Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/OpsMill/infrahub/llms.txt

Use this file to discover all available pages before exploring further.

The Infrahub REST API provides endpoints for specific operations that complement the GraphQL API. It follows OpenAPI 3.1.0 specifications.

Base URL

Production: http://localhost:8000/api All REST endpoints are prefixed with /api.

Interactive Documentation

  • Swagger UI: http://localhost:8000/api/docs
  • ReDoc: http://localhost:8000/api/redoc
  • OpenAPI Spec: Available at /home/daytona/workspace/source/schema/openapi.json

Authentication

REST endpoints support the same authentication methods as GraphQL: JWT Token: 
curl http://localhost:8000/api/info \
  -H "Authorization: Bearer <access_token>"
API Key: 
curl http://localhost:8000/api/info \
  -H "X-INFRAHUB-KEY: <api_key>"

Artifacts

Get Artifact

Retrieve a generated artifact by ID. Endpoint: GET /api/artifact/{artifact_id} Parameters:
  • artifact_id (path, required) - Artifact identifier
  • branch (query, optional) - Branch name
  • at (query, optional) - Timestamp for time-travel query
Example: 
curl http://localhost:8000/api/artifact/abc123 \
  -H "Authorization: Bearer <token>"

Generate Artifact

Trigger artifact generation for an artifact definition. Endpoint: POST /api/artifact/generate/{artifact_definition_id} Parameters:
  • artifact_definition_id (path, required) - Artifact definition ID
  • branch (query, optional) - Branch name
  • at (query, optional) - Timestamp
Request Body: 
{
  "nodes": ["device-id-1", "device-id-2"]
}
Example: 
curl -X POST http://localhost:8000/api/artifact/generate/def123 \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{"nodes": ["device-1"]}'

Authentication

Login

Authenticate with username and password. Endpoint: POST /api/auth/login Request Body: 
{
  "username": "admin",
  "password": "infrahub"
}
Response: 
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
Example: 
curl -X POST http://localhost:8000/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"username": "admin", "password": "infrahub"}'

Refresh Token

Obtain a new access token using a refresh token. Endpoint: POST /api/auth/refresh Headers:
  • Authorization: Bearer <refresh_token>
Response: 
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
Example: 
curl -X POST http://localhost:8000/api/auth/refresh \
  -H "Authorization: Bearer <refresh_token>"

Logout

Invalidate the current session and refresh token. Endpoint: POST /api/auth/logout Example: 
curl -X POST http://localhost:8000/api/auth/logout \
  -H "Authorization: Bearer <access_token>"

Diff Operations

Get Diff Files

Retrieve file diffs for a branch. Endpoint: GET /api/diff/files Parameters:
  • branch (query, optional) - Branch name
  • time_from (query, optional) - Start timestamp
  • time_to (query, optional) - End timestamp
  • branch_only (query, optional) - Only show branch changes (default: true)
Example: 
curl "http://localhost:8000/api/diff/files?branch=feature-branch" \
  -H "Authorization: Bearer <token>"

Get Diff Artifacts

Retrieve artifact diffs for a branch. Endpoint: GET /api/diff/artifacts Parameters:
  • branch (query, optional) - Branch name
Example: 
curl "http://localhost:8000/api/diff/artifacts?branch=feature-branch" \
  -H "Authorization: Bearer <token>"

File Operations

Get File

Retrieve a file from a Git repository. Endpoint: GET /api/file/{repository_id}/{file_path} Parameters:
  • repository_id (path, required) - Repository identifier
  • file_path (path, required) - Path to file in repository
  • commit (query, optional) - Specific commit hash
  • branch (query, optional) - Branch name
  • at (query, optional) - Timestamp
Example: 
curl "http://localhost:8000/api/file/repo123/configs/router-01.cfg" \
  -H "Authorization: Bearer <token>"

Configuration

Get Config

Retrieve Infrahub configuration settings. Endpoint: GET /api/config Response: 
{
  "main": {
    "allow_anonymous_access": false,
    "internal_address": "http://localhost:8000"
  },
  "logging": {
    "level": "INFO"
  },
  "analytics": {
    "enable": false
  },
  "experimental_features": {},
  "sso": {
    "oauth2_providers": [],
    "oidc_providers": []
  },
  "installation_type": "production",
  "policy": {}
}
Example: 
curl http://localhost:8000/api/config
See /home/daytona/workspace/source/backend/infrahub/api/internal.py:44 for implementation.

Get Info

Retrieve Infrahub deployment information. Endpoint: GET /api/info Response: 
{
  "deployment_id": "550e8400-e29b-41d4-a716-446655440000",
  "version": "0.15.0"
}
Example: 
curl http://localhost:8000/api/info \
  -H "Authorization: Bearer <token>"

Get Menu

Retrieve the navigation menu structure. Endpoint: GET /api/menu Parameters:
  • branch (query, optional) - Branch name
  • at (query, optional) - Timestamp
Example: 
curl "http://localhost:8000/api/menu?branch=main" \
  -H "Authorization: Bearer <token>"

GraphQL Query Execution

Execute Stored Query (POST)

Execute a stored GraphQL query by ID or name. Endpoint: POST /api/query/{query_id} Parameters:
  • query_id (path, required) - Query ID or name
  • branch (query, optional) - Branch name
  • at (query, optional) - Timestamp
  • subscribers (query, optional) - List of subscriber IDs
  • update_group (query, optional) - Create/update CoreGraphQLQueryGroup (default: false)
Request Body: 
{
  "variables": {
    "site_name": "datacenter-1"
  }
}
Example: 
curl -X POST "http://localhost:8000/api/query/get-devices-by-site" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{"variables": {"site_name": "datacenter-1"}}'

Execute Stored Query (GET)

Execute a stored GraphQL query via GET request. Endpoint: GET /api/query/{query_id} Example: 
curl "http://localhost:8000/api/query/list-all-devices" \
  -H "Authorization: Bearer <token>"

Schema Operations

Get Schema

Retrieve the Infrahub schema definition. Endpoint: GET /api/schema Parameters:
  • branch (query, optional) - Branch name
  • namespaces (query, optional) - Array of namespace filters
Example: 
curl "http://localhost:8000/api/schema?namespaces=Infra&namespaces=Core" \
  -H "Authorization: Bearer <token>"

Get Schema Summary

Retrieve schema hash and summary information. Endpoint: GET /api/schema/summary Parameters:
  • branch (query, optional) - Branch name
Example: 
curl "http://localhost:8000/api/schema/summary?branch=main" \
  -H "Authorization: Bearer <token>"

Get Schema by Kind

Retrieve schema definition for a specific kind. Endpoint: GET /api/schema/{schema_kind} Parameters:
  • schema_kind (path, required) - Schema kind (e.g., “InfraDevice”)
  • branch (query, optional) - Branch name
Example: 
curl "http://localhost:8000/api/schema/InfraDevice" \
  -H "Authorization: Bearer <token>"

OAuth 2.0 / OIDC

OAuth 2.0 Authorization

Initiate OAuth 2.0 authorization flow. Endpoint: GET /api/oauth2/{provider_name}/authorize Parameters:
  • provider_name (path, required) - Provider name (e.g., “google”)
  • final_url (query, optional) - Redirect URL after authentication
Example: 
curl "http://localhost:8000/api/oauth2/google/authorize?final_url=/dashboard"

OAuth 2.0 Token Exchange

Exchange authorization code for tokens. Endpoint: GET /api/oauth2/{provider_name}/token Parameters:
  • provider_name (path, required) - Provider name
  • state (query, required) - State parameter from authorization
  • code (query, required) - Authorization code

OIDC Authorization

Initiate OIDC authorization flow. Endpoint: GET /api/oidc/{provider_name}/authorize Parameters:
  • provider_name (path, required) - Provider name
  • final_url (query, optional) - Redirect URL after authentication

OIDC Token Exchange

Exchange authorization code for tokens. Endpoint: GET /api/oidc/{provider_name}/token Parameters:
  • provider_name (path, required) - Provider name
  • state (query, required) - State parameter
  • code (query, required) - Authorization code

Error Responses

400 Bad Request

{
  "errors": ["Request body is not a valid JSON"]
}

401 Unauthorized

{
  "errors": ["Authentication is required"]
}

404 Not Found

{
  "errors": ["The requested endpoint /api/invalid does not exist"]
}
See /home/daytona/workspace/source/backend/infrahub/api/__init__.py:75 for the catch-all 404 handler.

422 Validation Error

{
  "detail": [
    {
      "loc": ["body", "username"],
      "msg": "field required",
      "type": "value_error.missing"
    }
  ]
}

Transformation Endpoints

Get Python Transform

Retrieve a Python transformation by ID. Endpoint: GET /api/transform/python/{transform_id} Parameters:
  • transform_id (path, required) - Transform identifier
Example: 
curl http://localhost:8000/api/transform/python/my-transform \
  -H "Authorization: Bearer <token>"

Get Jinja2 Transform

Retrieve a Jinja2 transformation template by ID. Endpoint: GET /api/transform/jinja2/{transform_id} Parameters:
  • transform_id (path, required) - Transform identifier
Response: Plain text (Jinja2 template) Example: 
curl http://localhost:8000/api/transform/jinja2/device-config \
  -H "Authorization: Bearer <token>"

Common Query Parameters

Many endpoints support these common parameters: Branch Selection:
  • branch - Name of the branch to use (defaults to main)
Time-Travel:
  • at - Timestamp in absolute or relative format
    • Absolute: 2024-01-15T10:30:00Z
    • Relative: -1h, -7d, -30m

Content Types

Most endpoints accept and return JSON: Request: 
Content-Type: application/json
Response: 
Content-Type: application/json
File endpoints return plain text: Response: 
Content-Type: text/plain

Security Schemes

The OpenAPI spec defines two security schemes: HTTPBearer: 
HTTPBearer:
  type: http
  scheme: bearer
APIKeyHeader: 
APIKeyHeader:
  type: apiKey
  in: header
  name: X-INFRAHUB-KEY