API Reference
Complete reference for the RepoGate REST API.
Overview
The RepoGate API provides programmatic access to your organization's dependency governance data, allowing you to integrate RepoGate into your existing workflows, build custom integrations, and automate dependency management processes.
Base URL
All API requests should be made to:
https://api.repogate.io/api/v1
Rate Limiting
The API is rate-limited to 1000 requests per hour per API token. Rate limit information is included in response headers:
X-RateLimit-Limit: Maximum requests per hourX-RateLimit-Remaining: Remaining requests in current windowX-RateLimit-Reset: Unix timestamp when the rate limit resets
Authentication
The RepoGate API uses API tokens for authentication. Include your API token in the Authorization header of all requests:
Authorization: Bearer YOUR_API_TOKEN
Getting Your API Token
- Log in to your RepoGate dashboard at app.repogate.io
- Navigate to Settings → API Tokens
- Click Generate New Token
- Copy the token and store it securely
Security Note: API tokens provide full access to your organization's data. Keep them secure and never commit them to version control.
Dependencies API
Manage and query dependency information for your organization.
List All Dependencies
GET /dependencies
Returns a paginated list of all dependencies tracked by your organization.
Query Parameters:
| Parameter | Type | Description |
|---|---|---|
page |
integer | Page number (default: 1) |
limit |
integer | Items per page (default: 50, max: 100) |
status |
string | Filter by status: approved, pending, denied |
ecosystem |
string | Filter by ecosystem: npm, maven, gradle |
Get Dependency Details
GET /dependencies/:id
Returns detailed information about a specific dependency, including vulnerability data, license information, and approval history.
Submit Dependency Request
POST /dependencies/queue
Submit a new dependency request for approval.
Request Body:
| Field | Type | Required | Description |
|---|---|---|---|
name |
string | Yes | Package name |
version |
string | Yes | Package version |
ecosystem |
string | Yes | Package ecosystem (npm, maven, gradle) |
project |
string | Yes | Project identifier |
developer |
string | Yes | Developer email or ID |
Requests API
Manage approval requests for dependencies.
List Pending Requests
GET /requests?status=pending
Returns all pending dependency requests awaiting approval.
Approve Request
POST /requests/:id/approve
Approve a pending dependency request.
Request Body:
| Field | Type | Required | Description |
|---|---|---|---|
notes |
string | No | Approval notes or comments |
Deny Request
POST /requests/:id/deny
Deny a pending dependency request.
Request Body:
| Field | Type | Required | Description |
|---|---|---|---|
reason |
string | Yes | Reason for denial |
notes |
string | No | Additional notes or guidance |
Teams API
Manage team members and permissions.
List Team Members
GET /teams/:teamId/members
Returns all members of a specific team.
Invite Team Member
POST /teams/:teamId/members
Invite a new member to the team.
Request Body:
| Field | Type | Required | Description |
|---|---|---|---|
email |
string | Yes | Email address of the invitee |
role |
string | Yes | Role: admin, user, super_admin |
Reports API
Generate and retrieve compliance reports.
Generate PCI DSS Report
POST /reports/pci-dss
Generate a PCI DSS 4.0 compliance report.
Request Body:
| Field | Type | Required | Description |
|---|---|---|---|
start_date |
string | Yes | Start date (ISO 8601 format) |
end_date |
string | Yes | End date (ISO 8601 format) |
format |
string | No | Output format: json, csv, pdf (default: json) |
Get Report Status
GET /reports/:reportId
Check the status of a report generation job.
Download Report
GET /reports/:reportId/download
Download a completed report.
Webhooks
Configure webhooks to receive real-time notifications about dependency events.
Supported Events
dependency.requested: New dependency request submitteddependency.approved: Dependency request approveddependency.denied: Dependency request deniedvulnerability.detected: New vulnerability detected in approved dependency
Create Webhook
POST /webhooks
Register a new webhook endpoint.
Request Body:
| Field | Type | Required | Description |
|---|---|---|---|
url |
string | Yes | Webhook endpoint URL |
events |
array | Yes | Array of event types to subscribe to |
secret |
string | No | Secret for HMAC signature verification |
List Webhooks
GET /webhooks
Returns all configured webhooks for your organization.
Delete Webhook
DELETE /webhooks/:id
Remove a webhook configuration.