Group and project access requests API

Tier: Free, Premium, Ultimate Offering: GitLab.com, Self-managed, GitLab Dedicated

Valid access levels

The access levels are defined in the Gitlab::Access module, and the following levels are recognized:

  • No access (0)
  • Minimal access (5) (Introduced in GitLab 13.5.)
  • Guest (10)
  • Reporter (20)
  • Developer (30)
  • Maintainer (40)
  • Owner (50). Valid for projects in GitLab 14.9 and later.

List access requests for a group or project

Gets a list of access requests viewable by the authenticated user.

GET /groups/:id/access_requests
GET /projects/:id/access_requests
Attribute Type Required Description
id integer/string yes The ID or URL-encoded path of the project owned by the authenticated user

Example request:

curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/:id/access_requests"
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/:id/access_requests"

Example response:

[
 {
   "id": 1,
   "username": "raymond_smith",
   "name": "Raymond Smith",
   "state": "active",
   "created_at": "2012-10-22T14:13:35Z",
   "requested_at": "2012-10-22T14:13:35Z"
 },
 {
   "id": 2,
   "username": "john_doe",
   "name": "John Doe",
   "state": "active",
   "created_at": "2012-10-22T14:13:35Z",
   "requested_at": "2012-10-22T14:13:35Z"
 }
]

Request access to a group or project

Requests access for the authenticated user to a group or project.

POST /groups/:id/access_requests
POST /projects/:id/access_requests
Attribute Type Required Description
id integer/string yes The ID or URL-encoded path of the group or project

Example request:

curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/:id/access_requests"
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/:id/access_requests"

Example response:

{
  "id": 1,
  "username": "raymond_smith",
  "name": "Raymond Smith",
  "state": "active",
  "created_at": "2012-10-22T14:13:35Z",
  "requested_at": "2012-10-22T14:13:35Z"
}

Approve an access request

Approves an access request for the given user.

PUT /groups/:id/access_requests/:user_id/approve
PUT /projects/:id/access_requests/:user_id/approve
Attribute Type Required Description
id integer/string yes The ID or URL-encoded path of the project owned by the authenticated user
user_id integer yes The user ID of the access requester
access_level integer no A valid access level (defaults: 30, the Developer role)

Example request:

curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/:id/access_requests/:user_id/approve?access_level=20"
curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/:id/access_requests/:user_id/approve?access_level=20"

Example response:

{
  "id": 1,
  "username": "raymond_smith",
  "name": "Raymond Smith",
  "state": "active",
  "created_at": "2012-10-22T14:13:35Z",
  "access_level": 20
}

Deny an access request

Denies an access request for the given user.

DELETE /groups/:id/access_requests/:user_id
DELETE /projects/:id/access_requests/:user_id
Attribute Type Required Description
id integer/string yes The ID or URL-encoded path of the project owned by the authenticated user
user_id integer yes The user ID of the access requester

Example request:

curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/:id/access_requests/:user_id"
curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/:id/access_requests/:user_id"