FoundriesFactory APIs can be accessed with two different methods:
These credentials allow users to access:
- REST APIs
- Using the HTTP header
- Using an OAuth2 bearer token
Authorization: Bearer <access-token>
- Git repositories. Access is granted by passing an API token as the password to Git clone and fetch operations.
- Factory containers. Access is granted by passing an API token as the password to
docker login hub.foundries.io.
- Fioctl uses OAuth2 by default, but can also use API Tokens.
All tokens are created with scopes to help limit what they can do.
Some common scopes users may find handy include:
source:read-update- Useful for Git.
targets:read, devices:read, ci:read- read-only access for fioctl or REST API
targets:read-update, devices:read-update, ci:read- read-update access for fioctl.
containers:read- Useful for running docker commands on factory containers.
Scopes define what resources a given token may perform operations on. The following scopes are supported:
- Can perform git clone/fetch/pull operations.
- Can perform git push operations.
- Can delete a reference (git push –delete …) and force-push (git push -f).
- Can create a new references (tags and branches).
- Can docker pull.
- Can docker push.
- Can access CI builds https://api.foundries.io/projects/<factory>/lmp/.
- This isn’t needed normally because
source:read-updatetriggers CI. However, certain custom use-cases that trigger CI builds via https://api.foundries.io/projects/<factory>/lmp/builds/ can use this.
- Can view device(s) https://api.foundries.io/ota/devices/.
- Can update configuration on a device https://api.foundries.io/ota/devices/<device>/config/
- Can create a device (lmp-device-register with an API token).
- Can delete a device https://api.foundries.io/ota/devices/<device>/
- Can view targets.json https://api.foundries.io/ota/factories/<factory>/targets/.
- Can update targets.json https://api.foundries.io/ota/factories/<factory>/targets/.