2020-07-30 08:09:33 -04:00
---
2020-12-14 16:09:47 -05:00
stage: Manage
2021-12-23 10:11:20 -05:00
group: Authentication & Authorization
2020-11-26 01:09:20 -05:00
info: "To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments"
2020-07-30 08:09:33 -04:00
---
2021-09-07 14:10:39 -04:00
# Group and project access requests API **(FREE)**
2016-06-23 11:14:31 -04:00
2020-01-22 10:08:48 -05:00
## Valid access levels
2016-06-23 11:14:31 -04:00
2020-12-14 16:09:47 -05:00
The access levels are defined in the `Gitlab::Access` module, and the
following levels are recognized:
2016-06-23 11:14:31 -04:00
2020-06-08 17:09:17 -04:00
- No access (`0`)
2020-12-14 16:09:47 -05:00
- Minimal access (`5`) ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/220203) in GitLab 13.5.)
2020-06-08 17:09:17 -04:00
- Guest (`10`)
- Reporter (`20`)
- Developer (`30`)
- Maintainer (`40`)
- Owner (`50`) - Only valid to set for groups
2016-06-23 11:14:31 -04:00
## List access requests for a group or project
Gets a list of access requests viewable by the authenticated user.
2019-10-02 02:06:28 -04:00
```plaintext
2016-06-23 11:14:31 -04:00
GET /groups/:id/access_requests
GET /projects/:id/access_requests
```
2019-10-02 02:06:28 -04:00
| Attribute | Type | Required | Description |
| --------- | -------------- | -------- | ----------- |
2021-06-28 11:08:03 -04:00
| `id` | integer/string | yes | The ID or [URL-encoded path of the project ](index.md#namespaced-path-encoding ) owned by the authenticated user |
2019-10-02 02:06:28 -04:00
Example request:
2016-06-23 11:14:31 -04:00
2020-01-30 10:09:15 -05:00
```shell
2020-05-27 20:08:37 -04:00
curl --header "PRIVATE-TOKEN: < your_access_token > " "https://gitlab.example.com/api/v4/groups/:id/access_requests"
curl --header "PRIVATE-TOKEN: < your_access_token > " "https://gitlab.example.com/api/v4/projects/:id/access_requests"
2016-06-23 11:14:31 -04:00
```
Example response:
```json
[
{
"id": 1,
"username": "raymond_smith",
"name": "Raymond Smith",
"state": "active",
"created_at": "2012-10-22T14:13:35Z",
"requested_at": "2012-10-22T14:13:35Z"
},
{
"id": 2,
"username": "john_doe",
"name": "John Doe",
"state": "active",
"created_at": "2012-10-22T14:13:35Z",
"requested_at": "2012-10-22T14:13:35Z"
}
]
```
## Request access to a group or project
Requests access for the authenticated user to a group or project.
2019-10-02 02:06:28 -04:00
```plaintext
2016-06-23 11:14:31 -04:00
POST /groups/:id/access_requests
POST /projects/:id/access_requests
```
2019-10-02 02:06:28 -04:00
| Attribute | Type | Required | Description |
| --------- | -------------- | -------- | ----------- |
2021-06-28 11:08:03 -04:00
| `id` | integer/string | yes | The ID or [URL-encoded path of the project ](index.md#namespaced-path-encoding ) owned by the authenticated user |
2019-10-02 02:06:28 -04:00
Example request:
2016-06-23 11:14:31 -04:00
2020-01-30 10:09:15 -05:00
```shell
2020-05-27 20:08:37 -04:00
curl --request POST --header "PRIVATE-TOKEN: < your_access_token > " "https://gitlab.example.com/api/v4/groups/:id/access_requests"
curl --request POST --header "PRIVATE-TOKEN: < your_access_token > " "https://gitlab.example.com/api/v4/projects/:id/access_requests"
2016-06-23 11:14:31 -04:00
```
Example response:
```json
{
"id": 1,
"username": "raymond_smith",
"name": "Raymond Smith",
"state": "active",
"created_at": "2012-10-22T14:13:35Z",
"requested_at": "2012-10-22T14:13:35Z"
}
```
## Approve an access request
Approves an access request for the given user.
2019-10-02 02:06:28 -04:00
```plaintext
2016-06-23 11:14:31 -04:00
PUT /groups/:id/access_requests/:user_id/approve
PUT /projects/:id/access_requests/:user_id/approve
```
2019-10-02 02:06:28 -04:00
| Attribute | Type | Required | Description |
| -------------- | -------------- | -------- | ----------- |
2021-06-28 11:08:03 -04:00
| `id` | integer/string | yes | The ID or [URL-encoded path of the project ](index.md#namespaced-path-encoding ) owned by the authenticated user |
2019-10-02 02:06:28 -04:00
| `user_id` | integer | yes | The user ID of the access requester |
2021-07-08 14:09:32 -04:00
| `access_level` | integer | no | A valid access level (defaults: `30` , the Developer role) |
2019-10-02 02:06:28 -04:00
Example request:
2016-06-23 11:14:31 -04:00
2020-01-30 10:09:15 -05:00
```shell
2020-05-27 20:08:37 -04:00
curl --request PUT --header "PRIVATE-TOKEN: < your_access_token > " "https://gitlab.example.com/api/v4/groups/:id/access_requests/:user_id/approve?access_level=20"
curl --request PUT --header "PRIVATE-TOKEN: < your_access_token > " "https://gitlab.example.com/api/v4/projects/:id/access_requests/:user_id/approve?access_level=20"
2016-06-23 11:14:31 -04:00
```
Example response:
```json
{
"id": 1,
"username": "raymond_smith",
"name": "Raymond Smith",
"state": "active",
"created_at": "2012-10-22T14:13:35Z",
"access_level": 20
}
```
## Deny an access request
Denies an access request for the given user.
2019-10-02 02:06:28 -04:00
```plaintext
2016-06-23 11:14:31 -04:00
DELETE /groups/:id/access_requests/:user_id
DELETE /projects/:id/access_requests/:user_id
```
2019-10-02 02:06:28 -04:00
| Attribute | Type | Required | Description |
| --------- | -------------- | -------- | ----------- |
2021-06-28 11:08:03 -04:00
| `id` | integer/string | yes | The ID or [URL-encoded path of the project ](index.md#namespaced-path-encoding ) owned by the authenticated user |
2019-10-02 02:06:28 -04:00
| `user_id` | integer | yes | The user ID of the access requester |
Example request:
2016-06-23 11:14:31 -04:00
2020-01-30 10:09:15 -05:00
```shell
2020-05-27 20:08:37 -04:00
curl --request DELETE --header "PRIVATE-TOKEN: < your_access_token > " "https://gitlab.example.com/api/v4/groups/:id/access_requests/:user_id"
curl --request DELETE --header "PRIVATE-TOKEN: < your_access_token > " "https://gitlab.example.com/api/v4/projects/:id/access_requests/:user_id"
2016-06-23 11:14:31 -04:00
```