diff options
Diffstat (limited to 'doc/api/project_job_token_scopes.md')
| -rw-r--r-- | doc/api/project_job_token_scopes.md | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/doc/api/project_job_token_scopes.md b/doc/api/project_job_token_scopes.md new file mode 100644 index 00000000000..9120428998a --- /dev/null +++ b/doc/api/project_job_token_scopes.md @@ -0,0 +1,71 @@ +--- +stage: Verify +group: Pipeline Security +info: "To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments" +--- + +# Project job token scope API **(FREE)** + +NOTE: + +- Every calls to the project token scope API must be authenticated, for example, with a personal access token. +- The authenticated user (personal access token) needs to have at least Maintainer role for the project. +- Depending on the usage, the personal access token requires read access (scope `read_api`) or read/write access (scope `api`) to the API. + +## Get a project job token scope + +Fetch CI_JOB_TOKEN access settings (job token scope) of a project. + +```plaintext +GET /projects/:id/job_token_scope +``` + +Parameters + +| Attribute | Type | Required | Description | +|-----------|----------------|------------------------|-------------| +| `id` | integer/string | **{check-circle}** Yes | ID or [URL-encoded path of the project](rest/index.md#namespaced-path-encoding) owned by the authenticated user. | + +Example of request + +```shell +curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/1/job_token_scope" +``` + +Example of response + +```json +{ + "inbound_enabled": true, + "outbound_enabled": false +} +``` + +## Patch a project job token scope + +Patch CI_JOB_TOKEN access settings of a project. + +```plaintext +PATCH /projects/:id/job_token_scope +``` + +Parameters + +| Attribute | Type | Required | Description | +|-----------|----------------|-------------------------|-------------| +| `id` | integer/string | **{check-circle}** Yes | ID or [URL-encoded path of the project](rest/index.md#namespaced-path-encoding) owned by the authenticated user. | +| `enabled` | boolean | **{dotted-circle}** Yes | Indicates CI/CD job tokens generated in other projects have restricted access to this project. | + +Example of request + +```shell +curl --request PATCH \ + --url "https://gitlab.example.com/api/v4/projects/7/job_token_scope" \ + --header 'PRIVATE-TOKEN: <your_access_token>' \ + --header 'Content-Type: application/json' \ + --data '{ "enabled": false }' +``` + +Example of response + +There is no response body. |