NugetHosting | Documentation
Dashboard Features Pricing

🌐 Documentation is currently available in English only. We're working on translations.

Home / Docs / API Reference / API Tokens

API Tokens

Create and manage API tokens for authenticating with NugetHosting services.

⏱️ 5 min read

Overview

API tokens provide secure, revocable access to NugetHosting services. Use them for:

  • Publishing NuGet packages
  • Pushing and pulling Docker images
  • CI/CD pipeline authentication
  • Programmatic API access

💡 Tip: Create separate tokens for different purposes (e.g., one for CI/CD, one for local development).

Creating Tokens

To create a new API token:

  1. Go to Settings → Access Tokens
  2. Click "Create Token"
  3. Enter a descriptive name (e.g., "GitHub Actions CI")
  4. Select the required scopes
  5. Click "Create"

⚠️ Important: Copy your token immediately! It won't be shown again.

Token Scopes

When creating a token, you select permissions in the UI. These translate to technical API scopes based on the token type:

UI Permissions → API Scopes

UI PermissionNuGet TokenDocker TokenCombined Token
Read packagesnuget:pullcontainer:pullnuget:pull container:pull
Upload packagesnuget:pushcontainer:pushnuget:push container:push
Delete packagesnuget:deletecontainer:deletenuget:delete container:delete

💡 Example: If you create a "NuGet Only" token with "Read" and "Upload" permissions, your token will have scopes: nuget:pull + nuget:push

Scope Reference

ScopeDescription
nuget:pullDownload/restore NuGet packages
nuget:pushPush new NuGet packages
nuget:deleteDelete NuGet packages
container:pullPull Docker images
container:pushPush Docker images
container:deleteDelete Docker images

Using Tokens

NuGet CLI

dotnet nuget add source https://nuget.nugethosting.com/v3/index.json \
  -n NugetHosting -u api -p YOUR_TOKEN

Docker CLI

docker login registry.nugethosting.com -u api -p YOUR_TOKEN

HTTP API

curl -H "Authorization: Bearer YOUR_TOKEN" \
  https://api.nugethosting.com/v1/packages

Revoking Tokens

If a token is compromised or no longer needed:

  1. Go to Settings → Access Tokens
  2. Find the token in the list
  3. Click "Revoke"
  4. Confirm the revocation

⚠️ Warning: Revoking a token is immediate and irreversible. Any services using that token will stop working.

Best Practices

Use descriptive names

Name tokens after their purpose (e.g., "Production CI", "Local Dev").

Use minimal scopes

Only grant the permissions each token actually needs.

Rotate tokens regularly

Create new tokens and revoke old ones periodically.

Never commit tokens to source control

Use environment variables or secret managers.

Don't share tokens between users

Each user should have their own tokens for accountability.

CI/CD Integration Authentication
Was this page helpful?