is used if a precondition from the request |
| header fields is not fulfilled as described in the link:#preconditions[ |
| Preconditions] section. |
| |
| ==== 422 Unprocessable Entity |
| `422 Unprocessable Entity` is returned if the ID of a resource that is |
| specified in the request body cannot be resolved. |
| |
| GERRIT |
| ------ |
| Part of link:index.html[Gerrit Code Review] |
| |
| SEARCHBOX |
| --------- |
