Xray provides a convenient and up-to-date self-descriptive API that can be used by various tools/frameworks to automate the creation of REST calls.
Usage
Xray REST API endpoints can be invoked in any of the standard ways to invoke a RESTful API. This section describes how to use the Xray REST API using cURL as an example.
Base URL
New API Version
From version 2.4, JFrog Xray is introducing a new REST API version. The different endpoints specified in this page will be upgraded gradually over progressive version upgrades, while maintaining backward compatibility to previous API versions. Where new endpoints are available, the API Version will be listed. In these cases, you should make sure to use corresponding Base URL as specified below. If the API version is not specified, it means the endpoint is part of the V1 REST API and you should use the V1 base URL.
The Platform REST URL is constructed of:
<JFrog URL>/<Service Context>/api/<API-Version>
For example:
# Using your JFrog URL http://myjfrog.acme.org/xray/api/v1 # Using your Artifactory server hostname and the Artifactory router port http://ARTIFACTORY_SERVER_HOSTNAME:8082/xray/api/v1
Working with JFrog Platform Cloud
JFrog Platform Cloud offers the same extensive functionality and capabilities for automation as an on-prem installation, including authentication and the REST API endpoints.
As a Cloud service, the URL is different from an on-prem installation and the REST API endpoints can be reached at:
https://<Server Name>.jfrog.io/xray/
Authentication
Most REST API calls need to be authenticated using your user and password or using an access token. A few calls (such as SYSTEM calls) do not require authentication.
Example - Deleting a Watch
The example below demonstrates how to invoke the Delete Watch REST API with the following assumptions:
You are using cURL from the unix command line, and are presently working from the home (~) directory of the user 'myUser':
You wish to delete the watch called performance-watch.
You have configured a user in Xray named 'myUser', with password 'myP455w0rd!'.
To execute a call using basic authentication you would run:
curl -u myUser:myP455w0rd! -X DELETE http://SERVER_HOSTNAME:8082/xray/api/v2/watches/performance-watch
To execute a call using basic authentication using your username and API Key:
curl -uadmin:APIkey <Xray url>/xray/api/v2/watches
Component Identifiers
Several endpoints require the use of a component identifier which must be formatted, according to its package type, using the convention described in the following table:
Package Type | Identifier | Example |
---|---|---|
Maven |
|
|
Docker and OCI |
|
|
RPM |
|
|
Debian |
|
|
NuGet |
|
|
Generic file |
|
|
NPM |
|
|
Python |
|
|
Composer |
|
|
Golang |
|
|
Alpine |
|
|
Conan |
|
|
Conda |
|
|
CRAN |
|
|
Cargo |
|
|
Hugging Face ML |
|
|
Terraform state | For Terraform state use the generic file identifier |
|
In addition Build, Release Bundle, and Release Bundle V2 have dedicated identifiers:
Resource Type | Identifier | Example |
---|---|---|
Build Version |
It’s required if the build is in a Project scope. |
|
Release Bundle Version |
|
|
Release Bundle V2 Version |
|
|
Deprecated APIs from Artifactory 7.x
To fully support the integration of JFrog Xray into the JFrog Platform, a set of Xray API commands have been deprecated. For a full list of deprecated commands, see deprecated REST APIs.