API Reference

HTTP API for the niso package registry. All endpoints accept and return JSON unless noted otherwise.

Base URL

https://registry.example.com

Authentication

Pass your API key in the Authorization header:

Authorization: Bearer niso_k1_...

Packages

GET/v1/packages

List all packages in the registry.

Response

{
  "packages": [
    {
      "name": "my-app",
      "versions": ["1.0.0", "1.1.0"],
      "latest": "1.1.0",
      "description": "My application"
    }
  ]
}
GET/v1/packages/{name}/versions

List all versions of a package.

Response

{
  "name": "my-app",
  "versions": [
    {
      "version": "1.1.0",
      "arch": "x86_64",
      "size": 8421376,
      "sha256": "a1b2c3...",
      "uploaded_at": "2026-04-10T12:00:00Z"
    }
  ]
}
GET/v1/packages/{name}/{version}/manifest

Get the manifest for a specific version.

Response

{
  "package": {
    "name": "my-app",
    "version": "1.1.0"
  },
  "binary": {
    "entrypoint": "my-app"
  },
  "isolation": {
    "preset": "server"
  }
}
GET/v1/packages/{name}/{version}/{arch}

Download a package archive. Returns the .niso file as an octet stream.

Response

Content-Type: application/octet-stream
Content-Disposition: attachment; filename="my-app-1.1.0-x86_64.niso"
GET/v1/packages/{name}/latest/{arch}

Download the latest version for a given architecture.

POST/v1/packages/{name}/{version}/{arch}auth required

Upload a package archive. Body is the .niso file. Signature header optional.

Request

Content-Type: application/octet-stream
X-Niso-Signature: <base64-ed25519-signature>

<binary package data>
DELETE/v1/packages/{name}/{version}/{arch}auth required

Delete a specific package version and architecture.

Tags

GET/v1/packages/{name}/tags

List all tags for a package.

Response

{
  "tags": [
    { "tag": "stable", "version": "1.0.0" },
    { "tag": "beta", "version": "1.1.0" }
  ]
}
POST/v1/packages/{name}/tagsauth required

Create or update a tag pointing to a version.

Request

{
  "tag": "stable",
  "version": "1.1.0"
}

Authentication

POST/v1/auth/keysauth required

Create an API key. Returns the key once; store it securely.

Request

{
  "name": "ci-deploy",
  "scopes": ["push", "delete"]
}

Response

{
  "id": "key_abc123",
  "name": "ci-deploy",
  "key": "niso_k1_...",
  "created_at": "2026-04-10T12:00:00Z"
}
GET/v1/auth/keysauth required

List all API keys (keys are redacted).

Response

{
  "keys": [
    {
      "id": "key_abc123",
      "name": "ci-deploy",
      "scopes": ["push", "delete"],
      "created_at": "2026-04-10T12:00:00Z",
      "last_used": "2026-04-10T14:30:00Z"
    }
  ]
}
DELETE/v1/auth/keys/{id}auth required

Revoke an API key.

System

GET/health

Health check. Returns 200 if the registry is running.

Response

{ "status": "ok" }