Skip to main content
Use this endpoint family to manage stored HTTPS credentials for repositories configured with generic Git Sync providers such as GitLab, Bitbucket, Gitea, Forgejo, Codeberg, and SourceHut. These credentials are scoped to a single repository and are used whenever Code Storage needs to talk to the upstream Git host on your behalf.

Create a credential

POST /api/v1/repos/git-credentials
Authorization: Bearer YOUR_JWT_TOKEN
Content-Type: application/json

{
  "repo_id": "REPO_ID",
  "username": "git",
  "password": "YOUR_ACCESS_TOKEN_OR_PASSWORD"
}
username is optional. Omit it when your provider accepts a token on its own. Example: 
curl "$CODE_STORAGE_BASE_URL/repos/git-credentials" \
  -X POST \
  -H "Authorization: Bearer $CODE_STORAGE_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "repo_id": "REPO_ID",
    "username": "git",
    "password": "glpat_xxxxxxxxxxxx"
  }'

Request body

repo_id
string
required
Repository ID returned by Create repository.
username
string
Username for HTTPS authentication. Optional for token-only providers.
password
string
required
Password or access token for the upstream provider.

Response

{
  "id": "ggc_1234567890abcdef",
  "created_at": "2026-03-12T15:04:05Z"
}

Update a credential

PUT /api/v1/repos/git-credentials
Authorization: Bearer YOUR_JWT_TOKEN
Content-Type: application/json

{
  "id": "CREDENTIAL_ID",
  "username": "git",
  "password": "YOUR_NEW_ACCESS_TOKEN"
}
Example: 
curl "$CODE_STORAGE_BASE_URL/repos/git-credentials" \
  -X PUT \
  -H "Authorization: Bearer $CODE_STORAGE_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "id": "CREDENTIAL_ID",
    "username": "git",
    "password": "glpat_rotated_token"
  }'

Request body

id
string
required
Credential ID returned when the credential was created.
username
string
Updated username. Optional.
password
string
required
Updated password or access token.

Response

{
  "id": "ggc_1234567890abcdef",
  "created_at": "2026-03-12T15:04:05Z"
}

Delete a credential

DELETE /api/v1/repos/git-credentials
Authorization: Bearer YOUR_JWT_TOKEN
Content-Type: application/json

{
  "id": "CREDENTIAL_ID"
}
Example: 
curl "$CODE_STORAGE_BASE_URL/repos/git-credentials" \
  -X DELETE \
  -H "Authorization: Bearer $CODE_STORAGE_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "id": "CREDENTIAL_ID"
  }'

Request body

id
string
required
Credential ID to delete.

Response

Returns 204 No Content.

Notes

  • Create the repository before creating the credential.
  • A repository can only have one stored Git credential at a time.
  • Credentials are used for generic Git Sync providers, not GitHub App sync.
  • After rotating a credential, use Pull from upstream or the next successful push to refresh state.

Error responses

400 Bad Request
string
Missing required fields such as repo_id, id, or password.
404 Not Found
string
Repository or credential was not found for the authenticated organization.
409 Conflict
string
A credential already exists for the target repository.