Git Gateway

This feature is in BETA.

Netlify’s Git Gateway connects your site to Git provider's API, allowing tools like Netlify CMS to work with content, branches, and pull requests on your users’ behalf.

For a working example using Git Gateway with Netlify Identity service and Netlify CMS to let users edit site content without having accounts on GitHub or GitLab, or repository write privileges, try deploying this repository:

Deploy to Netlify

After clicking the Deploy to Netlify button above, you can follow the instructions for adding Identity users to the project. Any Identity users you add will have access to edit site content with Netlify CMS, without a GitHub/GitLab account or access to the repository.

That's one example of something awesome that you can do with Git Gateway. To add Git Gateway to your existing web projects, check out the instructions below.

Setup and settings

Git Gateway requires HTTPS

If you’re using a custom domain, make sure you have HTTPS working before enabling Git Gateway on your site.

To get started using Git Gateway on a site, first enable Identity service, then go to Settings > Identity > Services > Git Gateway, and click Enable Git Gateway. This will automatically provision your site so that Identity users have access to Git Gateway’s selected endpoints on your site’s connected GitHub/GitLab repository.

You can change the settings as follows:

  • Repository: Not editable. Indicates which repository the Gateway will access (the site’s connected repository). Works with GitHub or GitLab repositories only.
  • Roles: Naming one or more roles in this field will limit Gateway access to Identity users assigned a matching role (in individual Identity user data). Leaving this field blank will give access to all Identity users on the site.
  • GitHub/GitLab API access token: Click the link to generate a token, or you may supply your own Personal Access Token. Be sure the token is generated for a user with sufficient permission on your linked repository to perform the actions you want to pass through the Gateway.

Reconnect after changing repository permissions

If you change ownership on your repository, or convert a repository from public to private, you may need to reconnect Git Gateway with proper permissions:

  • Go to Settings > Build & deploy > Continuous Deployment > Build settings to re-link the repository.
  • Go to Settings > Identity > Services > Git Gateway to add a new API access token following the instructions in the section above.

Endpoints

Once the Git Gateway is active, you can talk to your Git provider's API from your site via /.netlify/git/<git-provider-name>. Requests will be scoped to the selected repository, so for a request like:

Github:

GET /.netlify/git/github/contents/

GitLab:

GET /.netlify/git/gitlab/repository/tree

The Gateway will proxy an authenticated version of your request to the matching endpoint in the Git provider's API:

GitHub:

GET https://api.github.com/repos/your-user/your-repository/contents/

GitLab:

GET https://gitlab.com/api/v4/projects/your-user%2Fyour-repository/repository/tree

GitLab path formatting

GitLab's namespaced path encoding rule requires a url-encoded %2F between the user and repository names.

The Gateway limits access to the following sub endpoints of the repository:

for GitHub:

/repos/:owner/:name/git/
/repos/:owner/:name/contents/
/repos/:owner/:name/pulls/
/repos/:owner/:name/branches/

for GitLab:

/repos/:owner/:name/files/
/repos/:owner/:name/commits/
/repos/:owner/:name/tree/

Contact us if you have a use case that requires broader access.