mirror of
https://tangled.org/evan.jarrett.net/at-container-registry
synced 2026-04-20 16:40:29 +00:00
5.2 KiB
5.2 KiB
Hold Service XRPC Endpoints
This document lists all XRPC endpoints implemented in the Hold service (pkg/hold/).
PDS Endpoints (pkg/hold/pds/xrpc.go)
Public (No Auth Required)
| Endpoint | Method | Description |
|---|---|---|
/xrpc/_health |
GET | Health check |
/xrpc/com.atproto.server.describeServer |
GET | Server metadata |
/xrpc/com.atproto.repo.describeRepo |
GET | Repository information |
/xrpc/com.atproto.repo.getRecord |
GET | Retrieve a single record |
/xrpc/com.atproto.repo.listRecords |
GET | List records in a collection (paginated) |
/xrpc/com.atproto.sync.listRepos |
GET | List all repositories |
/xrpc/com.atproto.sync.getRecord |
GET | Get record as CAR file |
/xrpc/com.atproto.sync.getRepo |
GET | Full repository as CAR file |
/xrpc/com.atproto.sync.getRepoStatus |
GET | Repository hosting status |
/xrpc/com.atproto.sync.subscribeRepos |
GET | WebSocket firehose |
/xrpc/com.atproto.identity.resolveHandle |
GET | Resolve handle to DID |
/xrpc/app.bsky.actor.getProfile |
GET | Get actor profile |
/xrpc/app.bsky.actor.getProfiles |
GET | Get multiple profiles |
/xrpc/io.atcr.hold.listTiers |
GET | List hold's available tiers with quotas and features |
/.well-known/did.json |
GET | DID document |
/.well-known/atproto-did |
GET | DID for handle resolution |
Conditional Auth (based on captain.public)
| Endpoint | Method | Description |
|---|---|---|
/xrpc/com.atproto.sync.getBlob |
GET/HEAD | Get blob (routes OCI vs ATProto) |
Owner/Crew Admin Required
| Endpoint | Method | Description |
|---|---|---|
/xrpc/com.atproto.repo.deleteRecord |
POST | Delete a record |
/xrpc/com.atproto.repo.uploadBlob |
POST | Upload ATProto blob |
Auth Required (Service Token or DPoP)
| Endpoint | Method | Description |
|---|---|---|
/xrpc/io.atcr.hold.requestCrew |
POST | Request crew membership |
/xrpc/io.atcr.hold.exportUserData |
GET | GDPR data export (returns user's records) |
Appview Token Required
| Endpoint | Method | Description |
|---|---|---|
/xrpc/io.atcr.hold.updateCrewTier |
POST | Update a crew member's tier (appview-only) |
OCI Multipart Upload Endpoints (pkg/hold/oci/xrpc.go)
All require blob:write permission via service token:
| Endpoint | Method | Description |
|---|---|---|
/xrpc/io.atcr.hold.initiateUpload |
POST | Start multipart upload |
/xrpc/io.atcr.hold.getPartUploadUrl |
POST | Get presigned URL for part |
/xrpc/io.atcr.hold.uploadPart |
PUT | Direct buffered part upload |
/xrpc/io.atcr.hold.completeUpload |
POST | Finalize multipart upload |
/xrpc/io.atcr.hold.abortUpload |
POST | Cancel multipart upload |
/xrpc/io.atcr.hold.notifyManifest |
POST | Notify manifest push (creates layer records + optional Bluesky post) |
ATCR Hold-Specific Endpoints (io.atcr.hold.*)
| Endpoint | Method | Auth | Description |
|---|---|---|---|
/xrpc/io.atcr.hold.initiateUpload |
POST | blob:write | Start multipart upload |
/xrpc/io.atcr.hold.getPartUploadUrl |
POST | blob:write | Get presigned URL for part |
/xrpc/io.atcr.hold.uploadPart |
PUT | blob:write | Direct buffered part upload |
/xrpc/io.atcr.hold.completeUpload |
POST | blob:write | Finalize multipart upload |
/xrpc/io.atcr.hold.abortUpload |
POST | blob:write | Cancel multipart upload |
/xrpc/io.atcr.hold.notifyManifest |
POST | blob:write | Notify manifest push |
/xrpc/io.atcr.hold.requestCrew |
POST | auth | Request crew membership |
/xrpc/io.atcr.hold.exportUserData |
GET | auth | GDPR data export |
/xrpc/io.atcr.hold.getQuota |
GET | none | Get user quota info |
/xrpc/io.atcr.hold.getLayersForManifest |
GET | none | Get layer records for a manifest AT-URI |
/xrpc/io.atcr.hold.image.getConfig |
GET | none | Get OCI image config record for a manifest digest |
/xrpc/io.atcr.hold.listTiers |
GET | none | List hold's available tiers with quotas and features (scanOnPush) |
/xrpc/io.atcr.hold.updateCrewTier |
POST | appview token | Update crew member's tier |
Standard ATProto Endpoints (excluding io.atcr.hold.*)
| Endpoint |
|---|
| /xrpc/_health |
| /xrpc/com.atproto.server.describeServer |
| /xrpc/com.atproto.repo.describeRepo |
| /xrpc/com.atproto.repo.getRecord |
| /xrpc/com.atproto.repo.listRecords |
| /xrpc/com.atproto.repo.deleteRecord |
| /xrpc/com.atproto.repo.uploadBlob |
| /xrpc/com.atproto.sync.listRepos |
| /xrpc/com.atproto.sync.getRecord |
| /xrpc/com.atproto.sync.getRepo |
| /xrpc/com.atproto.sync.getRepoStatus |
| /xrpc/com.atproto.sync.getBlob |
| /xrpc/com.atproto.sync.subscribeRepos |
| /xrpc/com.atproto.identity.resolveHandle |
| /xrpc/app.bsky.actor.getProfile |
| /xrpc/app.bsky.actor.getProfiles |
| /.well-known/did.json |
| /.well-known/atproto-did |
See Also
- DIRECT_HOLD_ACCESS.md - How to call hold endpoints directly without AppView (app passwords, curl examples)
- BYOS.md - Bring Your Own Storage architecture
- OAUTH.md - OAuth + DPoP authentication details