Fine-grained permissions for personal access tokens

Tier: Free, Premium, Ultimate
Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
Status: Beta

Create a fine-grained personal access token

Fine-grained personal access tokens are scoped to only access the specific resources and permissions you define. When creating the token, you define the following attributes:

Resources: A collection of API operations. Resources are grouped into larger boundaries ( Group and project and User).
Permissions: The specific actions the token can perform on a resource. Generally, this conforms to Create, Read, Update, and Delete actions.

To create a fine-grained personal access token:

In the upper-right corner, select your avatar.
Select Edit profile.
In the left sidebar, select Access > Personal access tokens.
From the Generate token dropdown list, select Fine-grained token.
In Token name, enter a name for the token.
In Token description, enter a description for the token.
In Expiration date, enter an expiry date for the token.
- The token expires at midnight UTC on that date.
- If you do not enter a date, the expiry date is set to 365 days from today.
- By default, the expiry date cannot be more than 365 days from today. On GitLab 17.6 and later, administrators can modify the maximum lifetime of access tokens.
Define the scope of the personal access token.
1. In the left panel, select one or more resources.
2. If including group or project resources, select an option in the Group and project access section.
3. In the right panel, select an available permission for each resource.
Select Generate token.

A personal access token is displayed. Save the personal access token somewhere safe. After you leave or refresh the page, you cannot view it again.

Available fine-grained permissions

Fine-grained personal access tokens can access the following REST API endpoints:

Application Security resources

Audit Event

Grants the ability to read audit events.

Action	Access	Method	Path
Read	Group	`GET`	`/groups/:id/audit_events`
Read	Group	`GET`	`/groups/:id/audit_events/:audit_event_id`
Read	Instance	`GET`	`/audit_events`
Read	Instance	`GET`	`/audit_events/:id`

Compliance Policy Setting

Grants the ability to read and update compliance policy settings.

Action	Access	Method	Path
Read	Instance	`GET`	`/admin/security/compliance_policy_settings`
Update	Instance	`PUT`	`/admin/security/compliance_policy_settings`

Dependency

Grants the ability to read dependencies.

Action	Access	Method	Path
Read	Project	`GET`	`/projects/:id/dependencies`

Dependency List Export

Grants the ability to create dependency list exports.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/dependency_list_exports`
Create	Group	`POST`	`/groups/:id/dependency_list_exports`

External Status Check

Grants the ability to read, retry, and update external status checks.

Action	Access	Method	Path
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/status_checks`
Retry	Project	`POST`	`/projects/:id/merge_requests/:merge_request_iid/status_checks/:external_status_check_id/retry`
Update	Project	`POST`	`/projects/:id/merge_requests/:merge_request_iid/status_check_responses`

External Status Check Service

Grants the ability to create, delete, read, and update external status check services.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/external_status_checks`
Delete	Project	`DELETE`	`/projects/:id/external_status_checks/:check_id`
Read	Project	`GET`	`/projects/:id/external_status_checks`
Update	Project	`PUT`	`/projects/:id/external_status_checks/:check_id`

SBOM Occurrence

Grants the ability to read SBOM occurrences.

Action	Access	Method	Path
Read	Project	`GET`	`/occurrences/vulnerabilities`

Security Setting

Grants the ability to read and update security settings.

Action	Access	Method	Path
Read	Project	`GET`	`/projects/:id/security_settings`
Update	Project	`PUT`	`/projects/:id/security_settings`
Update	Group	`PUT`	`/groups/:id/security_settings`

Vulnerability

Grants the ability to create, read, and update vulnerabilities.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/vulnerabilities`
Read	Project	`GET`	`/vulnerabilities/:id`
Read	Project	`GET`	`/projects/:id/vulnerabilities`
Update	Project	`POST`	`/vulnerabilities/:id/resolve`
Update	Project	`POST`	`/vulnerabilities/:id/dismiss`
Update	Project	`POST`	`/vulnerabilities/:id/confirm`
Update	Project	`POST`	`/vulnerabilities/:id/revert`

Vulnerability Export

Grants the ability to create and read vulnerability exports.

Action	Access	Method	Path
Create	Project	`POST`	`/security/projects/:id/vulnerability_exports`
Create	Group	`POST`	`/security/groups/:id/vulnerability_exports`
Create	Instance	`POST`	`/security/vulnerability_exports`
Read	Instance	`GET`	`/security/vulnerability_exports/:id`
Read	Instance	`GET`	`/security/vulnerability_exports/:id/download`

CI/CD resources

Artifact

Grants the ability to delete artifacts.

Action	Access	Method	Path
Delete	Project	`DELETE`	`/projects/:id/artifacts`

CI Config

Grants the ability to read and validate CI/CD configuration.

Action	Access	Method	Path
Read	Project	`GET`	`/projects/:id/ci/lint`
Validate	Project	`POST`	`/projects/:id/ci/lint`

CI Minute

Grants the ability to create and transfer CI minutes.

Action	Access	Method	Path
Create	Group	`POST`	`/namespaces/:id/minutes`
Create	User	`POST`	`/namespaces/:id/minutes`
Transfer	Group	`PATCH`	`/namespaces/:id/minutes/move/:target_id`
Transfer	User	`PATCH`	`/namespaces/:id/minutes/move/:target_id`

Catalog Version

Grants the ability to publish CI catalog versions.

Action	Access	Method	Path
Publish	Project	`POST`	`/projects/:id/catalog/publish`

Cluster

Grants the ability to create, delete, read, and update clusters.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/clusters/user`
Create	Group	`POST`	`/groups/:id/clusters/user`
Create	Instance	`POST`	`/admin/clusters/add`
Delete	Project	`DELETE`	`/projects/:id/clusters/:cluster_id`
Delete	Group	`DELETE`	`/groups/:id/clusters/:cluster_id`
Delete	Instance	`DELETE`	`/admin/clusters/:cluster_id`
Read	Project	`GET`	`/projects/:id/clusters`
Read	Project	`GET`	`/projects/:id/clusters/:cluster_id`
Read	Group	`GET`	`/groups/:id/clusters`
Read	Group	`GET`	`/groups/:id/clusters/:cluster_id`
Read	Instance	`GET`	`/admin/clusters`
Read	Instance	`GET`	`/admin/clusters/:cluster_id`
Update	Project	`PUT`	`/projects/:id/clusters/:cluster_id`
Update	Group	`PUT`	`/groups/:id/clusters/:cluster_id`
Update	Instance	`PUT`	`/admin/clusters/:cluster_id`

Cluster Agent

Grants the ability to create, delete, and read cluster agents.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/cluster_agents`
Delete	Project	`DELETE`	`/projects/:id/cluster_agents/:agent_id`
Read	Project	`GET`	`/projects/:id/cluster_agents`
Read	Project	`GET`	`/projects/:id/cluster_agents/:agent_id`

Cluster Agent Token

Grants the ability to create, read, and revoke cluster agent tokens.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/cluster_agents/:agent_id/tokens`
Read	Project	`GET`	`/projects/:id/cluster_agents/:agent_id/tokens`
Read	Project	`GET`	`/projects/:id/cluster_agents/:agent_id/tokens/:token_id`
Revoke	Project	`DELETE`	`/projects/:id/cluster_agents/:agent_id/tokens/:token_id`

Cluster Agent URL Configuration

Grants the ability to create, delete, and read cluster agent URL configurations.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/cluster_agents/:agent_id/url_configurations`
Delete	Project	`DELETE`	`/projects/:id/cluster_agents/:agent_id/url_configurations/:url_configuration_id`
Read	Project	`GET`	`/projects/:id/cluster_agents/:agent_id/url_configurations`
Read	Project	`GET`	`/projects/:id/cluster_agents/:agent_id/url_configurations/:url_configuration_id`

Deployment

Grants the ability to approve, create, delete, read, and update deployments.

Action	Access	Method	Path
Approve	Project	`POST`	`/projects/:id/deployments/:deployment_id/approval`
Create	Project	`POST`	`/projects/:id/deployments`
Delete	Project	`DELETE`	`/projects/:id/deployments/:deployment_id`
Read	Project	`GET`	`/projects/:id/deployments`
Read	Project	`GET`	`/projects/:id/deployments/:deployment_id`
Read ¹	Project	`GET`	`/projects/:id/deployments/:deployment_id/merge_requests`
Update	Project	`PUT`	`/projects/:id/deployments/:deployment_id`

¹ Also requires the Read Merge Request permission.

Environment

Grants the ability to create, delete, read, stop, and update environments.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/environments`
Delete	Project	`DELETE`	`/projects/:id/environments/review_apps`
Delete	Project	`DELETE`	`/projects/:id/environments/:environment_id`
Read	Project	`GET`	`/projects/:id/environments`
Read	Project	`GET`	`/projects/:id/environments/:environment_id`
Stop	Project	`POST`	`/projects/:id/environments/:environment_id/stop`
Stop	Project	`POST`	`/projects/:id/environments/stop_stale`
Update	Project	`PUT`	`/projects/:id/environments/:environment_id`

Job

Grants the ability to delete, read, run, and update jobs.

Action	Access	Method	Path
Delete	Project	`POST`	`/projects/:id/jobs/:job_id/erase`
Read	Project	`GET`	`/projects/:id/jobs`
Read	Project	`GET`	`/projects/:id/jobs/:job_id`
Read	Project	`GET`	`/projects/:id/jobs/:job_id/trace`
Run	Project	`POST`	`/projects/:id/jobs/:job_id/retry`
Run	Project	`POST`	`/projects/:id/jobs/:job_id/play`
Update	Project	`POST`	`/projects/:id/jobs/:job_id/cancel`

Job Artifact

Grants the ability to delete, read, and update job artifacts.

Action	Access	Method	Path
Delete	Project	`DELETE`	`/projects/:id/jobs/:job_id/artifacts`
Read	Project	`GET`	`/projects/:id/jobs/artifacts/:ref_name/download`
Read	Project	`GET`	`/projects/:id/jobs/artifacts/:ref_name/raw/*artifact_path`
Read	Project	`GET`	`/projects/:id/jobs/:job_id/artifacts`
Read	Project	`GET`	`/projects/:id/jobs/:job_id/artifacts/tree`
Read	Project	`GET`	`/projects/:id/jobs/:job_id/artifacts/*artifact_path`
Update	Project	`POST`	`/projects/:id/jobs/:job_id/artifacts/keep`

Merge Train

Grants the ability to read merge trains.

Action	Access	Method	Path
Read	Project	`GET`	`/projects/:id/merge_trains`
Read	Project	`GET`	`/projects/:id/merge_trains/:target_branch`
Read	Project	`GET`	`/projects/:id/merge_trains/merge_requests/:merge_request_iid`

Merge Train Merge Request

Grants the ability to add merge requests to merge trains.

Action	Access	Method	Path
Add	Project	`POST`	`/projects/:id/merge_trains/merge_requests/:merge_request_iid`

Pipeline

Grants the ability to create, delete, read, and update pipelines.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/pipeline`
Delete	Project	`DELETE`	`/projects/:id/pipelines/:pipeline_id`
Read	Project	`GET`	`/projects/:id/pipelines`
Read	Project	`GET`	`/projects/:id/pipelines/latest`
Read	Project	`GET`	`/projects/:id/pipelines/:pipeline_id`
Read	Project	`GET`	`/projects/:id/pipelines/:pipeline_id/jobs`
Read	Project	`GET`	`/projects/:id/pipelines/:pipeline_id/bridges`
Read	Project	`GET`	`/projects/:id/pipelines/:pipeline_id/variables`
Read	Project	`GET`	`/projects/:id/pipelines/:pipeline_id/test_report`
Read	Project	`GET`	`/projects/:id/pipelines/:pipeline_id/test_report_summary`
Update	Project	`POST`	`/projects/:id/pipelines/:pipeline_id/retry`
Update	Project	`POST`	`/projects/:id/pipelines/:pipeline_id/cancel`
Update	Project	`PUT`	`/projects/:id/pipelines/:pipeline_id/metadata`

Pipeline Schedule

Grants the ability to create, delete, read, and update pipeline schedules.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/pipeline_schedules`
Delete	Project	`DELETE`	`/projects/:id/pipeline_schedules/:pipeline_schedule_id`
Read	Project	`GET`	`/projects/:id/pipeline_schedules`
Read	Project	`GET`	`/projects/:id/pipeline_schedules/:pipeline_schedule_id`
Read ¹	Project	`GET`	`/projects/:id/pipeline_schedules/:pipeline_schedule_id/pipelines`
Read	Project	`GET`	`/projects/:id/pipeline_schedules/:pipeline_schedule_id/variables/:key`
Update	Project	`POST`	`/projects/:id/pipeline_schedules/:pipeline_schedule_id/take_ownership`
Update	Project	`POST`	`/projects/:id/pipeline_schedules/:pipeline_schedule_id/play`
Update	Project	`POST`	`/projects/:id/pipeline_schedules/:pipeline_schedule_id/variables`
Update	Project	`PUT`	`/projects/:id/pipeline_schedules/:pipeline_schedule_id`
Update	Project	`PUT`	`/projects/:id/pipeline_schedules/:pipeline_schedule_id/variables/:key`
Update	Project	`DELETE`	`/projects/:id/pipeline_schedules/:pipeline_schedule_id/variables/:key`

¹ Also requires the Read Pipeline permission.

Protected Environment

Grants the ability to create, delete, read, and update protected environments.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/protected_environments`
Create	Group	`POST`	`/groups/:id/protected_environments`
Delete	Project	`DELETE`	`/projects/:id/protected_environments/:name`
Delete	Group	`DELETE`	`/groups/:id/protected_environments/:name`
Read	Project	`GET`	`/projects/:id/protected_environments`
Read	Project	`GET`	`/projects/:id/protected_environments/:name`
Read	Group	`GET`	`/groups/:id/protected_environments`
Read	Group	`GET`	`/groups/:id/protected_environments/:name`
Update	Project	`PUT`	`/projects/:id/protected_environments/:name`
Update	Group	`PUT`	`/groups/:id/protected_environments/:name`

Pull Mirror

Grants the ability to create, read, and update pull mirrors.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/mirror/pull`
Read	Project	`GET`	`/projects/:id/mirror/pull`
Update	Project	`PUT`	`/projects/:id/mirror/pull`

Repository Storage Move

Grants the ability to create and read repository storage moves.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/repository_storage_moves`
Create	Group	`POST`	`/groups/:id/repository_storage_moves`
Create	Instance	`POST`	`/project_repository_storage_moves`
Create	Instance	`POST`	`/snippet_repository_storage_moves`
Create	Instance	`POST`	`/snippets/:id/repository_storage_moves`
Create	Instance	`POST`	`/group_repository_storage_moves`
Read	Project	`GET`	`/projects/:id/repository_storage_moves`
Read	Project	`GET`	`/projects/:id/repository_storage_moves/:repository_storage_move_id`
Read	Group	`GET`	`/groups/:id/repository_storage_moves`
Read	Group	`GET`	`/groups/:id/repository_storage_moves/:repository_storage_move_id`
Read	Instance	`GET`	`/project_repository_storage_moves`
Read	Instance	`GET`	`/project_repository_storage_moves/:repository_storage_move_id`
Read	Instance	`GET`	`/snippet_repository_storage_moves`
Read	Instance	`GET`	`/snippet_repository_storage_moves/:repository_storage_move_id`
Read	Instance	`GET`	`/snippets/:id/repository_storage_moves`
Read	Instance	`GET`	`/snippets/:id/repository_storage_moves/:repository_storage_move_id`
Read	Instance	`GET`	`/group_repository_storage_moves`
Read	Instance	`GET`	`/group_repository_storage_moves/:repository_storage_move_id`

Resource Group

Grants the ability to read and update resource groups.

Action	Access	Method	Path
Read	Project	`GET`	`/projects/:id/resource_groups`
Read	Project	`GET`	`/projects/:id/resource_groups/:key`
Read ¹	Project	`GET`	`/projects/:id/resource_groups/:key/current_job`
Read ¹	Project	`GET`	`/projects/:id/resource_groups/:key/upcoming_jobs`
Update	Project	`PUT`	`/projects/:id/resource_groups/:key`

¹ Also requires the Read Job permission.

Runner

Grants the ability to assign, create, and read runners.

Action	Access	Method	Path
Assign	Project	`POST`	`/projects/:id/runners`
Assign	Project	`DELETE`	`/projects/:id/runners/:runner_id`
Create	User	`POST`	`/user/runners`
Read	Project	`GET`	`/projects/:id/runners`
Read	Group	`GET`	`/groups/:id/runners`

Runner Registration Token

Grants the ability to reset runner registration tokens.

Action	Access	Method	Path
Reset	Project	`POST`	`/projects/:id/runners/reset_registration_token`
Reset	Group	`POST`	`/groups/:id/runners/reset_registration_token`

Secure File

Grants the ability to create, delete, and read secure files.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/secure_files`
Delete	Project	`DELETE`	`/projects/:id/secure_files/:secure_file_id`
Read	Project	`GET`	`/projects/:id/secure_files`
Read	Project	`GET`	`/projects/:id/secure_files/:secure_file_id`
Read	Project	`GET`	`/projects/:id/secure_files/:secure_file_id/download`

Terraform State

Grants the ability to create, delete, lock, and read Terraform state.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/terraform/state/:name`
Delete	Project	`DELETE`	`/projects/:id/terraform/state/:name`
Delete	Project	`DELETE`	`/projects/:id/terraform/state/:name/versions/:serial`
Lock	Project	`POST`	`/projects/:id/terraform/state/:name/lock`
Lock	Project	`DELETE`	`/projects/:id/terraform/state/:name/lock`
Read	Project	`GET`	`/projects/:id/terraform/state/:name`
Read	Project	`GET`	`/projects/:id/terraform/state_protection_rules`
Read	Project	`GET`	`/projects/:id/terraform/state/:name/versions/:serial`

Trigger

Grants the ability to create, delete, read, and update triggers.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/triggers`
Delete	Project	`DELETE`	`/projects/:id/triggers/:trigger_id`
Read	Project	`GET`	`/projects/:id/triggers`
Read	Project	`GET`	`/projects/:id/triggers/:trigger_id`
Update	Project	`PUT`	`/projects/:id/triggers/:trigger_id`

Variable

Grants the ability to create, delete, read, and update CI variables.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/variables`
Create	Group	`POST`	`/groups/:id/variables`
Create	Instance	`POST`	`/admin/ci/variables`
Delete	Project	`DELETE`	`/projects/:id/variables/:key`
Delete	Group	`DELETE`	`/groups/:id/variables/:key`
Delete	Instance	`DELETE`	`/admin/ci/variables/:key`
Read	Project	`GET`	`/projects/:id/variables`
Read	Project	`GET`	`/projects/:id/variables/:key`
Read	Group	`GET`	`/groups/:id/variables`
Read	Group	`GET`	`/groups/:id/variables/:key`
Read	Instance	`GET`	`/admin/ci/variables`
Read	Instance	`GET`	`/admin/ci/variables/:key`
Update	Project	`PUT`	`/projects/:id/variables/:key`
Update	Group	`PUT`	`/groups/:id/variables/:key`
Update	Instance	`PUT`	`/admin/ci/variables/:key`

Duo resources

Chat Completion

Grants the ability to create chat completions.

Action	Access	Method	Path
Create	User	`POST`	`/chat/completions`

Code Suggestion Completion

Grants the ability to create code suggestion completions.

Action	Access	Method	Path
Create	User	`POST`	`/code_suggestions/completions`

Code Suggestion Connection Detail

Grants the ability to read code suggestion connection details.

Action	Access	Method	Path
Read	User	`POST`	`/code_suggestions/connection_details`

Code Suggestion Direct Access

Grants the ability to create code suggestion direct access.

Action	Access	Method	Path
Create	User	`POST`	`/code_suggestions/direct_access`

Code Suggestion Enabled Status

Grants the ability to read code suggestion enabled status.

Action	Access	Method	Path
Read	Project	`POST`	`/code_suggestions/enabled`

Duo Workflow

Grants the ability to resume duo workflows.

Action	Access	Method	Path
Resume	User	`POST`	`/ai/duo_workflows/workflows/:workflow_id/resume`

Geo resources

Geo Node

Grants the ability to create, delete, read, repair, and update Geo nodes.

Action	Access	Method	Path
Create	Instance	`POST`	`/geo_nodes`
Delete	Instance	`DELETE`	`/geo_nodes/:id`
Read	Instance	`GET`	`/geo_nodes`
Read	Instance	`GET`	`/geo_nodes/status`
Read	Instance	`GET`	`/geo_nodes/:id`
Read	Instance	`GET`	`/geo_nodes/:id/status`
Repair	Instance	`POST`	`/geo_nodes/:id/repair`
Update	Instance	`PUT`	`/geo_nodes/:id`

Geo Site

Grants the ability to create, delete, read, repair, and update Geo sites.

Action	Access	Method	Path
Create	Instance	`POST`	`/geo_sites`
Delete	Instance	`DELETE`	`/geo_sites/:id`
Read	Instance	`GET`	`/geo_sites`
Read	Instance	`GET`	`/geo_sites/status`
Read	Instance	`GET`	`/geo_sites/:id`
Read	Instance	`GET`	`/geo_sites/:id/status`
Repair	Instance	`POST`	`/geo_sites/:id/repair`
Update	Instance	`PUT`	`/geo_sites/:id`

Groups resources

Activity

Grants the ability to read activities.

Action	Access	Method	Path
Read	User	`GET`	`/user/activities`

Admin Member Role

Grants the ability to create, delete, read, and update admin member roles.

Action	Access	Method	Path
Create	Instance	`POST`	`/admin_member_roles`
Delete	Instance	`DELETE`	`/admin_member_roles/:member_role_id`
Read	Instance	`GET`	`/admin_member_roles`

Association

Grants the ability to read associations.

Action	Access	Method	Path
Read	User	`GET`	`/users/:id/associations_count`

Avatar

Grants the ability to read and update avatars.

Action	Access	Method	Path
Read	Project	`GET`	`/projects/:id/avatar`
Read	Group	`GET`	`/groups/:id/avatar`
Read	User	`GET`	`/avatar`
Update	User	`PUT`	`/user/avatar`

Follower

Grants the ability to read followers.

Action	Access	Method	Path
Read	User	`GET`	`/users/:id/followers`

Following

Grants the ability to read followings.

Action	Access	Method	Path
Read	User	`GET`	`/users/:id/following`

GPG Key

Grants the ability to create, delete, read, and revoke GPG keys.

Action	Access	Method	Path
Create	User	`POST`	`/user/gpg_keys`
Delete	User	`DELETE`	`/user/gpg_keys/:key_id`
Read	User	`GET`	`/users/:id/gpg_keys`
Read	User	`GET`	`/users/:id/gpg_keys/:key_id`
Read	User	`GET`	`/user/gpg_keys`
Read	User	`GET`	`/user/gpg_keys/:key_id`
Revoke	User	`POST`	`/user/gpg_keys/:key_id/revoke`

Group

Grants the ability to archive, create, delete, read, share, transfer, and update groups.

Action	Access	Method	Path
Archive	Group	`POST`	`/groups/:id/archive`
Archive	Group	`POST`	`/groups/:id/unarchive`
Create	User	`POST`	`/groups`
Delete	Group	`DELETE`	`/groups/:id`
Read	Group	`GET`	`/groups/:id`
Read	Group	`GET`	`/groups/:id/groups/shared`
Read	Group	`GET`	`/groups/:id/invited_groups`
Read	Group	`GET`	`/groups/:id/projects/shared`
Read	Group	`GET`	`/groups/:id/subgroups`
Read	Group	`GET`	`/groups/:id/descendant_groups`
Read	Group	`GET`	`/groups/:id/transfer_locations`
Read	User	`GET`	`/groups`
Share	Group	`POST`	`/groups/:id/share`
Share	Group	`DELETE`	`/groups/:id/share/:group_id`
Transfer	Group	`POST`	`/groups/:id/transfer`
Transfer	Group	`POST`	`/groups/:id/transfer_to_organization`
Update	Group	`POST`	`/groups/:id/restore`
Update	Group	`PUT`	`/groups/:id`

Member Role

Grants the ability to create, delete, and read member roles.

Action	Access	Method	Path
Create	Group	`POST`	`/groups/:id/member_roles`
Create	Instance	`POST`	`/member_roles`
Delete	Group	`DELETE`	`/groups/:id/member_roles/:member_role_id`
Delete	Instance	`DELETE`	`/member_roles/:member_role_id`
Read	Group	`GET`	`/groups/:id/member_roles`
Read	Instance	`GET`	`/member_roles`

Namespace

Grants the ability to read namespaces.

Action	Access	Method	Path
Read	User	`GET`	`/namespaces`
Read	User	`GET`	`/namespaces/:id`
Read	User	`GET`	`/namespaces/:id/exists`

Preference

Grants the ability to read and update preferences.

Action	Access	Method	Path
Read	User	`GET`	`/user/preferences`
Update	User	`PUT`	`/user/preferences`

SAML Identity

Grants the ability to delete, read, and update SAML identities.

Action	Access	Method	Path
Delete	Group	`DELETE`	`/groups/:id/saml/:uid`
Read	Group	`GET`	`/groups/:id/saml/identities`
Read	Group	`GET`	`/groups/:id/saml/:uid`
Update	Group	`PATCH`	`/groups/:id/saml/:uid`

SSH Certificate

Grants the ability to create, delete, and read SSH certificates.

Action	Access	Method	Path
Create	Group	`POST`	`/groups/:id/ssh_certificates`
Delete	Group	`DELETE`	`/groups/:id/ssh_certificates/:ssh_certificates_id`
Read	Group	`GET`	`/groups/:id/ssh_certificates`

Status

Grants the ability to read and update statuses.

Action	Access	Method	Path
Read	User	`GET`	`/users/:user_id/status`
Read	User	`GET`	`/user/status`
Update	User	`PATCH`	`/user/status`
Update	User	`PUT`	`/user/status`

Support PIN

Grants the ability to create and read support PINs.

Action	Access	Method	Path
Create	User	`POST`	`/user/support_pin`
Read	User	`GET`	`/user/support_pin`

Template

Grants the ability to read templates.

Action	Access	Method	Path
Read	Project	`GET`	`/projects/:id/templates/:type`
Read	Project	`GET`	`/projects/:id/templates/:type/:name`

Topic

Grants the ability to create, delete, merge, read, and update topics.

Action	Access	Method	Path
Create	Instance	`POST`	`/topics`
Delete	Instance	`DELETE`	`/topics/:id`
Merge	Instance	`POST`	`/topics/merge`
Update	Instance	`PUT`	`/topics/:id`

Monitoring resources

Sidekiq Job

Grants the ability to drop Sidekiq jobs.

Action	Access	Method	Path
Drop	Instance	`DELETE`	`/admin/sidekiq/queues/:queue_name`

Sidekiq Metric

Grants the ability to read Sidekiq metrics.

Action	Access	Method	Path
Read	Instance	`GET`	`/sidekiq/queue_metrics`
Read	Instance	`GET`	`/sidekiq/process_metrics`
Read	Instance	`GET`	`/sidekiq/job_stats`
Read	Instance	`GET`	`/sidekiq/compound_metrics`

Note resources

Vulnerability Note

Grants the ability to create, delete, read, and update vulnerability notes.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/vulnerabilities/:noteable_id/notes`
Delete	Project	`DELETE`	`/projects/:id/vulnerabilities/:noteable_id/notes/:note_id`
Read	Project	`GET`	`/projects/:id/vulnerabilities/:noteable_id/notes`
Read	Project	`GET`	`/projects/:id/vulnerabilities/:noteable_id/notes/:note_id`
Update	Project	`PUT`	`/projects/:id/vulnerabilities/:noteable_id/notes/:note_id`

Notifications resources

Todo

Grants the ability to create, read, and update todos.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/merge_requests/:merge_request_iid/todo`
Create	Project	`POST`	`/projects/:id/issues/:issue_iid/todo`
Read	User	`GET`	`/todos`
Update	User	`POST`	`/todos/:id/mark_as_done`
Update	User	`POST`	`/todos/mark_as_done`

Orbit resources

Knowledge Graph

Grants the ability to read knowledge graph data.

Action	Access	Method	Path
Read	User	`GET`	`/orbit/schema`
Read	User	`GET`	`/orbit/status`
Read	User	`GET`	`/orbit/tools`
Read	User	`POST`	`/orbit/query`

Packages And Registry resources

Container Registry Protection Tag Rule

Grants the ability to create, delete, read, and update container registry protection tag rules.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/registry/protection/tag/rules`
Delete	Project	`DELETE`	`/projects/:id/registry/protection/tag/rules/:protection_rule_id`
Read	Project	`GET`	`/projects/:id/registry/protection/tag/rules`
Update	Project	`PATCH`	`/projects/:id/registry/protection/tag/rules/:protection_rule_id`

Container Repository

Grants the ability to delete and read container repositories.

Action	Access	Method	Path
Delete	Project	`DELETE`	`/projects/:id/registry/repositories/:repository_id`
Delete	Project	`DELETE`	`/projects/:id/registry/repositories/:repository_id/tags`
Delete	Project	`DELETE`	`/projects/:id/registry/repositories/:repository_id/tags/:tag_name`
Read	Project	`GET`	`/registry/repositories/:id`
Read	Project	`GET`	`/projects/:id/registry/repositories`
Read	Project	`GET`	`/projects/:id/registry/repositories/:repository_id/tags`
Read	Project	`GET`	`/projects/:id/registry/repositories/:repository_id/tags/:tag_name`
Read	Group	`GET`	`/groups/:id/registry/repositories`

Container Repository Protection Rule

Grants the ability to create, delete, read, and update container repository protection rules.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/registry/protection/repository/rules`
Delete	Project	`DELETE`	`/projects/:id/registry/protection/repository/rules/:protection_rule_id`
Read	Project	`GET`	`/projects/:id/registry/protection/repository/rules`
Update	Project	`PATCH`	`/projects/:id/registry/protection/repository/rules/:protection_rule_id`

Debian Distribution

Grants the ability to create, delete, read, and update Debian distributions.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/debian_distributions`
Create	Group	`POST`	`/groups/:id/-/debian_distributions`
Delete	Project	`DELETE`	`/projects/:id/debian_distributions/:codename`
Delete	Group	`DELETE`	`/groups/:id/-/debian_distributions/:codename`
Read	Project	`GET`	`/projects/:id/debian_distributions`
Read	Project	`GET`	`/projects/:id/debian_distributions/:codename`
Read	Project	`GET`	`/projects/:id/debian_distributions/:codename/key.asc`
Read	Group	`GET`	`/groups/:id/-/debian_distributions`
Read	Group	`GET`	`/groups/:id/-/debian_distributions/:codename`
Read	Group	`GET`	`/groups/:id/-/debian_distributions/:codename/key.asc`
Update	Project	`PUT`	`/projects/:id/debian_distributions/:codename`
Update	Group	`PUT`	`/groups/:id/-/debian_distributions/:codename`

Dependency Proxy Cache

Grants the ability to purge dependency proxy caches.

Action	Access	Method	Path
Purge	Group	`DELETE`	`/groups/:id/dependency_proxy/cache`

Package

Grants the ability to create, delete, and read packages.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/packages/composer`
Create	Project	`POST`	`/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/packages/:conan_package_reference/upload_urls`
Create	Project	`POST`	`/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/upload_urls`
Create	Project	`POST`	`/projects/:id/packages/rubygems/api/v1/gems`
Create	Project	`POST`	`/projects/:id/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/packages/:conan_package_reference/upload_urls`
Create	Project	`POST`	`/projects/:id/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/upload_urls`
Create	Project	`POST`	`/projects/:id/packages/pypi`
Create	Project	`POST`	`/projects/:id/packages/helm/api/:channel/charts`
Create	Project	`PUT`	`/projects/:id/packages/terraform/modules/:module_name/:module_system/*module_version/file`
Create	Project	`PUT`	`/projects/:id/packages/nuget/v2`
Create	Project	`PUT`	`/projects/:id/packages/nuget/symbolpackage`
Create	Project	`PUT`	`/projects/:id/packages/nuget`
Create	Project	`PUT`	`/projects/:id/packages/npm/:package_name`
Create	Project	`PUT`	`/projects/:id/packages/npm/-/package/*package_name/dist-tags/:tag`
Create	Project	`PUT`	`/packages/npm/-/package/*package_name/dist-tags/:tag`
Create	Project	`PUT`	`/projects/:id/packages/maven/*path/:file_name`
Create	Project	`PUT`	`/projects/:id/packages/generic/:package_name/package_version/(path/):file_name`
Create	Project	`PUT`	`/projects/:id/packages/debian/:file_name`
Create	Project	`PUT`	`/projects/:id/packages/conan/v2/conans/:package_name/:package_version/:package_username/:package_channel/revisions/:recipe_revision/packages/:conan_package_reference/revisions/:package_revision/files/:file_name`
Create	Project	`PUT`	`/projects/:id/packages/conan/v2/conans/:package_name/:package_version/:package_username/:package_channel/revisions/:recipe_revision/files/:file_name`
Create	Project	`PUT`	`/projects/:id/packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/package/:conan_package_reference/:package_revision/:file_name`
Create	Project	`PUT`	`/projects/:id/packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/export/:file_name`
Create	Project	`PUT`	`/packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/package/:conan_package_reference/:package_revision/:file_name`
Create	Project	`PUT`	`/packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/export/:file_name`
Create	Group	`POST`	`/virtual_registries/packages/maven/:id/*path/upload`
Create	Group	`PUT`	`/groups/:id/-/packages/npm/-/package/*package_name/dist-tags/:tag`
Delete	Project	`DELETE`	`/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel`
Delete	Project	`DELETE`	`/projects/:id/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel`
Delete	Project	`DELETE`	`/projects/:id/packages/conan/v2/conans/:package_name/:package_version/:package_username/:package_channel/revisions/:recipe_revision`
Delete	Project	`DELETE`	`/projects/:id/packages/conan/v2/conans/:package_name/:package_version/:package_username/:package_channel/revisions/:recipe_revision/packages/:conan_package_reference/revisions/:package_revision`
Delete	Project	`DELETE`	`/packages/npm/-/package/*package_name/dist-tags/:tag`
Delete	Project	`DELETE`	`/projects/:id/packages/npm/-/package/*package_name/dist-tags/:tag`
Delete	Project	`DELETE`	`/projects/:id/packages/nuget/package_name/package_version`
Delete	Project	`DELETE`	`/projects/:id/packages/:package_id`
Delete	Group	`DELETE`	`/groups/:id/-/packages/npm/-/package/*package_name/dist-tags/:tag`
Read	Project	`GET`	`/projects/:id/packages/composer/archives/*package_name`
Read	Project	`GET`	`/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/search`
Read	Project	`GET`	`/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/packages/:conan_package_reference`
Read	Project	`GET`	`/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel`
Read	Project	`GET`	`/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/packages/:conan_package_reference/digest`
Read	Project	`GET`	`/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/digest`
Read	Project	`GET`	`/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/packages/:conan_package_reference/download_urls`
Read	Project	`GET`	`/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/download_urls`
Read	Project	`GET`	`/packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/export/:file_name`
Read	Project	`GET`	`/packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/package/:conan_package_reference/:package_revision/:file_name`
Read	Project	`GET`	`/projects/:id/packages/conan/v1/users/authenticate`
Read	Project	`GET`	`/projects/:id/packages/conan/v1/users/check_credentials`
Read	Project	`GET`	`/projects/:id/packages/conan/v1/conans/search`
Read	Project	`GET`	`/projects/:id/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/search`
Read	Project	`GET`	`/projects/:id/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/packages/:conan_package_reference`
Read	Project	`GET`	`/projects/:id/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel`
Read	Project	`GET`	`/projects/:id/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/packages/:conan_package_reference/digest`
Read	Project	`GET`	`/projects/:id/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/digest`
Read	Project	`GET`	`/projects/:id/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/packages/:conan_package_reference/download_urls`
Read	Project	`GET`	`/projects/:id/packages/conan/v1/conans/:package_name/:package_version/:package_username/:package_channel/download_urls`
Read	Project	`GET`	`/projects/:id/packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/export/:file_name`
Read	Project	`GET`	`/projects/:id/packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/package/:conan_package_reference/:package_revision/:file_name`
Read	Project	`GET`	`/projects/:id/packages/conan/v2/users/authenticate`
Read	Project	`GET`	`/projects/:id/packages/conan/v2/users/check_credentials`
Read	Project	`GET`	`/projects/:id/packages/conan/v2/conans/search`
Read	Project	`GET`	`/projects/:id/packages/conan/v2/conans/:package_name/:package_version/:package_username/:package_channel/search`
Read	Project	`GET`	`/projects/:id/packages/conan/v2/conans/:package_name/:package_version/:package_username/:package_channel/latest`
Read	Project	`GET`	`/projects/:id/packages/conan/v2/conans/:package_name/:package_version/:package_username/:package_channel/revisions`
Read	Project	`GET`	`/projects/:id/packages/conan/v2/conans/:package_name/:package_version/:package_username/:package_channel/revisions/:recipe_revision/files`
Read	Project	`GET`	`/projects/:id/packages/conan/v2/conans/:package_name/:package_version/:package_username/:package_channel/revisions/:recipe_revision/files/:file_name`
Read	Project	`GET`	`/projects/:id/packages/conan/v2/conans/:package_name/:package_version/:package_username/:package_channel/revisions/:recipe_revision/search`
Read	Project	`GET`	`/projects/:id/packages/conan/v2/conans/:package_name/:package_version/:package_username/:package_channel/revisions/:recipe_revision/packages/:conan_package_reference/latest`
Read	Project	`GET`	`/projects/:id/packages/conan/v2/conans/:package_name/:package_version/:package_username/:package_channel/revisions/:recipe_revision/packages/:conan_package_reference/revisions`
Read	Project	`GET`	`/projects/:id/packages/conan/v2/conans/:package_name/:package_version/:package_username/:package_channel/revisions/:recipe_revision/packages/:conan_package_reference/revisions/:package_revision/files`
Read	Project	`GET`	`/projects/:id/packages/conan/v2/conans/:package_name/:package_version/:package_username/:package_channel/revisions/:recipe_revision/packages/:conan_package_reference/revisions/:package_revision/files/:file_name`
Read	Project	`GET`	`/projects/:id/packages/debian/dists/*distribution/Release.gpg`
Read	Project	`GET`	`/projects/:id/packages/debian/dists/*distribution/Release`
Read	Project	`GET`	`/projects/:id/packages/debian/dists/*distribution/InRelease`
Read	Project	`GET`	`/projects/:id/packages/debian/dists/*distribution/:component/debian-installer/binary-:architecture/Packages`
Read	Project	`GET`	`/projects/:id/packages/debian/dists/*distribution/:component/debian-installer/binary-:architecture/by-hash/SHA256/:file_sha256`
Read	Project	`GET`	`/projects/:id/packages/debian/dists/*distribution/:component/source/Sources`
Read	Project	`GET`	`/projects/:id/packages/debian/dists/*distribution/:component/source/by-hash/SHA256/:file_sha256`
Read	Project	`GET`	`/projects/:id/packages/debian/dists/*distribution/:component/binary-:architecture/Packages`
Read	Project	`GET`	`/projects/:id/packages/debian/dists/*distribution/:component/binary-:architecture/by-hash/SHA256/:file_sha256`
Read	Project	`GET`	`/projects/:id/packages/debian/pool/:distribution/:letter/:package_name/:package_version/:file_name`
Read	Project	`GET`	`/projects/:id/packages/generic/:package_name/package_version/(path/):file_name`
Read	Project	`GET`	`/projects/:id/packages/go/*module_name/@v/list`
Read	Project	`GET`	`/projects/:id/packages/go/*module_name/@v/:module_version.info`
Read	Project	`GET`	`/projects/:id/packages/go/*module_name/@v/:module_version.mod`
Read	Project	`GET`	`/projects/:id/packages/go/*module_name/@v/:module_version.zip`
Read	Project	`GET`	`/projects/:id/packages/helm/:channel/index.yaml`
Read	Project	`GET`	`/projects/:id/packages/helm/:channel/charts/:file_name.tgz`
Read	Project	`GET`	`/projects/:id/packages/maven/*path/:file_name`
Read	Project	`GET`	`/packages/npm/-/package/*package_name/dist-tags`
Read	Project	`GET`	`/projects/:id/packages/npm/-/package/*package_name/dist-tags`
Read	Project	`GET`	`/projects/:id/packages/npm/package_name/-/file_name`
Read	Project	`GET`	`/projects/:id/packages/npm/*package_name`
Read	Project	`GET`	`/projects/:id/packages/nuget/metadata/*package_name/index`
Read	Project	`GET`	`/projects/:id/packages/nuget/metadata/package_name/package_version`
Read	Project	`GET`	`/projects/:id/packages/nuget/query`
Read	Project	`GET`	`/projects/:id/packages/nuget/download/*package_name/index`
Read	Project	`GET`	`/projects/:id/packages/nuget/download/package_name/package_version/*package_filename`
Read	Project	`GET`	`/projects/:id/packages`
Read	Project	`GET`	`/projects/:id/packages/:package_id`
Read	Project	`GET`	`/projects/:id/packages/pypi/files/:sha256/*file_identifier`
Read	Project	`GET`	`/projects/:id/packages/pypi/simple`
Read	Project	`GET`	`/projects/:id/packages/pypi/simple/*package_name`
Read	Project	`GET`	`/projects/:id/packages/rubygems/quick/Marshal.4.8/:file_name`
Read	Project	`GET`	`/projects/:id/packages/rubygems/gems/:file_name`
Read	Project	`GET`	`/projects/:id/packages/rubygems/api/v1/dependencies`
Read	Project	`GET`	`/projects/:id/packages/terraform/modules/:module_name/:module_system`
Read	Project	`GET`	`/projects/:id/packages/terraform/modules/:module_name/:module_system/*module_version`
Read	Group	`GET`	`/group/:id/-/packages/composer/packages`
Read	Group	`GET`	`/group/:id/-/packages/composer/p/:sha`
Read	Group	`GET`	`/group/:id/-/packages/composer/p2/*package_name`
Read	Group	`GET`	`/group/:id/-/packages/composer/*package_name`
Read	Group	`GET`	`/groups/:id/-/packages/debian/dists/*distribution/Release.gpg`
Read	Group	`GET`	`/groups/:id/-/packages/debian/dists/*distribution/Release`
Read	Group	`GET`	`/groups/:id/-/packages/debian/dists/*distribution/InRelease`
Read	Group	`GET`	`/groups/:id/-/packages/debian/dists/*distribution/:component/debian-installer/binary-:architecture/Packages`
Read	Group	`GET`	`/groups/:id/-/packages/debian/dists/*distribution/:component/debian-installer/binary-:architecture/by-hash/SHA256/:file_sha256`
Read	Group	`GET`	`/groups/:id/-/packages/debian/dists/*distribution/:component/source/Sources`
Read	Group	`GET`	`/groups/:id/-/packages/debian/dists/*distribution/:component/source/by-hash/SHA256/:file_sha256`
Read	Group	`GET`	`/groups/:id/-/packages/debian/dists/*distribution/:component/binary-:architecture/Packages`
Read	Group	`GET`	`/groups/:id/-/packages/debian/dists/*distribution/:component/binary-:architecture/by-hash/SHA256/:file_sha256`
Read	Group	`GET`	`/groups/:id/packages`
Read	Group	`GET`	`/groups/:id/-/packages/maven/*path/:file_name`
Read	Group	`GET`	`/groups/:id/-/packages/npm/-/package/*package_name/dist-tags`
Read	Group	`GET`	`/groups/:id/-/packages/nuget/metadata/*package_name/index`
Read	Group	`GET`	`/groups/:id/-/packages/nuget/metadata/package_name/package_version`
Read	Group	`GET`	`/groups/:id/-/packages/nuget/query`
Read	Group	`GET`	`/groups/:id/-/packages/pypi/files/:sha256/*file_identifier`
Read	Group	`GET`	`/groups/:id/-/packages/pypi/simple`
Read	Group	`GET`	`/groups/:id/-/packages/pypi/simple/*package_name`
Read	Group	`GET`	`/packages/terraform/modules/v1/:module_namespace/:module_name/:module_system/versions`
Read	Group	`GET`	`/packages/terraform/modules/v1/:module_namespace/:module_name/:module_system/download`
Read	Group	`GET`	`/packages/terraform/modules/v1/:module_namespace/:module_name/:module_system`
Read	Group	`GET`	`/packages/terraform/modules/v1/:module_namespace/:module_name/:module_system/*module_version/download`
Read	Group	`GET`	`/packages/terraform/modules/v1/:module_namespace/:module_name/:module_system/*module_version/file`
Read	Group	`GET`	`/packages/terraform/modules/v1/:module_namespace/:module_name/:module_system/*module_version`
Read	Group	`GET`	`/virtual_registries/packages/maven/:id/*path`
Read	Instance	`GET`	`/packages/conan/v1/users/authenticate`
Read	Instance	`GET`	`/packages/conan/v1/users/check_credentials`
Read	Instance	`GET`	`/packages/conan/v1/conans/search`
Read	Instance	`GET`	`/packages/maven/*path/:file_name`

Package Pipeline

Grants the ability to read package pipelines.

Action	Access	Method	Path
Read	Project	`GET`	`/projects/:id/packages/:package_id/pipelines`

Virtual Registry

Grants the ability to create, delete, read, and update virtual registries.

Action	Access	Method	Path
Create	Group	`POST`	`/groups/:id/-/virtual_registries/container/registries`
Create	Group	`POST`	`/virtual_registries/container/registry_upstreams`
Create	Group	`POST`	`/virtual_registries/container/registries/:id/upstreams`
Create	Group	`POST`	`/groups/:id/-/virtual_registries/packages/maven/registries`
Create	Group	`POST`	`/virtual_registries/packages/maven/registries/:id/upstreams`
Create	Group	`POST`	`/virtual_registries/packages/maven/registry_upstreams`
Create	Group	`POST`	`/groups/:id/-/virtual_registries/packages/npm/registries`
Create	Group	`POST`	`/virtual_registries/packages/npm/registry_upstreams`
Delete	Group	`DELETE`	`/virtual_registries/container/registries/:id`
Delete	Group	`DELETE`	`/virtual_registries/container/registries/:id/cache`
Delete	Group	`DELETE`	`/virtual_registries/container/registry_upstreams/:id`
Delete	Group	`DELETE`	`/virtual_registries/container/upstreams/:id`
Delete	Group	`DELETE`	`/virtual_registries/container/upstreams/:id/cache`
Delete	Group	`DELETE`	`/virtual_registries/container/cache_entries/*id`
Delete	Group	`DELETE`	`/virtual_registries/packages/maven/registries/:id`
Delete	Group	`DELETE`	`/virtual_registries/packages/maven/registries/:id/cache`
Delete	Group	`DELETE`	`/virtual_registries/packages/maven/upstreams/:id`
Delete	Group	`DELETE`	`/virtual_registries/packages/maven/upstreams/:id/cache`
Delete	Group	`DELETE`	`/virtual_registries/packages/maven/registry_upstreams/:id`
Delete	Group	`DELETE`	`/virtual_registries/packages/maven/cache_entries/*id`
Delete	Group	`DELETE`	`/virtual_registries/packages/npm/remote/cache_entries/*id`
Delete	Group	`DELETE`	`/virtual_registries/packages/npm/registries/:id`
Delete	Group	`DELETE`	`/virtual_registries/packages/npm/registries/:id/cache`
Delete	Group	`DELETE`	`/virtual_registries/packages/npm/registry_upstreams/:id`
Read	Group	`GET`	`/virtual_registries/packages/npm/registries/:id`
Read	Group	`GET`	`/groups/:id/-/virtual_registries/packages/npm/registries`
Read	Group	`GET`	`/virtual_registries/packages/npm/remote/upstreams/:id/cache_entries`
Read	Group	`GET`	`/virtual_registries/packages/maven/upstreams/:id/cache_entries`
Read	Group	`GET`	`/virtual_registries/packages/maven/upstreams/:id/test`
Read	Group	`GET`	`/virtual_registries/packages/maven/upstreams/:id`
Read	Group	`GET`	`/virtual_registries/packages/maven/registries/:id/upstreams`
Read	Group	`GET`	`/groups/:id/-/virtual_registries/packages/maven/upstreams`
Read	Group	`GET`	`/virtual_registries/packages/maven/registries/:id`
Read	Group	`GET`	`/groups/:id/-/virtual_registries/packages/maven/registries`
Read	Group	`GET`	`/virtual_registries/container/upstreams/:id/cache_entries`
Read	Group	`GET`	`/virtual_registries/container/upstreams/:id`
Read	Group	`GET`	`/virtual_registries/container/registries/:id/upstreams`
Read	Group	`GET`	`/groups/:id/-/virtual_registries/container/upstreams`
Read	Group	`GET`	`/virtual_registries/container/registries/:id`
Read	Group	`GET`	`/groups/:id/-/virtual_registries/container/registries`
Read	Group	`POST`	`/groups/:id/-/virtual_registries/packages/maven/upstreams/test`
Read	Group	`POST`	`/virtual_registries/container/upstreams/:id/test`
Read	Group	`POST`	`/virtual_registries/packages/maven/upstreams/:id/test`
Read	Group	`POST`	`/groups/:id/-/virtual_registries/container/upstreams/test`
Update	Group	`PATCH`	`/virtual_registries/container/registries/:id`
Update	Group	`PATCH`	`/virtual_registries/container/registry_upstreams/:id`
Update	Group	`PATCH`	`/virtual_registries/container/upstreams/:id`
Update	Group	`PATCH`	`/virtual_registries/packages/maven/registries/:id`
Update	Group	`PATCH`	`/virtual_registries/packages/maven/upstreams/:id`
Update	Group	`PATCH`	`/virtual_registries/packages/maven/registry_upstreams/:id`
Update	Group	`PATCH`	`/virtual_registries/packages/npm/registries/:id`
Update	Group	`PATCH`	`/virtual_registries/packages/npm/registry_upstreams/:id`

Virtual Registry Cleanup Policy

Grants the ability to create, delete, read, and update virtual registry cleanup policies.

Action	Access	Method	Path
Create	Group	`POST`	`/groups/:id/-/virtual_registries/cleanup/policy`
Delete	Group	`DELETE`	`/groups/:id/-/virtual_registries/cleanup/policy`
Read	Group	`GET`	`/groups/:id/-/virtual_registries/cleanup/policy`
Update	Group	`PATCH`	`/groups/:id/-/virtual_registries/cleanup/policy`

Project Features resources

Alias

Grants the ability to create, delete, and read aliases.

Action	Access	Method	Path
Create	Instance	`POST`	`/project_aliases`
Delete	Instance	`DELETE`	`/project_aliases/:name`
Read	Instance	`GET`	`/project_aliases`
Read	Instance	`GET`	`/project_aliases/:name`

Badge

Grants the ability to create, delete, read, and update badges.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/badges`
Create	Group	`POST`	`/groups/:id/badges`
Delete	Project	`DELETE`	`/projects/:id/badges/:badge_id`
Delete	Group	`DELETE`	`/groups/:id/badges/:badge_id`
Read	Project	`GET`	`/projects/:id/badges`
Read	Project	`GET`	`/projects/:id/badges/render`
Read	Project	`GET`	`/projects/:id/badges/:badge_id`
Read	Group	`GET`	`/groups/:id/badges`
Read	Group	`GET`	`/groups/:id/badges/render`
Read	Group	`GET`	`/groups/:id/badges/:badge_id`
Update	Project	`PUT`	`/projects/:id/badges/:badge_id`
Update	Group	`PUT`	`/groups/:id/badges/:badge_id`

Release

Grants the ability to create, delete, read, and update releases.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/releases`
Create	Project	`POST`	`/projects/:id/releases/:tag_name/evidence`
Delete	Project	`DELETE`	`/projects/:id/releases/:tag_name`
Read	Project	`GET`	`/projects/:id/releases`
Read	Project	`GET`	`/projects/:id/releases/:tag_name`
Read	Project	`GET`	`/projects/:id/releases/:tag_name/downloads/*direct_asset_path`
Read	Project	`GET`	`/projects/:id/releases/permalink/latest(/)(*suffix_path)`
Read	Group	`GET`	`/groups/:id/releases`
Update	Project	`PUT`	`/projects/:id/releases/:tag_name`

Release Link

Grants the ability to create, delete, read, and update release links.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/releases/:tag_name/assets/links`
Delete	Project	`DELETE`	`/projects/:id/releases/:tag_name/assets/links/:link_id`
Read	Project	`GET`	`/projects/:id/releases/:tag_name/assets/links`
Read	Project	`GET`	`/projects/:id/releases/:tag_name/assets/links/:link_id`
Update	Project	`PUT`	`/projects/:id/releases/:tag_name/assets/links/:link_id`

Remote Mirror

Grants the ability to create, delete, read, and update remote mirrors.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/remote_mirrors`
Delete	Project	`DELETE`	`/projects/:id/remote_mirrors/:mirror_id`
Read	Project	`GET`	`/projects/:id/remote_mirrors`
Read	Project	`GET`	`/projects/:id/remote_mirrors/:mirror_id`
Update	Project	`POST`	`/projects/:id/remote_mirrors/:mirror_id/sync`
Update	Project	`PUT`	`/projects/:id/remote_mirrors/:mirror_id`

Remote Mirror Public Key

Grants the ability to read remote mirror public keys.

Action	Access	Method	Path
Read	Project	`GET`	`/projects/:id/remote_mirrors/:mirror_id/public_key`

Snapshot

Grants the ability to read snapshots.

Action	Access	Method	Path
Read	Project	`GET`	`/projects/:id/snapshot`

Snippet

Grants the ability to create, delete, read, and update snippets.

Action	Access	Method	Path
Create	User	`POST`	`/snippets`
Delete	User	`DELETE`	`/snippets/:id`
Read	User	`GET`	`/snippets`
Read	User	`GET`	`/snippets/public`
Read	User	`GET`	`/snippets/all`
Read	User	`GET`	`/snippets/:id`
Read	User	`GET`	`/snippets/:id/raw`
Read	User	`GET`	`/snippets/:id/files/:ref/:file_path/raw`
Read	Instance	`GET`	`/snippets/:id/user_agent_detail`
Update	User	`PUT`	`/snippets/:id`

Project Model Registry And Experiments resources

MLflow Artifact

Grants the ability to read MLflow artifacts.

Action	Access	Method	Path
Read	Project	`GET`	`/projects/:id/ml/mlflow/api/2.0/mlflow-artifacts/artifacts`
Read	Project	`GET`	`/projects/:id/ml/mlflow/api/2.0/mlflow-artifacts/artifacts/:model_version/*file_path`

MLflow Run

Grants the ability to create, delete, log, read, and update MLflow runs.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/ml/mlflow/api/2.0/mlflow/runs/create`
Delete	Project	`POST`	`/projects/:id/ml/mlflow/api/2.0/mlflow/runs/delete`
Log	Project	`POST`	`/projects/:id/ml/mlflow/api/2.0/mlflow/runs/log-metric`
Log	Project	`POST`	`/projects/:id/ml/mlflow/api/2.0/mlflow/runs/log-parameter`
Log	Project	`POST`	`/projects/:id/ml/mlflow/api/2.0/mlflow/runs/log-batch`
Read	Project	`GET`	`/projects/:id/ml/mlflow/api/2.0/mlflow/runs/get`
Read	Project	`POST`	`/projects/:id/ml/mlflow/api/2.0/mlflow/runs/search`
Update	Project	`POST`	`/projects/:id/ml/mlflow/api/2.0/mlflow/runs/update`
Update	Project	`POST`	`/projects/:id/ml/mlflow/api/2.0/mlflow/runs/set-tag`

Project Planning resources

Custom Attribute

Grants the ability to delete, read, and update custom attributes.

Action	Access	Method	Path
Delete	Project	`DELETE`	`/projects/:id/custom_attributes/:key`
Delete	Group	`DELETE`	`/groups/:id/custom_attributes/:key`
Delete	Instance	`DELETE`	`/users/:id/custom_attributes/:key`
Read	Project	`GET`	`/projects/:id/custom_attributes`
Read	Project	`GET`	`/projects/:id/custom_attributes/:key`
Read	Group	`GET`	`/groups/:id/custom_attributes`
Read	Group	`GET`	`/groups/:id/custom_attributes/:key`
Read	Instance	`GET`	`/users/:id/custom_attributes`
Read	Instance	`GET`	`/users/:id/custom_attributes/:key`
Update	Project	`PUT`	`/projects/:id/custom_attributes/:key`
Update	Group	`PUT`	`/groups/:id/custom_attributes/:key`
Update	Instance	`PUT`	`/users/:id/custom_attributes/:key`

Epic Label Event

Grants the ability to read epic label events.

Action	Access	Method	Path
Read	Group	`GET`	`/groups/:id/epics/:eventable_id/resource_label_events`
Read	Group	`GET`	`/groups/:id/epics/:eventable_id/resource_label_events/:event_id`

Feature Flag

Grants the ability to create, delete, read, and update feature flags.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/feature_flags`
Delete	Project	`DELETE`	`/projects/:id/feature_flags/:feature_flag_name`
Read	Project	`GET`	`/projects/:id/feature_flags`
Read	Project	`GET`	`/projects/:id/feature_flags/:feature_flag_name`
Update	Project	`PUT`	`/projects/:id/feature_flags/:feature_flag_name`

Feature Flag User List

Grants the ability to create, delete, read, and update feature flag user lists.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/feature_flags_user_lists`
Delete	Project	`DELETE`	`/projects/:id/feature_flags_user_lists/:iid`
Read	Project	`GET`	`/projects/:id/feature_flags_user_lists`
Read	Project	`GET`	`/projects/:id/feature_flags_user_lists/:iid`
Update	Project	`PUT`	`/projects/:id/feature_flags_user_lists/:iid`

Freeze Period

Grants the ability to create, delete, read, and update freeze periods.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/freeze_periods`
Delete	Project	`DELETE`	`/projects/:id/freeze_periods/:freeze_period_id`
Read	Project	`GET`	`/projects/:id/freeze_periods`
Read	Project	`GET`	`/projects/:id/freeze_periods/:freeze_period_id`
Update	Project	`PUT`	`/projects/:id/freeze_periods/:freeze_period_id`

Internal Event

Grants the ability to track internal events.

Action	Access	Method	Path
Track	Instance	`POST`	`/usage_data/track_events`
Track	Instance	`POST`	`/usage_data/track_event`

Issue Label Event

Grants the ability to read issue label events.

Action	Access	Method	Path
Read	Project	`GET`	`/projects/:id/issues/:eventable_id/resource_label_events`
Read	Project	`GET`	`/projects/:id/issues/:eventable_id/resource_label_events/:event_id`

Label

Grants the ability to create, delete, promote, read, and update labels.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/labels`
Create	Group	`POST`	`/groups/:id/labels`
Delete	Project	`DELETE`	`/projects/:id/labels`
Delete	Project	`DELETE`	`/projects/:id/labels/:name`
Delete	Group	`DELETE`	`/groups/:id/labels`
Delete	Group	`DELETE`	`/groups/:id/labels/:name`
Promote	Project	`PUT`	`/projects/:id/labels/promote`
Promote	Project	`PUT`	`/projects/:id/labels/:name/promote`
Read	Project	`GET`	`/projects/:id/labels`
Read	Project	`GET`	`/projects/:id/labels/:name`
Read	Group	`GET`	`/groups/:id/labels`
Read	Group	`GET`	`/groups/:id/labels/:name`
Update	Project	`PUT`	`/projects/:id/labels`
Update	Project	`PUT`	`/projects/:id/labels/:name`
Update	Group	`PUT`	`/groups/:id/labels`
Update	Group	`PUT`	`/groups/:id/labels/:name`

Merge Request Label Event

Grants the ability to read merge request label events.

Action	Access	Method	Path
Read	Project	`GET`	`/projects/:id/merge_requests/:eventable_id/resource_label_events`
Read	Project	`GET`	`/projects/:id/merge_requests/:eventable_id/resource_label_events/:event_id`

Service Ping

Grants the ability to read service ping data.

Action	Access	Method	Path
Read	Instance	`GET`	`/usage_data/service_ping`

Usage Data Metric

Grants the ability to increment and read usage data metrics.

Action	Access	Method	Path
Increment	Instance	`POST`	`/usage_data/increment_counter`
Increment	Instance	`POST`	`/usage_data/increment_unique_users`
Read	Instance	`GET`	`/usage_data/non_sql_metrics`

Work Item

Grants the ability to create, delete, read, and update work items.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/issues/:issue_iid/award_emoji`
Create	Project	`POST`	`/projects/:id/issues/:issue_iid/notes/:note_id/award_emoji`
Create	Project	`POST`	`/projects/:id/merge_requests/:merge_request_iid/award_emoji`
Create	Project	`POST`	`/projects/:id/merge_requests/:merge_request_iid/notes/:note_id/award_emoji`
Create	Project	`POST`	`/projects/:id/snippets/:snippet_id/award_emoji`
Create	Project	`POST`	`/projects/:id/snippets/:snippet_id/notes/:note_id/award_emoji`
Create	Project	`POST`	`/projects/:id/issues/:issue_iid/links`
Create	Project	`POST`	`/projects/:id/issues`
Create	Project	`POST`	`/projects/:id/issues/:issue_iid/clone`
Create	Project	`POST`	`/namespaces/:id/-/work_items`
Create	Project	`POST`	`/projects/:id/-/work_items`
Create	Project	`POST`	`/projects/:id/boards`
Create	Project	`POST`	`/projects/:id/boards/:board_id/lists`
Create	Project	`POST`	`/projects/:id/issues/:noteable_id/discussions`
Create	Project	`POST`	`/projects/:id/issues/:noteable_id/discussions/:discussion_id/notes`
Create	Project	`POST`	`/projects/:id/snippets/:noteable_id/discussions`
Create	Project	`POST`	`/projects/:id/snippets/:noteable_id/discussions/:discussion_id/notes`
Create	Project	`POST`	`/projects/:id/issues/:noteable_id/notes`
Create	Project	`POST`	`/projects/:id/merge_requests/:noteable_id/notes`
Create	Project	`POST`	`/projects/:id/snippets/:noteable_id/notes`
Create	Project	`POST`	`/projects/:id/wiki_pages/:noteable_id/notes`
Create	Project	`POST`	`/projects/:id/milestones`
Create	Group	`POST`	`/groups/:id/epics/:epic_iid/award_emoji`
Create	Group	`POST`	`/groups/:id/epics/:epic_iid/notes/:note_id/award_emoji`
Create	Group	`POST`	`/namespaces/:id/-/work_items`
Create	Group	`POST`	`/groups/:id/-/work_items`
Create	Group	`POST`	`/groups/:id/epics/:noteable_id/discussions`
Create	Group	`POST`	`/groups/:id/epics/:noteable_id/discussions/:discussion_id/notes`
Create	Group	`POST`	`/groups/:id/boards/:board_id/lists`
Create	Group	`POST`	`/groups/:id/milestones`
Create	Group	`POST`	`/groups/:id/epics/:noteable_id/notes`
Create	Group	`POST`	`/groups/:id/wiki_pages/:noteable_id/notes`
Create	Group	`POST`	`/groups/:id/boards`
Create	Group	`POST`	`/groups/:id/(-/)epics/:epic_iid/issues/:issue_id`
Create	Group	`POST`	`/groups/:id/(-/)epics/:epic_iid/epics/:child_epic_id`
Create	Group	`POST`	`/groups/:id/(-/)epics/:epic_iid/epics`
Create	Group	`POST`	`/groups/:id/(-/)epics`
Create	Group	`POST`	`/groups/:id/epics/:epic_iid/related_epics`
Delete	Project	`DELETE`	`/projects/:id/issues/:issue_iid/award_emoji/:award_id`
Delete	Project	`DELETE`	`/projects/:id/issues/:issue_iid/notes/:note_id/award_emoji/:award_id`
Delete	Project	`DELETE`	`/projects/:id/merge_requests/:merge_request_iid/award_emoji/:award_id`
Delete	Project	`DELETE`	`/projects/:id/merge_requests/:merge_request_iid/notes/:note_id/award_emoji/:award_id`
Delete	Project	`DELETE`	`/projects/:id/snippets/:snippet_id/award_emoji/:award_id`
Delete	Project	`DELETE`	`/projects/:id/snippets/:snippet_id/notes/:note_id/award_emoji/:award_id`
Delete	Project	`DELETE`	`/projects/:id/issues/:issue_iid/links/:issue_link_id`
Delete	Project	`DELETE`	`/projects/:id/issues/:issue_iid`
Delete	Project	`DELETE`	`/namespaces/:id/-/work_items/:work_item_iid`
Delete	Project	`DELETE`	`/projects/:id/-/work_items/:work_item_iid`
Delete	Project	`DELETE`	`/projects/:id/boards/:board_id`
Delete	Project	`DELETE`	`/projects/:id/boards/:board_id/lists/:list_id`
Delete	Project	`DELETE`	`/projects/:id/issues/:noteable_id/discussions/:discussion_id/notes/:note_id`
Delete	Project	`DELETE`	`/projects/:id/snippets/:noteable_id/discussions/:discussion_id/notes/:note_id`
Delete	Project	`DELETE`	`/projects/:id/issues/:noteable_id/notes/:note_id`
Delete	Project	`DELETE`	`/projects/:id/merge_requests/:noteable_id/notes/:note_id`
Delete	Project	`DELETE`	`/projects/:id/snippets/:noteable_id/notes/:note_id`
Delete	Project	`DELETE`	`/projects/:id/wiki_pages/:noteable_id/notes/:note_id`
Delete	Project	`DELETE`	`/projects/:id/milestones/:milestone_id`
Delete	Group	`DELETE`	`/groups/:id/epics/:epic_iid/award_emoji/:award_id`
Delete	Group	`DELETE`	`/groups/:id/epics/:epic_iid/notes/:note_id/award_emoji/:award_id`
Delete	Group	`DELETE`	`/namespaces/:id/-/work_items/:work_item_iid`
Delete	Group	`DELETE`	`/groups/:id/-/work_items/:work_item_iid`
Delete	Group	`DELETE`	`/groups/:id/epics/:noteable_id/discussions/:discussion_id/notes/:note_id`
Delete	Group	`DELETE`	`/groups/:id/boards/:board_id/lists/:list_id`
Delete	Group	`DELETE`	`/groups/:id/milestones/:milestone_id`
Delete	Group	`DELETE`	`/groups/:id/epics/:noteable_id/notes/:note_id`
Delete	Group	`DELETE`	`/groups/:id/wiki_pages/:noteable_id/notes/:note_id`
Delete	Group	`DELETE`	`/groups/:id/boards/:board_id`
Delete	Group	`DELETE`	`/groups/:id/(-/)epics/:epic_iid/issues/:epic_issue_id`
Delete	Group	`DELETE`	`/groups/:id/(-/)epics/:epic_iid/epics/:child_epic_id`
Delete	Group	`DELETE`	`/groups/:id/(-/)epics/:epic_iid`
Delete	Group	`DELETE`	`/groups/:id/epics/:epic_iid/related_epics/:related_epic_link_id`
Read	Project	`GET`	`/projects/:id/issues/:issue_iid/award_emoji`
Read	Project	`GET`	`/projects/:id/issues/:issue_iid/award_emoji/:award_id`
Read	Project	`GET`	`/projects/:id/issues/:issue_iid/notes/:note_id/award_emoji`
Read	Project	`GET`	`/projects/:id/issues/:issue_iid/notes/:note_id/award_emoji/:award_id`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/award_emoji`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/award_emoji/:award_id`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/notes/:note_id/award_emoji`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/notes/:note_id/award_emoji/:award_id`
Read	Project	`GET`	`/projects/:id/snippets/:snippet_id/award_emoji`
Read	Project	`GET`	`/projects/:id/snippets/:snippet_id/award_emoji/:award_id`
Read	Project	`GET`	`/projects/:id/snippets/:snippet_id/notes/:note_id/award_emoji`
Read	Project	`GET`	`/projects/:id/snippets/:snippet_id/notes/:note_id/award_emoji/:award_id`
Read	Project	`GET`	`/projects/:id/issues/:issue_iid/links`
Read	Project	`GET`	`/projects/:id/issues/:issue_iid/links/:issue_link_id`
Read	Project	`GET`	`/projects/:id/issues/:issue_iid/time_stats`
Read	Project	`GET`	`/projects/:id/issues`
Read	Project	`GET`	`/projects/:id/issues_statistics`
Read	Project	`GET`	`/projects/:id/issues/:issue_iid`
Read	Project	`GET`	`/projects/:id/issues/:issue_iid/related_merge_requests`
Read	Project	`GET`	`/projects/:id/issues/:issue_iid/closed_by`
Read	Project	`GET`	`/projects/:id/issues/:issue_iid/participants`
Read	Project	`GET`	`/projects/:id/issues/:issue_iid/user_agent_detail`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/time_stats`
Read	Project	`GET`	`/projects/:id/issues/:eventable_id/resource_milestone_events`
Read	Project	`GET`	`/projects/:id/issues/:eventable_id/resource_milestone_events/:event_id`
Read	Project	`GET`	`/projects/:id/merge_requests/:eventable_id/resource_milestone_events`
Read	Project	`GET`	`/projects/:id/merge_requests/:eventable_id/resource_milestone_events/:event_id`
Read	Project	`GET`	`/namespaces/:id/-/work_items`
Read	Project	`GET`	`/projects/:id/-/work_items`
Read	Project	`GET`	`/namespaces/:id/-/work_items/:work_item_iid`
Read	Project	`GET`	`/projects/:id/-/work_items/:work_item_iid`
Read	Project	`GET`	`/projects/:id/boards`
Read	Project	`GET`	`/projects/:id/boards/:board_id`
Read	Project	`GET`	`/projects/:id/boards/:board_id/lists`
Read	Project	`GET`	`/projects/:id/boards/:board_id/lists/:list_id`
Read	Project	`GET`	`/projects/:id/issues/:noteable_id/discussions`
Read	Project	`GET`	`/projects/:id/issues/:noteable_id/discussions/:discussion_id`
Read	Project	`GET`	`/projects/:id/issues/:noteable_id/discussions/:discussion_id/notes`
Read	Project	`GET`	`/projects/:id/issues/:noteable_id/discussions/:discussion_id/notes/:note_id`
Read	Project	`GET`	`/projects/:id/snippets/:noteable_id/discussions`
Read	Project	`GET`	`/projects/:id/snippets/:noteable_id/discussions/:discussion_id`
Read	Project	`GET`	`/projects/:id/snippets/:noteable_id/discussions/:discussion_id/notes`
Read	Project	`GET`	`/projects/:id/snippets/:noteable_id/discussions/:discussion_id/notes/:note_id`
Read	Project	`GET`	`/projects/:id/issues/:noteable_id/notes`
Read	Project	`GET`	`/projects/:id/issues/:noteable_id/notes/:note_id`
Read	Project	`GET`	`/projects/:id/merge_requests/:noteable_id/notes`
Read	Project	`GET`	`/projects/:id/merge_requests/:noteable_id/notes/:note_id`
Read	Project	`GET`	`/projects/:id/snippets/:noteable_id/notes`
Read	Project	`GET`	`/projects/:id/snippets/:noteable_id/notes/:note_id`
Read	Project	`GET`	`/projects/:id/wiki_pages/:noteable_id/notes`
Read	Project	`GET`	`/projects/:id/wiki_pages/:noteable_id/notes/:note_id`
Read	Project	`GET`	`/projects/:id/milestones`
Read	Project	`GET`	`/projects/:id/milestones/:milestone_id`
Read	Project	`GET`	`/projects/:id/milestones/:milestone_id/issues`
Read	Project	`GET`	`/projects/:id/milestones/:milestone_id/merge_requests`
Read	Project	`GET`	`/projects/:id/milestones/:milestone_id/burndown_events`
Read	Project	`GET`	`/projects/:id/issues/:eventable_id/resource_state_events`
Read	Project	`GET`	`/projects/:id/issues/:eventable_id/resource_state_events/:event_id`
Read	Project	`GET`	`/projects/:id/merge_requests/:eventable_id/resource_state_events`
Read	Project	`GET`	`/projects/:id/merge_requests/:eventable_id/resource_state_events/:event_id`
Read	Project	`GET`	`/projects/:id/issues/:eventable_id/resource_weight_events`
Read	Project	`GET`	`/projects/:id/issues/:eventable_id/resource_weight_events/:event_id`
Read	Project	`GET`	`/projects/:id/issues/:eventable_id/resource_iteration_events`
Read	Project	`GET`	`/projects/:id/issues/:eventable_id/resource_iteration_events/:event_id`
Read	Project	`GET`	`/projects/:id/iterations`
Read	Group	`GET`	`/groups/:id/epics/:epic_iid/award_emoji`
Read	Group	`GET`	`/groups/:id/epics/:epic_iid/award_emoji/:award_id`
Read	Group	`GET`	`/groups/:id/epics/:epic_iid/notes/:note_id/award_emoji`
Read	Group	`GET`	`/groups/:id/epics/:epic_iid/notes/:note_id/award_emoji/:award_id`
Read	Group	`GET`	`/groups/:id/issues`
Read	Group	`GET`	`/groups/:id/issues_statistics`
Read	Group	`GET`	`/namespaces/:id/-/work_items`
Read	Group	`GET`	`/groups/:id/-/work_items`
Read	Group	`GET`	`/namespaces/:id/-/work_items/:work_item_iid`
Read	Group	`GET`	`/groups/:id/-/work_items/:work_item_iid`
Read	Group	`GET`	`/groups/:id/epics/:noteable_id/discussions`
Read	Group	`GET`	`/groups/:id/epics/:noteable_id/discussions/:discussion_id`
Read	Group	`GET`	`/groups/:id/epics/:noteable_id/discussions/:discussion_id/notes`
Read	Group	`GET`	`/groups/:id/epics/:noteable_id/discussions/:discussion_id/notes/:note_id`
Read	Group	`GET`	`/groups/:id/boards`
Read	Group	`GET`	`/groups/:id/boards/:board_id`
Read	Group	`GET`	`/groups/:id/boards/:board_id/lists`
Read	Group	`GET`	`/groups/:id/boards/:board_id/lists/:list_id`
Read	Group	`GET`	`/groups/:id/milestones`
Read	Group	`GET`	`/groups/:id/milestones/:milestone_id`
Read	Group	`GET`	`/groups/:id/milestones/:milestone_id/issues`
Read	Group	`GET`	`/groups/:id/milestones/:milestone_id/merge_requests`
Read	Group	`GET`	`/groups/:id/milestones/:milestone_id/burndown_events`
Read	Group	`GET`	`/groups/:id/epics/:noteable_id/notes`
Read	Group	`GET`	`/groups/:id/epics/:noteable_id/notes/:note_id`
Read	Group	`GET`	`/groups/:id/wiki_pages/:noteable_id/notes`
Read	Group	`GET`	`/groups/:id/wiki_pages/:noteable_id/notes/:note_id`
Read	Group	`GET`	`/groups/:id/epics/:eventable_id/resource_state_events`
Read	Group	`GET`	`/groups/:id/epics/:eventable_id/resource_state_events/:event_id`
Read	Group	`GET`	`/groups/:id/epics/:epic_iid/issues`
Read	Group	`GET`	`/groups/:id/-/epics/:epic_iid/issues`
Read	Group	`GET`	`/groups/:id/(-/)epics/:epic_iid/epics`
Read	Group	`GET`	`/groups/:id/epics`
Read	Group	`GET`	`/groups/:id/-/epics`
Read	Group	`GET`	`/groups/:id/epics/:epic_iid`
Read	Group	`GET`	`/groups/:id/-/epics/:epic_iid`
Read	Group	`GET`	`/groups/:id/epic_boards`
Read	Group	`GET`	`/groups/:id/epic_boards/:board_id`
Read	Group	`GET`	`/groups/:id/epic_boards/:board_id/lists`
Read	Group	`GET`	`/groups/:id/epic_boards/:board_id/lists/:list_id`
Read	Group	`GET`	`/groups/:id/related_epic_links`
Read	Group	`GET`	`/groups/:id/epics/:epic_iid/related_epics`
Read	Group	`GET`	`/groups/:id/iterations`
Read	User	`GET`	`/issues_statistics`
Read	User	`GET`	`/issues`
Read	Instance	`GET`	`/issues/:id`
Update	Project	`POST`	`/projects/:id/milestones/:milestone_id/promote`
Update	Project	`POST`	`/projects/:id/merge_requests/:merge_request_iid/reset_spent_time`
Update	Project	`POST`	`/projects/:id/merge_requests/:merge_request_iid/add_spent_time`
Update	Project	`POST`	`/projects/:id/merge_requests/:merge_request_iid/reset_time_estimate`
Update	Project	`POST`	`/projects/:id/merge_requests/:merge_request_iid/time_estimate`
Update	Project	`POST`	`/projects/:id/issues/:issue_iid/move`
Update	Project	`POST`	`/projects/:id/issues/:issue_iid/reset_spent_time`
Update	Project	`POST`	`/projects/:id/issues/:issue_iid/add_spent_time`
Update	Project	`POST`	`/projects/:id/issues/:issue_iid/reset_time_estimate`
Update	Project	`POST`	`/projects/:id/issues/:issue_iid/time_estimate`
Update	Project	`PUT`	`/projects/:id/issues/:issue_iid/reorder`
Update	Project	`PUT`	`/projects/:id/issues/:issue_iid`
Update	Project	`PUT`	`/projects/:id/boards/:board_id`
Update	Project	`PUT`	`/projects/:id/boards/:board_id/lists/:list_id`
Update	Project	`PUT`	`/projects/:id/issues/:noteable_id/discussions/:discussion_id/notes/:note_id`
Update	Project	`PUT`	`/projects/:id/issues/:noteable_id/discussions/:discussion_id`
Update	Project	`PUT`	`/projects/:id/snippets/:noteable_id/discussions/:discussion_id/notes/:note_id`
Update	Project	`PUT`	`/projects/:id/issues/:noteable_id/notes/:note_id`
Update	Project	`PUT`	`/projects/:id/merge_requests/:noteable_id/notes/:note_id`
Update	Project	`PUT`	`/projects/:id/snippets/:noteable_id/notes/:note_id`
Update	Project	`PUT`	`/projects/:id/wiki_pages/:noteable_id/notes/:note_id`
Update	Project	`PUT`	`/projects/:id/milestones/:milestone_id`
Update	Group	`PUT`	`/groups/:id/epics/:noteable_id/discussions/:discussion_id/notes/:note_id`
Update	Group	`PUT`	`/groups/:id/epics/:noteable_id/discussions/:discussion_id`
Update	Group	`PUT`	`/groups/:id/boards/:board_id`
Update	Group	`PUT`	`/groups/:id/boards/:board_id/lists/:list_id`
Update	Group	`PUT`	`/groups/:id/milestones/:milestone_id`
Update	Group	`PUT`	`/groups/:id/epics/:noteable_id/notes/:note_id`
Update	Group	`PUT`	`/groups/:id/wiki_pages/:noteable_id/notes/:note_id`
Update	Group	`PUT`	`/groups/:id/(-/)epics/:epic_iid/issues/:epic_issue_id`
Update	Group	`PUT`	`/groups/:id/(-/)epics/:epic_iid/epics/:child_epic_id`
Update	Group	`PUT`	`/groups/:id/(-/)epics/:epic_iid`

Projects resources

Page

Grants the ability to delete, read, and update pages.

Action	Access	Method	Path
Delete	Project	`DELETE`	`/projects/:id/pages`
Read	Project	`GET`	`/projects/:id/pages`
Update	Project	`PATCH`	`/projects/:id/pages`

Pages Domain

Grants the ability to create, delete, read, update, and verify pages domains.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/pages/domains`
Delete	Project	`DELETE`	`/projects/:id/pages/domains/:domain`
Read	Project	`GET`	`/projects/:id/pages/domains`
Read	Project	`GET`	`/projects/:id/pages/domains/:domain`
Update	Project	`PUT`	`/projects/:id/pages/domains/:domain`
Verify	Project	`PUT`	`/projects/:id/pages/domains/:domain/verify`

Project

Grants the ability to archive, create, delete, fork, read, read starred, share, transfer, and update projects.

Action	Access	Method	Path
Archive	Project	`POST`	`/projects/:id/archive`
Archive	Project	`POST`	`/projects/:id/unarchive`
Create	User	`POST`	`/projects`
Create	User	`POST`	`/projects/user/:user_id`
Delete	Project	`DELETE`	`/projects/:id`
Fork	Project	`POST`	`/projects/:id/fork`
Fork	Project	`POST`	`/projects/:id/fork/:forked_from_id`
Fork	Project	`DELETE`	`/projects/:id/fork`
Read	Project	`GET`	`/projects/:id/share_locations`
Read	Project	`GET`	`/projects/:id`
Read	Project	`GET`	`/projects/:id/forks`
Read	Project	`GET`	`/projects/:id/pages_access`
Read	Project	`GET`	`/projects/:id/starrers`
Read	Project	`GET`	`/projects/:id/languages`
Read	Project	`GET`	`/projects/:id/users`
Read	Project	`GET`	`/projects/:id/groups`
Read	Project	`GET`	`/projects/:id/invited_groups`
Read	Project	`GET`	`/projects/:id/transfer_locations`
Read	Project	`GET`	`/projects/:id/storage`
Read	Group	`GET`	`/groups/:id/projects`
Read	User	`GET`	`/users/:user_id/projects`
Read	User	`GET`	`/users/:user_id/contributed_projects`
Read	User	`GET`	`/projects`
Read Starred	User	`GET`	`/users/:user_id/starred_projects`
Share	Project	`POST`	`/projects/:id/share`
Share	Project	`DELETE`	`/projects/:id/share/:group_id`
Transfer	Project	`PUT`	`/projects/:id/transfer`
Transfer	Instance	`POST`	`/groups/:id/projects/:project_id`
Update	Project	`POST`	`/projects/:id/restore`
Update	Project	`POST`	`/projects/:id/star`
Update	Project	`POST`	`/projects/:id/unstar`
Update	Project	`POST`	`/projects/:id/import_project_members/:project_id`
Update	Project	`POST`	`/projects/:id/housekeeping`
Update	Project	`POST`	`/projects/:id/repository_size`
Update	Project	`PUT`	`/projects/:id`

Repository resources

Approval Configuration

Grants the ability to read and update approval settings.

Action	Access	Method	Path
Read	Project	`GET`	`/projects/:id/approvals`
Update	Project	`POST`	`/projects/:id/approvals`

Approval Rule

Grants the ability to create, delete, read, and update approval rules.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/approval_rules`
Create	Group	`POST`	`/groups/:id/approval_rules`
Delete	Project	`DELETE`	`/projects/:id/approval_rules/:approval_rule_id`
Read	Project	`GET`	`/projects/:id/approval_rules`
Read	Project	`GET`	`/projects/:id/approval_rules/:approval_rule_id`
Read	Group	`GET`	`/groups/:id/approval_rules`
Update	Project	`PUT`	`/projects/:id/approval_rules/:approval_rule_id`
Update	Group	`PUT`	`/groups/:id/approval_rules/:approval_rule_id`

Approval Setting

Grants the ability to read and update merge request approval settings.

Action	Access	Method	Path
Read	Project	`GET`	`/projects/:id/merge_request_approval_setting`
Read	Group	`GET`	`/groups/:id/merge_request_approval_setting`
Update	Project	`PUT`	`/projects/:id/merge_request_approval_setting`
Update	Group	`PUT`	`/groups/:id/merge_request_approval_setting`

Branch

Grants the ability to create, delete, protect, and read branches.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/repository/branches`
Delete	Project	`DELETE`	`/projects/:id/repository/branches/:branch`
Delete	Project	`DELETE`	`/projects/:id/repository/merged_branches`
Protect	Project	`POST`	`/projects/:id/protected_branches`
Protect	Project	`PUT`	`/projects/:id/repository/branches/:branch/protect`
Protect	Project	`PUT`	`/projects/:id/repository/branches/:branch/unprotect`
Protect	Project	`DELETE`	`/projects/:id/protected_branches/:name`
Protect	Group	`POST`	`/groups/:id/protected_branches`
Protect	Group	`DELETE`	`/groups/:id/protected_branches/:name`
Read	Project	`GET`	`/projects/:id/repository/branches`
Read	Project	`GET`	`/projects/:id/repository/branches/:branch`
Read	Project	`HEAD`	`/projects/:id/repository/branches/:branch`

Code

Grants the ability to download, push, and read code.

Action	Access	Method	Path
Read	Project	`GET`	`/projects/:id/(-/)search/semantic`

Commit

Grants the ability to create, delete, read, and update commits.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/repository/commits`
Create	Project	`POST`	`/projects/:id/repository/commits/:sha/cherry_pick`
Create	Project	`POST`	`/projects/:id/repository/commits/:sha/revert`
Create	Project	`POST`	`/projects/:id/repository/commits/:noteable_id/discussions`
Create	Project	`POST`	`/projects/:id/repository/commits/:noteable_id/discussions/:discussion_id/notes`
Delete	Project	`DELETE`	`/projects/:id/repository/commits/:noteable_id/discussions/:discussion_id/notes/:note_id`
Read	Project	`GET`	`/projects/:id/repository/commits`
Read	Project	`GET`	`/projects/:id/repository/commits/:sha`
Read	Project	`GET`	`/projects/:id/repository/commits/:sha/diff`
Read	Project	`GET`	`/projects/:id/repository/commits/:sha/comments`
Read	Project	`GET`	`/projects/:id/repository/commits/:sha/sequence`
Read	Project	`GET`	`/projects/:id/repository/commits/:sha/refs`
Read	Project	`GET`	`/projects/:id/repository/commits/:sha/merge_requests`
Read	Project	`GET`	`/projects/:id/repository/commits/:sha/signature`
Read	Project	`GET`	`/projects/:id/repository/commits/:noteable_id/discussions`
Read	Project	`GET`	`/projects/:id/repository/commits/:noteable_id/discussions/:discussion_id`
Read	Project	`GET`	`/projects/:id/repository/commits/:noteable_id/discussions/:discussion_id/notes`
Read	Project	`GET`	`/projects/:id/repository/commits/:noteable_id/discussions/:discussion_id/notes/:note_id`
Update	Project	`POST`	`/projects/:id/repository/commits/:sha/comments`
Update	Project	`PUT`	`/projects/:id/repository/commits/:noteable_id/discussions/:discussion_id/notes/:note_id`

Merge Request

Grants the ability to approve, create, delete, merge, read, and update merge requests.

Action	Access	Method	Path
Approve	Project	`POST`	`/projects/:id/merge_requests/:merge_request_iid/approve`
Approve	Project	`POST`	`/projects/:id/merge_requests/:merge_request_iid/unapprove`
Approve	Project	`PUT`	`/projects/:id/merge_requests/:merge_request_iid/reset_approvals`
Create	Project	`POST`	`/projects/:id/create_ci_config`
Create	Project	`POST`	`/projects/:id/merge_requests`
Create	Project	`POST`	`/projects/:id/merge_requests/:noteable_id/discussions`
Create	Project	`POST`	`/projects/:id/merge_requests/:noteable_id/discussions/:discussion_id/notes`
Delete	Project	`DELETE`	`/projects/:id/merge_requests/:merge_request_iid`
Delete	Project	`DELETE`	`/projects/:id/merge_requests/:noteable_id/discussions/:discussion_id/notes/:note_id`
Merge	Project	`POST`	`/projects/:id/merge_requests/:merge_request_iid/cancel_merge_when_pipeline_succeeds`
Merge	Project	`PUT`	`/projects/:id/merge_requests/:merge_request_iid/merge`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/draft_notes`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/draft_notes/:draft_note_id`
Read	Project	`GET`	`/projects/:id/merge_requests`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/participants`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/reviewers`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/commits`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/context_commits`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/changes`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/diffs`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/raw_diffs`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/pipelines`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/merge_ref`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/closes_issues`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/related_issues`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/versions`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/versions/:version_id`
Read	Project	`GET`	`/projects/:id/merge_requests/:noteable_id/discussions`
Read	Project	`GET`	`/projects/:id/merge_requests/:noteable_id/discussions/:discussion_id`
Read	Project	`GET`	`/projects/:id/merge_requests/:noteable_id/discussions/:discussion_id/notes`
Read	Project	`GET`	`/projects/:id/merge_requests/:noteable_id/discussions/:discussion_id/notes/:note_id`
Read	Group	`GET`	`/groups/:id/merge_requests`
Read	User	`GET`	`/merge_requests`
Update	Project	`POST`	`/projects/:id/merge_requests/:merge_request_iid/draft_notes`
Update	Project	`POST`	`/projects/:id/merge_requests/:merge_request_iid/draft_notes/bulk_publish`
Update	Project	`POST`	`/projects/:id/merge_requests/:merge_request_iid/context_commits`
Update	Project	`POST`	`/projects/:id/merge_requests/:merge_request_iid/pipelines`
Update	Project	`PUT`	`/projects/:id/merge_requests/:merge_request_iid/draft_notes/:draft_note_id`
Update	Project	`PUT`	`/projects/:id/merge_requests/:merge_request_iid/draft_notes/:draft_note_id/publish`
Update	Project	`PUT`	`/projects/:id/merge_requests/:merge_request_iid`
Update	Project	`PUT`	`/projects/:id/merge_requests/:merge_request_iid/rebase`
Update	Project	`PUT`	`/projects/:id/merge_requests/:noteable_id/discussions/:discussion_id/notes/:note_id`
Update	Project	`PUT`	`/projects/:id/merge_requests/:noteable_id/discussions/:discussion_id`
Update	Project	`DELETE`	`/projects/:id/merge_requests/:merge_request_iid/draft_notes/:draft_note_id`
Update	Project	`DELETE`	`/projects/:id/merge_requests/:merge_request_iid/context_commits`

Merge Request Approval Rule

Grants the ability to create, delete, read, and update merge request approval rules.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/merge_requests/:merge_request_iid/approval_rules`
Delete	Project	`DELETE`	`/projects/:id/merge_requests/:merge_request_iid/approval_rules/:approval_rule_id`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/approval_rules`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/approval_rules/:approval_rule_id`
Update	Project	`PUT`	`/projects/:id/merge_requests/:merge_request_iid/approval_rules/:approval_rule_id`

Merge Request Approval State

Grants the ability to read merge request approval states.

Action	Access	Method	Path
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/approvals`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/approval_state`

Merge Request Dependency

Grants the ability to create, delete, and read merge request dependencies.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/merge_requests/:merge_request_iid/blocks`
Delete	Project	`DELETE`	`/projects/:id/merge_requests/:merge_request_iid/blocks/:block_id`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/blocks`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/blocks/:block_id`
Read	Project	`GET`	`/projects/:id/merge_requests/:merge_request_iid/blockees`

Protected Branch

Grants the ability to read and update protected branches.

Action	Access	Method	Path
Read	Project	`GET`	`/projects/:id/protected_branches`
Read	Project	`GET`	`/projects/:id/protected_branches/:name`
Read	Group	`GET`	`/groups/:id/protected_branches`
Read	Group	`GET`	`/groups/:id/protected_branches/:name`
Update	Project	`PATCH`	`/projects/:id/protected_branches/:name`
Update	Group	`PATCH`	`/groups/:id/protected_branches/:name`

Protected Tag

Grants the ability to read protected tags.

Action	Access	Method	Path
Read	Project	`GET`	`/projects/:id/protected_tags`
Read	Project	`GET`	`/projects/:id/protected_tags/:name`

Push Rule

Grants the ability to create, delete, read, and update push rules.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/push_rule`
Create	Group	`POST`	`/groups/:id/push_rule`
Delete	Project	`DELETE`	`/projects/:id/push_rule`
Delete	Group	`DELETE`	`/groups/:id/push_rule`
Read	Project	`GET`	`/projects/:id/push_rule`
Read	Group	`GET`	`/groups/:id/push_rule`
Update	Project	`PUT`	`/projects/:id/push_rule`
Update	Group	`PUT`	`/groups/:id/push_rule`

Repository

Grants the ability to create, delete, read, and update repositories.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/repository/files/:file_path`
Create	Project	`POST`	`/projects/:id/repository/changelog`
Delete	Project	`DELETE`	`/projects/:id/repository/files/:file_path`
Read	Project	`GET`	`/projects/:id/repository/files/:file_path/blame`
Read	Project	`GET`	`/projects/:id/repository/files/:file_path/raw`
Read	Project	`GET`	`/projects/:id/repository/files/:file_path`
Read	Project	`GET`	`/projects/:id/repository/tree`
Read	Project	`GET`	`/projects/:id/repository/blobs/:sha/raw`
Read	Project	`GET`	`/projects/:id/repository/blobs/:sha`
Read	Project	`GET`	`/projects/:id/repository/archive`
Read	Project	`GET`	`/projects/:id/repository/compare`
Read	Project	`GET`	`/projects/:id/repository/health`
Read	Project	`GET`	`/projects/:id/repository/contributors`
Read	Project	`GET`	`/projects/:id/repository/merge_base`
Read	Project	`GET`	`/projects/:id/repository/changelog`
Read	Project	`HEAD`	`/projects/:id/repository/files/:file_path/blame`
Read	Project	`HEAD`	`/projects/:id/repository/files/:file_path`
Update	Project	`PUT`	`/projects/:id/repository/files/:file_path`

Repository Submodule

Grants the ability to update repository submodules.

Action	Access	Method	Path
Update	Project	`PUT`	`/projects/:id/repository/submodules/:submodule`

Repository Tag

Grants the ability to create, delete, and read repository tags.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/repository/tags`
Delete	Project	`DELETE`	`/projects/:id/repository/tags/:tag_name`
Read	Project	`GET`	`/projects/:id/repository/tags`
Read	Project	`GET`	`/projects/:id/repository/tags/:tag_name`
Read	Project	`GET`	`/projects/:id/repository/tags/:tag_name/signature`

Tag

Grants the ability to protect tags.

Action	Access	Method	Path
Protect	Project	`POST`	`/projects/:id/protected_tags`
Protect	Project	`DELETE`	`/projects/:id/protected_tags/:name`

Search resources

Global Search

Grants the ability to use global search functionality.

Action	Access	Method	Path
Use	Project	`GET`	`/projects/:id/(-/)search`
Use	Group	`GET`	`/groups/:id/(-/)search`
Use	User	`GET`	`/search`

Search Migration

Grants the ability to read search migrations.

Action	Access	Method	Path
Read	Instance	`GET`	`/admin/search/migrations`
Read	Instance	`GET`	`/admin/search/migrations/:migration_id`

Zoekt Index

Grants the ability to update Zoekt indexes.

Action	Access	Method	Path
Update	Instance	`PUT`	`/admin/zoekt/projects/:project_id/index`

Zoekt Namespace

Grants the ability to create, delete, and update Zoekt namespaces.

Action	Access	Method	Path
Create	Instance	`PUT`	`/admin/zoekt/shards/:node_id/indexed_namespaces/:namespace_id`
Delete	Instance	`DELETE`	`/admin/zoekt/shards/:node_id/indexed_namespaces/:namespace_id`
Update	Instance	`PATCH`	`/admin/zoekt/namespaces/:id`

Zoekt Node

Grants the ability to read Zoekt nodes.

Action	Access	Method	Path
Read	Instance	`GET`	`/admin/zoekt/shards`
Read	Instance	`GET`	`/admin/zoekt/shards/:node_id/indexed_namespaces`

Subscription And Licensing resources

GitLab Subscription

Grants the ability to create, read, and update GitLab subscriptions.

Action	Access	Method	Path
Create	Group	`POST`	`/namespaces/:id/gitlab_subscription`
Create	User	`POST`	`/namespaces/:id/gitlab_subscription`
Read	Group	`GET`	`/namespaces/:id/gitlab_subscription`
Read	User	`GET`	`/namespaces/:id/gitlab_subscription`
Update	Group	`PUT`	`/namespaces/:id/gitlab_subscription`
Update	User	`PUT`	`/namespaces/:id/gitlab_subscription`

License

Grants the ability to create, delete, and read licenses.

Action	Access	Method	Path
Create	Instance	`POST`	`/license`
Delete	Instance	`DELETE`	`/license/:id`
Read	Instance	`GET`	`/license`
Read	Instance	`GET`	`/license/usage_export`
Read	Instance	`GET`	`/license/:id`
Read	Instance	`GET`	`/licenses`

License Billable User

Grants the ability to refresh billable users for licenses.

Action	Access	Method	Path
Refresh	Instance	`PUT`	`/license/:id/refresh_billable_users`

System Access resources

Access Request

Grants the ability to approve, create, delete, and read access requests.

Action	Access	Method	Path
Approve	Project	`PUT`	`/projects/:id/access_requests/:user_id/approve`
Approve	Group	`PUT`	`/groups/:id/access_requests/:user_id/approve`
Create	User	`POST`	`/groups/:id/access_requests`
Create	User	`POST`	`/projects/:id/access_requests`
Delete	Project	`DELETE`	`/projects/:id/access_requests/:user_id`
Delete	Group	`DELETE`	`/groups/:id/access_requests/:user_id`
Delete	User	`DELETE`	`/groups/:id/access_requests/:user_id`
Delete	User	`DELETE`	`/projects/:id/access_requests/:user_id`
Read	Project	`GET`	`/projects/:id/access_requests`
Read	Group	`GET`	`/groups/:id/access_requests`

Application Appearance

Grants the ability to read and update application appearance settings.

Action	Access	Method	Path
Read	Instance	`GET`	`/application/appearance`
Update	Instance	`PUT`	`/application/appearance`

Counts

Grants the ability to read counts.

Action	Access	Method	Path
Read	User	`GET`	`/user_counts`

Deploy Key

Grants the ability to create, delete, enable, read, and update deploy keys.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/deploy_keys`
Create	Instance	`POST`	`/deploy_keys`
Delete	Project	`DELETE`	`/projects/:id/deploy_keys/:key_id`
Enable	Project	`POST`	`/projects/:id/deploy_keys/:key_id/enable`
Read	Project	`GET`	`/projects/:id/deploy_keys`
Read	Project	`GET`	`/projects/:id/deploy_keys/:key_id`
Read	User	`GET`	`/users/:user_id/project_deploy_keys`
Read	Instance	`GET`	`/deploy_keys`
Update	Project	`PUT`	`/projects/:id/deploy_keys/:key_id`

Deploy Token

Grants the ability to create, delete, and read deploy tokens.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/deploy_tokens`
Create	Group	`POST`	`/groups/:id/deploy_tokens`
Delete	Project	`DELETE`	`/projects/:id/deploy_tokens/:token_id`
Delete	Group	`DELETE`	`/groups/:id/deploy_tokens/:token_id`
Read	Project	`GET`	`/projects/:id/deploy_tokens`
Read	Project	`GET`	`/projects/:id/deploy_tokens/:token_id`
Read	Group	`GET`	`/groups/:id/deploy_tokens`
Read	Group	`GET`	`/groups/:id/deploy_tokens/:token_id`
Read	Instance	`GET`	`/deploy_tokens`

Email

Grants the ability to create, delete, and read emails.

Action	Access	Method	Path
Create	User	`POST`	`/user/emails`
Delete	User	`DELETE`	`/user/emails/:email_id`
Read	User	`GET`	`/user/emails`
Read	User	`GET`	`/user/emails/:email_id`

Enterprise User

Grants the ability to delete, disable two factor, read, and update enterprise users.

Action	Access	Method	Path
Delete	Group	`DELETE`	`/groups/:id/enterprise_users/:user_id`
Disable Two Factor	Group	`PATCH`	`/groups/:id/enterprise_users/:user_id/disable_two_factor`
Read	Group	`GET`	`/groups/:id/enterprise_users`
Read	Group	`GET`	`/groups/:id/enterprise_users/:user_id`
Update	Group	`PATCH`	`/groups/:id/enterprise_users/:user_id`

Experiment

Grants the ability to read experiments.

Action	Access	Method	Path
Read	Instance	`GET`	`/experiments`

Invitation

Grants the ability to create, delete, read, and update invitations.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/invitations`
Create	Group	`POST`	`/groups/:id/invitations`
Delete	Project	`DELETE`	`/projects/:id/invitations/:email`
Delete	Group	`DELETE`	`/groups/:id/invitations/:email`
Read	Project	`GET`	`/projects/:id/invitations`
Read	Group	`GET`	`/groups/:id/invitations`
Update	Project	`PUT`	`/projects/:id/invitations/:email`
Update	Group	`PUT`	`/groups/:id/invitations/:email`

Job Token Scope

Grants the ability to read and update job token scopes.

Action	Access	Method	Path
Read	Project	`GET`	`/projects/:id/job_token_scope`
Update	Project	`PATCH`	`/projects/:id/job_token_scope`

Job Token Scope Allowlist

Grants the ability to create, delete, and read job token scope allowlists.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/job_token_scope/allowlist`
Create	Project	`POST`	`/projects/:id/job_token_scope/groups_allowlist`
Delete	Project	`DELETE`	`/projects/:id/job_token_scope/groups_allowlist/:target_group_id`
Delete	Project	`DELETE`	`/projects/:id/job_token_scope/allowlist/:target_project_id`
Read	Project	`GET`	`/projects/:id/job_token_scope/allowlist`
Read	Project	`GET`	`/projects/:id/job_token_scope/groups_allowlist`

LDAP Group Link

Grants the ability to create, delete, and read LDAP group links.

Action	Access	Method	Path
Create	Group	`POST`	`/groups/:id/ldap_group_links`
Delete	Group	`DELETE`	`/groups/:id/ldap_group_links/:cn`
Delete	Group	`DELETE`	`/groups/:id/ldap_group_links/:provider/:cn`
Delete	Group	`DELETE`	`/groups/:id/ldap_group_links`
Read	Group	`GET`	`/groups/:id/ldap_group_links`

LDAP Group Sync

Grants the ability to run LDAP group syncs.

Action	Access	Method	Path
Run	Group	`POST`	`/groups/:id/ldap_sync`

Member

Grants the ability to create, delete, read, and update members.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/members`
Create	Group	`POST`	`/groups/:id/members`
Delete	Project	`DELETE`	`/projects/:id/members/:user_id`
Delete	Group	`DELETE`	`/groups/:id/members/:user_id`
Delete	Group	`DELETE`	`/groups/:id/billable_members/:user_id`
Read	Project	`GET`	`/projects/:id/members`
Read	Project	`GET`	`/projects/:id/members/all`
Read	Project	`GET`	`/projects/:id/members/:user_id`
Read	Project	`GET`	`/projects/:id/members/all/:user_id`
Read	Group	`GET`	`/groups/:id/members`
Read	Group	`GET`	`/groups/:id/members/all`
Read	Group	`GET`	`/groups/:id/members/:user_id`
Read	Group	`GET`	`/groups/:id/members/all/:user_id`
Read	Group	`GET`	`/groups/:id/pending_members`
Read	Group	`GET`	`/groups/:id/billable_members`
Read	Group	`GET`	`/groups/:id/billable_members/:user_id/memberships`
Read	Group	`GET`	`/groups/:id/billable_members/:user_id/indirect`
Update	Project	`PUT`	`/projects/:id/members/:user_id`
Update	Group	`POST`	`/groups/:id/members/:user_id/override`
Update	Group	`POST`	`/groups/:id/members/approve_all`
Update	Group	`PUT`	`/groups/:id/members/:user_id`
Update	Group	`PUT`	`/groups/:id/members/:member_id/approve`
Update	Group	`PUT`	`/groups/:id/members/:user_id/state`
Update	Group	`DELETE`	`/groups/:id/members/:user_id/override`

Metadata

Grants the ability to read instance metadata.

Action	Access	Method	Path
Read	Instance	`GET`	`/metadata`
Read	Instance	`GET`	`/version`

Notification Setting

Grants the ability to read and update notification settings.

Action	Access	Method	Path
Read	Project	`GET`	`/projects/:id/notification_settings`
Read	Group	`GET`	`/groups/:id/notification_settings`
Read	User	`GET`	`/notification_settings`
Update	Project	`PUT`	`/projects/:id/notification_settings`
Update	Group	`PUT`	`/groups/:id/notification_settings`
Update	User	`PUT`	`/notification_settings`

OAuth Application

Grants the ability to create, delete, read, and renew secret OAuth applications.

Action	Access	Method	Path
Create	Instance	`POST`	`/applications`
Delete	Instance	`DELETE`	`/applications/:id`
Read	Instance	`GET`	`/applications`
Renew Secret	Instance	`POST`	`/applications/:id/renew-secret`

Personal Access Token

Grants the ability to create, read, revoke, and rotate personal access tokens.

Action	Access	Method	Path
Create	User	`POST`	`/user/personal_access_tokens`
Read	User	`GET`	`/personal_access_tokens`
Read	User	`GET`	`/personal_access_tokens/:id`
Revoke	User	`DELETE`	`/personal_access_tokens/:id`
Rotate	User	`POST`	`/personal_access_tokens/:id/rotate`

Plan Limit

Grants the ability to read and update plan limits.

Action	Access	Method	Path
Read	Instance	`GET`	`/application/plan_limits`
Update	Instance	`PUT`	`/application/plan_limits`

Provisioned User

Grants the ability to read provisioned users.

Action	Access	Method	Path
Read	Group	`GET`	`/groups/:id/provisioned_users`

Resource Access Token

Grants the ability to create, delete, read, and rotate resource access tokens.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/access_tokens`
Create	Group	`POST`	`/groups/:id/access_tokens`
Delete	Project	`DELETE`	`/projects/:id/access_tokens/:token_id`
Delete	Group	`DELETE`	`/groups/:id/access_tokens/:token_id`
Read	Project	`GET`	`/projects/:id/access_tokens`
Read	Project	`GET`	`/projects/:id/access_tokens/:token_id`
Read	Group	`GET`	`/groups/:id/access_tokens`
Read	Group	`GET`	`/groups/:id/access_tokens/:token_id`
Rotate	Project	`POST`	`/projects/:id/access_tokens/self/rotate`
Rotate	Project	`POST`	`/projects/:id/access_tokens/:token_id/rotate`
Rotate	Group	`POST`	`/groups/:id/access_tokens/self/rotate`
Rotate	Group	`POST`	`/groups/:id/access_tokens/:token_id/rotate`

SAML Group Link

Grants the ability to create, delete, and read SAML group links.

Action	Access	Method	Path
Create	Group	`POST`	`/groups/:id/saml_group_links`
Delete	Group	`DELETE`	`/groups/:id/saml_group_links/:saml_group_name`
Read	Group	`GET`	`/groups/:id/saml_group_links`
Read	Group	`GET`	`/groups/:id/saml_group_links/:saml_group_name`

SAML User

Grants the ability to read SAML users.

Action	Access	Method	Path
Read	Group	`GET`	`/groups/:id/saml_users`

SCIM Identity

Grants the ability to delete, read, and update SCIM identities.

Action	Access	Method	Path
Delete	Group	`DELETE`	`/groups/:id/scim/:uid`
Read	Group	`GET`	`/groups/:id/scim/identities`
Read	Group	`GET`	`/groups/:id/scim/:uid`
Update	Group	`PATCH`	`/groups/:id/scim/:uid`

SSH Key

Grants the ability to create, delete, and read SSH keys.

Action	Access	Method	Path
Create	User	`POST`	`/user/keys`
Delete	User	`DELETE`	`/user/keys/:key_id`
Read	User	`GET`	`/users/:user_id/keys`
Read	User	`GET`	`/users/:id/keys/:key_id`
Read	User	`GET`	`/user/keys`
Read	User	`GET`	`/user/keys/:key_id`
Read	Instance	`GET`	`/keys/:id`
Read	Instance	`GET`	`/keys`

Service Account

Grants the ability to create, delete, read, and update service accounts.

Action	Access	Method	Path
Create	Group	`POST`	`/groups/:id/service_accounts`
Create	Instance	`POST`	`/service_accounts`
Delete	Group	`DELETE`	`/groups/:id/service_accounts/:user_id`
Read	Group	`GET`	`/groups/:id/service_accounts`
Read	Instance	`GET`	`/service_accounts`
Update	Group	`PATCH`	`/groups/:id/service_accounts/:user_id`
Update	Instance	`PATCH`	`/service_accounts/:user_id`

Service Account Personal Access Token

Grants the ability to create, read, revoke, and rotate service account personal access tokens.

Action	Access	Method	Path
Create	Group	`POST`	`/groups/:id/service_accounts/:user_id/personal_access_tokens`
Read	Group	`GET`	`/groups/:id/service_accounts/:user_id/personal_access_tokens`
Revoke	Group	`DELETE`	`/groups/:id/service_accounts/:user_id/personal_access_tokens/:token_id`
Rotate	Group	`POST`	`/groups/:id/service_accounts/:user_id/personal_access_tokens/:token_id/rotate`

Statistic

Grants the ability to read statistics.

Action	Access	Method	Path
Read	Project	`GET`	`/projects/:id/statistics`

Usage Data Query

Grants the ability to read usage data queries.

Action	Access	Method	Path
Read	Instance	`GET`	`/usage_data/queries`

User

Grants the ability to follow, read, and unfollow users.

Action	Access	Method	Path
Follow	User	`POST`	`/users/:id/follow`
Read	User	`GET`	`/users/:id`
Read	User	`GET`	`/user`
Unfollow	User	`POST`	`/users/:id/unfollow`

System Migration And Integration resources

Batched Background Migration

Grants the ability to read and run batched background migrations.

Action	Access	Method	Path
Read	Instance	`GET`	`/admin/batched_background_migrations/:id`
Read	Instance	`GET`	`/admin/batched_background_migrations`
Run	Instance	`PUT`	`/admin/batched_background_migrations/:id/resume`
Run	Instance	`PUT`	`/admin/batched_background_migrations/:id/pause`

Bitbucket Import

Grants the ability to create Bitbucket imports.

Action	Access	Method	Path
Create	Group	`POST`	`/import/bitbucket`
Create	User	`POST`	`/import/bitbucket`

Bitbucket Server Import

Grants the ability to create Bitbucket Server imports.

Action	Access	Method	Path
Create	Instance	`POST`	`/import/bitbucket_server`

Bulk Import

Grants the ability to cancel, create, and read bulk imports.

Action	Access	Method	Path
Cancel	Instance	`POST`	`/bulk_imports/:import_id/cancel`
Create	Instance	`POST`	`/bulk_imports`
Read	Instance	`GET`	`/bulk_imports`
Read	Instance	`GET`	`/bulk_imports/:import_id`

Bulk Import Entity

Grants the ability to read bulk import entities.

Action	Access	Method	Path
Read	Instance	`GET`	`/bulk_imports/entities`
Read	Instance	`GET`	`/bulk_imports/:import_id/entities`
Read	Instance	`GET`	`/bulk_imports/:import_id/entities/:entity_id`

Bulk Import Entity Failure

Grants the ability to read bulk import entity failures.

Action	Access	Method	Path
Read	Instance	`GET`	`/bulk_imports/:import_id/entities/:entity_id/failures`

Database Migration

Grants the ability to mark database migrations.

Action	Access	Method	Path
Mark	Instance	`POST`	`/admin/migrations/:timestamp/mark`

Export

Grants the ability to create, download, and read exports.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/export`
Create	Group	`POST`	`/groups/:id/export`
Download	Project	`GET`	`/projects/:id/export/download`
Download	Group	`GET`	`/groups/:id/export/download`
Read	Project	`GET`	`/projects/:id/export`

GitHub Gist Import

Grants the ability to create GitHub gist imports.

Action	Access	Method	Path
Create	User	`POST`	`/import/github/gists`

GitHub Import

Grants the ability to cancel and create GitHub imports.

Action	Access	Method	Path
Cancel	User	`POST`	`/import/github/cancel`
Create	Group	`POST`	`/import/github`
Create	User	`POST`	`/import/github`

Import

Grants the ability to create and read imports.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/import/git`
Create	Group	`POST`	`/projects/import`
Create	Group	`POST`	`/projects/remote-import`
Create	Group	`POST`	`/projects/remote-import-s3`
Create	User	`POST`	`/projects/import`
Create	User	`POST`	`/projects/remote-import`
Create	User	`POST`	`/projects/remote-import-s3`
Create	Instance	`POST`	`/groups/import`
Read	Project	`GET`	`/projects/:id/import`

Placeholder Reassignment

Grants the ability to create and read placeholder reassignments.

Action	Access	Method	Path
Create	Group	`POST`	`/groups/:id/placeholder_reassignments`
Read	Group	`GET`	`/groups/:id/placeholder_reassignments`

Relation Export

Grants the ability to create, download, and read relation exports.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/export_relations`
Download	Project	`GET`	`/projects/:id/export_relations/download`
Read	Project	`GET`	`/projects/:id/export_relations/status`

Relation Import

Grants the ability to create and read relation imports.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/import-relation`
Read	Project	`GET`	`/projects/:id/relation-imports`

Webhook

Grants the ability to create, delete, read, test, and update webhooks.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/hooks`
Create	Group	`POST`	`/groups/:id/hooks`
Create	Instance	`POST`	`/hooks`
Delete	Project	`DELETE`	`/projects/:id/hooks/:hook_id`
Delete	Group	`DELETE`	`/groups/:id/hooks/:hook_id`
Delete	Instance	`DELETE`	`/hooks/:hook_id`
Read	Project	`GET`	`/projects/:id/hooks`
Read	Project	`GET`	`/projects/:id/hooks/:hook_id`
Read	Project	`GET`	`/projects/:id/hooks/:hook_id/events`
Read	Group	`GET`	`/groups/:id/hooks`
Read	Group	`GET`	`/groups/:id/hooks/:hook_id`
Read	Group	`GET`	`/groups/:id/hooks/:hook_id/events`
Read	Instance	`GET`	`/hooks`
Read	Instance	`GET`	`/hooks/:hook_id`
Test	Project	`POST`	`/projects/:id/hooks/:hook_id/test/:trigger`
Test	Group	`POST`	`/groups/:id/hooks/:hook_id/test/:trigger`
Update	Project	`PUT`	`/projects/:id/hooks/:hook_id`
Update	Group	`PUT`	`/groups/:id/hooks/:hook_id`
Update	Instance	`PUT`	`/hooks/:hook_id`

Webhook Custom Header

Grants the ability to delete and update webhook custom headers.

Action	Access	Method	Path
Delete	Project	`DELETE`	`/projects/:id/hooks/:hook_id/custom_headers/:key`
Delete	Group	`DELETE`	`/groups/:id/hooks/:hook_id/custom_headers/:key`
Delete	Instance	`DELETE`	`/hooks/:hook_id/custom_headers/:key`
Update	Project	`PUT`	`/projects/:id/hooks/:hook_id/custom_headers/:key`
Update	Group	`PUT`	`/groups/:id/hooks/:hook_id/custom_headers/:key`
Update	Instance	`PUT`	`/hooks/:hook_id/custom_headers/:key`

Webhook Event

Grants the ability to resend webhook events.

Action	Access	Method	Path
Resend	Project	`POST`	`/projects/:id/hooks/:hook_id/events/:hook_log_id/resend`
Resend	Group	`POST`	`/groups/:id/hooks/:hook_id/events/:hook_log_id/resend`

Webhook URL variable

Grants the ability to delete and update webhook URL variables.

Action	Access	Method	Path
Delete	Project	`DELETE`	`/projects/:id/hooks/:hook_id/url_variables/:key`
Delete	Group	`DELETE`	`/groups/:id/hooks/:hook_id/url_variables/:key`
Delete	Instance	`DELETE`	`/hooks/:hook_id/url_variables/:key`
Update	Project	`PUT`	`/projects/:id/hooks/:hook_id/url_variables/:key`
Update	Group	`PUT`	`/groups/:id/hooks/:hook_id/url_variables/:key`
Update	Instance	`PUT`	`/hooks/:hook_id/url_variables/:key`

Wiki resources

Markdown Upload

Grants the ability to create, delete, and read Markdown uploads.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/uploads`
Delete	Project	`DELETE`	`/projects/:id/uploads/:upload_id`
Delete	Project	`DELETE`	`/projects/:id/uploads/:secret/:filename`
Delete	Group	`DELETE`	`/groups/:id/uploads/:upload_id`
Delete	Group	`DELETE`	`/groups/:id/uploads/:secret/:filename`
Read	Project	`GET`	`/projects/:id/uploads`
Read	Project	`GET`	`/projects/:id/uploads/:upload_id`
Read	Project	`GET`	`/projects/:id/uploads/:secret/:filename`
Read	Group	`GET`	`/groups/:id/uploads`
Read	Group	`GET`	`/groups/:id/uploads/:upload_id`
Read	Group	`GET`	`/groups/:id/uploads/:secret/:filename`

Wiki

Grants the ability to create, delete, read, and update wikis.

Action	Access	Method	Path
Create	Project	`POST`	`/projects/:id/wikis`
Create	Group	`POST`	`/groups/:id/wikis`
Delete	Project	`DELETE`	`/projects/:id/wikis/:slug`
Delete	Group	`DELETE`	`/groups/:id/wikis/:slug`
Read	Project	`GET`	`/projects/:id/wikis`
Read	Project	`GET`	`/projects/:id/wikis/:slug`
Read	Group	`GET`	`/groups/:id/wikis`
Read	Group	`GET`	`/groups/:id/wikis/:slug`
Update	Project	`POST`	`/projects/:id/wikis/attachments`
Update	Project	`PUT`	`/projects/:id/wikis/:slug`
Update	Group	`POST`	`/groups/:id/wikis/attachments`
Update	Group	`PUT`	`/groups/:id/wikis/:slug`

Always accessible endpoints

The following public endpoints do not require authentication. Fine-grained token scope checks are not applied to these endpoints.

Method	Path
`GET`	`/groups/:id/-/packages/nuget/index`
`GET`	`/groups/:id/-/packages/nuget/symbolfiles/file_name/signature/*same_file_name`
`GET`	`/groups/:id/-/packages/nuget/v2`
`GET`	`/groups/:id/-/packages/nuget/v2/$metadata`
`GET`	`/packages/conan/v1/ping`
`GET`	`/projects/:id/packages/conan/v1/ping`
`GET`	`/projects/:id/packages/nuget/index`
`GET`	`/projects/:id/packages/nuget/symbolfiles/file_name/signature/*same_file_name`
`GET`	`/projects/:id/packages/nuget/v2`
`GET`	`/projects/:id/packages/nuget/v2/$metadata`
`GET`	`/projects/:project_id/packages/nuget/v2/FindPackagesById`
`GET`	`/projects/:project_id/packages/nuget/v2/Packages$Id='package_name',Version='package_version'$`
`GET`	`/projects/:project_id/packages/nuget/v2/Packages`
`GET`	`/templates/dockerfiles`
`GET`	`/templates/dockerfiles/:name`
`GET`	`/templates/gitignores`
`GET`	`/templates/gitignores/:name`
`GET`	`/templates/gitlab_ci_ymls`
`GET`	`/templates/gitlab_ci_ymls/:name`
`GET`	`/templates/licenses`
`GET`	`/templates/licenses/:name`
`GET`	`/topics`
`GET`	`/topics/:id`

Unavailable endpoints

The following endpoints cannot authenticate with fine-grained tokens. These endpoints use alternative authentication mechanisms that are incompatible with personal access tokens.

Method	Path	Reason
`GET`	`/api/scim/:version/application/Groups`	SCIM token
`POST`	`/api/scim/:version/application/Groups`	SCIM token
`GET`	`/api/scim/:version/application/Groups/:id`	SCIM token
`PATCH`	`/api/scim/:version/application/Groups/:id`	SCIM token
`PUT`	`/api/scim/:version/application/Groups/:id`	SCIM token
`DELETE`	`/api/scim/:version/application/Groups/:id`	SCIM token
`GET`	`/api/scim/:version/application/Users`	SCIM token
`POST`	`/api/scim/:version/application/Users`	SCIM token
`GET`	`/api/scim/:version/application/Users/:id`	SCIM token
`PATCH`	`/api/scim/:version/application/Users/:id`	SCIM token
`DELETE`	`/api/scim/:version/application/Users/:id`	SCIM token
`GET`	`/api/scim/:version/groups/:group/Users`	SCIM token
`POST`	`/api/scim/:version/groups/:group/Users`	SCIM token
`GET`	`/api/scim/:version/groups/:group/Users/:id`	SCIM token
`PATCH`	`/api/scim/:version/groups/:group/Users/:id`	SCIM token
`DELETE`	`/api/scim/:version/groups/:group/Users/:id`	SCIM token
`GET`	`/chaos/test`	Internal testing
`POST`	`/container_registry_event/events`	Container registry event token
`GET`	`/feature_flags/unleash/:project_id`	Unleash token
`GET`	`/feature_flags/unleash/:project_id/client/features`	Unleash token
`POST`	`/feature_flags/unleash/:project_id/client/metrics`	Unleash token
`POST`	`/feature_flags/unleash/:project_id/client/register`	Unleash token
`GET`	`/feature_flags/unleash/:project_id/features`	Unleash token
`GET`	`/geo/proxy`	Geo proxy
`POST`	`/geo/proxy_git_ssh/info_refs_receive_pack`	GitLab Shell token
`POST`	`/geo/proxy_git_ssh/info_refs_upload_pack`	GitLab Shell token
`POST`	`/geo/proxy_git_ssh/receive_pack`	GitLab Shell token
`POST`	`/geo/proxy_git_ssh/upload_pack`	GitLab Shell token
`GET`	`/geo/repositories/:gl_repository/pipeline_refs`	Geo node JWT
`GET`	`/geo/retrieve/:replicable_name/:replicable_id`	Geo node JWT
`POST`	`/geo/status`	Geo node JWT
`GET`	`/groups/:id/-/packages/npm/*package_name`	External registry redirect
`POST`	`/groups/:id/-/packages/npm/-/npm/v1/security/advisories/bulk`	External registry redirect
`POST`	`/groups/:id/-/packages/npm/-/npm/v1/security/audits/quick`	External registry redirect
`POST`	`/groups/:id/placeholder_reassignments/authorize`	Workhorse pre-authorization
`POST`	`/groups/import/authorize`	Workhorse pre-authorization
`GET`	`/internal/agents/agentk/agent_info`	Kubernetes agent JWT
`GET`	`/internal/agents/agentw/agent_info`	Kubernetes agent JWT
`GET`	`/internal/agents/agentw/authorize_user_access`	Kubernetes agent JWT
`GET`	`/internal/agents/agentw/server_config`	Kubernetes agent JWT
`POST`	`/internal/allowed`	GitLab Shell token
`GET`	`/internal/authorized_certs`	GitLab Shell token
`GET`	`/internal/authorized_keys`	GitLab Shell token
`GET`	`/internal/autoflow/repository_info`	Kubernetes agent JWT
`GET`	`/internal/check`	GitLab Shell token
`GET`	`/internal/ci/agents/runner/info`	Kubernetes agent JWT
`GET`	`/internal/ci/agents/runnerc/info`	Kubernetes agent JWT
`PUT`	`/internal/ci/job_router/jobs/:id`	CI job token
`GET`	`/internal/ci/job_router/runner_controllers/job_admission`	Kubernetes agent JWT
`POST`	`/internal/dast/site_validations/:id/transition`	CI job token
`GET`	`/internal/discover`	GitLab Shell token
`POST`	`/internal/error_tracking/allowed`	Error tracking token
`GET`	`/internal/gitaly/object_pool_members`	GitLab Shell token
`GET`	`/internal/gitlab_subscriptions/namespaces/:id`	Subscription portal JWT
`PUT`	`/internal/gitlab_subscriptions/namespaces/:id`	Subscription portal JWT
`GET`	`/internal/gitlab_subscriptions/namespaces/:id/gitlab_subscription`	Subscription portal JWT
`POST`	`/internal/gitlab_subscriptions/namespaces/:id/gitlab_subscription`	Subscription portal JWT
`PUT`	`/internal/gitlab_subscriptions/namespaces/:id/gitlab_subscription`	Subscription portal JWT
`POST`	`/internal/gitlab_subscriptions/namespaces/:id/minutes`	Subscription portal JWT
`PATCH`	`/internal/gitlab_subscriptions/namespaces/:id/minutes/move/:target_id`	Subscription portal JWT
`GET`	`/internal/gitlab_subscriptions/namespaces/:id/owners`	Subscription portal JWT
`POST`	`/internal/gitlab_subscriptions/namespaces/:id/provision`	Subscription portal JWT
`POST`	`/internal/gitlab_subscriptions/namespaces/:id/subscription_add_on_purchases`	Subscription portal JWT
`GET`	`/internal/gitlab_subscriptions/namespaces/:id/subscription_add_on_purchases/:add_on_name`	Subscription portal JWT
`PUT`	`/internal/gitlab_subscriptions/namespaces/:namespace_id/upcoming_reconciliations`	Subscription portal JWT
`DELETE`	`/internal/gitlab_subscriptions/namespaces/:namespace_id/upcoming_reconciliations`	Subscription portal JWT
`GET`	`/internal/gitlab_subscriptions/namespaces/:namespace_id/user_permissions/:user_id`	Subscription portal JWT
`GET`	`/internal/gitlab_subscriptions/users/:id`	Subscription portal JWT
`PUT`	`/internal/gitlab_subscriptions/users/:user_id/credit_card_validation`	Subscription portal JWT
`POST`	`/internal/jobs/:id/x_ray/dependencies`	CI job token
`POST`	`/internal/jobs/:id/x_ray/scan`	CI job token
`POST`	`/internal/kubernetes/agent_configuration`	Kubernetes agent JWT
`POST`	`/internal/kubernetes/agent_events`	Kubernetes agent JWT
`POST`	`/internal/kubernetes/authorize_proxy_user`	Kubernetes agent JWT
`GET`	`/internal/kubernetes/modules/remote_development/prerequisites`	Kubernetes agent JWT
`POST`	`/internal/kubernetes/modules/remote_development/reconcile`	Kubernetes agent JWT
`PUT`	`/internal/kubernetes/modules/starboard_vulnerability`	Kubernetes agent JWT
`GET`	`/internal/kubernetes/modules/starboard_vulnerability/policies_configuration`	Kubernetes agent JWT
`POST`	`/internal/kubernetes/modules/starboard_vulnerability/scan_result`	Kubernetes agent JWT
`GET`	`/internal/kubernetes/receptive_agents`	Kubernetes agent JWT
`POST`	`/internal/kubernetes/usage_metrics`	Kubernetes agent JWT
`GET`	`/internal/kubernetes/verify_project_access`	Kubernetes agent JWT
`GET`	`/internal/lfs`	GitLab Shell token
`POST`	`/internal/lfs_authenticate`	GitLab Shell token
`POST`	`/internal/mail_room/*mailbox_type`	Mailroom token
`GET`	`/internal/observability/project/:id/read/analytics`	Workhorse verification
`GET`	`/internal/observability/project/:id/read/logs`	Workhorse verification
`GET`	`/internal/observability/project/:id/read/metrics`	Workhorse verification
`GET`	`/internal/observability/project/:id/read/services`	Workhorse verification
`GET`	`/internal/observability/project/:id/read/traces`	Workhorse verification
`POST`	`/internal/observability/project/:id/write/logs`	Workhorse verification
`POST`	`/internal/observability/project/:id/write/metrics`	Workhorse verification
`POST`	`/internal/observability/project/:id/write/traces`	Workhorse verification
`GET`	`/internal/orbit/project/:project_id/info`	Orbit internal token
`GET`	`/internal/orbit/project/:project_id/repository/archive`	Orbit internal token
`GET`	`/internal/orbit/project/:project_id/repository/changed_paths`	Orbit internal token
`GET`	`/internal/orbit/project/:project_id/repository/commits`	Orbit internal token
`POST`	`/internal/orbit/project/:project_id/repository/list_blobs`	Orbit internal token
`POST`	`/internal/orbit/redaction`	Orbit internal token
`GET`	`/internal/pages`	GitLab Pages token
`GET`	`/internal/pages/status`	GitLab Pages token
`POST`	`/internal/personal_access_token`	GitLab Shell token
`POST`	`/internal/post_receive`	GitLab Shell token
`POST`	`/internal/pre_receive`	GitLab Shell token
`POST`	`/internal/search/zoekt/:uuid/callback`	GitLab Shell token
`POST`	`/internal/search/zoekt/:uuid/heartbeat`	GitLab Shell token
`POST`	`/internal/secrets_manager/audit_logs`	OpenBao token
`POST`	`/internal/shellhorse/git_audit_event`	GitLab shared secret
`POST`	`/internal/two_factor_config`	GitLab Shell token
`POST`	`/internal/two_factor_manual_otp_check`	GitLab Shell token
`POST`	`/internal/two_factor_push_otp_check`	GitLab Shell token
`POST`	`/internal/two_factor_recovery_codes`	GitLab Shell token
`POST`	`/internal/workhorse/authorize_upload`	Workhorse verification
`GET`	`/job`	CI job token
`GET`	`/job/allowed_agents`	CI job token
`PUT`	`/jobs/:id`	CI job token
`GET`	`/jobs/:id/artifacts`	CI job token
`POST`	`/jobs/:id/artifacts`	CI job token
`POST`	`/jobs/:id/artifacts/authorize`	CI job token
`POST`	`/jobs/:id/sbom_scans`	CI job token
`POST`	`/jobs/:id/sbom_scans/:sbom_digest`	CI job token
`GET`	`/jobs/:id/sbom_scans/:sbom_scan_id`	CI job token
`POST`	`/jobs/:id/sbom_scans/authorize`	CI job token
`PATCH`	`/jobs/:id/trace`	CI job token
`POST`	`/jobs/request`	Runner token
`GET`	`/orbit/mcp`	Orbit internal token
`POST`	`/orbit/mcp`	Orbit internal token
`PUT`	`/packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/export/:file_name/authorize`	Workhorse pre-authorization
`PUT`	`/packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/package/:conan_package_reference/:package_revision/:file_name/authorize`	Workhorse pre-authorization
`GET`	`/packages/npm/*package_name`	External registry redirect
`POST`	`/packages/npm/-/npm/v1/security/advisories/bulk`	External registry redirect
`POST`	`/packages/npm/-/npm/v1/security/audits/quick`	External registry redirect
`POST`	`/projects/:id/(ref/:ref/)trigger/pipeline`	CI trigger token
`POST`	`/projects/:id/alert_management_alerts/:alert_iid/metric_images/authorize`	Workhorse pre-authorization
`PATCH`	`/projects/:id/compliance_external_controls/:control_id/status`	Compliance external control token
`POST`	`/projects/:id/issues/:issue_iid/metric_images/authorize`	Workhorse pre-authorization
`PUT`	`/projects/:id/packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/export/:file_name/authorize`	Workhorse pre-authorization
`PUT`	`/projects/:id/packages/conan/v1/files/:package_name/:package_version/:package_username/:package_channel/:recipe_revision/package/:conan_package_reference/:package_revision/:file_name/authorize`	Workhorse pre-authorization
`PUT`	`/projects/:id/packages/conan/v2/conans/:package_name/:package_version/:package_username/:package_channel/revisions/:recipe_revision/files/:file_name/authorize`	Workhorse pre-authorization
`PUT`	`/projects/:id/packages/conan/v2/conans/:package_name/:package_version/:package_username/:package_channel/revisions/:recipe_revision/packages/:conan_package_reference/revisions/:package_revision/files/:file_name/authorize`	Workhorse pre-authorization
`PUT`	`/projects/:id/packages/debian/:file_name/authorize`	Workhorse pre-authorization
`PUT`	`/projects/:id/packages/generic/:package_name/package_version/(path/):file_name/authorize`	Workhorse pre-authorization
`POST`	`/projects/:id/packages/helm/api/:channel/charts/authorize`	Workhorse pre-authorization
`PUT`	`/projects/:id/packages/maven/*path/:file_name/authorize`	Workhorse pre-authorization
`PUT`	`/projects/:id/packages/ml_models/:model_version_id/files/(*path/):file_name/authorize`	Workhorse pre-authorization
`POST`	`/projects/:id/packages/npm/-/npm/v1/security/advisories/bulk`	External registry redirect
`POST`	`/projects/:id/packages/npm/-/npm/v1/security/audits/quick`	External registry redirect
`PUT`	`/projects/:id/packages/npm/:package_name/authorize`	Workhorse pre-authorization
`PUT`	`/projects/:id/packages/nuget/authorize`	Workhorse pre-authorization
`PUT`	`/projects/:id/packages/nuget/symbolpackage/authorize`	Workhorse pre-authorization
`PUT`	`/projects/:id/packages/nuget/v2/authorize`	Workhorse pre-authorization
`POST`	`/projects/:id/packages/pypi/authorize`	Workhorse pre-authorization
`POST`	`/projects/:id/packages/rpm/authorize`	Workhorse pre-authorization
`POST`	`/projects/:id/packages/rubygems/api/v1/gems/authorize`	Workhorse pre-authorization
`PUT`	`/projects/:id/packages/terraform/modules/:module_name/:module_system/*module_version/file/authorize`	Workhorse pre-authorization
`POST`	`/projects/:id/repository/commits/authorize`	Workhorse pre-authorization
`POST`	`/projects/:id/repository/files/:file_path/authorize`	Workhorse pre-authorization
`PUT`	`/projects/:id/repository/files/:file_path/authorize`	Workhorse pre-authorization
`POST`	`/projects/:id/terraform/state/:name/authorize`	Workhorse pre-authorization
`POST`	`/projects/:id/uploads/authorize`	Workhorse pre-authorization
`POST`	`/projects/import-relation/authorize`	Workhorse pre-authorization
`POST`	`/projects/import/authorize`	Workhorse pre-authorization
`POST`	`/runners`	Runner token
`DELETE`	`/runners`	Runner token
`DELETE`	`/runners/managers`	Runner token
`POST`	`/runners/reset_authentication_token`	Runner token
`GET`	`/runners/router/discovery`	Runner token
`POST`	`/runners/verify`	Runner token
`GET`	`/usage_data/metric_definitions`	Usage data token