portainer/api/api-description.md

Portainer API is an HTTP API served by Portainer. It is used by the Portainer UI and everything you can do with the UI can be done using the HTTP API.
Examples are available at https://documentation.portainer.io/api/api-examples/
You can find out more about Portainer at [http://portainer.io](http://portainer.io) and get some support on [Slack](http://portainer.io/slack/).

# Authentication

Most of the API endpoints require to be authenticated as well as some level of authorization to be used.
Portainer API uses JSON Web Token to manage authentication and thus requires you to provide a token in the **Authorization** header of each request
with the **Bearer** authentication mechanism.

Example:

```
Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTQ5OTM3NjE1NH0.NJ6vE8FY1WG6jsRQzfMqeatJ4vh2TWAeeYfDhP71YEE
```

# Security

Each API endpoint has an associated access policy, it is documented in the description of each endpoint.

Different access policies are available:

- Public access
- Authenticated access
- Restricted access
- Administrator access

### Public access

No authentication is required to access the endpoints with this access policy.

### Authenticated access

Authentication is required to access the endpoints with this access policy.

### Restricted access

Authentication is required to access the endpoints with this access policy.
Extra-checks might be added to ensure access to the resource is granted. Returned data might also be filtered.

### Administrator access

Authentication as well as an administrator role are required to access the endpoints with this access policy.

# Execute Docker requests

Portainer **DO NOT** expose specific endpoints to manage your Docker resources (create a container, remove a volume, etc...).

Instead, it acts as a reverse-proxy to the Docker HTTP API. This means that you can execute Docker requests **via** the Portainer HTTP API.

To do so, you can use the `/endpoints/{id}/docker` Portainer API endpoint (which is not documented below due to Swagger limitations). This endpoint has a restricted access policy so you still need to be authenticated to be able to query this endpoint. Any query on this endpoint will be proxied to the Docker API of the associated endpoint (requests and responses objects are the same as documented in the Docker API).

**NOTE**: You can find more information on how to query the Docker API in the [Docker official documentation](https://docs.docker.com/engine/api/v1.30/) as well as in [this Portainer example](https://documentation.portainer.io/api/api-examples/).
docs(api): document apis with swagger (#4678) * feat(api): introduce swagger * feat(api): anottate api * chore(api): tag endpoints * chore(api): remove tags * chore(api): add docs for oauth auth * chore(api): document create endpoint api * chore(api): document endpoint inspect and list * chore(api): document endpoint update and snapshots * docs(endpointgroups): document groups api * docs(auth): document auth api * chore(build): introduce a yarn script to build api docs * docs(api): document auth * docs(customtemplates): document customtemplates api * docs(tags): document api * docs(api): document the use of token * docs(dockerhub): document dockerhub api * docs(edgegroups): document edgegroups api * docs(edgejobs): document api * docs(edgestacks): doc api * docs(http/upload): add security * docs(api): document edge templates * docs(edge): document edge jobs * docs(endpointgroups): change description * docs(endpoints): document missing apis * docs(motd): doc api * docs(registries): doc api * docs(resourcecontrol): api doc * docs(role): add swagger docs * docs(settings): add swagger docs * docs(api/status): add swagger docs * docs(api/teammembership): add swagger docs * docs(api/teams): add swagger docs * docs(api/templates): add swagger docs * docs(api/users): add swagger docs * docs(api/webhooks): add swagger docs * docs(api/webscokets): add swagger docs * docs(api/stacks): swagger * docs(api): fix missing apis * docs(swagger): regen * chore(build): remove docs from build * docs(api): update tags * docs(api): document tags * docs(api): add description * docs(api): rename jwt token * docs(api): add info about types * docs(api): document types * docs(api): update request types annotation * docs(api): doc registry and resource control * chore(docs): add snippet * docs(api): add description to role * docs(api): add types for settings * docs(status): add types * style(swagger): remove documented code * docs(http/upload): update docs with types * docs(http/tags): add types * docs(api/custom_templates): add types * docs(api/teammembership): add types * docs(http/teams): add types * docs(http/stacks): add types * docs(edge): add types to edgestack * docs(http/teammembership): remove double returns * docs(api/user): add types * docs(http): fixes to make file built * chore(snippets): add scope to swagger snippet * chore(deps): install swag * chore(swagger): remove handler * docs(api): add description * docs(api): ignore docs folder * docs(api): add contributing guidelines * docs(api): cleanup handler * chore(deps): require swaggo * fix(auth): fix typo * fix(docs): make http ids pascal case * feat(edge): add ids to http handlers * fix(docs): add ids * fix(docs): show correct api version * chore(deps): remove swaggo dependency * chore(docs): add install script for swag 2021-02-23 05:21:39 +02:00			`Portainer API is an HTTP API served by Portainer. It is used by the Portainer UI and everything you can do with the UI can be done using the HTTP API.`
Remove references to deviantony gist (#5594) 2021-09-13 09:00:49 +12:00			`Examples are available at https://documentation.portainer.io/api/api-examples/`
docs(api): document apis with swagger (#4678) * feat(api): introduce swagger * feat(api): anottate api * chore(api): tag endpoints * chore(api): remove tags * chore(api): add docs for oauth auth * chore(api): document create endpoint api * chore(api): document endpoint inspect and list * chore(api): document endpoint update and snapshots * docs(endpointgroups): document groups api * docs(auth): document auth api * chore(build): introduce a yarn script to build api docs * docs(api): document auth * docs(customtemplates): document customtemplates api * docs(tags): document api * docs(api): document the use of token * docs(dockerhub): document dockerhub api * docs(edgegroups): document edgegroups api * docs(edgejobs): document api * docs(edgestacks): doc api * docs(http/upload): add security * docs(api): document edge templates * docs(edge): document edge jobs * docs(endpointgroups): change description * docs(endpoints): document missing apis * docs(motd): doc api * docs(registries): doc api * docs(resourcecontrol): api doc * docs(role): add swagger docs * docs(settings): add swagger docs * docs(api/status): add swagger docs * docs(api/teammembership): add swagger docs * docs(api/teams): add swagger docs * docs(api/templates): add swagger docs * docs(api/users): add swagger docs * docs(api/webhooks): add swagger docs * docs(api/webscokets): add swagger docs * docs(api/stacks): swagger * docs(api): fix missing apis * docs(swagger): regen * chore(build): remove docs from build * docs(api): update tags * docs(api): document tags * docs(api): add description * docs(api): rename jwt token * docs(api): add info about types * docs(api): document types * docs(api): update request types annotation * docs(api): doc registry and resource control * chore(docs): add snippet * docs(api): add description to role * docs(api): add types for settings * docs(status): add types * style(swagger): remove documented code * docs(http/upload): update docs with types * docs(http/tags): add types * docs(api/custom_templates): add types * docs(api/teammembership): add types * docs(http/teams): add types * docs(http/stacks): add types * docs(edge): add types to edgestack * docs(http/teammembership): remove double returns * docs(api/user): add types * docs(http): fixes to make file built * chore(snippets): add scope to swagger snippet * chore(deps): install swag * chore(swagger): remove handler * docs(api): add description * docs(api): ignore docs folder * docs(api): add contributing guidelines * docs(api): cleanup handler * chore(deps): require swaggo * fix(auth): fix typo * fix(docs): make http ids pascal case * feat(edge): add ids to http handlers * fix(docs): add ids * fix(docs): show correct api version * chore(deps): remove swaggo dependency * chore(docs): add install script for swag 2021-02-23 05:21:39 +02:00			`You can find out more about Portainer at [http://portainer.io](http://portainer.io) and get some support on [Slack](http://portainer.io/slack/).`

			`# Authentication`

			`Most of the API endpoints require to be authenticated as well as some level of authorization to be used.`
			`Portainer API uses JSON Web Token to manage authentication and thus requires you to provide a token in the Authorization header of each request`
			`with the Bearer authentication mechanism.`

			`Example:`

			```
			`Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTQ5OTM3NjE1NH0.NJ6vE8FY1WG6jsRQzfMqeatJ4vh2TWAeeYfDhP71YEE`
			```

			`# Security`

			`Each API endpoint has an associated access policy, it is documented in the description of each endpoint.`

			`Different access policies are available:`

			`- Public access`
			`- Authenticated access`
			`- Restricted access`
			`- Administrator access`

			`### Public access`

			`No authentication is required to access the endpoints with this access policy.`

			`### Authenticated access`

			`Authentication is required to access the endpoints with this access policy.`

			`### Restricted access`

			`Authentication is required to access the endpoints with this access policy.`
			`Extra-checks might be added to ensure access to the resource is granted. Returned data might also be filtered.`

			`### Administrator access`

			`Authentication as well as an administrator role are required to access the endpoints with this access policy.`

			`# Execute Docker requests`

			`Portainer DO NOT expose specific endpoints to manage your Docker resources (create a container, remove a volume, etc...).`

			`Instead, it acts as a reverse-proxy to the Docker HTTP API. This means that you can execute Docker requests via the Portainer HTTP API.`

			To do so, you can use the `/endpoints/{id}/docker` Portainer API endpoint (which is not documented below due to Swagger limitations). This endpoint has a restricted access policy so you still need to be authenticated to be able to query this endpoint. Any query on this endpoint will be proxied to the Docker API of the associated endpoint (requests and responses objects are the same as documented in the Docker API).

Remove references to deviantony gist (#5594) 2021-09-13 09:00:49 +12:00			`NOTE: You can find more information on how to query the Docker API in the [Docker official documentation](https://docs.docker.com/engine/api/v1.30/) as well as in [this Portainer example](https://documentation.portainer.io/api/api-examples/).`