PyPI API
- Tier: Free, Premium, Ultimate
- Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
Use this API to interact with the PyPI package manager client.
This API is used by the PyPI package manager client and is generally not meant for manual consumption.
These endpoints do not adhere to the standard API authentication methods. See the PyPI package registry documentation for details on which headers and token types are supported. Undocumented authentication methods might be removed in the future.
Twine 3.4.2 or greater is recommended when FIPS mode is enabled.
Download a package file for a group
Downloads a specified PyPI package file for a group. The simple API usually supplies this URL.
GET groups/:id/-/packages/pypi/files/:sha256/:file_identifier| Attribute | Type | Required | Description |
|---|---|---|---|
id | string | yes | The ID or full path of the group. |
sha256 | string | yes | The PyPI package file’s sha256 checksum. |
file_identifier | string | yes | The PyPI package file’s name. |
curl --user <username>:<personal_access_token> \
--url "https://gitlab.example.com/api/v4/groups/1/-/packages/pypi/files/5y57017232013c8ac80647f4ca153k3726f6cba62d055cd747844ed95b3c65ff/my.pypi.package-0.0.1.tar.gz"To write the output to a file:
curl --user <username>:<personal_access_token> \
--url "https://gitlab.example.com/api/v4/groups/1/-/packages/pypi/files/5y57017232013c8ac80647f4ca153k3726f6cba62d055cd747844ed95b3c65ff/my.pypi.package-0.0.1.tar.gz" >> my.pypi.package-0.0.1.tar.gzThis writes the downloaded file to my.pypi.package-0.0.1.tar.gz in the current
directory.
List all packages for a group
Lists all packages for the specified group in an HTML file.
GET groups/:id/-/packages/pypi/simple| Attribute | Type | Required | Description |
|---|---|---|---|
id | string | yes | The ID or full path of the group. |
curl --user <username>:<personal_access_token> \
--url "https://gitlab.example.com/api/v4/groups/1/-/packages/pypi/simple"Example response:
<!DOCTYPE html>
<html>
<head>
<title>Links for Group</title>
</head>
<body>
<h1>Links for Group</h1>
<a href="https://gitlab.example.com/api/v4/groups/1/-/packages/pypi/simple/my-pypi-package" data-requires-python="">my.pypi.package</a><br><a href="https://gitlab.example.com/api/v4/groups/1/-/packages/pypi/simple/package-2" data-requires-python="3.8">package_2</a><br>
</body>
</html>To write the output to a file:
curl --user <username>:<personal_access_token> \
--url "https://gitlab.example.com/api/v4/groups/1/-/packages/pypi/simple" >> simple_index.htmlThis writes the downloaded file to simple_index.html in the current directory.
Retrieve package descriptor for a group
Retrieves the package descriptor as an HTML file for a specified package in a group.
GET groups/:id/-/packages/pypi/simple/:package_name| Attribute | Type | Required | Description |
|---|---|---|---|
id | string | yes | The ID or full path of the group. |
package_name | string | yes | The name of the package. |
curl --user <username>:<personal_access_token> \
--url "https://gitlab.example.com/api/v4/groups/1/-/packages/pypi/simple/my.pypi.package"Example response:
<!DOCTYPE html>
<html>
<head>
<title>Links for my.pypi.package</title>
</head>
<body>
<h1>Links for my.pypi.package</h1>
<a href="https://gitlab.example.com/api/v4/groups/1/-/packages/pypi/files/5y57017232013c8ac80647f4ca153k3726f6cba62d055cd747844ed95b3c65ff/my.pypi.package-0.0.1-py3-none-any.whl#sha256=5y57017232013c8ac80647f4ca153k3726f6cba62d055cd747844ed95b3c65ff" data-requires-python=">=3.6">my.pypi.package-0.0.1-py3-none-any.whl</a><br><a href="https://gitlab.example.com/api/v4/groups/1/-/packages/pypi/files/9s9w01b0bcd52b709ec052084e33a5517ffca96f7728ddd9f8866a30cdf76f2/my.pypi.package-0.0.1.tar.gz#sha256=9s9w011b0bcd52b709ec052084e33a5517ffca96f7728ddd9f8866a30cdf76f2" data-requires-python=">=3.6">my.pypi.package-0.0.1.tar.gz</a><br>
</body>
</html>To write the output to a file:
curl --user <username>:<personal_access_token> \
--url "https://gitlab.example.com/api/v4/groups/1/-/packages/pypi/simple/my.pypi.package" >> simple.htmlThis writes the downloaded file to simple.html in the current directory.
Download a package file for a project
Downloads a specified PyPI package file for a project. The simple API usually supplies this URL.
GET projects/:id/packages/pypi/files/:sha256/:file_identifier| Attribute | Type | Required | Description |
|---|---|---|---|
id | string | yes | The ID or full path of the project. |
sha256 | string | yes | PyPI package file sha256 check sum. |
file_identifier | string | yes | The PyPI package filename. |
curl --user <username>:<personal_access_token> \
--url "https://gitlab.example.com/api/v4/projects/1/packages/pypi/files/5y57017232013c8ac80647f4ca153k3726f6cba62d055cd747844ed95b3c65ff/my.pypi.package-0.0.1.tar.gz"To write the output to a file:
curl --user <username>:<personal_access_token> \
--url "https://gitlab.example.com/api/v4/projects/1/packages/pypi/files/5y57017232013c8ac80647f4ca153k3726f6cba62d055cd747844ed95b3c65ff/my.pypi.package-0.0.1.tar.gz" >> my.pypi.package-0.0.1.tar.gzThis writes the downloaded file to my.pypi.package-0.0.1.tar.gz in the current
directory.
List all packages for a project
Lists all packages for the specified project in an HTML file.
GET projects/:id/packages/pypi/simple| Attribute | Type | Required | Description |
|---|---|---|---|
id | string | yes | The ID or full path of the project. |
curl --user <username>:<personal_access_token> \
--url "https://gitlab.example.com/api/v4/projects/1/packages/pypi/simple"Example response:
<!DOCTYPE html>
<html>
<head>
<title>Links for Project</title>
</head>
<body>
<h1>Links for Project</h1>
<a href="https://gitlab.example.com/api/v4/projects/1/packages/pypi/simple/my-pypi-package" data-requires-python="">my.pypi.package</a><br><a href="https://gitlab.example.com/api/v4/projects/1/packages/pypi/simple/package-2" data-requires-python="3.8">package_2</a><br>
</body>
</html>To write the output to a file:
curl --user <username>:<personal_access_token> \
--url "https://gitlab.example.com/api/v4/projects/1/packages/pypi/simple" >> simple_index.htmlThis writes the downloaded file to simple_index.html in the current directory.
Retrieve package descriptor for a project
Retrieves the package descriptor as an HTML file for a specified package in a project.
GET projects/:id/packages/pypi/simple/:package_name| Attribute | Type | Required | Description |
|---|---|---|---|
id | string | yes | The ID or full path of the project. |
package_name | string | yes | The name of the package. |
curl --user <username>:<personal_access_token> \
--url "https://gitlab.example.com/api/v4/projects/1/packages/pypi/simple/my.pypi.package"Example response:
<!DOCTYPE html>
<html>
<head>
<title>Links for my.pypi.package</title>
</head>
<body>
<h1>Links for my.pypi.package</h1>
<a href="https://gitlab.example.com/api/v4/projects/1/packages/pypi/files/5y57017232013c8ac80647f4ca153k3726f6cba62d055cd747844ed95b3c65ff/my.pypi.package-0.0.1-py3-none-any.whl#sha256=5y57017232013c8ac80647f4ca153k3726f6cba62d055cd747844ed95b3c65ff" data-requires-python=">=3.6">my.pypi.package-0.0.1-py3-none-any.whl</a><br><a href="https://gitlab.example.com/api/v4/projects/1/packages/pypi/files/9s9w01b0bcd52b709ec052084e33a5517ffca96f7728ddd9f8866a30cdf76f2/my.pypi.package-0.0.1.tar.gz#sha256=9s9w011b0bcd52b709ec052084e33a5517ffca96f7728ddd9f8866a30cdf76f2" data-requires-python=">=3.6">my.pypi.package-0.0.1.tar.gz</a><br>
</body>
</html>To write the output to a file:
curl --user <username>:<personal_access_token> \
--url "https://gitlab.example.com/api/v4/projects/1/packages/pypi/simple/my.pypi.package" >> simple.htmlThis writes the downloaded file to simple.html in the current directory.
Upload a package
Uploads a PyPI package for a specified project.
POST projects/:id/packages/pypi| Attribute | Type | Required | Description |
|---|---|---|---|
id | string | Yes | The ID or full path of the project. |
requires_python | string | No | The PyPI required version. |
sha256_digest | string | No | The SHA256 checksum of the package file. Not required for uploads, but without this attribute, pip install fails because package index URLs lack required checksums. |
curl --request POST \
--form 'content=@path/to/my.pypi.package-0.0.1.tar.gz' \
--form "sha256_digest=$(shasum -a 256 < path/to/my.pypi.package-0.0.1.tar.gz | cut -d' ' -f1)" \
--form 'name=my.pypi.package' \
--form 'version=1.3.7' \
--user <username>:<personal_access_token> \
--url "https://gitlab.example.com/api/v4/projects/1/packages/pypi"