FoundriesFactory APIs can be accessed with two different methods:
These credentials allow users to access:
- REST APIs
- Using the HTTP header
- Using an OAuth2 bearer token
Authorization: Bearer <access-token>
- Git repositories. Access is granted by passing an API token as the password to Git clone and fetch operations.
- Factory containers. Access is granted by passing an API token as the password to
docker login hub.foundries.io.
- Fioctl uses OAuth2 by default, but can also use API Tokens.
All tokens are created with scopes to help limit what they can do.
Fioctl has a Docker Credential Helper which simplifies access to hub.foundries.io.
Some common scopes users may find handy include:
source:read-update- Useful for Git.
targets:read, devices:read, ci:read- read-only access for fioctl or REST API
targets:read-update, devices:read-update, ci:read- read-update access for fioctl.
containers:read- Useful for running docker commands on factory containers.
Scopes define what resources a given token may perform operations on. The following scopes are supported:
- Can perform git clone/fetch/pull operations.
- Can perform git push operations.
- Can delete a reference (git push –delete …) and force-push (git push -f).
- Can create a new references (tags and branches).
- Can docker pull.
- Can docker push.
- Can access CI builds https://api.foundries.io/projects/<factory>/lmp/.
- This isn’t needed normally because
source:read-updatetriggers CI. However, certain custom use-cases that trigger CI builds via https://api.foundries.io/projects/<factory>/lmp/builds/ can use this.
- Can view device(s) https://api.foundries.io/ota/devices/.
- Can update configuration on a device https://api.foundries.io/ota/devices/<device>/config/
- Can create a device (lmp-device-register with an API token).
- Can delete a device https://api.foundries.io/ota/devices/<device>/
- Can view targets.json https://api.foundries.io/ota/factories/<factory>/targets/.
- Can update targets.json https://api.foundries.io/ota/factories/<factory>/targets/.