Docker Engine API (1.29)

Download OpenAPI specification:Download

The Engine API is an HTTP API served by Docker Engine. It is the API the Docker client uses to communicate with the Engine, so everything the Docker client can do can be done with the API.

Most of the client's commands map directly to API endpoints (e.g. docker ps is GET /containers/json). The notable exception is running containers, which consists of several API calls.

Errors

The API uses standard HTTP status codes to indicate the success or failure of the API call. The body of the response will be JSON in the following format:

{
  "message": "page not found"
}

Versioning

The API is usually changed in each release of Docker, so API calls are versioned to ensure that clients don't break.

For Docker Engine 17.05, the API version is 1.29. To lock to this version, you prefix the URL with /v1.29. For example, calling /info is the same as calling /v1.29/info.

Engine releases in the near future should support this version of the API, so your client will continue to work even if it is talking to a newer Engine.

In previous versions of Docker, it was possible to access the API without providing a version. This behaviour is now deprecated will be removed in a future version of Docker.

The API uses an open schema model, which means server may add extra properties to responses. Likewise, the server will ignore any extra query parameters and request body properties. When you write clients, you need to ignore additional properties in responses to ensure they do not break when talking to newer Docker daemons.

Authentication

Authentication for registries is handled client side. The client has to send authentication details to various endpoints that need to communicate with registries, such as POST /images/(name)/push. These are sent as X-Registry-Auth header as a Base64 encoded (JSON) string with the following structure:

{
  "username": "string",
  "password": "string",
  "email": "string",
  "serveraddress": "string"
}

The serveraddress is a domain/IP without a protocol. Throughout this structure, double quotes are required.

If you have already got an identity token from the /auth endpoint, you can just pass this instead of credentials:

{
  "identitytoken": "9cbaf023786cd7..."
}

Containers

Create and manage containers.

List containers

query Parameters
all
boolean
Default: false

Return all containers. By default, only running containers are shown

limit
integer

Return this number of most recently created containers, including non-running ones.

size
boolean
Default: false

Return the size of container as fields SizeRw and SizeRootFs.

filters
string

Filters to process on the container list, encoded as JSON (a map[string][]string). For example, {"status": ["paused"]} will only return paused containers. Available filters:

  • ancestor=(<image-name>[:<tag>], <image id>, or <image@digest>)
  • before=(<container id> or <container name>)
  • expose=(<port>[/<proto>]|<startport-endport>/[<proto>])
  • exited=<int> containers with exit code of <int>
  • health=(starting|healthy|unhealthy|none)
  • id=<ID> a container's ID
  • isolation=(default|process|hyperv) (Windows daemon only)
  • is-task=(true|false)
  • label=key or label="key=value" of a container label
  • name=<name> a container's name
  • network=(<network id> or <network name>)
  • publish=(<port>[/<proto>]|<startport-endport>/[<proto>])
  • since=(<container id> or <container name>)
  • status=(created|restarting|running|removing|paused|exited|dead)
  • volume=(<volume name> or <mount point destination>)

Responses

Response samples

Content type
application/json
[
  • {
    },
  • {
    },
  • {
    },
  • {
    }
]

Create a container

query Parameters
name
string/?[a-zA-Z0-9_-]+

Assign the specified name to the container. Must match /?[a-zA-Z0-9_-]+.

Request Body schema:
required

Container to create

Hostname
string

The hostname to use for the container, as a valid RFC 1123 hostname.

Domainname
string

The domain name to use for the container.

User
string

The user that commands are run as inside the container.

AttachStdin
boolean
Default: false

Whether to attach to stdin.

AttachStdout
boolean
Default: true

Whether to attach to stdout.

AttachStderr
boolean
Default: true

Whether to attach to stderr.

object

An object mapping ports to an empty object in the form:

{"<port>/<tcp|udp>": {}}

Tty
boolean
Default: false

Attach standard streams to a TTY, including stdin if it is not closed.

OpenStdin
boolean
Default: false

Open stdin

StdinOnce
boolean
Default: false

Close stdin after one attached client disconnects

Env
Array of strings

A list of environment variables to set inside the container in the form ["VAR=value", ...]. A variable without = is removed from the environment, rather than to have an empty value.

Array of strings or string

Command to run specified as a string or an array of strings.

object (HealthConfig)

A test to perform to check that the container is healthy.

ArgsEscaped
boolean

Command is already escaped (Windows only)

Image
string

The name of the image to use when creating the container

object

An object mapping mount point paths inside the container to empty objects.

WorkingDir
string

The working directory for commands to run in.

Array of strings or string

The entry point for the container as a string or an array of strings.

If the array consists of exactly one empty string ([""]) then the entry point is reset to system default (i.e., the entry point used by docker when there is no ENTRYPOINT instruction in the Dockerfile).

NetworkDisabled
boolean

Disable networking for the container.

MacAddress
string

MAC address of the container.

OnBuild
Array of strings

ONBUILD metadata that were defined in the image's Dockerfile.

object

User-defined key/value metadata.

StopSignal
string
Default: "SIGTERM"

Signal to stop a container as a string or unsigned integer.

StopTimeout
integer
Default: 10

Timeout to stop a container in seconds.

Shell
Array of strings

Shell for when RUN, CMD, and ENTRYPOINT uses a shell.

object (HostConfig)

Container configuration that depends on the host we are running on

object

This container's networking configuration.

Responses

Request samples

Content type
{
  • "Hostname": "",
  • "Domainname": "",
  • "User": "",
  • "AttachStdin": false,
  • "AttachStdout": true,
  • "AttachStderr": true,
  • "Tty": false,
  • "OpenStdin": false,
  • "StdinOnce": false,
  • "Env": [
    ],
  • "Cmd": [
    ],
  • "Entrypoint": "",
  • "Image": "ubuntu",
  • "Labels": {
    },
  • "Volumes": {
    },
  • "WorkingDir": "",
  • "NetworkDisabled": false,
  • "MacAddress": "12:34:56:78:9a:bc",
  • "ExposedPorts": {
    },
  • "StopSignal": "SIGTERM",
  • "StopTimeout": 10,
  • "HostConfig": {
    },
  • "NetworkingConfig": {
    }
}

Response samples

Content type
application/json
{
  • "Id": "e90e34656806",
  • "Warnings": [ ]
}

Inspect a container

Return low-level information about a container.

path Parameters
id
required
string

ID or name of the container

query Parameters
size
boolean
Default: false

Return the size of container as fields SizeRw and SizeRootFs

Responses

Response samples

Content type
application/json
{
  • "AppArmorProfile": "",
  • "Args": [
    ],
  • "Config": {
    },
  • "Created": "2015-01-06T15:47:31.485331387Z",
  • "Driver": "overlay2",
  • "HostConfig": {
    },
  • "HostnamePath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname",
  • "HostsPath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts",
  • "LogPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log",
  • "Id": "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39",
  • "Image": "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2",
  • "MountLabel": "",
  • "Name": "/boring_euclid",
  • "NetworkSettings": {
    },
  • "Path": "/bin/sh",
  • "ProcessLabel": "",
  • "ResolvConfPath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf",
  • "RestartCount": 1,
  • "State": {
    },
  • "Mounts": [
    ]
}

List processes running inside a container

On Unix systems, this is done by running the ps command. This endpoint is not supported on Windows.

path Parameters
id
required
string

ID or name of the container

query Parameters
ps_args
string
Default: "-ef"

The arguments to pass to ps. For example, aux

Responses

Response samples

Content type
{
  • "Titles": [
    ],
  • "Processes": [
    ]
}

Get container logs

Get stdout and stderr logs from a container.

Note: This endpoint works only for containers with the json-file or journald logging driver.

path Parameters
id
required
string

ID or name of the container

query Parameters
follow
boolean
Default: false

Return the logs as a stream.

This will return a 101 HTTP response with a Connection: upgrade header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, see the documentation for the attach endpoint.

stdout
boolean
Default: false

Return logs from stdout

stderr
boolean
Default: false

Return logs from stderr

since
integer
Default: 0

Only return logs since this time, as a UNIX timestamp

timestamps
boolean
Default: false

Add timestamps to every log line

tail
string
Default: "all"

Only return this number of log lines from the end of the logs. Specify as an integer or all to output all log lines.

Responses

Response samples

Content type
"string"

Get changes on a container’s filesystem

Returns which files in a container's filesystem have been added, deleted, or modified. The Kind of modification can be one of:

  • 0: Modified
  • 1: Added
  • 2: Deleted
path Parameters
id
required
string

ID or name of the container

Responses

Response samples

Content type
application/json
[
  • {
    },
  • {
    },
  • {
    }
]

Export a container

Export the contents of a container as a tarball.

path Parameters
id
required
string

ID or name of the container

Responses

Response samples

Content type
No sample

Get container stats based on resource usage

This endpoint returns a live stream of a container’s resource usage statistics.

The precpu_stats is the CPU statistic of last read, which is used for calculating the CPU usage percentage. It is not the same as the cpu_stats field.

If either precpu_stats.online_cpus or cpu_stats.online_cpus is nil then for compatibility with older daemons the length of the corresponding cpu_usage.percpu_usage array should be used.

path Parameters
id
required
string

ID or name of the container

query Parameters
stream
boolean
Default: true

Stream the output. If false, the stats will be output once and then it will disconnect.

Responses

Response samples

Content type
application/json
{
  • "read": "2015-01-08T22:57:31.547920715Z",
  • "pids_stats": {
    },
  • "networks": {
    },
  • "memory_stats": {
    },
  • "blkio_stats": { },
  • "cpu_stats": {
    },
  • "precpu_stats": {
    }
}

Resize a container TTY

Resize the TTY for a container. You must restart the container for the resize to take effect.

path Parameters
id
required
string

ID or name of the container

query Parameters
h
required
integer

Height of the tty session in characters

w
required
integer

Width of the tty session in characters

Responses

Response samples

Content type
No sample

Start a container

path Parameters
id
required
string

ID or name of the container

query Parameters
detachKeys
string

Override the key sequence for detaching a container. Format is a single character [a-Z] or ctrl-<value> where <value> is one of: a-z, @, ^, [, , or _.

Responses

Response samples

Content type
{
  • "message": "Something went wrong."
}

Stop a container

path Parameters
id
required
string

ID or name of the container

query Parameters
t
integer

Number of seconds to wait before killing the container

Responses

Response samples

Content type
{
  • "message": "Something went wrong."
}

Restart a container

path Parameters
id
required
string

ID or name of the container

query Parameters
t
integer

Number of seconds to wait before killing the container

Responses

Response samples

Content type
{
  • "message": "No such container: c2ada9df5af8"
}

Kill a container

Send a POSIX signal to a container, defaulting to killing to the container.

path Parameters
id
required
string

ID or name of the container

query Parameters
signal
string
Default: "SIGKILL"

Signal to send to the container as an integer or string (e.g. SIGINT)

Responses

Response samples

Content type
{
  • "message": "No such container: c2ada9df5af8"
}

Update a container

Change various configuration options of a container without having to recreate it.

path Parameters
id
required
string

ID or name of the container

Request Body schema: application/json
required
CpuShares
integer

An integer value representing this container's relative CPU weight versus other containers.

Memory
integer
Default: 0

Memory limit in bytes.

CgroupParent
string

Path to cgroups under which the container's cgroup is created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups are created if they do not already exist.

BlkioWeight
integer [ 0 .. 1000 ]

Block IO weight (relative weight).

Array of objects

Block IO weight (relative device weight) in the form [{"Path": "device_path", "Weight": weight}].

Array of objects (ThrottleDevice)

Limit read rate (bytes per second) from a device, in the form [{"Path": "device_path", "Rate": rate}].

Array of objects (ThrottleDevice)

Limit write rate (bytes per second) to a device, in the form [{"Path": "device_path", "Rate": rate}].

Array of objects (ThrottleDevice)

Limit read rate (IO per second) from a device, in the form [{"Path": "device_path", "Rate": rate}].

Array of objects (ThrottleDevice)

Limit write rate (IO per second) to a device, in the form [{"Path": "device_path", "Rate": rate}].

CpuPeriod
integer <int64>

The length of a CPU period in microseconds.

CpuQuota
integer <int64>

Microseconds of CPU time that the container can get in a CPU period.

CpuRealtimePeriod
integer <int64>

The length of a CPU real-time period in microseconds. Set to 0 to allocate no time allocated to real-time tasks.

CpuRealtimeRuntime
integer <int64>

The length of a CPU real-time runtime in microseconds. Set to 0 to allocate no time allocated to real-time tasks.

CpusetCpus
string

CPUs in which to allow execution (e.g., 0-3, 0,1)

CpusetMems
string

Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.

Array of objects (DeviceMapping)

A list of devices to add to the container.

DeviceCgroupRules
Array of strings

a list of cgroup rules to apply to the container

DiskQuota
integer <int64>

Disk limit (in bytes).

KernelMemory
integer <int64>

Kernel memory limit in bytes.

MemoryReservation
integer <int64>

Memory soft limit in bytes.

MemorySwap
integer <int64>

Total memory limit (memory + swap). Set as -1 to enable unlimited swap.

MemorySwappiness
integer <int64> [ 0 .. 100 ]

Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.

NanoCpus
integer <int64>

CPU quota in units of 10-9 CPUs.

OomKillDisable
boolean

Disable OOM Killer for the container.

PidsLimit
integer <int64>

Tune a container's pids limit. Set -1 for unlimited.

Array of objects

A list of resource limits to set in the container. For example: {"Name": "nofile", "Soft": 1024, "Hard": 2048}"

CpuCount
integer <int64>

The number of usable CPUs (Windows only).

On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is CPUCount first, then CPUShares, and CPUPercent last.

CpuPercent
integer <int64>

The usable percentage of the available CPUs (Windows only).

On Windows Server containers, the processor resource controls are mutually exclusive. The order of precedence is CPUCount first, then CPUShares, and CPUPercent last.

IOMaximumIOps
integer <int64>

Maximum IOps for the container system drive (Windows only)

IOMaximumBandwidth
integer <int64>

Maximum IO in bytes per second for the container system drive (Windows only)

object (RestartPolicy)
Default: {}

The behavior to apply when the container exits. The default is not to restart.

An ever increasing delay (double the previous delay, starting at 100ms) is added before each restart to prevent flooding the server.

Responses

Request samples

Content type
application/json
{
  • "BlkioWeight": 300,
  • "CpuShares": 512,
  • "CpuPeriod": 100000,
  • "CpuQuota": 50000,
  • "CpuRealtimePeriod": 1000000,
  • "CpuRealtimeRuntime": 10000,
  • "CpusetCpus": "0,1",
  • "CpusetMems": "0",
  • "Memory": 314572800,
  • "MemorySwap": 514288000,
  • "MemoryReservation": 209715200,
  • "KernelMemory": 52428800,
  • "RestartPolicy": {
    }
}

Response samples

Content type
application/json
{
  • "Warnings": [
    ]
}

Rename a container

path Parameters
id
required
string

ID or name of the container

query Parameters
name
required
string

New name for the container

Responses

Response samples

Content type
{
  • "message": "No such container: c2ada9df5af8"
}

Pause a container

Use the cgroups freezer to suspend all processes in a container.

Traditionally, when suspending a process the SIGSTOP signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed.

path Parameters
id
required
string

ID or name of the container

Responses

Response samples

Content type
{
  • "message": "No such container: c2ada9df5af8"
}

Unpause a container

Resume a container which has been paused.

path Parameters
id
required
string

ID or name of the container

Responses

Response samples

Content type
{
  • "message": "No such container: c2ada9df5af8"
}

Attach to a container

Attach to a container to read its output or send it input. You can attach to the same container multiple times and you can reattach to containers that have been detached.

Either the stream or logs parameter must be true for this endpoint to do anything.

See the documentation for the docker attach command for more details.

Hijacking

This endpoint hijacks the HTTP connection to transport stdin, stdout, and stderr on the same socket.

This is the response from the daemon for an attach request:

HTTP/1.1 200 OK
Content-Type: application/vnd.docker.raw-stream

[STREAM]

After the headers and two new lines, the TCP connection can now be used for raw, bidirectional communication between the client and server.

To hint potential proxies about connection hijacking, the Docker client can also optionally send connection upgrade headers.

For example, the client sends this request to upgrade the connection:

POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
Upgrade: tcp
Connection: Upgrade

The Docker daemon will respond with a 101 UPGRADED response, and will similarly follow with the raw stream:

HTTP/1.1 101 UPGRADED
Content-Type: application/vnd.docker.raw-stream
Connection: Upgrade
Upgrade: tcp

[STREAM]

Stream format

When the TTY setting is disabled in POST /containers/create, the stream over the hijacked connected is multiplexed to separate out stdout and stderr. The stream consists of a series of frames, each containing a header and a payload.

The header contains the information which the stream writes (stdout or stderr). It also contains the size of the associated frame encoded in the last four bytes (uint32).

It is encoded on the first eight bytes like this:

header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}

STREAM_TYPE can be:

  • 0: stdin (is written on stdout)
  • 1: stdout
  • 2: stderr

SIZE1, SIZE2, SIZE3, SIZE4 are the four bytes of the uint32 size encoded as big endian.

Following the header is the payload, which is the specified number of bytes of STREAM_TYPE.

The simplest way to implement this protocol is the following:

  1. Read 8 bytes.
  2. Choose stdout or stderr depending on the first byte.
  3. Extract the frame size from the last four bytes.
  4. Read the extracted size and output it on the correct output.
  5. Goto 1.

Stream format when using a TTY

When the TTY setting is enabled in POST /containers/create, the stream is not multiplexed. The data exchanged over the hijacked connection is simply the raw data from the process PTY and client's stdin.

path Parameters
id
required
string

ID or name of the container

query Parameters
detachKeys
string

Override the key sequence for detaching a container.Format is a single character [a-Z] or ctrl-<value> where <value> is one of: a-z, @, ^, [, , or _.

logs
boolean
Default: false

Replay previous logs from the container.

This is useful for attaching to a container that has started and you want to output everything since the container started.

If stream is also enabled, once all the previous output has been returned, it will seamlessly transition into streaming current output.

stream
boolean
Default: false

Stream attached streams from the time the request was made onwards

stdin
boolean
Default: false

Attach to stdin

stdout
boolean
Default: false

Attach to stdout

stderr
boolean
Default: false

Attach to stderr

Responses

Response samples

Content type
No sample

Attach to a container via a websocket

path Parameters
id
required
string

ID or name of the container

query Parameters
detachKeys
string

Override the key sequence for detaching a container.Format is a single character [a-Z] or ctrl-<value> where <value> is one of: a-z, @, ^, [, ,, or _.

logs
boolean
Default: false

Return logs

stream
boolean
Default: false

Return stream

Responses

Response samples

Content type
{
  • "message": "Something went wrong."
}

Wait for a container

Block until a container stops, then returns the exit code.

path Parameters
id
required
string

ID or name of the container

Responses

Response samples

Content type
application/json
{
  • "StatusCode": 0
}

Remove a container

path Parameters
id
required
string

ID or name of the container

query Parameters
v
boolean
Default: false

Remove anonymous volumes associated with the container.

force
boolean
Default: false

If the container is running, kill it before removing it.

link
boolean
Default: false

Remove the specified link associated with the container.

Responses

Response samples

Content type
{
  • "message": "Something went wrong."
}

Get information about files in a container

A response header X-Docker-Container-Path-Stat is return containing a base64 - encoded JSON object with some filesystem header information about the path.

path Parameters
id
required
string

ID or name of the container

query Parameters
path
required
string

Resource in the container’s filesystem to archive.

Responses

Response samples

Content type
{
  • "message": "Something went wrong."
}

Get an archive of a filesystem resource in a container

Get a tar archive of a resource in the filesystem of container id.

path Parameters
id
required
string

ID or name of the container

query Parameters
path
required
string

Resource in the container’s filesystem to archive.

Responses

Response samples

Content type
No sample

Extract an archive of files or folders to a directory in a container

Upload a tar archive to be extracted to a path in the filesystem of container id. path parameter is asserted to be a directory. If it exists as a file, 400 error will be returned with message "not a directory".

path Parameters
id
required
string

ID or name of the container

query Parameters
path
required
string

Path to a directory in the container to extract the archive’s contents into.

noOverwriteDirNonDir
string

If “1”, “true”, or “True” then it will be an error if unpacking the given content would cause an existing directory to be replaced with a non-directory and vice versa.

Request Body schema:
required

The input stream must be a tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz.

string

Responses

Response samples

Content type
{
  • "message": "not a directory"
}

Delete stopped containers

query Parameters
filters
string

Filters to process on the prune list, encoded as JSON (a map[string][]string).

Available filters:

  • until=<timestamp> Prune containers created before this timestamp. The <timestamp> can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. 10m, 1h30m) computed relative to the daemon machine’s time.

Responses

Response samples

Content type
application/json
{
  • "ContainersDeleted": [
    ],
  • "SpaceReclaimed": 0
}

Images

List Images

Returns a list of images on the server. Note that it uses a different, smaller representation of an image than inspecting a single image.

query Parameters
all
boolean
Default: false

Show all images. Only images from a final layer (no children) are shown by default.

filters
string

A JSON encoded value of the filters (a map[string][]string) to process on the images list. Available filters:

  • before=(<image-name>[:<tag>], <image id> or <image@digest>)
  • dangling=true
  • label=key or label="key=value" of an image label
  • reference=(<image-name>[:<tag>])
  • since=(<image-name>[:<tag>], <image id> or <image@digest>)
digests
boolean
Default: false

Show digest information as a RepoDigests field on each image.

Responses

Response samples

Content type
application/json
[
  • {
    },
  • {
    }
]

Build an image

Build an image from a tar archive with a Dockerfile in it.

The Dockerfile specifies how the image is built from the tar archive. It is typically in the archive's root, but can be at a different path or have a different name by specifying the dockerfile parameter. See the Dockerfile reference for more information.

The Docker daemon performs a preliminary validation of the Dockerfile before starting the build, and returns an error if the syntax is incorrect. After that, each instruction is run one-by-one until the ID of the new image is output.

The build is canceled if the client drops the connection by quitting or being killed.

query Parameters
dockerfile
string
Default: "Dockerfile"

Path within the build context to the Dockerfile. This is ignored if remote is specified and points to an external Dockerfile.

t
string

A name and optional tag to apply to the image in the name:tag format. If you omit the tag the default latest value is assumed. You can provide several t parameters.

extrahosts
string

Extra hosts to add to /etc/hosts

remote
string

A Git repository URI or HTTP/HTTPS context URI. If the URI points to a single text file, the file’s contents are placed into a file called Dockerfile and the image is built from that file. If the URI points to a tarball, the file is downloaded by the daemon and the contents therein used as the context for the build. If the URI points to a tarball and the dockerfile parameter is also specified, there must be a file with the corresponding path inside the tarball.

q
boolean
Default: false

Suppress verbose build output.

nocache
boolean
Default: false

Do not use the cache when building the image.

cachefrom
string

JSON array of images used for build cache resolution.

pull
string

Attempt to pull the image even if an older image exists locally.

rm
boolean
Default: true

Remove intermediate containers after a successful build.

forcerm
boolean
Default: false

Always remove intermediate containers, even upon failure.

memory
integer

Set memory limit for build.

memswap
integer

Total memory (memory + swap). Set as -1 to disable swap.

cpushares
integer

CPU shares (relative weight).

cpusetcpus
string

CPUs in which to allow execution (e.g., 0-3, 0,1).

cpuperiod
integer

The length of a CPU period in microseconds.

cpuquota
integer

Microseconds of CPU time that the container can get in a CPU period.

buildargs
integer

JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker uses the buildargs as the environment context for commands run via the Dockerfile RUN instruction, or for variable expansion in other Dockerfile instructions. This is not meant for passing secret values. Read more about the buildargs instruction.

shmsize
integer

Size of /dev/shm in bytes. The size must be greater than 0. If omitted the system uses 64MB.

squash
boolean

Squash the resulting images layers into a single layer. (Experimental release only.)

labels
string

Arbitrary key/value labels to set on the image, as a JSON map of string pairs.

networkmode
string

Sets the networking mode for the run commands during build. Supported standard values are: bridge, host, none, and container:<name|id>. Any other value is taken as a custom network's name to which this container should connect to.

header Parameters
Content-type
string
Default: application/x-tar
Value: "application/x-tar"
X-Registry-Config
string

This is a base64-encoded JSON object with auth configurations for multiple registries that a build may refer to.

The key is a registry URL, and the value is an auth configuration object, as described in the authentication section. For example:

{
  "docker.example.com": {
    "username": "janedoe",
    "password": "hunter2"
  },
  "https://index.docker.io/v1/": {
    "username": "mobydock",
    "password": "conta1n3rize14"
  }
}

Only the registry domain name (and port if not the default 443) are required. However, for legacy reasons, the Docker Hub registry must be specified with both a https:// prefix and a /v1/ suffix even though Docker will prefer to use the v2 registry API.

Request Body schema: application/octet-stream

A tar archive compressed with one of the following algorithms: identity (no compression), gzip, bzip2, xz.

string <binary>

Responses

Response samples

Content type
application/json
{
  • "message": "Something went wrong."
}

Create an image

Create an image by either pulling it from a registry or importing it.

query Parameters
fromImage
string

Name of the image to pull. The name may include a tag or digest. This parameter may only be used when pulling an image. The pull is cancelled if the HTTP connection is closed.

fromSrc
string

Source to import. The value may be a URL from which the image can be retrieved or - to read the image from the request body. This parameter may only be used when importing an image.

repo
string

Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image.

tag
string

Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled.

header Parameters
X-Registry-Auth
string

A base64-encoded auth configuration. See the authentication section for details.

Request Body schema:

Image content if the value - has been specified in fromSrc query parameter

string

Responses

Response samples

Content type
application/json
{
  • "message": "Something went wrong."
}

Inspect an image

Return low-level information about an image.

path Parameters
name
required
string

Image name or id

Responses

Response samples

Content type
application/json
{
  • "Id": "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c",
  • "Container": "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a",
  • "Comment": "",
  • "Os": "linux",
  • "Architecture": "amd64",
  • "Parent": "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c",
  • "ContainerConfig": {
    },
  • "DockerVersion": "1.9.0-dev",
  • "VirtualSize": 188359297,
  • "Size": 0,
  • "Author": "",
  • "Created": "2015-09-10T08:30:53.26995814Z",
  • "GraphDriver": {
    },
  • "RepoDigests": [
    ],
  • "RepoTags": [
    ],
  • "Config": {
    },
  • "RootFS": {
    }
}

Get the history of an image

Return parent layers of an image.

path Parameters
name
required
string

Image name or ID

Responses

Response samples

Content type
application/json
[
  • {
    },
  • {
    },
  • {
    }
]

Push an image

Push an image to a registry.

If you wish to push an image on to a private registry, that image must already have a tag which references the registry. For example, registry.example.com/myimage:latest.

The push is cancelled if the HTTP connection is closed.

path Parameters
name
required
string

Name of the image to push. For example, registry.example.com/myimage. The image must be present in the local image store with the same name.

The name should be provided without tag; if a tag is provided, it is ignored. For example, registry.example.com/myimage:latest is considered equivalent to registry.example.com/myimage.

Use the tag parameter to specify the tag to push.

query Parameters
tag
string

Tag of the image to push. For example, latest. If no tag is provided, all tags of the given image that are present in the local image store are pushed.

header Parameters
X-Registry-Auth
required
string

A base64-encoded auth configuration. See the authentication section for details.

Responses

Response samples

Content type
{
  • "message": "Something went wrong."
}

Tag an image

Tag an image so that it becomes part of a repository.

path Parameters
name
required
string

Image name or ID to tag.

query Parameters
repo
string

The repository to tag in. For example, someuser/someimage.

tag
string

The name of the new tag.

Responses

Response samples

Content type
{
  • "message": "Something went wrong."
}

Remove an image

Remove an image, along with any untagged parent images that were referenced by that image.

Images can't be removed if they have descendant images, are being used by a running container or are being used by a build.

path Parameters
name
required
string

Image name or ID

query Parameters
force
boolean
Default: false

Remove the image even if it is being used by stopped containers or has other tags

noprune
boolean
Default: false

Do not delete untagged parent images

Responses

Response samples

Content type
application/json
[
  • {
    },
  • {
    },
  • {
    }
]

Search images

Search for an image on Docker Hub.

query Parameters
term
required
string

Term to search

limit
integer

Maximum number of results to return

filters
string

A JSON encoded value of the filters (a map[string][]string) to process on the images list. Available filters:

  • is-automated=(true|false)
  • is-official=(true|false)
  • stars=<number> Matches images that has at least 'number' stars.

Responses

Response samples

Content type
application/json
[
  • {
    },
  • {
    },
  • {
    }
]

Delete unused images

query Parameters
filters
string

Filters to process on the prune list, encoded as JSON (a map[string][]string). Available filters:

  • dangling=<boolean> When set to true (or 1), prune only unused and untagged images. When set to false (or 0), all unused images are pruned.
  • until=<string> Prune images created before this timestamp. The <timestamp> can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. 10m, 1h30m) computed relative to the daemon machine’s time.

Responses

Response samples

Content type
application/json
{
  • "ImagesDeleted": [
    ],
  • "SpaceReclaimed": 0
}

Create a new image from a container

query Parameters
container
string

The ID or name of the container to commit

repo
string

Repository name for the created image

tag
string

Tag name for the create image

comment
string

Commit message

author
string

Author of the image (e.g., John Hannibal Smith <hannibal@a-team.com>)

pause
boolean
Default: true

Whether to pause the container before committing

changes
string

Dockerfile instructions to apply while committing

Request Body schema: application/json

The container configuration

Hostname
string

The hostname to use for the container, as a valid RFC 1123 hostname.

Domainname
string

The domain name to use for the container.

User
string

The user that commands are run as inside the container.

AttachStdin
boolean
Default: false

Whether to attach to stdin.

AttachStdout
boolean
Default: true

Whether to attach to stdout.

AttachStderr
boolean
Default: true

Whether to attach to stderr.

object

An object mapping ports to an empty object in the form:

{"<port>/<tcp|udp>": {}}

Tty
boolean
Default: false

Attach standard streams to a TTY, including stdin if it is not closed.

OpenStdin
boolean
Default: false

Open stdin

StdinOnce
boolean
Default: false

Close stdin after one attached client disconnects

Env
Array of strings

A list of environment variables to set inside the container in the form ["VAR=value", ...]. A variable without = is removed from the environment, rather than to have an empty value.

Array of strings or string

Command to run specified as a string or an array of strings.

object (HealthConfig)

A test to perform to check that the container is healthy.

ArgsEscaped
boolean

Command is already escaped (Windows only)

Image
string

The name of the image to use when creating the container

object

An object mapping mount point paths inside the container to empty objects.

WorkingDir
string

The working directory for commands to run in.

Array of strings or string

The entry point for the container as a string or an array of strings.

If the array consists of exactly one empty string ([""]) then the entry point is reset to system default (i.e., the entry point used by docker when there is no ENTRYPOINT instruction in the Dockerfile).

NetworkDisabled
boolean

Disable networking for the container.

MacAddress
string

MAC address of the container.

OnBuild
Array of strings

ONBUILD metadata that were defined in the image's Dockerfile.

object

User-defined key/value metadata.

StopSignal
string
Default: "SIGTERM"

Signal to stop a container as a string or unsigned integer.

StopTimeout
integer
Default: 10

Timeout to stop a container in seconds.

Shell
Array of strings

Shell for when RUN, CMD, and ENTRYPOINT uses a shell.

Responses

Request samples

Content type
application/json
{
  • "Hostname": "string",
  • "Domainname": "string",
  • "User": "string",
  • "AttachStdin": false,
  • "AttachStdout": true,
  • "AttachStderr": true,
  • "ExposedPorts": {
    },
  • "Tty": false,
  • "OpenStdin": false,
  • "StdinOnce": false,
  • "Env": [
    ],
  • "Cmd": [
    ],
  • "Healthcheck": {
    },
  • "ArgsEscaped": true,
  • "Image": "string",
  • "Volumes": {
    },
  • "WorkingDir": "string",
  • "Entrypoint": [
    ],
  • "NetworkDisabled": true,
  • "MacAddress": "string",
  • "OnBuild": [
    ],
  • "Labels": {
    },
  • "StopSignal": "SIGTERM",
  • "StopTimeout": 10,
  • "Shell": [
    ]
}

Response samples

Content type
application/json
{
  • "Id": "string"
}

Export an image

Get a tarball containing all images and metadata for a repository.

If name is a specific name and tag (e.g. ubuntu:latest), then only that image (and its parents) are returned. If name is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the repositories file in the tarball, as there were no image names referenced.

Image tarball format

An image tarball contains one directory per image layer (named using its long ID), each containing these files:

  • VERSION: currently 1.0 - the file format version
  • json: detailed layer information, similar to docker inspect layer_id
  • layer.tar: A tarfile containing the filesystem changes in this layer

The layer.tar file contains aufs style .wh..wh.aufs files and directories for storing attribute changes and deletions.

If the tarball defines a repository, the tarball should also include a repositories file at the root that contains a list of repository and tag names mapped to layer IDs.

{
  "hello-world": {
    "latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"
  }
}
path Parameters
name
required
string

Image name or ID

Responses

Export several images

Get a tarball containing all images and metadata for several image repositories.

For each value of the names parameter: if it is a specific name and tag (e.g. ubuntu:latest), then only that image (and its parents) are returned; if it is an image ID, similarly only that image (and its parents) are returned and there would be no names referenced in the 'repositories' file for this image ID.

For details on the format, see the export image endpoint.

query Parameters
names
Array of strings

Image names to filter by

Responses

Import images

Load a set of images and tags into a repository.

For details on the format, see the export image endpoint.

query Parameters
quiet
boolean
Default: false

Suppress progress details during load.

Request Body schema: application/x-tar

Tar archive containing images

string <binary>

Responses

Response samples

Content type
application/json
{
  • "message": "Something went wrong."
}

Networks

Networks are user-defined networks that containers can be attached to. See the networking documentation for more information.

List networks

query Parameters
filters
string

JSON encoded value of the filters (a map[string][]string) to process on the networks list. Available filters:

  • driver=<driver-name> Matches a network's driver.
  • id=<network-id> Matches all or part of a network ID.
  • label=<key> or label=<key>=<value> of a network label.
  • name=<network-name> Matches all or part of a network name.
  • scope=["swarm"|"global"|"local"] Filters networks by scope (swarm, global, or local).
  • type=["custom"|"builtin"] Filters networks by type. The custom keyword returns all user-defined networks.

Responses

Response samples

Content type
application/json
[
  • {
    },
  • {
    },
  • {
    }
]

Inspect a network

path Parameters
id
required
string

Network ID or name

query Parameters
verbose
boolean
Default: false

Detailed inspect output for troubleshooting

Responses

Response samples

Content type
application/json
{
  • "Name": "net01",
  • "Id": "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99",
  • "Created": "2016-10-19T04:33:30.360899459Z",
  • "Scope": "local",
  • "Driver": "bridge",
  • "EnableIPv6": false,
  • "IPAM": {
    },
  • "Internal": false,
  • "Attachable": false,
  • "Ingress": false,
  • "Containers": {
    },
  • "Options": {
    },
  • "Labels": {
    }
}

Remove a network

path Parameters
id
required
string

Network ID or name

Responses

Response samples

Content type
{
  • "message": "Something went wrong."
}

Create a network

Request Body schema: application/json
required

Network configuration

Name
required
string

The network's name.

CheckDuplicate
boolean

Check for networks with duplicate names. Since Network is primarily keyed based on a random ID and not on the name, and network name is strictly a user-friendly alias to the network which is uniquely identified using ID, there is no guaranteed way to check for duplicates. CheckDuplicate is there to provide a best effort checking of any networks which has the same name but it is not guaranteed to catch all name collisions.

Driver
string
Default: "bridge"

Name of the network driver plugin to use.

Internal
boolean

Restrict external access to the network.

Attachable
boolean

Globally scoped network is manually attachable by regular containers from workers in swarm mode.

Ingress
boolean

Ingress network is the network which provides the routing-mesh in swarm mode.

object (IPAM)
EnableIPv6
boolean

Enable IPv6 on the network.

object

Network specific options to be used by the drivers.

object

User-defined key/value metadata.

Responses

Request samples

Content type
application/json
{
  • "Name": "isolated_nw",
  • "CheckDuplicate": false,
  • "Driver": "bridge",
  • "EnableIPv6": true,
  • "IPAM": {
    },
  • "Internal": true,
  • "Attachable": false,
  • "Ingress": false,
  • "Options": {
    },
  • "Labels": {
    }
}

Response samples

Content type
application/json
{
  • "Id": "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30",
  • "Warning": ""
}

Connect a container to a network

path Parameters
id
required
string

Network ID or name

Request Body schema: application/octet-stream
required
Container
string

The ID or name of the container to connect to the network.

object (EndpointSettings)

Configuration for a network endpoint.

Responses

Response samples

Content type
{
  • "message": "Something went wrong."
}

Disconnect a container from a network

path Parameters
id
required
string

Network ID or name

Request Body schema: application/json
required
Container
string

The ID or name of the container to disconnect from the network.

Force
boolean

Force the container to disconnect from the network.

Responses

Request samples

Content type
application/json
{
  • "Container": "string",
  • "Force": true
}

Response samples

Content type
{
  • "message": "Something went wrong."
}

Delete unused networks

query Parameters
filters
string

Filters to process on the prune list, encoded as JSON (a map[string][]string).

Available filters:

  • until=<timestamp> Prune networks created before this timestamp. The <timestamp> can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. 10m, 1h30m) computed relative to the daemon machine’s time.

Responses

Response samples

Content type
application/json
{
  • "NetworksDeleted": [
    ]
}

Volumes

Create and manage persistent storage that can be attached to containers.

List volumes

query Parameters
filters
string <json>

JSON encoded value of the filters (a map[string][]string) to process on the volumes list. Available filters:

  • dangling=<boolean> When set to true (or 1), returns all volumes that are not in use by a container. When set to false (or 0), only volumes that are in use by one or more containers are returned.
  • driver=<volume-driver-name> Matches volumes based on their driver.
  • label=<key> or label=<key>:<value> Matches volumes based on the presence of a label alone or a label and a value.
  • name=<volume-name> Matches all or part of a volume name.

Responses

Response samples

Content type
application/json
{
  • "Volumes": [
    ],
  • "Warnings": [ ]
}

Create a volume

Request Body schema: application/json
required

Volume configuration

Name
string

The new volume's name. If not specified, Docker generates a name.

Driver
string
Default: "local"

Name of the volume driver to use.

object

A mapping of driver options and values. These options are passed directly to the driver and are driver specific.

object

User-defined key/value metadata.

Responses

Request samples

Content type
application/json
{
  • "Name": "tardis",
  • "Labels": {
    },
  • "Driver": "custom"
}

Response samples

Content type
application/json
{
  • "Name": "tardis",
  • "Driver": "custom",
  • "Mountpoint": "/var/lib/docker/volumes/tardis",
  • "Status": {
    },
  • "Labels": {
    },
  • "Scope": "local"
}

Inspect a volume

path Parameters
name
required
string

Volume name or ID

Responses

Response samples

Content type
application/json
{
  • "Name": "tardis",
  • "Driver": "custom",
  • "Mountpoint": "/var/lib/docker/volumes/tardis",
  • "Status": {
    },
  • "Labels": {
    },
  • "Scope": "local"
}

Remove a volume

Instruct the driver to remove the volume.

path Parameters
name
required
string

Volume name or ID

query Parameters
force
boolean
Default: false

Force the removal of the volume

Responses

Response samples

Content type
{
  • "message": "Something went wrong."
}

Delete unused volumes

query Parameters
filters
string

Filters to process on the prune list, encoded as JSON (a map[string][]string).

Available filters:

Responses

Response samples

Content type
application/json
{
  • "VolumesDeleted": [
    ],
  • "SpaceReclaimed": 0
}

Exec

Run new commands inside running containers. See the command-line reference for more information.

To exec a command in a container, you first need to create an exec instance, then start it. These two API endpoints are wrapped up in a single command-line command, docker exec.

Create an exec instance

Run a command inside a running container.

path Parameters
id
required
string

ID or name of container

Request Body schema: application/json
required

Exec configuration

AttachStdin
boolean

Attach to stdin of the exec command.

AttachStdout
boolean

Attach to stdout of the exec command.

AttachStderr
boolean

Attach to stderr of the exec command.

DetachKeys
string

Override the key sequence for detaching a container. Format is a single character [a-Z] or ctrl-<value> where <value> is one of: a-z, @, ^, [, , or _.

Tty
boolean

Allocate a pseudo-TTY.

Env
Array of strings

A list of environment variables in the form ["VAR=value", ...].

Cmd
Array of strings

Command to run, as a string or array of strings.

Privileged
boolean
Default: false

Runs the exec process with extended privileges.

User
string

The user, and optionally, group to run the exec process inside the container. Format is one of: user, user:group, uid, or uid:gid.

Responses

Request samples

Content type
application/json
{
  • "AttachStdin": false,
  • "AttachStdout": true,
  • "AttachStderr": true,
  • "DetachKeys": "ctrl-p,ctrl-q",
  • "Tty": false,
  • "Cmd": [
    ],
  • "Env": [
    ]
}

Response samples

Content type
application/json
{
  • "Id": "string"
}

Start an exec instance

Starts a previously set up exec instance. If detach is true, this endpoint returns immediately after starting the command. Otherwise, it sets up an interactive session with the command.

path Parameters
id
required
string

Exec instance ID

Request Body schema: application/json
Detach
boolean

Detach from the command.

Tty
boolean

Allocate a pseudo-TTY.

Responses

Request samples

Content type
application/json
{
  • "Detach": false,
  • "Tty": false
}

Resize an exec instance

Resize the TTY session used by an exec instance. This endpoint only works if tty was specified as part of creating and starting the exec instance.

path Parameters
id
required
string

Exec instance ID

query Parameters
h
required
integer

Height of the TTY session in characters

w
required
integer

Width of the TTY session in characters

Responses

Response samples

Content type
{
  • "message": "Something went wrong."
}

Inspect an exec instance

Return low-level information about an exec instance.

path Parameters
id
required
string

Exec instance ID

Responses

Response samples

Content type
application/json
{
  • "CanRemove": false,
  • "ContainerID": "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126",
  • "DetachKeys": "",
  • "ExitCode": 2,
  • "ID": "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b",
  • "OpenStderr": true,
  • "OpenStdin": true,
  • "OpenStdout": true,
  • "ProcessConfig": {
    },
  • "Running": false,
  • "Pid": 42000
}

Swarm

Engines can be clustered together in a swarm. See the swarm mode documentation for more information.

Inspect swarm

Responses

Response samples

Content type
{
  • "CreatedAt": "2016-08-15T16:00:20.349727406Z",
  • "Spec": {
    },
  • "JoinTokens": {
    },
  • "ID": "70ilmkj2f6sp2137c753w2nmt",
  • "UpdatedAt": "2016-08-15T16:32:09.623207604Z",
  • "Version": {
    }
}

Initialize a new swarm

Request Body schema:
required
ListenAddr
string

Listen address used for inter-manager communication, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP). This can either be an address/port combination in the form 192.168.1.1:4567, or an interface followed by a port number, like eth0:4567. If the port number is omitted, the default swarm listening port is used.

AdvertiseAddr
string

Externally reachable address advertised to other nodes. This can either be an address/port combination in the form 192.168.1.1:4567, or an interface followed by a port number, like eth0:4567. If the port number is omitted, the port number from the listen address is used. If AdvertiseAddr is not specified, it will be automatically detected when possible.

ForceNewCluster
boolean

Force creation of a new swarm.

object (SwarmSpec)

User modifiable swarm configuration.

Responses

Request samples

Content type
{
  • "ListenAddr": "0.0.0.0:2377",
  • "AdvertiseAddr": "192.168.1.1:2377",
  • "ForceNewCluster": false,
  • "Spec": {
    }
}

Response samples

Content type
"7v2t30z9blmxuhnyo6s4cpenp"

Join an existing swarm

Request Body schema:
required
ListenAddr
string

Listen address used for inter-manager communication if the node gets promoted to manager, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP).

AdvertiseAddr
string

Externally reachable address advertised to other nodes. This can either be an address/port combination in the form 192.168.1.1:4567, or an interface followed by a port number, like eth0:4567. If the port number is omitted, the port number from the listen address is used. If AdvertiseAddr is not specified, it will be automatically detected when possible.

RemoteAddrs
string

Addresses of manager nodes already participating in the swarm.

JoinToken
string

Secret token for joining this swarm.

Responses

Request samples

Content type
{
  • "ListenAddr": "0.0.0.0:2377",
  • "AdvertiseAddr": "192.168.1.1:2377",
  • "RemoteAddrs": [
    ],
  • "JoinToken": "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
}

Response samples

Content type
{
  • "message": "Something went wrong."
}

Leave a swarm

query Parameters
force
boolean
Default: false

Force leave swarm, even if this is the last manager or that it will break the cluster.

Responses

Response samples

Content type
{
  • "message": "Something went wrong."
}

Update a swarm

query Parameters
version
required
integer <int64>

The version number of the swarm object being updated. This is required to avoid conflicting writes.

rotateWorkerToken
boolean
Default: false

Rotate the worker join token.

rotateManagerToken
boolean
Default: false

Rotate the manager join token.

rotateManagerUnlockKey
boolean
Default: false

Rotate the manager unlock key.

Request Body schema:
required
Name
string

Name of the swarm.

object

User-defined key/value metadata.

object

Orchestration configuration.

object

Raft configuration.

object

Dispatcher configuration.

object

CA configuration.

object

Parameters related to encryption-at-rest.

object

Defaults for creating tasks in this cluster.

Responses

Request samples

Content type
{
  • "Name": "default",
  • "Orchestration": {
    },
  • "Raft": {
    },
  • "Dispatcher": {
    },
  • "CAConfig": {
    },
  • "JoinTokens": {
    },
  • "EncryptionConfig": {
    }
}

Response samples

Content type
{
  • "message": "Something went wrong."
}

Get the unlock key

Responses

Response samples

Content type
{
  • "UnlockKey": "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
}

Unlock a locked manager

Request Body schema: application/json
required
UnlockKey
string

The swarm's unlock key.

Responses

Request samples

Content type
application/json
{
  • "UnlockKey": "SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8"
}

Response samples

Content type
application/json
{
  • "message": "Something went wrong."
}

Nodes

Nodes are instances of the Engine participating in a swarm. Swarm mode must be enabled for these endpoints to work.

List nodes

query Parameters
filters
string

Filters to process on the nodes list, encoded as JSON (a map[string][]string).

Available filters:

  • id=<node id>
  • label=<engine label>
  • membership=(accepted|pending)`
  • name=<node name>
  • role=(manager|worker)`

Responses

Response samples

Content type
[
  • {
    }
]

Inspect a node

path Parameters
id
required
string

The ID or name of the node

Responses

Response samples

Content type
{
  • "ID": "24ifsmvkjbyhk",
  • "Version": {
    },
  • "CreatedAt": "2016-06-07T20:31:11.853781916Z",
  • "UpdatedAt": "2016-06-07T20:31:11.999868824Z",
  • "Spec": {
    },
  • "Description": {
    },
  • "Status": {
    },
  • "ManagerStatus": {
    }
}

Delete a node

path Parameters
id
required
string

The ID or name of the node

query Parameters
force
boolean
Default: false

Force remove a node from the swarm

Responses

Response samples

Content type
{
  • "message": "Something went wrong."
}

Update a node

path Parameters
id
required
string

The ID of the node

query Parameters
version
required
integer <int64>

The version number of the node object being updated. This is required to avoid conflicting writes.

Request Body schema:
Name
string

Name for the node.

object

User-defined key/value metadata.

Role
string
Enum: "worker" "manager"

Role of the node.

Availability
string
Enum: "active" "pause" "drain"

Availability of the node.

Responses

Request samples

Content type
{
  • "Availability": "active",
  • "Name": "node-name",
  • "Role": "manager",
  • "Labels": {
    }
}

Response samples

Content type
{
  • "message": "Something went wrong."
}

Services

Services are the definitions of tasks to run on a swarm. Swarm mode must be enabled for these endpoints to work.

List services

query Parameters
filters
string

A JSON encoded value of the filters (a map[string][]string) to process on the services list. Available filters:

  • id=<service id>
  • label=<service label>
  • mode=["replicated"|"global"]
  • name=<service name>

Responses

Response samples

Content type
[
  • {
    }
]

Create a service

header Parameters
X-Registry-Auth
string

A base64-encoded auth configuration for pulling from private registries. See the authentication section for details.

Request Body schema: application/json
required
Name
string

Name of the service.

object

User-defined key/value metadata.

object (TaskSpec)

User modifiable task configuration.

object

Scheduling mode for the service.

object

Specification for the update strategy of the service.

object

Specification for the rollback strategy of the service.

Array of objects

Array of network names or IDs to attach the service to.

object (EndpointSpec)

Properties that can be configured to access and load balance a service.

Responses

Request samples

Content type
application/json
{
  • "Name": "web",
  • "Labels": {
    },
  • "TaskTemplate": {
    },
  • "Mode": {
    },
  • "UpdateConfig": {
    },
  • "RollbackConfig": {
    },
  • "Networks": [
    ],
  • "EndpointSpec": {
    }
}

Response samples

Content type
application/json
{
  • "ID": "ak7w3gjqoa3kuz8xcpnyy0pvl",
  • "Warning": "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
}

Inspect a service

path Parameters
id
required
string

ID or name of service.

query Parameters
insertDefaults
boolean
Default: false

Fill empty fields with default values.

Responses

Response samples

Content type
{
  • "ID": "9mnpnzenvg8p8tdbtq4wvbkcz",
  • "Version": {
    },
  • "CreatedAt": "2016-06-07T21:05:51.880065305Z",
  • "UpdatedAt": "2016-06-07T21:07:29.962229872Z",
  • "Spec": {
    },
  • "Endpoint": {
    }
}

Delete a service

path Parameters
id
required
string

ID or name of service.

Responses

Response samples

Content type
{
  • "message": "Something went wrong."
}

Update a service

path Parameters
id
required
string

ID or name of service.

query Parameters
version
required
integer

The version number of the service object being updated. This is required to avoid conflicting writes.

registryAuthFrom
string
Default: "spec"

If the X-Registry-Auth header is not specified, this parameter indicates where to find registry authorization credentials. The valid values are spec and previous-spec.

rollback
string

Set to this parameter to previous to cause a server-side rollback to the previous service spec. The supplied spec will be ignored in this case.

header Parameters
X-Registry-Auth
string

A base64-encoded auth configuration for pulling from private registries. See the authentication section for details.

Request Body schema: application/json
required
Name
string

Name of the service.

object

User-defined key/value metadata.

object (TaskSpec)

User modifiable task configuration.

object

Scheduling mode for the service.

object

Specification for the update strategy of the service.

object

Specification for the rollback strategy of the service.

Array of objects

Array of network names or IDs to attach the service to.

object (EndpointSpec)

Properties that can be configured to access and load balance a service.

Responses

Request samples

Content type
application/json
{
  • "Name": "top",
  • "Labels": {
    },
  • "TaskTemplate": {
    },
  • "Mode": {
    },
  • "UpdateConfig": {
    },
  • "RollbackConfig": {
    },
  • "Networks": [
    ],
  • "EndpointSpec": {
    }
}

Response samples

Content type
application/json
{
  • "Warning": "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
}

Get service logs

Get stdout and stderr logs from a service.

Note: This endpoint works only for services with the json-file or journald logging drivers.

path Parameters
id
required
string

ID or name of the service

query Parameters
details
boolean
Default: false

Show service context and extra details provided to logs.

follow
boolean
Default: false

Return the logs as a stream.

This will return a 101 HTTP response with a Connection: upgrade header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, see the documentation for the attach endpoint.

stdout
boolean
Default: false

Return logs from stdout

stderr
boolean
Default: false

Return logs from stderr

since
integer
Default: 0

Only return logs since this time, as a UNIX timestamp

timestamps
boolean
Default: false

Add timestamps to every log line

tail
string
Default: "all"

Only return this number of log lines from the end of the logs. Specify as an integer or all to output all log lines.

Responses

Response samples

Content type
No sample

Tasks

A task is a container running on a swarm. It is the atomic scheduling unit of swarm. Swarm mode must be enabled for these endpoints to work.

List tasks

query Parameters
filters
string

A JSON encoded value of the filters (a map[string][]string) to process on the tasks list. Available filters:

  • desired-state=(running | shutdown | accepted)
  • id=<task id>
  • label=key or label="key=value"
  • name=<task name>
  • node=<node id or name>
  • service=<service name>

Responses

Response samples

Content type
application/json
[
  • {
    },
  • {
    }
]

Inspect a task

path Parameters
id
required
string

ID of the task

Responses

Response samples

Content type
application/json
{
  • "ID": "0kzzo1i0y4jz6027t0k7aezc7",
  • "Version": {
    },
  • "CreatedAt": "2016-06-07T21:07:31.171892745Z",
  • "UpdatedAt": "2016-06-07T21:07:31.376370513Z",
  • "Spec": {
    },
  • "ServiceID": "9mnpnzenvg8p8tdbtq4wvbkcz",
  • "Slot": 1,
  • "NodeID": "60gvrl6tm78dmak4yl7srz94v",
  • "Status": {
    },
  • "DesiredState": "running",
  • "NetworksAttachments": [
    ]
}

Secrets

Secrets are sensitive data that can be used by services. Swarm mode must be enabled for these endpoints to work.

List secrets

query Parameters
filters
string

A JSON encoded value of the filters (a map[string][]string) to process on the secrets list. Available filters:

  • id=<secret id>
  • label=<key> or label=<key>=value
  • name=<secret name>
  • names=<secret name>

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create a secret

Request Body schema: application/json
Name
string

User-defined name of the secret.

object

User-defined key/value metadata.

Data
Array of strings

Base64-url-safe-encoded secret data

Responses

Request samples

Content type
application/json
{
  • "Name": "app-key.crt",
  • "Labels": {
    },
  • "Data": "VEhJUyBJUyBOT1QgQSBSRUFMIENFUlRJRklDQVRFCg=="
}

Response samples

Content type
application/json
{
  • "ID": "ktnbjxoalbkvbvedmg1urrz8h"
}

Inspect a secret

path Parameters
id
required
string

ID of the secret

Responses

Response samples

Content type
application/json
{
  • "ID": "string",
  • "Version": {
    },
  • "CreatedAt": "string",
  • "UpdatedAt": "string",
  • "Spec": {
    }
}

Delete a secret

path Parameters
id
required
string

ID of the secret

Responses

Response samples

Content type
application/json
{
  • "message": "Something went wrong."
}

Update a Secret

path Parameters
id
required
string

The ID or name of the secret

query Parameters
version
required
integer <int64>

The version number of the secret object being updated. This is required to avoid conflicting writes.

Request Body schema:

The spec of the secret to update. Currently, only the Labels field can be updated. All other fields must remain unchanged from the SecretInspect endpoint response values.

Name
string

User-defined name of the secret.

object

User-defined key/value metadata.

Data
Array of strings

Base64-url-safe-encoded secret data

Responses

Request samples

Content type
{
  • "Name": "string",
  • "Labels": {
    },
  • "Data": [
    ]
}

Response samples

Content type
{
  • "message": "Something went wrong."
}

Plugins

List plugins

Returns information about installed plugins.

query Parameters
filters
string

A JSON encoded value of the filters (a map[string][]string) to process on the plugin list. Available filters:

  • capability=<capability name>
  • enable=<true>|<false>

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Get plugin privileges

query Parameters
remote
required
string

The name of the plugin. The :latest tag is optional, and is the default if omitted.

Responses

Response samples

Content type
[
  • {
    },
  • {
    },
  • {
    }
]

Install a plugin

Pulls and installs a plugin. After the plugin is installed, it can be enabled using the POST /plugins/{name}/enable endpoint.

query Parameters
remote
required
string

Remote reference for plugin to install.

The :latest tag is optional, and is used as the default if omitted.

name
string

Local name for the pulled plugin.

The :latest tag is optional, and is used as the default if omitted.

header Parameters
X-Registry-Auth
string

A base64-encoded auth configuration to use when pulling a plugin from a registry. See the authentication section for details.

Request Body schema:
Array
Name
string
Description
string
Value
Array of strings

Responses

Request samples

Content type
[
  • {
    },
  • {
    },
  • {
    }
]

Response samples

Content type
application/json
{
  • "message": "Something went wrong."
}

Inspect a plugin

path Parameters
name
required
string

The name of the plugin. The :latest tag is optional, and is the default if omitted.

Responses

Response samples

Content type
{
  • "Id": "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078",
  • "Name": "tiborvass/sample-volume-plugin",
  • "Tag": "latest",
  • "Active": true,
  • "Settings": {
    },
  • "Config": {
    }
}

Remove a plugin

path Parameters
name
required
string

The name of the plugin. The :latest tag is optional, and is the default if omitted.

query Parameters
force
boolean
Default: false

Disable the plugin before removing. This may result in issues if the plugin is in use by a container.

Responses

Response samples

Content type
{
  • "Id": "5724e2c8652da337ab2eedd19fc6fc0ec908e4bd907c7421bf6a8dfc70c4c078",
  • "Name": "tiborvass/sample-volume-plugin",
  • "Tag": "latest",
  • "Active": true,
  • "Settings": {
    },
  • "Config": {
    }
}

Enable a plugin

path Parameters
name
required
string

The name of the plugin. The :latest tag is optional, and is the default if omitted.

query Parameters
timeout
integer
Default: 0

Set the HTTP client timeout (in seconds)

Responses

Response samples

Content type
{
  • "message": "Something went wrong."
}

Disable a plugin

path Parameters
name
required
string

The name of the plugin. The :latest tag is optional, and is the default if omitted.

query Parameters
force
boolean

Force disable a plugin even if still in use.

Responses

Response samples

Content type
{
  • "message": "Something went wrong."
}

Upgrade a plugin

path Parameters
name
required
string

The name of the plugin. The :latest tag is optional, and is the default if omitted.

query Parameters
remote
required
string

Remote reference to upgrade to.

The :latest tag is optional, and is used as the default if omitted.

header Parameters
X-Registry-Auth
string

A base64-encoded auth configuration to use when pulling a plugin from a registry. See the authentication section for details.

Request Body schema:
Array
Name
string
Description
string
Value
Array of strings

Responses

Request samples

Content type
[
  • {
    },
  • {
    },
  • {
    }
]

Response samples

Content type
{
  • "message": "Something went wrong."
}

Create a plugin

query Parameters
name
required
string

The name of the plugin. The :latest tag is optional, and is the default if omitted.

Request Body schema: application/x-tar

Path to tar containing plugin rootfs and manifest

string <binary>

Responses

Response samples

Content type
{
  • "message": "Something went wrong."
}

Push a plugin

Push a plugin to the registry.

path Parameters
name
required
string

The name of the plugin. The :latest tag is optional, and is the default if omitted.

Responses

Response samples

Content type
{
  • "message": "Something went wrong."
}

Configure a plugin

path Parameters
name
required
string

The name of the plugin. The :latest tag is optional, and is the default if omitted.

Request Body schema: application/json
Array
string

Responses

Request samples

Content type
application/json
[
  • "DEBUG=1"
]

Response samples

Content type
{
  • "message": "Something went wrong."
}

System

Check auth configuration

Validate credentials for a registry and, if available, get an identity token for accessing the registry without password.

Request Body schema: application/json

Authentication to check

username
string
password
string
email
string
serveraddress
string

Responses

Request samples

Content type
application/json
{}

Response samples

Content type
application/json
{
  • "Status": "Login Succeeded",
  • "IdentityToken": "9cbaf023786cd7..."
}

Get system information

Responses

Response samples

Content type
application/json
{
  • "Architecture": "x86_64",
  • "ClusterStore": "etcd://localhost:2379",
  • "CgroupDriver": "cgroupfs",
  • "Containers": 11,
  • "ContainersRunning": 7,
  • "ContainersStopped": 3,
  • "ContainersPaused": 1,
  • "CpuCfsPeriod": true,
  • "CpuCfsQuota": true,
  • "Debug": false,
  • "DockerRootDir": "/var/lib/docker",
  • "Driver": "btrfs",
  • "DriverStatus": [
    ],
  • "ExperimentalBuild": false,
  • "ID": "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS",
  • "IPv4Forwarding": true,
  • "Images": 16,
  • "IndexServerAddress": "https://index.docker.io/v1/",
  • "InitPath": "/usr/bin/docker",
  • "InitSha1": "",
  • "KernelMemory": true,
  • "KernelVersion": "3.12.0-1-amd64",
  • "Labels": [
    ],
  • "MemTotal": 2099236864,
  • "MemoryLimit": true,
  • "NCPU": 1,
  • "NEventsListener": 0,
  • "NFd": 11,
  • "NGoroutines": 21,
  • "Name": "prod-server-42",
  • "NoProxy": "9.81.1.160",
  • "OomKillDisable": true,
  • "OSType": "linux",
  • "OperatingSystem": "Boot2Docker",
  • "Plugins": {
    },
  • "RegistryConfig": {
    },
  • "SecurityOptions": [
    ],
  • "ServerVersion": "1.9.0",
  • "SwapLimit": false,
  • "SystemStatus": [
    ],
  • "SystemTime": "2015-03-10T11:11:23.730591467-07:00"
}

Get version

Returns the version of Docker that is running and various information about the system that Docker is running on.

Responses

Response samples

Content type
application/json
{
  • "Version": "17.04.0",
  • "Os": "linux",
  • "KernelVersion": "3.19.0-23-generic",
  • "GoVersion": "go1.7.5",
  • "GitCommit": "deadbee",
  • "Arch": "amd64",
  • "ApiVersion": "1.27",
  • "MinAPIVersion": "1.12",
  • "BuildTime": "2016-06-14T07:09:13.444803460+00:00",
  • "Experimental": true
}

Ping

This is a dummy endpoint you can use to test if the server is accessible.

Responses

Monitor events

Stream real-time events from the server.

Various objects within Docker report events when something happens to them.

Containers report these events: attach, commit, copy, create, destroy, detach, die, exec_create, exec_detach, exec_start, export, health_status, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update

Images report these events: delete, import, load, pull, push, save, tag, untag

Volumes report these events: create, mount, unmount, destroy

Networks report these events: create, connect, disconnect, destroy

The Docker daemon reports these events: reload

query Parameters
since
string

Show events created since this timestamp then stream new events.

until
string

Show events created until this timestamp then stop streaming.

filters
string

A JSON encoded value of filters (a map[string][]string) to process on the event list. Available filters:

  • container=<string> container name or ID
  • daemon=<string> daemon name or ID
  • event=<string> event type
  • image=<string> image name or ID
  • label=<string> image or container label
  • network=<string> network name or ID
  • plugin= plugin name or ID
  • type=<string> object to filter by, one of container, image, volume, network, or daemon
  • volume=<string> volume name or ID

Responses

Response samples

Content type
application/json
{
  • "Type": "container",
  • "Action": "create",
  • "Actor": {
    },
  • "time": 1461943101
}

Get data usage information

Responses

Response samples

Content type
{
  • "LayersSize": 1092588,
  • "Images": [
    ],
  • "Containers": [
    ],
  • "Volumes": [
    ]
}

Get task logs

Get stdout and stderr logs from a task.

Note: This endpoint works only for services with the json-file or journald logging drivers.

path Parameters
id
required
string

ID of the task

query Parameters
details
boolean
Default: false

Show task context and extra details provided to logs.

follow
boolean
Default: false

Return the logs as a stream.

This will return a 101 HTTP response with a Connection: upgrade header, then hijack the HTTP connection to send raw output. For more information about hijacking and the stream format, see the documentation for the attach endpoint.

stdout
boolean
Default: false

Return logs from stdout

stderr
boolean
Default: false

Return logs from stderr

since
integer
Default: 0

Only return logs since this time, as a UNIX timestamp

timestamps
boolean
Default: false

Add timestamps to every log line

tail
string
Default: "all"

Only return this number of log lines from the end of the logs. Specify as an integer or all to output all log lines.

Responses

Response samples

Content type
No sample