LoginSign UpGet Demo
Get accountRequest Demo
DocumentationIntegrationsTools
BlogChangelogPricingLogin
Back

GitLab API Essential Guide

Aug 2, 20246 minute read

What type of API does GitLab provide?

GitLab offers both REST and GraphQL APIs. Here are the key points:

REST API

  • GitLab has a comprehensive REST API that allows interacting with most GitLab resources and features.
  • The REST API uses standard HTTP methods like GET, POST, PUT, DELETE etc.
  • It's accessible at /api/v4 endpoint.

GraphQL API

  • GitLab also offers a GraphQL API, which is more flexible and efficient for many use cases.
  • The GraphQL API endpoint is located at /api/graphql.
  • It allows querying for exactly the data needed in a single request.
  • GitLab provides an interactive GraphQL explorer to help explore and test queries.

Key Considerations

  • Both APIs require authentication, typically using personal access tokens or OAuth 2.0 tokens.
  • The GraphQL API is considered versionless, while the REST API is versioned.
  • GraphQL is recommended for more complex queries and when you need very specific data.
  • The REST API may be simpler for basic operations.

Best Practices

  • Use the appropriate API based on your needs - GraphQL for complex/specific queries, REST for simpler operations.
  • Authenticate securely using tokens rather than username/password.
  • Familiarize yourself with the API documentation and use the interactive explorers when available.
  • Be aware of rate limits and optimize your requests to avoid hitting them.

In summary, GitLab provides both REST and GraphQL APIs, giving developers flexibility in how they interact with GitLab programmatically. The choice between them depends on the specific use case and requirements of your integration.

Does the GitLab API have webhooks?

Does GitLab API have webhooks?

Yes, GitLab's official API supports webhooks.

Types of events you can subscribe to:

GitLab webhooks can be triggered by various events, including:

  • Push events
  • Tag events
  • Issue events
  • Comment events
  • Merge request events
  • Wiki page events
  • Pipeline events
  • Job events
  • Deployment events
  • Feature flag events
  • Release events
  • Emoji events
  • Project/group access token events

Key points about GitLab webhooks:

  • Webhooks can be configured for both projects and groups
  • You can set up custom HTTP callbacks triggered by specific GitLab events
  • Webhooks send JSON data about the event to the configured URL
  • You can view webhook request history for debugging
  • There are limits on the number of webhooks and webhook calls per minute
  • Webhooks that fail repeatedly may be auto-disabled
  • You can set custom payload templates for webhooks

Creating and managing webhooks:

  • Webhooks are created and managed through the GitLab UI or API
  • You specify the URL endpoint that will receive the webhook payload
  • You select which event types should trigger the webhook
  • You can add a secret token for webhook validation
  • GitLab provides APIs to list, create, edit and delete webhooks

Receiving webhooks:

  • You need to set up your own endpoint/server to receive and process the webhook payloads
  • GitLab does not provide pre-defined webhook receiver endpoints
  • Your webhook receiver should follow certain best practices like responding quickly

Rate Limits and other limitations

Here are the key points about API rate limits for the GitLab API:

General Rate Limits

  • GitLab.com has a general rate limit of 10 requests per second per IP address [4].

  • For self-managed GitLab instances, many rate limits are configurable [4].

Specific API Rate Limits

  • Projects API:

    • GET /projects (unauthenticated): 400 requests per 10 minutes
    • GET /projects (authenticated): 2000 requests per 10 minutes
    • GET /projects/:id: 400 requests per minute
    • GET /users/:user_id/projects: 300 requests per minute
    • GET /users/:user_id/contributed_projects: 100 requests per minute
    • GET /users/:user_id/starred_projects: 100 requests per minute [3]

  • Users API: Configurable per-user rate limit for requests [1]

  • Members API: Configurable rate limit per group/project per user for delete operations [5]

  • Other endpoints have specific rate limits, like:

    • aiAction GraphQL mutation: 160 calls per 8 hours per authenticated user
    • Notification emails: 1,000 per 24 hours per project/group per user
    • Username changes: 10 per minute per authenticated user [2]

Key Points

  • Many rate limits are applied per user for authenticated requests and per IP address for unauthenticated requests [3].

  • Rate limits can often be configured or disabled (set to 0) for self-managed instances [3][5].

  • Requests exceeding rate limits are typically logged in the auth.log file [1][3][5].

  • GitLab.com may have different rate limits than self-managed instances [4].

Best Practices

  • Use authentication when possible to get higher rate limits [3].

  • Implement exponential backoff and retry logic for failed requests [2].

  • Stagger automated pipeline executions to avoid hitting limits [2].

  • Monitor the rate limit headers returned in API responses to track usage [4].

In summary, GitLab implements various rate limits to protect the API from abuse while allowing normal usage. The specific limits vary by endpoint and whether the request is authenticated. Self-managed instances have more flexibility to configure limits as needed.

Latest API Version

The most recent version of the GitLab API is v4. Here are the key points about the GitLab API version:

  1. The current major version of the GitLab API is v4 [4].

  2. The API uses a single number (4) to represent the major version, following SemVer principles [4].

  3. New features can be added to the API without changing the major version number [4].

  4. The API endpoint for getting version information is:

    GET /api/v4/version

    This returns version details for authenticated users [1].

  5. The Version API returns information like:

    {
  "version": "8.13.0-pre",
  "revision": "4e963fe"
}

    This shows the GitLab instance version and revision [1].

  6. Major API version changes are done in tandem with major GitLab releases [4].

  7. There is no official API to get the latest available GitLab version. Some workarounds include:

    • Querying https://version.gitlab.com/check.svg with encoded version info [5]
    • Checking the GitLab GitHub repository tags [5]
    • Querying the Docker Hub repository for latest tags [5]

  8. For checking available updates, you can use:

    curl -e "https://myserver.some.domain" "https://version.gitlab.com/check.json?gitlab_info=${VERSION}"

    Where VERSION is your current version encoded in base64 [5].

  9. The API supports JSON content type by default, though some endpoints may support plain text [4].

In summary, while v4 is the current major API version, GitLab continuously adds features and improvements within this version. To check for updates, you'll need to use workarounds or the version check endpoint rather than a dedicated API call.

How to get a GitLab developer account and API Keys?

To get a developer account for GitLab and create an API integration, you can follow these steps:

Create a GitLab Account

  1. Go to GitLab.com and sign up for a free account if you don't already have one.
  2. Verify your email address and complete the account setup process.

Generate a Personal Access Token

  1. Log in to your GitLab account.
  2. Click on your profile picture in the top-right corner and select "Preferences".
  3. In the left sidebar, click on "Access Tokens".
  4. Give your token a name and select an expiration date (or leave it blank for a non-expiring token).
  5. Choose the scopes (permissions) for your token based on what you need for your API integration. Common scopes include:
    • api: Full API access
    • read_api: Read-only access to the API
    • read_user: Read-only access to the authenticated user's personal information
    • read_repository: Read-only access to repositories
  6. Click "Create personal access token".
  7. Copy and securely store the generated token. You won't be able to see it again after leaving the page.

Key Points to Consider

  • Personal access tokens are tied to your individual account. For production applications, consider using OAuth 2.0 instead.
  • Be careful with the scopes you grant to your token. Only give the minimum permissions necessary for your integration.
  • Keep your access token secure. Treat it like a password and don't share it publicly.
  • You can create multiple tokens with different scopes for different purposes or applications.

Using the API

Once you have your personal access token, you can use it to authenticate API requests. Here's an example using curl:

curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.com/api/v4/projects"

Replace <your_access_token> with the token you generated.

What can you do with the GitLab API?

Based on the search results provided, here is a list of data models you can interact with using the GitLab API, along with what is possible for each:

Integrations

  • List all active integrations for a project
  • Get details of specific integrations (e.g. Jenkins CI, Alerts endpoint)
  • Set up and configure various integrations like:
    • Google Artifact Management
    • Google Cloud Identity and Access Management (IAM)
    • Datadog
    • Slack

Projects

  • Create, read, update, and delete projects
  • Manage project settings and attributes
  • Handle project visibility levels (private, internal, public)
  • Work with project hooks:
    • Add project hooks
    • Configure hook settings (URL, events to trigger, etc.)

Uploads

  • List uploads for a project
  • Upload files to a project

Users and Authentication

  • Manage user accounts and permissions
  • Handle authentication and access tokens

Repositories

  • Interact with Git repositories
  • Manage branches, tags, and commits

Issues and Merge Requests

  • Create, read, update, and delete issues and merge requests
  • Manage labels, milestones, and other metadata

CI/CD

  • Manage pipelines and jobs
  • Work with runners

Deployments

  • Handle deployments and environments

Security Features

  • Interact with security scanning results (SAST, Dependency Scanning, Container Scanning)
  • Work with API Discovery and API Fuzzing features
  • Manage vulnerability findings

Analytics and Metrics

  • Access various analytics and metrics data

Groups and Namespaces

  • Manage group structures and settings
  • Handle namespace-related operations

Wikis

  • Interact with project wikis

Snippets

  • Manage code snippets

System Hooks

  • Configure and manage system-wide hooks

This list covers the main data models and functionalities available through the GitLab API based on the provided search results. Each of these areas typically supports CRUD (Create, Read, Update, Delete) operations where applicable, as well as various specific actions related to the particular feature or data model.

Ship integrations on autopilot

Get Demo
Resources
DocumentationIntegrationsAPI Integration GuidesBlogChangelogPricingSupport
Legal
Terms of ServicePrivacy PolicyGoogle API
© 2024 Playbook Software Inc.