Deploy keys api needs Admin access

I am using gitlab.com and have uploaded SSH keys. When calling the Deploy Keys API I see 403:Forbidden and needs admin access.

What does admin access mean? I am the only user in this account. How do I get admin access?

https://docs.gitlab.com/ee/api/deploy_keys.html

Hey @dsatyap, welcome to the forum.

That particular endpoint can’t be used on GitLab.com as it requires administrative access to the instance, which is not granted to end-users. Only a select few GitLab employees are granted that access.

Any of the other endpoints in that documentation are available to you.

Hello Tristan,

Thank you for your answer to @dsatyap question. Is this something that is prone to change in a future release as a potential feature?
I have a bootstrap script that automate, among certain things, deployment of ssh keys on every servers/services I use. At the moment, the only blocker is gitlab, as I also get this { 403: “forbidden” } response when I try to use the API.
I’m not sure to understand the limitation as the process works fine on github.com

curl -u "$github_username:$github_token" --data "{\"title\":\"$key_title\",\"key\":\"$ssh_public_key\"}" https://api.github.com/user/keys

returns HTTP Code 200 and deployed my key but the equivalent on gitlab:

data='{"title": "'"$key_title"'", "key": "'"$ssh_public_key"'"}'
curl --request POST --header 'PRIVATE-TOKEN: '"$gitlab_private_token"'' --header "Content-Type: application/json"  --data "$data" https://gitlab.com/api/v4/projects/${gitlab_project_id}/deploy_keys

returns 403 forbidden.
Also, if it is indeed meant to be limited to admin usage, it would be good to mention it in the documentation as I didn’t see any mention of this and was wondering what was wrong with my authentication (and I assume many people will assume their authentication is wrong too).

Hey @pjbaraud, welcome to the forum.

Is this something that is prone to change in a future release as a potential feature?

It’s extremely unlikely that access to that endpoint will ever be available for use on GitLab.com as the way the platform is configured doesn’t allow for end-users to gain administrative access to the instance (GitLab.com) itself.

I’m not sure to understand the limitation as the process works fine on github.com

I can’t speak to how GitHub.com is configured from an architectural standpoint but I would imagine it differs from our configuration in a way that doesn’t allow for their method of managing these keys to work for us.

Also, if it is indeed meant to be limited to admin usage, it would be good to mention it in the documentation

There is mention that access to this endpoint is only available to administrators directly under the List all deploy keys header of that documentation. However, I do agree that it’s not as clear as it could be if you aren’t familiar with how GitLab.com is set up and don’t know exactly what that means. I’ll submit an MR to that page to improve it. :slight_smile:

I also couldn’t find any existing feature proposal that suggests a better way to programmatically manage deploy keys via the API for GitLab.com users so if you’d like to create one and link it back to me I’d be happy to label it properly so that it’s noticed by our Product team.

2 Likes

@pjbaraud Just wanted to follow up with you that I went ahead and updated our documentation so that it’s a bit more clear.

1 Like

@Tristan thank you for both the explanation and the follow up with the PR in the documentation, that’s really appreciated!

1 Like