API Overview
Dojo exposes a full REST API at https://dojo.ninja/api/. All repository operations available in the CLI are also available via API, plus additional features like full-text search and tree browsing.
Authentication
Section titled “Authentication”All API requests require authentication via either:
Session token (browser)
Section titled “Session token (browser)”Automatically set via cookie when logged in at dojo.ninja.
Bearer token
Section titled “Bearer token”Use a session token or API key in the Authorization header:
curl -H "Authorization: Bearer <token>" https://dojo.ninja/api/repos/owner/nameScoped API keys
Section titled “Scoped API keys”Create API keys with limited permissions for automation and agents:
curl -X POST https://dojo.ninja/api/keys \ -H "Authorization: Bearer <session-token>" \ -H "Content-Type: application/json" \ -d '{"name": "ci-bot", "scopes": ["repo:read", "workspace:write"]}'Available scopes:
| Scope | Access |
|---|---|
repo:read | Read repository data, commits, refs |
repo:write | Push commits, update refs |
workspace:read | List and read workspaces |
workspace:write | Create, write, commit workspaces |
stack:read | List and view stacks |
stack:write | Submit and manage stacks |
admin | Full access including settings |
Base URL
Section titled “Base URL”https://dojo.ninja/api/repos/{owner}/{name}Common endpoints
Section titled “Common endpoints”| Method | Path | Description |
|---|---|---|
GET | /api/repos/{owner}/{name} | Repository info + refs |
GET | /api/repos/{owner}/{name}/log | Commit log |
GET | /api/repos/{owner}/{name}/stats | Repository statistics |
GET | /api/repos/{owner}/{name}/tree | Browse file tree |
GET | /api/repos/{owner}/{name}/search | Full-text search |
GET | /api/repos/{owner}/{name}/file/* | Read file content |
POST | /api/repos/{owner}/{name}/workspaces | Create workspace |
GET | /api/repos/{owner}/{name}/stacks | List stacks |
POST | /api/repos/{owner}/{name}/hooks | Create webhook |
POST | /api/keys | Create API key |
GET | /api/keys | List your API keys |
DELETE | /api/keys/{keyId} | Revoke an API key |
Error responses
Section titled “Error responses”All errors return JSON with an error field:
{ "error": "ref not found: nonexistent-branch"}HTTP status codes follow standard conventions: 400 for bad requests, 401 for unauthorized, 403 for forbidden, 404 for not found, 500 for server errors.
Rate limits
Section titled “Rate limits”API keys and session tokens share the same rate limits. If you hit a rate limit, you’ll receive a 429 Too Many Requests response. Back off and retry with exponential backoff.