Discover authenticated admin capabilities

GET

/admin/v1/capabilities

const url = 'https://example.com/admin/v1/capabilities';
const options = {method: 'GET', headers: {'X-Api-Key': '<X-Api-Key>'}};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}

curl --request GET \
  --url https://example.com/admin/v1/capabilities \
  --header 'X-Api-Key: <X-Api-Key>'

Returns redacted product capability metadata for governed configuration, posture, and reload operations.

Authorizations

apiKeyAuth
bearerAuth

Responses

200

Admin capabilities for this product runtime

application/json

Example

{
  "admin_api_version": "v1",
  "break_glass": {
    "currently_available": true,
    "rate_limit_scope": "instance",
    "supported": true
  },
  "config": {
    "apply": {
      "currently_available": true,
      "requires_signed_input": true,
      "supported": true,
      "supported_sources": [
        "tuf_local",
        "tuf_remote"
      ]
    },
    "dry_run": {
      "currently_available": true,
      "supported": true
    },
    "verify": {
      "currently_available": true,
      "supported": true
    }
  },
  "hot_swap": {
    "components": [
      "credential_issuer_signing",
      "preauth_signing",
      "federation_signing"
    ],
    "currently_available": true,
    "supported": true
  },
  "listeners": {
    "admin": {
      "mode": "shared_with_public",
      "public_admin_routes": true
    },
    "metrics": {
      "mode": "shared_with_public",
      "required_scope": "registry_notary:metrics_read",
      "requires_admin_scope": false
    }
  },
  "product": "registry-notary",
  "reload": {
    "config_reload": {
      "currently_available": false,
      "supported": false
    },
    "resource_reload": {
      "currently_available": false,
      "supported": false
    },
    "table_reload": {
      "currently_available": false,
      "supported": false
    }
  },
  "root_transition": {
    "currently_available": true,
    "supported": true
  },
  "schema": "registry.admin.capabilities.v1",
  "supported_posture_tiers": [
    "default",
    "restricted"
  ]
}

401

Missing or invalid credential

application/problem+json

object

code

required

string

detail

required

string

request_id

required

string

status

required

integer format: int32

title

required

string

type

required

string format: uri

key

additional properties

any

Example

{
  "code": "auth.missing_credential",
  "detail": "missing authentication credential",
  "status": 401,
  "title": "Missing credential",
  "type": "https://docs.registry-notary.dev/problems/auth/missing_credential"
}

403

Caller lacks registry_notary:ops_read scope

application/problem+json

object

code

required

string

detail

required

string

request_id

required

string

status

required

integer format: int32

title

required

string

type

required

string format: uri

key

additional properties

any

Example

{
  "code": "auth.scope_denied",
  "detail": "missing required scope",
  "status": 403,
  "title": "Scope denied",
  "type": "https://docs.registry-notary.dev/problems/auth/scope_denied"
}