Repository Service for TUF REST API Documentation

API Authentication and Authorization

Note

The build-in feature authentication and authorization can be disabled.

For disabling see the Docker Image RSTUF_AUTH environment variable

The admin user can request a token using the Authentication endpoint api/v1/token/. The API will give the token with expiration (in hours). The Default is 1 (hour).

@startuml
    User -> API: Auth Request Token
    API -> API: validates token
    API -> User: Response with Token
@enduml

A valid token, with scope write:token can also request tokens using the Rest API endpoint api/v1/token/new.

@startuml
    User -> API: HTTP Request Token with Token (token/new)
    API -> API: Validates scope 'write:token'
    API -> User: Response with Token
@enduml

Warning

All endpoints require a valid token that contains the required scope.

@startuml
    User -> API: HTTP Request HEADERS with Token
    API -> API:validates token
    API -> User: Response content
@enduml

Note

Please check the Repository Service for TUF CLI

$ repository-service-tuf admin token

API Documentation

The REST API Swagger Documentation is available after the deploy at (http://<IP-ADDRESS>/)

An online version is available in https://repository-service-tuf.github.io/repository-service-tuf-api/