Signed-off-by: Victor Vieux <vieux@docker.com>
23 KiB
title | description | keywords |
---|---|---|
Remote API | API Documentation for Docker | API, Docker, rcli, REST, documentation |
Docker Remote API
Docker's Remote API uses an open schema model. In this model, unknown properties in incoming messages are ignored. Client applications need to take this behavior into account to ensure they do not break when talking to newer Docker daemons.
The API tends to be REST, but for some complex commands, like attach or pull, the HTTP connection is hijacked to transport STDOUT, STDIN, and STDERR.
By default the Docker daemon listens on unix:///var/run/docker.sock
and the
client must have root
access to interact with the daemon. If a group named
docker
exists on your system, docker
applies ownership of the socket to the
group.
To connect to the Docker daemon with cURL you need to use cURL 7.40 or
later, as these versions have the --unix-socket
flag available. To
run curl
against the daemon on the default socket, use the
following:
When using cUrl 7.50 or later:
$ curl --unix-socket /var/run/docker.sock http://localhost/v1.25/containers/json
When using cURL 7.40, localhost
must be omitted:
$ curl --unix-socket /var/run/docker.sock http://v1.25/containers/json
If you have bound the Docker daemon to a different socket path or TCP port, you would reference that in your cURL rather than the default.
Versioning
It is required to to supply a version to API calls. This is done by prefixing the URL with the version number.
The current version of the API is 1.25, so to call the /info
endpoint, you
would send a request to the URL /v1.25/info
. To call, for example, version
1.24 of the API instead, you would request /v1.24/info
.
If a newer daemon is installed, new properties may be returned even when calling older versions of the API.
In previous versions of Docker, it was possible to access the API without providing a version. This behaviour is now deprecated will be removed in a future version of Docker.
Use the table below to find the API version for a Docker version:
Docker version | API version | Changes |
---|---|---|
1.13.x | 1.25 | API changes |
1.12.x | 1.24 | API changes |
1.11.x | 1.23 | API changes |
1.10.x | 1.22 | API changes |
1.9.x | 1.21 | API changes |
1.8.x | 1.20 | API changes |
1.7.x | 1.19 | API changes |
1.6.x | 1.18 | API changes |
Refer to the GitHub repository for older releases.
Authentication
Authentication configuration is handled client side, so the
client has to send the authConfig
as a POST
in /images/(name)/push
. The
authConfig
, set as the X-Registry-Auth
header, is currently a Base64 encoded
(JSON) string with the following structure:
{"username": "string", "password": "string", "email": "string",
"serveraddress" : "string", "auth": ""}
Callers should leave the auth
empty. The serveraddress
is a domain/ip
without protocol. Throughout this structure, double quotes are required.
Using Docker Machine with the API
If you are using docker-machine
, the Docker daemon is on a host that
uses an encrypted TCP socket using TLS. This means, for Docker Machine users,
you need to add extra parameters to curl
or wget
when making test
API requests, for example:
curl --insecure \
--cert $DOCKER_CERT_PATH/cert.pem \
--key $DOCKER_CERT_PATH/key.pem \
https://YOUR_VM_IP:2376/v1.25/images/json
wget --no-check-certificate --certificate=$DOCKER_CERT_PATH/cert.pem \
--private-key=$DOCKER_CERT_PATH/key.pem \
https://YOUR_VM_IP:2376/v1.25/images/json -O - -q
Docker Events
The following diagram depicts the container states accessible through the API.
Some container-related events are not affected by container state, so they are not included in this diagram. These events are:
- export emitted by
docker export
- exec_create emitted by
docker exec
- exec_start emitted by
docker exec
after exec_create - detach emitted when client is detached from container process
- exec_detach emitted when client is detached from exec process
Running docker rmi
emits an untag event when removing an image name. The rmi
command may also emit delete events when images are deleted by ID directly or by deleting the last tag referring to the image.
Acknowledgment: This diagram and the accompanying text were used with the permission of Matt Good and Gilder Labs. See Matt's original blog post Docker Events Explained.
Version history
This section lists each version from latest to oldest. Each listing includes a link to the full documentation set and the changes relevant in that release.
v1.25 API changes
Docker Remote API v1.25 documentation
- The API version is now required in all API calls. Instead of just requesting, for example, the URL
/containers/json
, you must now request/v1.25/containers/json
. GET /version
now returnsMinAPIVersion
.POST /build
acceptsnetworkmode
parameter to specify network used during build.GET /images/(name)/json
now returnsOsVersion
if populatedGET /info
now returnsIsolation
.POST /containers/create
now takesAutoRemove
in HostConfig, to enable auto-removal of the container on daemon side when the container's process exits.GET /containers/json
andGET /containers/(id or name)/json
now return"removing"
as a value for theState.Status
field if the container is being removed. Previously, "exited" was returned as status.GET /containers/json
now acceptsremoving
as a valid value for thestatus
filter.GET /containers/json
now supports filtering containers byhealth
status.DELETE /volumes/(name)
now accepts aforce
query parameter to force removal of volumes that were already removed out of band by the volume driver plugin.POST /containers/create/
andPOST /containers/(name)/update
now validates restart policies.POST /containers/create
now validates IPAMConfig in NetworkingConfig, and returns error for invalid IPv4 and IPv6 addresses (--ip
and--ip6
indocker create/run
).POST /containers/create
now takes aMounts
field inHostConfig
which replacesBinds
,Volumes
, andTmpfs
. note:Binds
,Volumes
, andTmpfs
are still available and can be combined withMounts
.POST /build
now performs a preliminary validation of theDockerfile
before starting the build, and returns an error if the syntax is incorrect. Note that this change is unversioned and applied to all API versions.POST /build
acceptscachefrom
parameter to specify images used for build cache.GET /networks/
endpoint now correctly returns a list of all networks, instead of the default network if a trailing slash is provided, but noname
orid
.DELETE /containers/(name)
endpoint now returns an error ofremoval of container name is already in progress
with status code of 400, when container name is in a state of removal in progress.GET /containers/json
now supports ais-task
filter to filter containers that are tasks (part of a service in swarm mode).POST /containers/create
now takesStopTimeout
field.POST /services/create
andPOST /services/(id or name)/update
now acceptMonitor
andMaxFailureRatio
parameters, which control the response to failures during service updates.POST /services/(id or name)/update
now accepts aForceUpdate
parameter inside theTaskTemplate
, which causes the service to be updated even if there are no changes which would ordinarily trigger an update.GET /networks/(name)
now returns fieldCreated
in response to show network created time.POST /containers/(id or name)/exec
now accepts anEnv
field, which holds a list of environment variables to be set in the context of the command execution.GET /volumes
,GET /volumes/(name)
, andPOST /volumes/create
now return theOptions
field which holds the driver specific options to use for when creating the volume.GET /exec/(id)/json
now returnsPid
, which is the system pid for the exec'd process.POST /containers/prune
prunes stopped containers.POST /images/prune
prunes unused images.POST /volumes/prune
prunes unused volumes.POST /networks/prune
prunes unused networks.- Every API response now includes a
Docker-Experimental
header specifying if experimental features are enabled (value can betrue
orfalse
). - Every API response now includes a
API-Version
header specifying the default API version of the server. - The
hostConfig
option now accepts the fieldsCpuRealtimePeriod
andCpuRtRuntime
to allocate cpu runtime to rt tasks whenCONFIG_RT_GROUP_SCHED
is enabled in the kernel. - The
SecurityOptions
field within theGET /info
response now includesuserns
if user namespaces are enabled in the daemon. GET /nodes
andGET /node/(id or name)
now returnAddr
as part of a node'sStatus
, which is the address that that node connects to the manager from.- The
HostConfig
field now includesNanoCPUs
that represents CPU quota in units of 10-9 CPUs. GET /info
now returns more structured information about security options.- The
HostConfig
field now includesCpuCount
that represents the number of CPUs available for execution by the container. Windows daemon only. POST /services/create
andPOST /services/(id or name)/update
now accept theTTY
parameter, which allocate a pseudo-TTY in container.POST /services/create
andPOST /services/(id or name)/update
now accept theDNSConfig
parameter, which specifies DNS related configurations in resolver configuration file (resolv.conf) throughNameservers
,Search
, andOptions
.GET /networks/(id or name)
now includes IP and name of all peers nodes for swarm mode overlay networks.GET /plugins
list plugins.POST /plugins/pull?name=<plugin name>
pulls a plugin.GET /plugins/(plugin name)
inspect a plugin.POST /plugins/(plugin name)/set
configure a plugin.POST /plugins/(plugin name)/enable
enable a plugin.POST /plugins/(plugin name)/disable
disable a plugin.POST /plugins/(plugin name)/push
push a plugin.POST /plugins/create?name=(plugin name)
create a plugin.DELETE /plugins/(plugin name)
delete a plugin.
v1.24 API changes
Docker Remote API v1.24 documentation
POST /containers/create
now takesStorageOpt
field.GET /info
now returnsSecurityOptions
field, showing ifapparmor
,seccomp
, orselinux
is supported.GET /info
no longer returns theExecutionDriver
property. This property was no longer used after integration with ContainerD in Docker 1.11.GET /networks
now supports filtering bylabel
anddriver
.GET /containers/json
now supports filtering containers bynetwork
name or id.POST /containers/create
now takesIOMaximumBandwidth
andIOMaximumIOps
fields. Windows daemon only.POST /containers/create
now returns an HTTP 400 "bad parameter" message if no command is specified (instead of an HTTP 500 "server error")GET /images/search
now takes afilters
query parameter.GET /events
now supports areload
event that is emitted when the daemon configuration is reloaded.GET /events
now supports filtering by daemon name or ID.GET /events
now supports adetach
event that is emitted on detaching from container process.GET /events
now supports anexec_detach
event that is emitted on detaching from exec process.GET /images/json
now supports filterssince
andbefore
.POST /containers/(id or name)/start
no longer accepts aHostConfig
.POST /images/(name)/tag
no longer has aforce
query parameter.GET /images/search
now supports maximum returned search resultslimit
.POST /containers/{name:.*}/copy
is now removed and errors out starting from this API version.- API errors are now returned as JSON instead of plain text.
POST /containers/create
andPOST /containers/(id)/start
allow you to configure kernel parameters (sysctls) for use in the container.POST /containers/<container ID>/exec
andPOST /exec/<exec ID>/start
no longer expects a "Container" field to be present. This property was not used and is no longer sent by the docker client.POST /containers/create/
now validates the hostname (should be a valid RFC 1123 hostname).POST /containers/create/
HostConfig.PidMode
field now acceptscontainer:<name|id>
, to have the container join the PID namespace of an existing container.
v1.23 API changes
Docker Remote API v1.23 documentation
GET /containers/json
returns the state of the container, one ofcreated
,restarting
,running
,paused
,exited
ordead
.GET /containers/json
returns the mount points for the container.GET /networks/(name)
now returns anInternal
field showing whether the network is internal or not.GET /networks/(name)
now returns anEnableIPv6
field showing whether the network has ipv6 enabled or not.POST /containers/(name)/update
now supports updating container's restart policy.POST /networks/create
now supports enabling ipv6 on the network by setting theEnableIPv6
field (doing this with a label will no longer work).GET /info
now returnsCgroupDriver
field showing what cgroup driver the daemon is using;cgroupfs
orsystemd
.GET /info
now returnsKernelMemory
field, showing if "kernel memory limit" is supported.POST /containers/create
now takesPidsLimit
field, if the kernel is >= 4.3 and the pids cgroup is supported.GET /containers/(id or name)/stats
now returnspids_stats
, if the kernel is >= 4.3 and the pids cgroup is supported.POST /containers/create
now allows you to override usernamespaces remapping and use privileged options for the container.POST /containers/create
now allows specifyingnocopy
for named volumes, which disables automatic copying from the container path to the volume.POST /auth
now returns anIdentityToken
when supported by a registry.POST /containers/create
with bothHostname
andDomainname
fields specified will result in the container's hostname being set toHostname
, rather thanHostname.Domainname
.GET /volumes
now supports more filters, new added filters arename
anddriver
.GET /containers/(id or name)/logs
now accepts adetails
query parameter to stream the extra attributes that were provided to the containersLogOpts
, such as environment variables and labels, with the logs.POST /images/load
now returns progress information as a JSON stream, and has aquiet
query parameter to suppress progress details.
v1.22 API changes
Docker Remote API v1.22 documentation
POST /container/(name)/update
updates the resources of a container.GET /containers/json
supports filterisolation
on Windows.GET /containers/json
now returns the list of networks of containers.GET /info
Now returnsArchitecture
andOSType
fields, providing information about the host architecture and operating system type that the daemon runs on.GET /networks/(name)
now returns aName
field for each container attached to the network.GET /version
now returns theBuildTime
field in RFC3339Nano format to make it consistent with other date/time values returned by the API.AuthConfig
now supports aregistrytoken
for token based authenticationPOST /containers/create
now has a 4M minimum value limit forHostConfig.KernelMemory
- Pushes initiated with
POST /images/(name)/push
and pulls initiated withPOST /images/create
will be cancelled if the HTTP connection making the API request is closed before the push or pull completes. POST /containers/create
now allows you to set a read/write rate limit for a device (in bytes per second or IO per second).GET /networks
now supports filtering byname
,id
andtype
.POST /containers/create
now allows you to set the static IPv4 and/or IPv6 address for the container.POST /networks/(id)/connect
now allows you to set the static IPv4 and/or IPv6 address for the container.GET /info
now includes the number of containers running, stopped, and paused.POST /networks/create
now supports restricting external access to the network by setting theInternal
field.POST /networks/(id)/disconnect
now includes aForce
option to forcefully disconnect a container from networkGET /containers/(id)/json
now returns theNetworkID
of containers.POST /networks/create
Now supports an options field in the IPAM config that provides options for custom IPAM plugins.GET /networks/{network-id}
Now returns IPAM config options for custom IPAM plugins if any are available.GET /networks/<network-id>
now returns subnets info for user-defined networks.GET /info
can now return aSystemStatus
field useful for returning additional information about applications that are built on top of engine.
v1.21 API changes
Docker Remote API v1.21 documentation
GET /volumes
lists volumes from all volume drivers.POST /volumes/create
to create a volume.GET /volumes/(name)
get low-level information about a volume.DELETE /volumes/(name)
remove a volume with the specified name.VolumeDriver
was moved fromconfig
toHostConfig
to make the configuration portable.GET /images/(name)/json
now returns information about an image'sRepoTags
andRepoDigests
.- The
config
option now accepts the fieldStopSignal
, which specifies the signal to use to kill a container. GET /containers/(id)/stats
will return networking information respectively for each interface.- The
HostConfig
option now includes theDnsOptions
field to configure the container's DNS options. POST /build
now optionally takes a serialized map of build-time variables.GET /events
now includes atimenano
field, in addition to the existingtime
field.GET /events
now supports filtering by image and container labels.GET /info
now lists engine version information and return the information ofCPUShares
andCpuset
.GET /containers/json
will returnImageID
of the image used by container.POST /exec/(name)/start
will now return an HTTP 409 when the container is either stopped or paused.POST /containers/create
now takesKernelMemory
in HostConfig to specify kernel memory limit.GET /containers/(name)/json
now accepts asize
parameter. Setting this parameter to '1' returns container size information in theSizeRw
andSizeRootFs
fields.GET /containers/(name)/json
now returns aNetworkSettings.Networks
field, detailing network settings per network. This field deprecates theNetworkSettings.Gateway
,NetworkSettings.IPAddress
,NetworkSettings.IPPrefixLen
, andNetworkSettings.MacAddress
fields, which are still returned for backward-compatibility, but will be removed in a future version.GET /exec/(id)/json
now returns aNetworkSettings.Networks
field, detailing networksettings per network. This field deprecates theNetworkSettings.Gateway
,NetworkSettings.IPAddress
,NetworkSettings.IPPrefixLen
, andNetworkSettings.MacAddress
fields, which are still returned for backward-compatibility, but will be removed in a future version.- The
HostConfig
option now includes theOomScoreAdj
field for adjusting the badness heuristic. This heuristic selects which processes the OOM killer kills under out-of-memory conditions.
v1.20 API changes
Docker Remote API v1.20 documentation
GET /containers/(id)/archive
get an archive of filesystem content from a container.PUT /containers/(id)/archive
upload an archive of content to be extracted to an existing directory inside a container's filesystem.POST /containers/(id)/copy
is deprecated in favor of the abovearchive
endpoint which can be used to download files and directories from a container.- The
hostConfig
option now accepts the fieldGroupAdd
, which specifies a list of additional groups that the container process will run as.
v1.19 API changes
Docker Remote API v1.19 documentation
- When the daemon detects a version mismatch with the client, usually when the client is newer than the daemon, an HTTP 400 is now returned instead of a 404.
GET /containers/(id)/stats
now acceptsstream
bool to get only one set of stats and disconnect.GET /containers/(id)/logs
now accepts asince
timestamp parameter.GET /info
The fieldsDebug
,IPv4Forwarding
,MemoryLimit
, andSwapLimit
are now returned as boolean instead of as an int. In addition, the end point now returns the new boolean fieldsCpuCfsPeriod
,CpuCfsQuota
, andOomKillDisable
.- The
hostConfig
option now accepts the fieldsCpuPeriod
andCpuQuota
POST /build
acceptscpuperiod
andcpuquota
options
v1.18 API changes
Docker Remote API v1.18 documentation
GET /version
now returnsOs
,Arch
andKernelVersion
.POST /containers/create
andPOST /containers/(id)/start
allow you to set ulimit settings for use in the container.GET /info
now returnsSystemTime
,HttpProxy
,HttpsProxy
andNoProxy
.GET /images/json
added aRepoDigests
field to include image digest information.POST /build
can now set resource constraints for all containers created for the build.CgroupParent
can be passed in the host config to setup container cgroups under a specific cgroup.POST /build
closing the HTTP request cancels the buildPOST /containers/(id)/exec
includesWarnings
field to response.