- Private Packagist API Client
- Table of Contents
- Requirements
- Install
- Basic usage of private-packagist/api-client client
- Documentation
- Organization
- Team
- List an organization's teams
- Create a New Team
- Show a Team
- Edit a Team
- Grant All Package Access
- Revoke All Package Access
- Delete a Team
- Add Member to Team (by User ID)
- Remove Member from Team
- List all private packages a team has access to
- Grant a team access to a list of private packages
- Remove access for a package from a team
- Authentication Tokens
- Customer
- List an organization's customers
- Show a customer
- Create a customer
- Edit a customer
- Delete a customer
- Enable a customer
- Disable a customer
- List a customer's packages
- Show a customer's package
- Grant a customer access to a package or edit the limitations
- Revoke access to a package from a customer
- Regenerate a customer's Composer repository token
- List a customer's vendor bundles
- Grant a customer access to a vendor bundle or edit the limitations
- Revoke access to a vendor bundle from a customer
- Vendor Bundle
- Subrepository
- List an organization's subrepositories
- Show a subrepository
- Create a subrepository
- Delete a subrepository
- List a subrepository's teams
- Add a team to a subrepository or edit the permission
- Remove a team from a subrepository
- List a subrepository's packages
- Show a subrepository package
- Create a vcs package in a subrepository
- Create a vcs package with credentials in a subrepository
- Create a custom package in a subrepository
- Create a custom package with credentials in a subrepository
- Edit a vcs package in a subrepository in a subrepository
- Edit a custom package in a subrepository
- Delete a package from a subrepository
- List all dependents of a subrepository package
- List a subrepository's authentication tokens
- Create a subrepository authentication token
- Delete a subrepository authentication token
- Regenerate a subrepository authentication token
- List a subrepository's mirrored repositories
- Show a mirrored repository
- Add mirrored repositories to a subrepository
- Edit the mirroring behaviour of mirrored repository in a subrepository
- Delete a mirrored repository from a subrepository
- List all mirrored packages from a mirrored repository in a subrepository
- Add mirrored packages from one mirrored repository to a subrepository
- Remove all mirrored packages from one mirrored repository in a subrepository
- Package
- List an organization's packages
- Show a package
- Create a vcs package
- Create a vcs package with credentials
- Create a vcs package with a specific type
- Create a custom package
- Create a custom package with credentials
- Edit a vcs package
- Edit a custom package
- Delete a package
- List all dependents of a package
- List all customers with access to a package
- List all security issues of a package
- Show the security monitoring config of a package
- Edit the security monitoring config of a package
- Create an artifact package file
- Create an artifact package
- Add an artifact file to an existing package
- Update or replace artifact files of a package
- Credential
- Mirrored Repository
- Job
- Security Issue
- Magento legacy keys
- Validate incoming webhook payloads
- License
- PHP >= 7.2
- Guzzle library,
Via Composer:
$ composer require private-packagist/api-client guzzlehttp/guzzle
Why do you need to require guzzlehttp/guzzle
? We are decoupled from any HTTP messaging client with help by HTTPlug, so you can pick an HTTP client of your choice, guzzle is merely a recommendation.
<?php
// This file is generated by Composer
require_once __DIR__ . '/vendor/autoload.php';
$client = new \PrivatePackagist\ApiClient\Client();
$client->authenticate('api-key', 'api-secret');
$packages = $client->packages()->all();
From $client
object, you can access the full Private Packagist API.
Full documentation can be found in the Private Packagist documentation.
$jobs = $client->organization()->sync();
Returns an array of created jobs. One for every synchronization.
The permissions available for a team are:
canEditTeamPackages
: members of the team can edit and remove packages, assign package permissions (only applies to packages assigned to team).canAddPackages
: members of the team can add packages to organization; add, edit and remove credentials and mirrored third-party repositories.canCreateSubrepositories
: members of the team can create subrepositories.canViewVendorCustomers
: members of the team can view customers, their Composer information, their packages, and their install statistics.canManageVendorCustomers
: members of the team can create and delete customers, add and remove packages, update their settings, view Composer information and install statistics.
use PrivatePackagist\ApiClient\TeamPermissions;
$permissions = new TeamPermissions;
// Grant all permissions.
$permissions->canEditTeamPackages = true;
$permissions->canAddPackages = true;
$permissions->canCreateSubrepositories = true;
$permissions->canManageVendorCustomers = true;
$permissions->canManageVendorCustomers = true;
The permissions model can also be constructed via flags:
use PrivatePackagist\ApiClient\TeamPermissions;
$permissions = TeamPermissions::fromFlags(
TeamPermissions::PERMISSION_CAN_EDIT_TEAM_PACKAGES | TeamPermissions::PERMISSION_CAN_ADD_PACKAGES,
);
Or from the permissions of an existing team:
use PrivatePackagist\ApiClient\TeamPermissions;
$team = $client->teams()->all()[0];
$permissions = TeamPermissions::fromTeamResponse($team);
$teams = $client->teams()->all();
Returns an array of teams.
use PrivatePackagist\ApiClient\TeamPermissions;
$permissions = new TeamPermissions;
$team = $client->teams()->create('New Team Name', $permissions);
Creates a team and sets permissions applied to team members. Returns the newly-created team.
$team = $client->teams()->show($teamId);
Returns the team including all its members.
use PrivatePackagist\ApiClient\TeamPermissions;
$permissions = new TeamPermissions;
$team = $client->teams()->edit($teamId, 'Altered Team Name', $permissions);
Edits a team's name and permissions to be applied to team members. Returns the updated team.
$team = $client->teams()->grantAccessToAllPackages($teamId);
Granting a team access to all packages will give this team access to all current and future organization packages which do not have their permissions synchronized.
$team = $client->teams()->revokeAccessToAllPackages($teamId);
Revoking a team's access to all packages will not remove access to packages the team can currently access, but will prevent access to new packages and allow revoking individual package access.
$client->teams()->remove($teamId);
$team = $client->teams()->addMember($teamId, $userId);
Returns the team the user was added to.
$client->teams()->removeMember($teamId, $userId);
$teamId = 1;
$packages = $client->teams()->packages($teamId);
Returns an array of packages.
You pass an array of packages to give access to. The values of the array can be either package ID or package name.
$teamId = 1;
$packages = $client->teams()->addPackages($teamId, ['acme-website/package', 1]);
Returns an array of packages.
You can use the package ID or package name as a reference.
$teamId = 1;
$packages = $client->teams()->removePackage($teamId, 'acme-website/package');
$tokens = $client->tokens()->all();
Returns an array of team tokens.
// Create a new token with access to all packages
$token = $client->tokens()->create([
'description' => 'New Team Token',
'access' => 'read',
'accessToAllPackages' => true,
]);
// Create a new token with access to packages a team has access to
$token = $client->tokens()->create([
'description' => 'New Team Token',
'access' => 'read',
'teamId' => 1, // Get teamId from the list of teams to determine to which packages the token has access to
]);
Returns the created token.
$client->tokens()->remove($tokenId));
$customerId = 42;
$confirmation = [
'IConfirmOldTokenWillStopWorkingImmediately' => true,
];
$token = $client->tokens()->regenerateToken($tokenId, $confirmation);
Returns the regenerated token.
$customers = $client->customers()->all();
Returns an array of customers.
$customerId = 42;
$customer = $client->customers()->show($customerId);
// or
$customerUrlName = 'customer-url-name';
$customer = $client->customers()->show($customerUrlName);
Returns a single customer.
$customer = $client->customers()->create('New customer name');
// or
$customer = $client->customers()->create('New customer name', false, 'customer-url-name', 'beta', true);
Returns the customer.
$customerId = 42;
$customerData = [
'name' => $name,
'urlName' => 'customer',
'accessToVersionControlSource' => false,
'minimumAccessibleStability' => 'beta',
'assignAllPackages' => true,
];
$customer = $client->customers()->edit($customerId, $customerData);
Returns the customer.
$customerId = 42;
$client->customers()->remove($customerId);
$customerId = 42;
$customer = $client->customers()->enable($customerId);
$customerId = 42;
$customer = $client->customers()->disable($customerId);
$customerId = 42;
$packages = $client->customers()->listPackages($customerId);
Returns an array of customer packages.
$customerId = 42;
$package = $client->customers()->showPackage($customerId, $packageName);
$accessibleVersions = $package['versions'];
Returns a customer's package, including the versions that the customer has been granted access to.
$customerId = 42;
$packages = [
[
'name' => 'acme-website/package',
'versionConstraint' => '^1.0 | ^2.0', // optional version constraint to limit updates the customer receives
'expirationDate' => (new \DateTime())->add(new \DateInterval('P1Y'))->format('c'), // optional expiration date to limit updates the customer receives
'minimumAccessibleStability' => 'beta', // optional stability to restrict customers to specific package version stabilities like alpha, beta, or RC
],
];
$packages = $client->customers()->addOrEditPackages($customerId, $packages);
Returns an array of all added or edited customer packages.
You can reference the package by its ID or name.
$customerId = 42;
$packageName = 'acme-website/package';
$client->customers()->removePackage($customerId, $packageName);
$customerId = 42;
$confirmation = [
'IConfirmOldTokenWillStopWorkingImmediately' => true,
];
$composerRepository = $client->customers()->regenerateToken($customerId, $confirmation);
Returns the edited Composer repository.
$customerId = 42;
$packages = $client->customers()->vendorBundles()->listVendorBundles($customerId);
Returns an array of customer vendor bundles.
$customerId = 42;
$vendorBundleId = 12;
$expirationDate = (new \DateTime())->add(new \DateInterval('P1Y'))->format('c'), // optional expiration date to limit updates the customer receives
$packages = $client->customers()->vendorBundles()->addOrEditVendorBundle($customerId, $vendorBundleId, $expirationDate);
Returns the added or edited customer vendor bundle.
$customerId = 42;
$vendorBundleId = 12;
$client->customers()->vendorBundles()->removeVendorBundle($customerId, $vendorBundleId);
$vendorBundles = $client->vendorBundles()->all();
Returns an array of vendor bundles.
$vendorBundleId = 42;
$vendorBundle = $client->vendorBundles()->show($vendorBundleId);
Returns a single vendor bundle.
$vendorBundle = $client->vendorBundles()->create('New bundle name');
// or
$vendorBundle = $client->vendorBundles()->create('New bundle name', 'dev', '^1.0', true, [123]);
Returns the vendor bundle.
$vendorBundleId = 42;
$vendorBundleData = [
'name' => 'Bundle name',
'minimumAccessibleStability' => 'dev',
'versionConstraint' => '^1.0',
'assignAllPackages' => true,
'synchronizationIds' => [123], // A list of synchronization ids for which new packages should automatically be added to the bundle.
];
$vendorBundle = $client->vendorBundles()->edit($vendorBundleId, $vendorBundleData);
Returns the vendor bundle.
$vendorBundleId = 42;
$client->vendorBundles()->remove($vendorBundleId);
$vendorBundleId = 42;
$packages = $client->vendorBundles()->packages()->listPackages($vendorBundleId);
Returns an array of vendor bundle packages.
$vendorBundleId = 42;
$packages = [
[
'name' => 'acme-website/package',
'versionConstraint' => '^1.0 | ^2.0', // optional version constraint to limit updates the customer receives
'minimumAccessibleStability' => 'beta', // optional stability to restrict customers to specific package version stabilities like alpha, beta, or RC
],
];
$packages = $client->vendorBundles()->packages()->addOrEditPackages($vendorBundleId, $packages);
Returns an array of all added or edited customer packages.
You can reference the package by its ID or name.
$vendorBundleId = 42;
$packageName = 'acme-website/package';
$client->vendorBundles()->packages()->removePackage($vendorBundleId, $packageName);
$subrepositories = $client->subrepositories()->all();
Returns an array of subrepositories.
$subrepositoryName = 'subrepository';
$subrepository = $client->subrepositories()->show($subrepositoryName);
Returns a single subrepository.
$subrepository = $client->subrepositories()->create('New subrepository name');
Returns the subrepository.
$subrepositoryName = 'subrepository';
$client->subrepositories()->remove($subrepositoryName);
$subrepositoryName = 'subrepository';
$teams = $client->subrepositories()->listTeams($subrepositoryName);
Returns an array of subrepositories teams.
$subrepositoryName = 'subrepository';
$teams = [
[
'id' => 12,
'permission' => 'owner',
],
];
$teams = $client->subrepositories()->addOrEditTeams($subrepositoryName, $teams);
Returns an array of added subrepository teams.
$subrepositoryName = 'subrepository';
$teamId = 12;
$client->subrepositories()->removeTeam($subrepositoryName, $teamId);
$subrepositoryName = 'subrepository';
$packages = $client->subrepositories()->packages()->all($subrepositoryName);
Returns an array of subrepositories packages.
You can reference a package by its name or ID.
$subrepositoryName = 'subrepository';
// Either use package name:
$package = $client->subrepositories()->packages()->show($subrepositoryName, 'acme-website/package');
// Or the package ID:
$package = $client->subrepositories()->packages()->show($subrepositoryName, 123);
Returns the package.
$subrepositoryName = 'subrepository';
$job = $client->subrepositories()->packages()->createVcsPackage($subrepositoryName, 'https://github.com/acme-website/package');
Returns a new job.
$subrepositoryName = 'subrepository';
$credentialId = 42;
$job = $client->subrepositories()->packages()->createVcsPackage($subrepositoryName,'https://github.com/acme-website/package', $credentialId);
Returns a new job.
$subrepositoryName = 'subrepository';
$packageDefinition = '{...}';
$job = $client->subrepositories()->packages()->createCustomPackage($subrepositoryName, $packageDefinition);
Returns a new job.
$subrepositoryName = 'subrepository';
$packageDefinition = '{...}';
$credentialId = 42;
$job = $client->subrepositories()->packages()->createCustomPackage($subrepositoryName, $packageDefinition, $credentialId);
Returns a new job.
$subrepositoryName = 'subrepository';
$job = $client->subrepositories()->packages()->editVcsPackage($subrepositoryName, 'acme-website/package', 'https://github.com/acme-website/package');
Returns a new job.
$subrepositoryName = 'subrepository';
$packageDefinition = '{...}';
$job = $client->subrepositories()->packages()->editCustomPackage($subrepositoryName, 'acme-website/package', $packageDefinition);
Returns a new job.
$subrepositoryName = 'subrepository';
$client->subrepositories()->packages()->remove($subrepositoryName, 'acme-website/package');
$subrepositoryName = 'subrepository';
$client->subrepositories()->packages()->listDependents($subrepositoryName, 'acme-website/package');
Returns a list of packages.
$subrepositoryName = 'subrepository';
$tokens = $client->subrepositories()->listTokens($subrepositoryName);
Returns an array of authentication tokens.
$subrepositoryName = 'subrepository';
$data = [
'description' => 'Subrepository Token',
'access' => 'read',
];
$token = $client->subrepositories()->createToken($subrepositoryName, $data);
Returns the authentication token.
$subrepositoryName = 'subrepository';
$tokenId = 33;
$client->subrepositories()->removeToken($subrepositoryName, $tokenId);
$subrepositoryName = 'subrepository';
$tokenId = 33;
$confirmation = [
'IConfirmOldTokenWillStopWorkingImmediately' => true,
];
$token = $client->subrepositories()->regenerateToken($subrepositoryName, $confirmation);
Returns the authentication token.
$subrepositoryName = 'subrepository';
$mirroredRepositories = $client->subrepositories()->mirroredRepositories()->all($subrepositoryName);
Returns an array of mirrored repositories.
$subrepositoryName = 'subrepository';
$mirroredRepositoryId = 42;
$mirroredRepository = $client->subrepositories()->mirroredRepositories()->show($subrepositoryName, $mirroredRepositoryId);
Returns the mirrored repository.
$subrepositoryName = 'subrepository';
$mirroredRepositoriesToAdd = [
['id' => 12, 'mirroringBehavior' => 'add_on_use'],
];
$mirroredRepository = $client->subrepositories()->mirroredRepositories()->add($subrepositoryName, $mirroredRepositoriesToAdd);
Returns a list of added mirrored repositories.
$subrepositoryName = 'subrepository';
$mirroredRepositoryId = 42;
$mirroredRepository = $client->subrepositories()->mirroredRepositories()->create($subrepositoryName, $mirroredRepositoryId, 'add_on_use');
Returns the edited mirrored repository.
$subrepositoryName = 'subrepository';
$mirroredRepositoryId = 42;
$client->subrepositories()->mirroredRepositories()->remove($subrepositoryName, $mirroredRepositoryId);
$subrepositoryName = 'subrepository';
$mirroredRepositoryId = 42;
$packages = $client->subrepositories()->mirroredRepositories()->listPackages($subrepositoryName, $mirroredRepositoryId);
Returns an array of packages.
$subrepositoryName = 'subrepository';
$mirroredRepositoryId = 42;
$packages = [
'acme/cool-lib
];
$jobs = $client->subrepositories()->mirroredRepositories()->addPackages($subrepositoryName, $mirroredRepositoryId, $packages);
Returns an array of jobs.
$subrepositoryName = 'subrepository';
$mirroredRepositoryId = 42;
$client->subrepositories()->mirroredRepositories()->removePackages($subrepositoryName, $mirroredRepositoryId);
You can reference a package by its name or ID.
$filters = [
'origin' => \PrivatePackagist\ApiClient\Api\Packages::ORIGIN_PRIVATE, // optional filter to only receive packages that can be added to customers,
'security-issue-state' => \PrivatePackagist\ApiClient\Api\SecurityIssues::STATE_OPEN, // optional filter to filter packages with open security issues,
];
$packages = $client->packages()->all($filters);
Returns an array of packages.
// Either use package name:
$package = $client->packages()->show('acme-website/package');
// Or the package ID:
$package = $client->packages()->show(123);
Returns the package.
$job = $client->packages()->createVcsPackage('https://github.com/acme-website/package');
Returns a new job.
$credentialId = 42;
$job = $client->packages()->createVcsPackage('https://github.com/acme-website/package', $credentialId);
Returns a new job.
$job = $client->packages()->createVcsPackage('https://github.com/acme-website/package', null, 'git');
Returns a new job.
$packageDefinition = '{...}';
$job = $client->packages()->createCustomPackage($packageDefinition);
Returns a new job.
$packageDefinition = '{...}';
$credentialId = 42;
$job = $client->packages()->createCustomPackage($packageDefinition, $credentialId);
Returns a new job.
$job = $client->packages()->editVcsPackage('acme-website/package', 'https://github.com/acme-website/package');
Returns a new job.
$packageDefinition = '{...}';
$job = $client->packages()->editCustomPackage('acme-website/package', $packageDefinition);
Returns a new job.
$client->packages()->remove('acme-website/package');
$client->packages()->listDependents('acme-website/package');
Returns a list of packages.
Pass either package ID or package name as argument.
$client->packages()->listCustomers('acme-website/package');
Returns a list of customers with access to the package.
$filters = [
'security-issue-state' => \PrivatePackagist\ApiClient\Api\SecurityIssues::STATE_OPEN,
];
$client->packages()->listSecurityIssues('acme-website/package', $filters);
Returns a list of security issues.
$client->packages()->showSecurityMonitoringConfig('acme-website/package');
Returns the security monitoring config of the package.
$config = [
"monitorAllBranches" => false, // If set to true then monitoredBranches will be ignored and can be omitted
"monitoredBranches" => [
"dev-main"
],
];
$client->packages()->editSecurityMonitoringConfig('acme-website/package', $config);
Returns the edited security monitoring config of the package.
$fileName = 'package1.zip'; // your package archive artifact containing a valid composer.json in root directory
$file = file_get_contents($fileName);
$client->packages()->artifacts()->create($file, 'application/zip', $fileName);
$fileName = 'package1.zip';
$file = file_get_contents($fileName);
$response = $client->packages()->artifacts()->create($file, 'application/zip', $fileName);
$artifactId = $response['id'];
$client->packages()->createArtifactPackage([$artifactId]);
$packageName = 'acme/artifact';
$fileName = 'package1.zip';
$file = file_get_contents($fileName);
$client->packages()->artifacts()->add($packageName, $file, 'application/zip', $fileName);
// in case you want to replace the artifact file with a newly uploaded one
// 1. get current artifact ids
$result = $client->packages()->artifacts()->showPackageArtifacts('acme-website/package');
$artifactIds = array_column($result, 'id'); // [41, 42]
// 2. upload the new artifact file
$fileName = 'package1.zip';
$file = file_get_contents($fileName);
$response = $client->packages()->artifacts()->create($file, 'application/zip', $fileName);
$newArtifactId = $response['id'];
// 3. let's say we don't want to have the artifact file id = 41 and use the newly uploaded file instead
$artifactIds = array_shift($artifactIds);
$artifactIds[] = $newArtifactId;
$client->packages()->editArtifactPackage('acme-website/package', $artifactIds);
$credentials = $client->credentials()->all();
Returns an array of credentials.
$credentialId = 42;
$credential = $client->credentials()->show($credentialId);
Returns the credential.
$type = \PrivatePackagist\ApiClient\Api\Credentials::TYPE_HTTP_BASIC;
$credential = $client->credentials()->create('ACME http auth', $type, 'acme-website.com', 'username', 'password');
Returns the new credential.
$credentialId = 42;
$type = \PrivatePackagist\ApiClient\Api\Credentials::TYPE_HTTP_BASIC;
$credential = $client->credentials()->edit($credentialId, $type, 'username', 'password');
Returns the edited credential.
$credentialId = 42;
$client->credentials()->remove($credentialId);
$mirroredRepositories = $client->mirroredRepositories()->all();
Returns an array of mirrored repositories.
$mirroredRepositoryId = 42;
$mirroredRepository = $client->mirroredRepositories()->show($mirroredRepositoryId);
Returns the mirrored repository.
$mirroredRepository = $client->mirroredRepositories()->create('Mirrored Repository', 'https://composer.example.com', 'add_on_use', 543);
Returns the new mirrored repository.
$mirroredRepositoryId = 42;
$mirroredRepository = $client->mirroredRepositories()->create($mirroredRepositoryId, 'Mirrored Repository', 'https://composer.example.com', 'add_on_use', 543);
Returns the edited mirrored repository.
$mirroredRepositoryId = 42;
$client->mirroredRepositories()->remove($mirroredRepositoryId);
$mirroredRepositoryId = 42;
$packages = $client->mirroredRepositories()->listPackages($mirroredRepositoryId);
Returns an array of packages.
$mirroredRepositoryId = 42;
$packages = [
'acme/cool-lib
];
$jobs = $client->mirroredRepositories()->addPackages($mirroredRepositoryId, $packages);
Returns an array of jobs.
$mirroredRepositoryId = 42;
$client->mirroredRepositories()->removePackages($mirroredRepositoryId);
$job = $client->jobs()->show($jobId);
Returns the job.
This will periodically poll the job status until the job either finished or the maximum wait time was reached
$numberOfSecondsToWait = 180;
$jobHelper = new \PrivatePackagist\ApiClient\JobHelper($client);
try {
$job = $jobHelper->waitForJob($jobId, $numberOfSecondsToWait);
} catch (\PrivatePackagist\ApiClient\Exception\JobTimeoutException $e) {
// Job didn't finish within the specified time
} catch (\PrivatePackagist\ApiClient\Exception\JobErrorException $e) {
// Job finished with an error. See the message for more information
echo $e->getMessage();
}
Returns the job.
$filters = [
'security-issue-state' => \PrivatePackagist\ApiClient\Api\SecurityIssues::STATE_OPEN, // optional filter to filter packages with open security issues,
];
$packages = $client->securityIssues()->all($filters);
Returns an array of security issues.
$customerId = 42;
$legacyKeys = $client->customers()->magentoLegacyKeys()->all($customerId);
Returns a list of Magento legacy keys.
$legacyKey = $client->customers()->magentoLegacyKeys()->create($customerId, $publicKey, $privateKey);
Returns the new Magento legacy key.
$client->customers()->magentoLegacyKeys()->remove($customerId, $publicKey);
When you create or update a webhook in Private Packagist an optional secret can be set. This secret gets used to create a signature which is sent with each request in the headers as Packagist-Signature
. The secret and signature can then be used on your server to validate that the request was made by Private Packagist. If no secret is set then no signature is sent.
$request = /** any Psr7 request */;
$secret = 'webhook-secret';
$webhookSignature = new \PrivatePackagist\ApiClient\WebhookSignature($secret);
$requestSignature = $request->hasHeader('Packagist-Signature') ? $request->getHeader('Packagist-Signature')[0] : null;
$webhookSignature->validate($requestSignature, (string) $request->getBody());
private-packagist/api-client
is licensed under the MIT License