Registry API Reference
Served by the standalone registry service (port 4000 internally, 4001 on the host in the bundled docker-compose.yml). Reached via nginx proxy at /registry/... from the main app and /api/... from the standalone community site — this reference uses the service's own paths directly.
Auth (/api/v1/auth)
| Method & Path | Auth | Description |
|---|---|---|
POST /auth/register | — | { email, username, password } → creates an account, issues a session cookie, sends (or writes to data/outbox/) a verification email |
POST /auth/login | — | { email, password } → session cookie |
POST /auth/logout | session | Clears the session cookie |
GET /auth/me | session | Current user, or 401 |
POST /auth/verify-email | — | { token } from the verification email → marks the account verified |
POST /auth/forgot-password | — | { email } → always 200, regardless of whether the email is registered |
POST /auth/reset-password | — | { token, new_password } |
GET /auth/github | — | Redirects to GitHub OAuth, or 501 GITHUB_OAUTH_NOT_CONFIGURED if the operator hasn't set GITHUB_CLIENT_ID/GITHUB_CLIENT_SECRET/GITHUB_CALLBACK_URL |
GET /auth/github/callback | — | OAuth callback; creates/links the account and redirects to PUBLIC_APP_URL |
Sessions are an httpOnly cookie (datacore_session), a JWT valid 30 days.
Plugin listings (/api/v1/registry/plugins)
| Method & Path | Auth | Description |
|---|---|---|
GET /plugins?q=&tag= | — | List, optionally filtered |
GET /plugins/{id} | — | One listing |
POST /plugins | verified session | { name, description, version, repo_url, docker_image?, homepage_url?, tags? } — author is derived from the logged-in account, not submitted |
DELETE /plugins/{id} | verified session, owner only | 403 NOT_OWNER otherwise |
DataCore Bundles (/api/v1/registry/bundles)
| Method & Path | Auth | Description |
|---|---|---|
GET /bundles?q=&trigger_type= | — | List, optionally filtered (matches if any of the bundle's pipelines[] has that trigger_type) |
GET /bundles/{id} | — | One bundle, including its full pipelines[] and resources[] |
POST /bundles | verified session | See shape below |
DELETE /bundles/{id} | verified session, owner only | 403 NOT_OWNER otherwise |
POST /bundles body — a bundle carries the exporter's entire local pipeline list, not a single pipeline:
{
"name": "Full Warehouse Export",
"description": "...",
"pipelines": [
{
"name": "Standard Markdown Ingestion",
"trigger_type": "MARKDOWN",
"steps": [
{ "plugin_name": "Markdown Summarizer", "plugin_repo_url": "https://github.com/...", "max_attempts": 3 }
]
},
{
"name": "GitHub Profile Analysis",
"trigger_type": "GITHUB_REPO",
"steps": [
{ "plugin_name": "GitHub Profile Scanner", "plugin_repo_url": "https://github.com/..." }
]
}
],
"resources": [
{ "name": "README", "type": "MARKDOWN", "source_uri": "https://raw.githubusercontent.com/..." },
{ "name": "My GitHub", "type": "GITHUB_REPO", "source_uri": "https://github.com/octocat" }
],
"tags": ["starter"]
}pipelines must be a non-empty array (max 20), no two entries may share a trigger_type, and each steps[].plugin_repo_url must be a valid http(s) URL. Every resources[].type must match the trigger_type of one of the bundle's pipelines. See Sharing & Importing Bundles for the full user-facing flow.
Common error shape
{ "error": { "code": "STRING_CODE", "message": "Human readable message" } }Notable codes: NOT_AUTHENTICATED (401, no session), EMAIL_NOT_VERIFIED (403), NOT_OWNER (403), RATE_LIMITED (429 — 20 posts/hour or 20 auth attempts/15min per IP), INVALID_LISTING / INVALID_BUNDLE (400).