Feeds Management API
  • 17 May 2024
  • 9 Minutes to read
  • Dark
    Light
  • PDF

Feeds Management API

  • Dark
    Light
  • PDF

Article Summary

The Feeds Management API offer a simple mechanism for querying, creating, and updating feeds, and related data:

Authenticating to Feeds Management API

The following is a summary of access types and their corresponding requirements for various API keys types and endpoints within this API.

Access TypeRequirements
System API KeysUse/Manage Feeds
Feed API KeysView/Download is required for all endpoints
Add/Repackage is required for Create Feed
Overwrite/Delete is required for Delete Feed
Personal API KeyFeeds_ViewFeed is required for all endpoints
Feeds_AddPackage is required for the Create Feed
Feeds_DeletePackage is required for the Delete Feed
No API Keyanonymous or authenticated user must have at least Feeds_ViewFeed

To specify an API Key, use the request header (X-ApiKey), querystring (key), or api:«api-key» as the username. See API Key Usage to learn more.

🚀 Quick Example: Authenticating with curl

For example, to authenticate with the API key abc12345 to List Feeds, you could specify the API key as follows:

curl -X GET --header "X-ApiKey: abc12345" "https://proget.corp.local/api/management/feeds/list"

Data Specifications

Feed Object Attributes

Feed is a set of key/value pairs that correspond to the fields on a Feed. It's used as input for Create Feed, and output for Get Feed and List Feed.

name and feedType properties are required for Create Feed. Unless otherwise indicated, omitting a property or supplying null as the value will keep the current setting.

PropertyFormatDetails
namestringthe unique name of the feed; must not contain characters that require URL escaping
feedTypestringdenotes the feed type; valid values are: universal, nuget, chocolatey, npm, bower, maven, powershell, docker, rubygems, vsix, asset, romp, debian, pypi, helm, rpm, conda
descriptionstringa description displayed with the ProGet feed name in the UI; supplying null removes the description
activeboolindicates whether the feed is active (true) or disabled (false)
cacheConnectorsboolindicates whether connector caching is enabled for the feed
dropPathstringdisk path accessible to ProGet's service where packages may be added to the feed; supplying null disables the drop path
packagesPathstringabsolute disk path for package storage if a packageStore is not specified, supplying null will use a path relative to the value of the Storage.PackagesRootPath setting
packageStorestringserialized configuration for a custom package store such as Amazon S3 or Azure Blob; see Persisted XML; supplying null will use ProGet-managed storage as specified by the packagesPath
allowUnknownLicensesboolindicates whether packages with unknown licenses are allowed; supplying null will inherit the value of the Feeds.AllowUnknownLicenseDownloads setting
allowedLicensesstring[]array of SPDX license identifiers (e.g. MIT, LGPL-3.0) known to ProGet (visible on the Manage Licenses page) allowed to be downloaded from the feed; supply an empty array to remove them all
blockedLicensesstring[]array of SPDX license identifiers (e.g., MIT, LGPL-3.0) known to ProGet (visible on the Manage Licenses page) blocked from being downloaded from the feed; supply an empty array to remove them all
connectorsstring[]array of connectors for the feed; supply an empty array to remove all feed connectors
vulnerabilitySourcesstring[]array of vulnerability sources for the feed; supply an empty array to remove all vulnerability sources
retentionRulesobject[]array of retention rule objects that define the retention rules for the feed; supply an empty array to remove all retention rules from the feed
packageFiltersstring[]array of serialized configurations that define the custom package filters; see Persisted XML; supply an empty array to remove all package filters
packageAccessRulesstring[]array of serialized configurations that define the custom package access rules; see Persisted XML; supply an empty array to remove all package access rules
replicationobjecta replication object that defines the replication configuration for the feed
variablesobjectan object whose property names represent variable names, and whose property values represent the variable value; supply an object with no properties to remove all variables.
Naming rules:
  • a variable name is a string of no more than fifty characters: numbers (0-9), upper- and lower-case letters (a-Z), dashes (-), spaces ( ), and underscores (_) and must start with a letter, and may not start or end with a hyphen, underscore, or space
  • a variable value is a string of any number of characters
packageStatisticsEnabledboolindicates whether individual downloads for advanced statistics should be recorded (requires ProGet 2022.26 or later)
restrictPackageStatisticsboolindicates whether viewing download statistics are restricted to Feed Administrators (requires ProGet 2022.26 or later)
deploymentRecordsEnabledboolindicates whether packages deployment records should be recorded (requires ProGet 2022.26 or later)
usageRecordsEnabledboolindicates whether usage records should be enabled (requires ProGet 2022.26 or later)
vulnerabilitiesEnabledboolindicates whether vulnerability information should be displayed and download blocking rules should be enforced; not supported on all feed types (requires ProGet 2022.26 or later)
licensesEnabledboolindicates whether license information should be displayed and download blocking rules should be enforced; not supported on all feed types (requires ProGet 2022.26 or later)
useWithProjectsboolindicates whether package usage in Projects & Releases (SCA) should be displayed (requires ProGet 2022.26 or later)
retentionRulesEnabledboolindicates whether retention rules are enabled on the feed (requires ProGet 2023.25 or later)

JSON Object

{
  "name": "myNugetFeed",
  "feedType": "nuget",
  "description": "Example NuGet Feed",
  "active": true,
  "cacheConnectors": true,
  "dropPath": "/path/to/drop",
  "packagesPath": "/path/to/packages",
  "packageStore": null,
  "allowUnknownLicenses": true,
  "allowedLicenses": ["MIT", "GPL-3.0"],
  "blockedLicenses": [],
  "connectors": ["connector1", "connector2"],
  "vulnerabilitySources": ["source1", "source2"],
  "retentionRules": [
    {
      "deletePrereleaseVersions": false,
      "deleteCached": true,
      "keepVersionsCount": 5,
      "keepUsedWithinDays": 30,
      "triggerDownloadCount": 100,
      "keepPackageIds": ["package1", "package2"],
      "deletePackageIds": [],
      "keepVersions": ["1.0.0", "2.0.0"],
      "deleteVersions": []
    }
  ],
  "packageFilters": ["filter1", "filter2"],
  "packageAccessRules": ["rule1", "rule2"],
  "replication": 
        {
        "clientMode": "pushonly",
        "serverMode": "readonly",
        "clientToken": "client-token",
        "serverToken": "server-token",
        "sourceUrl": "http://proget.corp.locall"
        },
  "variables": 
        {
        "variable1": "value1",
        "variable2": "value2"
        },
  "packageStatisticsEnabled": true,
  "restrictPackageStatistics": true,
  "deploymentRecordsEnabled": true,
  "usageRecordsEnabled": true,
  "vulnerabilitiesEnabled": true,
  "licensesEnabled": true,
  "useWithProjects": true,
  "retentionRulesEnabled": true
}

NuGet Only

PropertyFormatDetails
symbolServerEnabledboolindicates whether the NuGet symbol server is enabled; only applies to NuGet-like feed types
stripSymbolsboolindicates whether symbol files (i.e., .pdb files) are removed from a NuGet-like package when downloaded
stripSourceboolindicates whether source files (i.e., files under src/ in the package) are removed from a NuGet-like package when downloaded
stripSignatureboolindicates signature files should be stripped on NuGet packages when downloaded (requires ProGet 2022.27 or later)
useApiV3boolindicates whether the NuGet v3 API should be used on NuGet feeds (requires ProGet 2022.27 or later)

JSON Object

{
  "symbolServerEnabled": true,
  "stripSymbols": false,
  "stripSource": true,
  "stripSignature": false,
  "useApiV3": true
}

RetentionRule Object Attributes

RetentionRule is a subset of attributes on the Feed Object.

PropertyFormatDetails
deletePrereleaseVersionsboolwhen true, the retention rule only applies to pre-release packages (e.g., they have a pre-release part in their semantic version, or are SNAPSHOT versions)
deleteCachedboolwhen true, the retention rule only applies to cached connector packages
keepVersionsCountintwhen set to n, the retention rule always keeps the latest n versions of a matching package; this value is ignored for Docker feeds
keepUsedWithinDaysintwhen set to n, the retention rule always keeps package versions if they have been downloaded within the past n days
triggerDownloadCountintwhen set to n, the retention rule always keeps versions that have been downloaded more than n times
keepPackageIdsstring[]array of package names/identifiers that are kept regardless of other filters; supports wildcards but not negations, as any matching package is always kept
deletePackageIdsstring[]array of package names/identifiers that are deleted if they match all other filters; supports wildcards but not negations (use keepPackageIds for exclusions)
keepVersionsstring[]array of package versions that are kept regardless of other filters; supports wildcards but not negations, as any matching package version is always kept
deleteVersionsstring[]array of package versions that are deleted if they match all other filters; supports wildcards but not negations (use keepVersions for exclusions)
sizeTriggerKbintwhen set to n, indicates the minimum number of kilobytes of storage that must be used in order to run retention; used storage is calculated per-package or per-feed based on the value of sizeExclusive
sizeExclusiveboolwhen true and sizeTriggerKb is set to non-null n, retention is run only on packages whose disk size is greater than n kilobytes; when false and sizeTriggerKb is set to non-null n, retention is run when the entire feed size is greater than n kilobytes; this value is ignored when sizeTriggerKb is null

JSON Object

{
  "deletePrereleaseVersions": false,
  "deleteCached": true,
  "keepVersionsCount": 5,
  "keepUsedWithinDays": 30,
  "triggerDownloadCount": 100,
  "keepPackageIds": ["package1", "package2"],
  "deletePackageIds": [],
  "keepVersions": ["1.0.0", "2.0.0"],
  "deleteVersions": [],
  "sizeTriggerKb": 1024,
  "sizeExclusive": true
}

Replication Object Attributes

Replication is a subset of attributes on the Feed Object.

ProGet 6.0 and Earlier

Note that replication in ProGet 2022 is no longer configured at the feed level; as such, this model is not available on the feed API.

PropertyFormatDetails
clientModestringthe client replication mode configuration, one of disabled, pullonly, pushonly, mirror; more info
serverModestringthe server replication mode configuration, one of disabled, readonly, writeonly, readwrite; more info
clientTokenstringthe token used to authenticate with a replication server; this field is not returned by list or get endpoints; this field is required when clientMode is set to anything other than disabled
serverTokenstringthe token that must be specified by a replication client to connect; this field is not returned by list or get endpoints; this field is required when serverMode is set to anything other than disabled
sourceUrlstringthe URL of the replication server; this field is required when clientMode is set to anything other than disabled

JSON Object

{
  "clientMode": "pushonly",
  "serverMode": "readonly",
  "clientToken": "client-token",
  "serverToken": "server-token",
  "sourceUrl": "http://replication-server-url"
}

Notes about Data

Wildcards and Negations

Certain fields noted above support wildcard and negation syntax. For example, the value ["Microsoft.*", "Castle.*", "!Rubbishsoft.*"] has the following properties:

  • includes any packages that start with Microsoft. or Castle.*
  • excludes any packages that start with Rubbishsoft.

Feed & Package Types

In ProGet UI, Chocolatey and PowerShell are represented as separate feed types, even though they only contain NuGet packages and use the same NuGet API. For this reason, in ProGet UI, you can switch the type of a feed' between NuGet, Chocolatey, and PowerShell at any time, but not between other feed types.

The API allows feed types to be changed only within the following feed type groups (anything else generates a 400 error):

  • universal and romp
  • nuget, chocolatey, and powershell

Persisted XML Configuration

Because package stores, package filters, and package access rules are implemented by extensible runtime components (i.e., you can create your own using the Inedo SDK), ProGet stores configuration for these components in "Persisted XML", which is a lightweight object serialization format that Inedo products use.

The easiest way to see what an object's persisted XML will look like is to create it in the UI, then look at the XML in either the database or the API List Feeds or Get Feed request. As a reference, we've provided the persisted XML for both supported package stores and a general example:

AWS

<Inedo.ProGet.Extensions.AWS.PackageStores.S3FileSystem Assembly="AWS">
  <Properties AccessKey="{publicAccessKey}" SecretAccessKey="{privateAccessKey}" BucketName="{bucketName}" TargetPath="{pathInsideBucketDefaultIsRoot}" ReducedRedundancy="{False}" MakePublic="{False}" Encrypted="False" RegionEndpoint="{us-east-1}" CustomServiceUrl="{customServiceUrl}" />
</Inedo.ProGet.Extensions.AWS.PackageStores.S3FileSystem>

Azure Blob Storage

<Inedo.ProGet.Extensions.Azure.PackageStores.AzureFileSystem Assembly="Azure">
  <Properties ConnectionString="{DefaultEndpointsProtocol=https;AccountName=account-name;AccountKey=account-key}" ContainerName="{blobContainerName}" TargetPath="{pathToFilesDefaultIsRoot}" />
</Inedo.ProGet.Extensions.Azure.PackageStores.AzureFileSystem>

Custom Extension Format

<{FullNamespace.ClassName} Assembly="AssemblyName">
  <Properties PropertyNameA="{property value}" PropertyNameB="1000" />
</{FullNamespace.ClassName}>

Default Feed Disk Path

If you don't specify a disk path for a feed to use, ProGet uses a path 'based on the 'system-generated ID. This means that, just as in UI, if you delete a feed and then recreate it with the same name, the disk path will be different.


Was this article helpful?

What's Next