# Overview & authentication

**The REST API in GitProtect exposes programmatic endpoints tailored for DevOps ecosystems — using standard HTTP requests and structured responses, external systems, scripts, and automation tools can retrieve information about protected resources, backup jobs, repositories, and storage configuration, as well as trigger selected management actions.**

***

## General information

REST (Representational State Transfer) is an architectural style for designing application programming interfaces (APIs) that use HTTP requests to interact with and perform operations on resources identified by URLs. With a REST API, data can be created, read, updated, or deleted using the HTTP methods such as POST, GET, PUT, and DELETE.

The **GitProtect** REST API allows users to manage backups for **Git** services such as **GitHub**, **GitLab**, **Azure DevOps**, and **Bitbucket**. With the REST API, you can list **Git** organizations, check the status of an organization’s backup plans, modify backup plans, activate licenses for selected repositories, and perform other related operations.

The REST API can be used by any user with the **System Administrator** role who is registered in the same **GitProtect** instance. Some requests require accounts with additional permissions, which are specified in the request description.

**GitProtect** REST API endpoints use the POST HTTP method.

***

## Authentication

**GitProtect** REST API requires API authentication and API authorization.

Authentication is done by sending a POST sign-in request. The sign-in request generates an access token, which is required to authorize all subsequent API requests.

{% hint style="info" %}
You can find full POST sign-in request documentation [here](https://helpcenter.gitprotect.io/management/available-api-requests#post-account-login).
{% endhint %}

{% hint style="warning" %}
The access token generated with the POST sign-in request is valid for 30 days.
{% endhint %}

For example, to use an access token in a POST `getMany` request in **Postman**, open the **Authorization** tab, select **Bearer Token** as the authorization type, and paste the access token in the **Token** field. Then, adjust the required parameters and send the request. The access token includes the necessary permissions to perform the endpoint’s operation.

<figure><img src="https://696332517-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtsE6XtJyUIEKVdSxPlS3%2Fuploads%2FB6vEkTzKskXIRu5unO4I%2Foverview_and_authentication_REST_API_1.png?alt=media&#x26;token=c7256e57-d7a1-49d9-b394-0935d0fd2793" alt=""><figcaption></figcaption></figure>

***

## API endpoints&#x20;

Requests can be sent to the following API endpoints.

{% hint style="info" %}
Full API request documentation is available in [this article](https://helpcenter.gitprotect.io/management/rest-api-for-devops-ecosystems/available-api-requests).
{% endhint %}

| HTTP method and path                     | Description                                                             |
| ---------------------------------------- | ----------------------------------------------------------------------- |
| `POST /account/login`                    | Log in to **GitProtect Management Service** and obtain an access token. |
| `POST /git/organizations/getmany`        | List **Git** organizations integrated with **GitProtect**.              |
| `POST /plans/listassignedtoorganization` | List all backup plans assigned to the selected **Git** organization.    |
| `POST /plans/attachgitrepository`        | Attach a repository to a backup plan.                                   |
| `POST plans/AttachAzureProject`          | Attach an **Azure DevOps** project to a backup plan.                    |
| `POST /plans/detachgitrepository`        | Remove a repository from a backup plan.                                 |
| `POST plans/DetachAzureProject`          | Remove an **Azure DevOps** project from a backup plan.                  |
| `POST /plans/modifygitplan`              | Edit settings of an existing backup plan.                               |
| `POST plans/ModifyAzurePlanAsync`        | Edit settings of an existing **Azure DevOps** backup plan.              |
| `POST /git/repositories/getmany`         | Retrieve a list of the selected **Git** organization's repositories.    |
| `POST /git/repositories/activate`        | Activate licenses for selected repositories.                            |
| `POST /git/repositories/deactivate`      | Deactivate licenses for selected repositories.                          |
| `POST /git/repositories/remove`          | Remove a repository from the **GitProtect** system.                     |
| `POST /git/repositories/sync`            | Synchronize organization data with the **GitProtect** system.           |

***

## Useful links and items

{% content-ref url="available-api-requests" %}
[available-api-requests](https://helpcenter.gitprotect.io/management/rest-api-for-devops-ecosystems/available-api-requests)
{% endcontent-ref %}