How to curl single file using deploy token

Hi, I’ve been digging for a while now and I can’t seem to get it right so hopefully, someone can spell it out for me.

How do I download a single (small) file from my private gitlab repo? I have a read_only deploy token already.

Say my project id is 12345 and the file is in the top-level directory of the repo my-file.yaml How can I download it?

I have tried:

curl --header "PRIVATE-TOKEN: ###########" https://gitlab.com/api/v4/projects/12345/repository/files/setup.py/raw?ref=master

# and
curl --header "PRIVATE-TOKEN: ###########" https://gitlab.com/api/v4/projects/12345/repository/files/REPO-NAME/setup.py/raw?ref=master

# and 
curl --header "PRIVATE-TOKEN: ###########" https://gitlab.com/api/v4/projects/12345/repository/files/setup.py?ref=master

# and
curl --header "PRIVATE-TOKEN: ###########" https://gitlab.com/api/v4/projects/12345/repository/files/REPO-NAME/setup.py?ref=master

but I’m met with {"message":"401 Unauthorized"}

Thanks in advance.

I was just looking for a way to do the same, but at the very least, you have not incorporated the deploy token username in your commands, which I expect would be compulsory. Still, I’ve had no success even when adding the deploy token username to the URL.

In the end, it may simply be the case that deploy tokens can authenticate docker/git commands, only, and not GitLab API calls.

I have a read_only deploy token already.
@deep-josh

Still, I’ve had no success even when adding the deploy token username to the URL
@ljkf3o84h

And there is your issue. You are both using deploy tokens, which are used for accessing the repository via git. They are basically some temporary access accounts for git.


For the use of the API, you need to create a personal access token

It's also mentioned in the docs ;)

https://docs.gitlab.com/ee/api/repository_files.html#repository-files-api

You can create a new access token in your profile settings: https://gitlab.com/profile/personal_access_tokens
Everything else is correct. you were just using wrong token type.


I hope I helped and that your issue is resolved. If so, please mark this reply as “the solution” to your issue
Kind regards

Thanks for the clarification, @aljaxus. For what it’s worth, I had read that documentation but persisted in searching for a deploy token solution because personal access token scopes are overbroad for my use case, viz. specifying a URI for a single file in a private repository. Instead of merely providing a GitLab URI, I’ll now need to deploy a laundry list of Azure resources in order to securely serve a single script to an ARM template. Depressing.

Well… you could always just deploy this script via gitlab pages and get it with a simple wget :shrug:
It’s more of a hack than a solution, but it does “fix” the problem (using duct-tape, but whatever :joy:)

1 Like

Ha! Hack, indeed. :stuck_out_tongue:

1 Like