1. Home
  2. Categories
  3. Support
  4. Restricting API access to View/Download

Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Restricting API access to View/Download

  • vfortin

    Hello, I'm trying to grant access to view and download Debian packages from our feed for another team but haven't been successful in doing so without also granting Delete/Update/Upload privileges.

    This was with the native API, by using the Impersonate User field and by selecting a user with distinct privileges and restrictions set up. Since I'm not able to setup the permissions doing so and the usage of the native API does not seem recommended either way I'm now trying to accomplish my task with the Feed API. However I haven't been able to replicate the queries I was doing with the native API.

    Here is the request I'd like to give them access to:

    <server>/api/json/DebianPackages_GetPackageVersions?key=<key>

    And the request I'm using to make sure they don't actually have the permission to delete a package of the same type:

    <server>/api/json/DebianPackages_DeletePackage?key=<key>&Feed_Id=<feedId>&Component_Name=<componentName>&Package_Name=<packageName>&Architecture_Name=<architectureName>&Version_Text=<versionText>

    Going through the documentation (https://docs.inedo.com/docs/proget/reference/api) I'm not seeing a page named "Feed API" as mentionned on the API Keys page, therefore I am not sure how to structure my requests.

    I've also went through pages of the forum and found this thread: https://forums.inedo.com/topic/2906/understanding-the-api-for-nuget-packages but I remain confused, as when trying to use the OData query I received a 404 OData method is not implemented (not that I necessarily want OData, I only want to access the Feed API).

    0
  • atripp
    inedo-engineer

    Hello;

    The Native API is for low, system-level functions, and it's "all or nothing". If you give someone access to Native API, you are effectively making them an administrator, as they can also change permissions and grant admin privileges. So, I don't think you want this. Instead, you'll want to use the Debian API endpoint that we implement.

    It's a third-party API format

    In order to support third-party package formats types like NuGet, npm, etc., ProGet implements a variety of third-party APIs. We only provide minimal documentation for these APIs, as they are generally either already documented elsewhere. However, you can generally find the basics by searching for specific things you'd like to do with the API, such as "how to search for packages using the NuGet API" or "how to publish an npm package using the API".

    So in this case, I recommend to search "how to view and download apt packages".

    1
  • vfortin

    The team in question was already using apt but was looking for an alternative since they had less parsing to do to get the information relevant to them with the native API call rather than using apt show. But since using the native API is not a viable option as you have confirmed me and we'd instead need a third party API they'll keep using apt.

    Thank you for your input.

    0
Log in to reply
 
Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation