Download OpenAPI specification:
The REST API provides access to snapd's state and many of its key functions, as listed below.
For general information on how to use the API, including how to access it, its requests and responses, results fields and error types, see Using the REST API.
Requires a valid assertion with a signature signed by a verifiable public key. The body of the request provides the assertion to add. If replacing an existing assertion the new must be consistent with and its prerequisite.
The raw assertion text to add to the database.
A raw assertion string.
{- "status-code": 400,
- "status": "Bad Request",
- "type": "error",
- "result": {
- "kind": "option-not-available",
- "message": "cannot get 'ssid' through canonical/network/wifi-setup: no data"
}
}Get all the assertions in the system assertion database of the given type.
Assertions can be filtered by providing assertion header keys as query
parameters (e.g., ?username=canonical). The response is a stream of
assertions separated by double newlines. An assertion type of
snap-declaration can also be used to retrieve a remote snap-declaration
assertion for a given snap-id. This can also be accomplished from within the
snap environment.
| assertion-type required | string Example: account The type of assertion to retrieve. |
| remote | boolean Default: false When using remote, a primary key must be associated with the request assertion type. These mappings are as below account -> account-id account-key -> public-key-sha3-384 base-declaration -> series confdb-schema -> account-id AND name model -> series AND brand-id AND model preseed -> series AND brand-id AND model AND system_label repair -> brand-id AND repair-id serial -> brand-id AND model AND serial snap-build -> snap-sha3-384 snap-declaration -> series AND snap-id snap-developer -> snap-id AND publisher-id snap-resource-revision -> snap-id AND resource-name AND resource-sha3-384 AND provenance snap-resource-pair -> snap-id AND resource-name AND resource-revision AND snap-revision AND provenance snap-revision -> snap-sha3-384 AND provenance store -> store system-user -> brand-id AND email validation -> series AND snap-id AND approved-snap-id AND approved-snap-revision validation-set -> series AND account-id AND name AND sequence Some assertion types do not have a definite authority set account-key-request -> public-key-sha3-384 confdb-control -> brand-id AND model AND serial device-session-request -> brand_id AND model AND serial serial-request - N/A |
| json | boolean Default: false If true, the response is formatted as a JSON object containing the headers of the assertions instead of the default signed assertion stream format. |
Retrieves the active model assertion for the system. The model assertion describes a snap-based device.
{- "status-code": 404,
- "status": "Not Found",
- "type": "error",
- "result": {
- "kind": "assertion-not-found",
- "message": "no model assertion yet",
- "value": "model"
}
}Replaces the current model assertion, potentially triggering a remodel of the system.
The endpoint accepts two different content types depending on the use case:
application/json: For a standard (online) remodel where the system will
fetch required snaps from the store.multipart/form-data: For an offline remodel, where the new model
assertion and all required snaps and other files are provided directly in
the request.The new model assertion and, for offline remodels, any required files (snaps, etc.).
| assertion required | string A string containing the full, signed model assertion. |
{- "assertion": "type: model\nauthority-id: generic\nseries: 16\nbrand-id: generic\nmodel: generic-classic\nclassic: true\ntimestamp: 2025-10-03T10:40:00.0Z\nsign-key-sha3-384: d-JcZF9nD9eBw7bwMnH61x-bklnQOhQud1Is6o_cn2wTj8EYDi9musrIT9z2MdAa\nAcLBXAQAAQ[...]"
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Retrieves the current serial assertion for the system. The serial assertion is a statement used to bind a device identity to it's public key, provided by the store.
{- "status-code": 404,
- "status": "Not Found",
- "type": "error",
- "result": {
- "kind": "assertion-not-found",
- "message": "no model assertion yet",
- "value": "model"
}
}Performs an asynchronous action on the current serial assertion by sending a
JSON command. The only supported action is forget, which causes the
system to unregister its current serial and prepare for a new one.
A JSON object specifying the action to perform on the serial.
| action required | string Value: "forget" The action to perform on the serial assertion. |
| no-registration-until-reboot | boolean Default: false If true, delays device registration until the next reboot. |
{- "action": "forget",
- "no-registration-until-reboot"": true
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Modify aliases by performing an 'alias', 'unalias', or 'prefer' action.
The action to perform on an alias.
| action required | string Enum: "alias" "unalias" "prefer" The action to perform on the alias. |
| snap | string The snap name to modify (optional for unalias). |
| app | string The app to modify (optional). |
| alias required | string The alias to modify. |
{- "action": "alias",
- "snap": "moon-buggy",
- "app": "string",
- "alias": "foo"
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Perform actions like start, stop, or restart on snap applications, typically services.
The action to perform on one or more applications.
| action required | string The action to perform. | ||||
| names required | Array of strings A list of names of snaps (e.g. "lxd") or specific apps (e.g. "lxd.daemon") to operate on. | ||||
| scope | Array of strings | ||||
object | |||||
| |||||
| enable | boolean Default: false Arranges to have the service start at system boot. | ||||
{- "action": "start",
- "names": [
- "lxd"
], - "enable": true
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Retrieves configuration values from confdb.
| account required | string |
| confdb-schema required | string |
| view required | string |
| keys | string A comma-separated list of configuration paths to read from. These paths refer to rules defined in the view specified in the URL. If no list is provided, the GET will match with all readable view rules and return any stored values for those. If there are no stored configuration values for a subset of the fields, those fields will be omitted from the result object. |
{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Sets configuration values in confdb.
| account required | string |
| confdb-schema required | string |
| view required | string |
| property name* additional property | any |
{- "office.ssid": "foo",
- "password": null
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Used to connect and disconnect interfaces. Issues a command to the interface system to operate on the specified plug and slot.
Parameters for the interface action.
| action | string Enum: "connect" "disconnect" Action to perform. | ||||||||||||||
| forget | boolean Used with the 'disconnect' action. Ensures the system does not reestablish the connection going forward. | ||||||||||||||
Array of objects (Slot) = 1 items | |||||||||||||||
Array (= 1 items)
| |||||||||||||||
Array of objects (Plug) = 1 items | |||||||||||||||
Array (= 1 items)
| |||||||||||||||
{- "action": "connect",
- "forget": true,
- "slots": [
- {
- "snap": "string",
- "slot": "string",
- "interface": "string",
- "attrs": { },
- "apps": [
- "string"
], - "label": "string",
- "connections": [
- {
- "snap": "string",
- "plug": "string"
}
]
}
], - "plugs": [
- {
- "snap": "string",
- "plug": "string",
- "interface": "string",
- "attrs": { },
- "apps": [
- "string"
], - "label": "string",
- "connections": [
- {
- "snap": "string",
- "slot": "string"
}
]
}
]
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Replaces the current model assertion, potentially triggering a remodel of the system.
The endpoint accepts two different content types depending on the use case:
application/json: For a standard (online) remodel where the system will
fetch required snaps from the store.multipart/form-data: For an offline remodel, where the new model
assertion and all required snaps and other files are provided directly in
the request.The new model assertion and, for offline remodels, any required files (snaps, etc.).
| assertion required | string A string containing the full, signed model assertion. |
{- "assertion": "type: model\nauthority-id: generic\nseries: 16\nbrand-id: generic\nmodel: generic-classic\nclassic: true\ntimestamp: 2025-10-03T10:40:00.0Z\nsign-key-sha3-384: d-JcZF9nD9eBw7bwMnH61x-bklnQOhQud1Is6o_cn2wTj8EYDi9musrIT9z2MdAa\nAcLBXAQAAQ[...]"
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Performs an asynchronous action on the current serial assertion by sending a
JSON command. The only supported action is forget, which causes the
system to unregister its current serial and prepare for a new one.
A JSON object specifying the action to perform on the serial.
| action required | string Value: "forget" The action to perform on the serial assertion. |
| no-registration-until-reboot | boolean Default: false If true, delays device registration until the next reboot. |
{- "action": "forget",
- "no-registration-until-reboot"": true
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Create, modify, or remove a quota group.
| action required | string Enum: "ensure" "remove" | ||||||||||||||||||||||||||||||
required | object (QuotaGroup) Defines a quota group for one or more snaps. | ||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||
{- "action": "ensure",
- "quota-group": {
- "group-name": "logmem",
- "subgroups": [
- "string"
], - "parent": "string",
- "snaps": [
- "string"
], - "services": "string",
- "constraints": {
- "memory": 32768,
- "cpu": "string",
- "cpu-set": "string",
- "threads": 2,
- "journal": {
- "size": 0,
- "rate-count": 0,
- "rate-period": 0
}
}, - "current": { }
}
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Install, refresh, revert, remove, enable, disable, or perform other actions on snaps. This endpoint supports both standard JSON requests for store operations and multipart/form-data for sideloading snaps.
The body of the JSON request.
| action required | string Enum: "install" "refresh" "remove" "revert" "hold" "unhold" "enable" "disable" "switch" "snapshot" |
| snaps | Array of strings |
| quota-group | string The quota group the snap belongs to. |
| unaliased | boolean |
| prefer | boolean Cannot be used with 'unaliased' |
| classic | boolean Whether the snap uses classic confinement or not. |
| devmode | boolean Whether the snap should be installed in developer mode or not. |
| jailmode | boolean Set to true to install the snap in jail mode. Only non-classic snaps can be placed in jail mode. |
| ignore-running | boolean |
| components | string <map[string][]string> This parameter is a mapping of a string to a string array. If a snap is installed, it will install the requested components for it. If the snap is not installed, the snap will be installed along with requested components. |
| transaction | string Enum: "per-snap" "all-snaps" |
{- "action": "install",
- "snaps": [
- "string"
], - "quota-group": "string",
- "unaliased": true,
- "prefer": true,
- "classic": true,
- "devmode": true,
- "jailmode": true,
- "ignore-running": true,
- "components": "{ \"firefox\": [\"firefox+comp\"]}",
- "transaction": "per-snap"
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Perform an action (install, refresh, remove, etc.) on a single, specific snap.
| name required | string The name of the snap. |
The action and options for the snap.
| action required | string Enum: "install" "refresh" "remove" "revert" "enable" "disable" "switch" "hold" "unhold" |
| channel | string The channel to use for the action. |
| revision | string A specific revision to install or revert to. |
| classic | boolean |
| devmode | boolean |
| purge | boolean If true, don't save a snapshot of data on removal. |
| terminate | boolean If true, kill running processes before removal. |
| components | Array of strings |
{- "action": "install",
- "channel": "beta",
- "revision": "string",
- "classic": true,
- "devmode": true,
- "purge": true,
- "terminate": true,
- "components": [
- "string"
]
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Set the configuration details for an installed snap. Use 'system' as the name to set system options.
| name required | string The name of the snap or the reserved name 'system'. |
A JSON map of configuration keys and values. Dotted keys can be used. Use a null value to unset an option.
| property name* additional property | any |
{- "conf-key1": "conf-value1",
- "dotted.key": "conf-value2",
- "key-to-unset": null
}{- "status-code": 400,
- "status": "Bad Request",
- "type": "error",
- "result": {
- "kind": "option-not-available",
- "message": "cannot get 'ssid' through canonical/network/wifi-setup: no data"
}
}Performs an action on a snapshot set, such as restoring, checking, forgetting, or importing from a data stream.
The action to perform. Can be a JSON object for manipulation or a binary stream for import.
| action required | string Enum: "restore" "check" "forget" |
| set required | integer The ID of the snapshot set to operate on. |
| snaps | Array of strings An array of snap names to restrict the action to. |
| users | Array of strings An array of user names to restrict the action to (disallowed for 'forget'). |
{- "action": "restore",
- "set": 0,
- "snaps": [
- "string"
], - "users": [
- "string"
]
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Perform an action such as 'reboot', 'install' on the current active recovery system, or 'create' a new recovery system.
| action required | string Value: "create" |
| label required | string A unique label for the new recovery system. |
| validation-sets | Array of strings A list of validation set strings to use for creating the system. |
| test-system | boolean Default: false If true, creates the system as a test system. |
| mark-default | boolean Default: false If true, marks the new system as the default recovery system. |
| offline | boolean Default: false If true, performs the creation in offline mode. |
{- "action": "create",
- "label": "string",
- "validation-sets": [
- "string"
], - "test-system": false,
- "mark-default": false,
- "offline": false
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Modify aliases by performing an 'alias', 'unalias', or 'prefer' action.
The action to perform on an alias.
| action required | string Enum: "alias" "unalias" "prefer" The action to perform on the alias. |
| snap | string The snap name to modify (optional for unalias). |
| app | string The app to modify (optional). |
| alias required | string The alias to modify. |
{- "action": "alias",
- "snap": "moon-buggy",
- "app": "string",
- "alias": "foo"
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Perform actions like start, stop, or restart on snap applications, typically services.
The action to perform on one or more applications.
| action required | string The action to perform. | ||||
| names required | Array of strings A list of names of snaps (e.g. "lxd") or specific apps (e.g. "lxd.daemon") to operate on. | ||||
| scope | Array of strings | ||||
object | |||||
| |||||
| enable | boolean Default: false Arranges to have the service start at system boot. | ||||
{- "action": "start",
- "names": [
- "lxd"
], - "enable": true
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Requires a valid assertion with a signature signed by a verifiable public key. The body of the request provides the assertion to add. If replacing an existing assertion the new must be consistent with and its prerequisite.
The raw assertion text to add to the database.
A raw assertion string.
{- "status-code": 400,
- "status": "Bad Request",
- "type": "error",
- "result": {
- "kind": "option-not-available",
- "message": "cannot get 'ssid' through canonical/network/wifi-setup: no data"
}
}Retrieves a list of all changes in progress or completed on the system.
| select | string Default: "in-progress" Enum: "all" "in-progress" "ready" Limit which changes are returned. |
| for | string Optional snap name to limit results to. |
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": [
- {
- "id": "73",
- "kind": "auto-refresh",
- "summary": "Auto-refresh snaps \"core22\", \"firefox\"",
- "status": "Abort",
- "tasks": [
- {
- "id": "1502",
- "kind": "check-rerefresh",
- "summary": "Download snap 'core22' (2133) from channel 'latest/stable'",
- "status": "Abort",
- "progress": {
- "done": 1,
- "label": "core22 (delta)",
- "total": 3
}, - "spawn-time": "2024-03-28T13:00:35.505604296Z",
- "ready-time": "2024-03-28T13:00:35.547274976Z",
- "data": {
- "affected-snaps": [
- "firefox",
- "gnome-42-2204",
- "lxd"
]
}, - "log": [
- "2025-09-18T08:43:59-02:30 INFO No re-refreshes found."
]
}
], - "ready": true,
- "spawn-time": "2019-08-24T14:15:22Z",
- "ready-time": "2019-08-24T14:15:22Z",
- "err": "string",
- "data": { },
- "log": [
- "string"
]
}
]
}Retrieves the current status of a specific background change by its ID.
| id required | string The ID of the change to retrieve. |
{- "id": "73",
- "kind": "auto-refresh",
- "summary": "Auto-refresh snaps \"core22\", \"firefox\"",
- "status": "Abort",
- "tasks": [
- {
- "id": "1502",
- "kind": "check-rerefresh",
- "summary": "Download snap 'core22' (2133) from channel 'latest/stable'",
- "status": "Abort",
- "progress": {
- "done": 1,
- "label": "core22 (delta)",
- "total": 3
}, - "spawn-time": "2024-03-28T13:00:35.505604296Z",
- "ready-time": "2024-03-28T13:00:35.547274976Z",
- "data": {
- "affected-snaps": [
- "firefox",
- "gnome-42-2204",
- "lxd"
]
}, - "log": [
- "2025-09-18T08:43:59-02:30 INFO No re-refreshes found."
]
}
], - "ready": true,
- "spawn-time": "2019-08-24T14:15:22Z",
- "ready-time": "2019-08-24T14:15:22Z",
- "err": "string",
- "data": { },
- "log": [
- "string"
]
}Aborts a change that is currently in progress.
| id required | string The ID of the change to retrieve. |
| action required | string Value: "abort" |
{- "action": "abort"
}{- "id": "73",
- "kind": "auto-refresh",
- "summary": "Auto-refresh snaps \"core22\", \"firefox\"",
- "status": "Abort",
- "tasks": [
- {
- "id": "1502",
- "kind": "check-rerefresh",
- "summary": "Download snap 'core22' (2133) from channel 'latest/stable'",
- "status": "Abort",
- "progress": {
- "done": 1,
- "label": "core22 (delta)",
- "total": 3
}, - "spawn-time": "2024-03-28T13:00:35.505604296Z",
- "ready-time": "2024-03-28T13:00:35.547274976Z",
- "data": {
- "affected-snaps": [
- "firefox",
- "gnome-42-2204",
- "lxd"
]
}, - "log": [
- "2025-09-18T08:43:59-02:30 INFO No re-refreshes found."
]
}
], - "ready": true,
- "spawn-time": "2019-08-24T14:15:22Z",
- "ready-time": "2019-08-24T14:15:22Z",
- "err": "string",
- "data": { },
- "log": [
- "string"
]
}Creates a set of cohort keys for a given set of snaps.
| action required | string Value: "create" |
| snaps required | Array of strings An array of snap names to create cohorts for. |
{- "action": "create",
- "snaps": [
- "libreoffice",
- "lxd",
- "multipass"
]
}{- "cohorts": {
- "core24": "MSBkd1RBaDdNWlowMXp5cmlPWkVycWQxSnluUUxpT0d2TSAxNzU5NDIxNjg0IDc3Yzk1ODllNDYxNzEwNDUwZWZiNjE5YjMwNmJiMzJlMmJiZTlkMzNmOGRlMmIwYmQzNmQ4ZWEyYjcwNGNmZmI=",
- "snapd": "MSBQTXJyVjRtbDh1V3VFVURCVDhkU0duS1VZYmV2VmhjNCAxNzU5NDIxNjg0IDU1YzdjZWRkZWJhNjFkNjIxMjU3ZTAwMDYxMjllZWJkYjE4N2Y3YTE0MTc0NmM2NjAyM2IyYWY4ZDY2MzRlZDU="
}
}Retrieves configuration values from confdb.
| account required | string |
| confdb-schema required | string |
| view required | string |
| keys | string A comma-separated list of configuration paths to read from. These paths refer to rules defined in the view specified in the URL. If no list is provided, the GET will match with all readable view rules and return any stored values for those. If there are no stored configuration values for a subset of the fields, those fields will be omitted from the result object. |
{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Sets configuration values in confdb.
| account required | string |
| confdb-schema required | string |
| view required | string |
| property name* additional property | any |
{- "office.ssid": "foo",
- "password": null
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Finds snaps or components in the store that match the search criteria and are compatible with the host system. In order for the user to be authorized to use this route, they must be logged in via 'snap-login', hence being tagged as both OpenAccess and AuthenticationRequired. PeerAuth is not listed here as sudo is not required to interact with the route.
| q | string Search for packages that match the given string. Spaces between words are treated as logical AND operators. This is a weighted broad search, meant as the main interface to searching for packages. |
| name | string An exact name to search for. Supports '*' as a wildcard at the end. Cannot be used together with q. This is meant for things like auto-completion. |
| scope | string Value: "wide" If set to 'wide', broadens the search to include non-stable packages. |
| section | string The name of a store section to search within. Use GET /v2/sections to get the names of the sections. |
| select | string Enum: "refresh" "private" Alter the collection searched. refresh - search refreshable snaps. Cannot be used with q, nor name. private - search private snaps (by default, find only searches public snaps). Cannot be used with name, only q (for now at least). |
| common-id | string Example: common-id=org.videolan.vlc Search for packages using the common-id attribute. This is often the application name used by other packaging formats. |
[- {
- "id": "string",
- "name": "string",
- "base": "core20",
- "channel": "string",
- "common-ids": [
- "code.desktop"
], - "confinement": "classic",
- "contact": "string",
- "description": "string",
- "developer": "string",
- "devmode": true,
- "download-size": 0,
- "license": "string",
- "private": true,
- "revision": "string",
- "status": "available",
- "summary": "string",
- "title": "string",
- "type": "app",
- "version": "string",
- "categories": [
- {
- "featured": true,
- "name": "string"
}
], - "links": {
}, - "publisher": {
- "display-name": "string",
- "id": "string",
- "username": "string",
- "validation": "verified"
}
}
]Used to connect and disconnect interfaces. Issues a command to the interface system to operate on the specified plug and slot.
Parameters for the interface action.
| action | string Enum: "connect" "disconnect" Action to perform. | ||||||||||||||
| forget | boolean Used with the 'disconnect' action. Ensures the system does not reestablish the connection going forward. | ||||||||||||||
Array of objects (Slot) = 1 items | |||||||||||||||
Array (= 1 items)
| |||||||||||||||
Array of objects (Plug) = 1 items | |||||||||||||||
Array (= 1 items)
| |||||||||||||||
{- "action": "connect",
- "forget": true,
- "slots": [
- {
- "snap": "string",
- "slot": "string",
- "interface": "string",
- "attrs": { },
- "apps": [
- "string"
], - "label": "string",
- "connections": [
- {
- "snap": "string",
- "plug": "string"
}
]
}
], - "plugs": [
- {
- "snap": "string",
- "plug": "string",
- "interface": "string",
- "attrs": { },
- "apps": [
- "string"
], - "label": "string",
- "connections": [
- {
- "snap": "string",
- "slot": "string"
}
]
}
]
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Authenticates a user with Snapd and the store using their credentials. Credentials are saved to the ~/.snap/auth.json file and further communication is made with these credentials.
| email required | string <email> .@.*\.. The email associated with the desired account. |
| password required | string <password> The password associated with the email address. |
| otp | string A one-time password for two-factor authentication. |
{- "email": "random.user@emailaddr.com",
- "password": "password1234!",
- "otp": "123456"
}{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "id": 0,
- "email": "user@example.com",
- "macaroon": "string",
- "discharges": [
- "discharge-for-macaroon-authentication"
], - "username": "user-name"
}
}Logs the currently authenticated user out of snapd and the store.
| Authorization | string <Authorization: Macaroon <the-macaroon>> The authorization to remove from the system. |
{- "status-code": 400,
- "status": "Bad Request",
- "type": "error",
- "result": {
- "kind": "option-not-available",
- "message": "cannot get 'ssid' through canonical/network/wifi-setup: no data"
}
}Retrieves log contents from the snapd daemon. The response is a stream of newline-delimited JSON objects.
| follow | boolean Default: false If set, returns log entries as they occur, streaming the response. |
| n | integer Default: 10 Number of log entries to return. |
| names | string Example: names=multipass,lxd Comma-separated list of snap names to filter by. |
{- "timestamp": "2025-09-11T15:10:22.264675Z",
- "message": "Failed to get https://cloud-images.ubuntu.com/releases/streams/v1/index.json",
- "sid": "multipassd",
- "pid": "2062"
}Replaces the current model assertion, potentially triggering a remodel of the system.
The endpoint accepts two different content types depending on the use case:
application/json: For a standard (online) remodel where the system will
fetch required snaps from the store.multipart/form-data: For an offline remodel, where the new model
assertion and all required snaps and other files are provided directly in
the request.The new model assertion and, for offline remodels, any required files (snaps, etc.).
| assertion required | string A string containing the full, signed model assertion. |
{- "assertion": "type: model\nauthority-id: generic\nseries: 16\nbrand-id: generic\nmodel: generic-classic\nclassic: true\ntimestamp: 2025-10-03T10:40:00.0Z\nsign-key-sha3-384: d-JcZF9nD9eBw7bwMnH61x-bklnQOhQud1Is6o_cn2wTj8EYDi9musrIT9z2MdAa\nAcLBXAQAAQ[...]"
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Performs an asynchronous action on the current serial assertion by sending a
JSON command. The only supported action is forget, which causes the
system to unregister its current serial and prepare for a new one.
A JSON object specifying the action to perform on the serial.
| action required | string Value: "forget" The action to perform on the serial assertion. |
| no-registration-until-reboot | boolean Default: false If true, delays device registration until the next reboot. |
{- "action": "forget",
- "no-registration-until-reboot"": true
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Create, modify, or remove a quota group.
| action required | string Enum: "ensure" "remove" | ||||||||||||||||||||||||||||||
required | object (QuotaGroup) Defines a quota group for one or more snaps. | ||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||
{- "action": "ensure",
- "quota-group": {
- "group-name": "logmem",
- "subgroups": [
- "string"
], - "parent": "string",
- "snaps": [
- "string"
], - "services": "string",
- "constraints": {
- "memory": 32768,
- "cpu": "string",
- "cpu-set": "string",
- "threads": 2,
- "journal": {
- "size": 0,
- "rate-count": 0,
- "rate-period": 0
}
}, - "current": { }
}
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Executes a 'snapctl' command within a given context. This route uses the socket /run/snapd-snap.socket. This is intended to be used only from within a snap itself.
The context and arguments for the snapctl command.
| context-id required | string The context ID for this call. The context ID is passed to hooks through the $SNAP_COOKIE environment variable. The 'snapctl' command passes this automatically. For hooks that are calling the endpoint manually, the responsibility falls on the binary to retrieve the context ID itself. |
| args required | Array of strings A list of arguments to pass to snapctl. |
| stdin | string If args is fde-setup-result, provides stdin to the context. |
{- "context-id": "ABCDEF",
- "args": [
- "get",
- "username"
], - "stdin": "string"
}{- "stdout": "string",
- "stderr": "string"
}Install, refresh, revert, remove, enable, disable, or perform other actions on snaps. This endpoint supports both standard JSON requests for store operations and multipart/form-data for sideloading snaps.
The body of the JSON request.
| action required | string Enum: "install" "refresh" "remove" "revert" "hold" "unhold" "enable" "disable" "switch" "snapshot" |
| snaps | Array of strings |
| quota-group | string The quota group the snap belongs to. |
| unaliased | boolean |
| prefer | boolean Cannot be used with 'unaliased' |
| classic | boolean Whether the snap uses classic confinement or not. |
| devmode | boolean Whether the snap should be installed in developer mode or not. |
| jailmode | boolean Set to true to install the snap in jail mode. Only non-classic snaps can be placed in jail mode. |
| ignore-running | boolean |
| components | string <map[string][]string> This parameter is a mapping of a string to a string array. If a snap is installed, it will install the requested components for it. If the snap is not installed, the snap will be installed along with requested components. |
| transaction | string Enum: "per-snap" "all-snaps" |
{- "action": "install",
- "snaps": [
- "string"
], - "quota-group": "string",
- "unaliased": true,
- "prefer": true,
- "classic": true,
- "devmode": true,
- "jailmode": true,
- "ignore-running": true,
- "components": "{ \"firefox\": [\"firefox+comp\"]}",
- "transaction": "per-snap"
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Perform an action (install, refresh, remove, etc.) on a single, specific snap.
| name required | string The name of the snap. |
The action and options for the snap.
| action required | string Enum: "install" "refresh" "remove" "revert" "enable" "disable" "switch" "hold" "unhold" |
| channel | string The channel to use for the action. |
| revision | string A specific revision to install or revert to. |
| classic | boolean |
| devmode | boolean |
| purge | boolean If true, don't save a snapshot of data on removal. |
| terminate | boolean If true, kill running processes before removal. |
| components | Array of strings |
{- "action": "install",
- "channel": "beta",
- "revision": "string",
- "classic": true,
- "devmode": true,
- "purge": true,
- "terminate": true,
- "components": [
- "string"
]
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Retrieve configuration details for an installed snap. Use 'system' as the name to get system options.
| name required | string The name of the snap or the reserved name 'system'. |
| keys | string A comma-separated list of keys to retrieve. Dotted keys can be used for nested values. |
{ }Set the configuration details for an installed snap. Use 'system' as the name to set system options.
| name required | string The name of the snap or the reserved name 'system'. |
A JSON map of configuration keys and values. Dotted keys can be used. Use a null value to unset an option.
| property name* additional property | any |
{- "conf-key1": "conf-value1",
- "dotted.key": "conf-value2",
- "key-to-unset": null
}{- "status-code": 400,
- "status": "Bad Request",
- "type": "error",
- "result": {
- "kind": "option-not-available",
- "message": "cannot get 'ssid' through canonical/network/wifi-setup: no data"
}
}Performs an action on a snapshot set, such as restoring, checking, forgetting, or importing from a data stream.
The action to perform. Can be a JSON object for manipulation or a binary stream for import.
| action required | string Enum: "restore" "check" "forget" |
| set required | integer The ID of the snapshot set to operate on. |
| snaps | Array of strings An array of snap names to restrict the action to. |
| users | Array of strings An array of user names to restrict the action to (disallowed for 'forget'). |
{- "action": "restore",
- "set": 0,
- "snaps": [
- "string"
], - "users": [
- "string"
]
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Retrieves a snapshot set as a downloadable tar archive (.tgz).
The response body is a binary stream.
| set-id required | integer Example: 2 The ID of the snapshot set to export. |
{- "status-code": 400,
- "status": "Bad Request",
- "type": "error",
- "result": {
- "kind": "option-not-available",
- "message": "cannot get 'ssid' through canonical/network/wifi-setup: no data"
}
}Removes and resets LUKS encryption keys when using full disk encryption on Ubuntu Core devices.
| action required | string Value: "remove" The only supported action is 'remove'. |
{- "action": "remove"
}{- "status-code": 400,
- "status": "Bad Request",
- "type": "error",
- "result": {
- "kind": "option-not-available",
- "message": "cannot get 'ssid' through canonical/network/wifi-setup: no data"
}
}Perform an action such as 'reboot', 'install' on the current active recovery system, or 'create' a new recovery system.
| action required | string Value: "create" |
| label required | string A unique label for the new recovery system. |
| validation-sets | Array of strings A list of validation set strings to use for creating the system. |
| test-system | boolean Default: false If true, creates the system as a test system. |
| mark-default | boolean Default: false If true, marks the new system as the default recovery system. |
| offline | boolean Default: false If true, performs the creation in offline mode. |
{- "action": "create",
- "label": "string",
- "validation-sets": [
- "string"
], - "test-system": false,
- "mark-default": false,
- "offline": false
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Retrieves detailed information for a single recovery system, including storage encryption status and available actions.
| label required | string The label of the recovery system. |
{- "current": true,
- "label": "string",
- "brand": {
- "id": "string",
- "username": "string",
- "display-name": "string",
- "validation": "string"
}, - "model": { },
- "actions": [
- {
- "title": "string",
- "mode": "string"
}
], - "available-optional": {
- "snaps": [
- "string"
], - "components": [
- "string"
]
}, - "volumes": [
- {
- "name": "string",
- "type": "string",
- "size": "string"
}
], - "storage-encryption": {
- "support": "disabled",
- "storage-safety": "string",
- "type": "string",
- "unavailable-reason": "string",
- "availability-check-errors": [
- "string"
], - "features": [
- "passphrase-auth"
]
}
}Perform an action on the recovery system identified by its label. The required parameters in the request body depend on the specified action.
| label required | string The label of the recovery system. |
| action required | string Value: "do" |
| mode required | string The mode of the action to perform (e.g., 'recover', 'run'). |
| title | string The title of the custom action to perform. |
{- "action": "do",
- "mode": "string",
- "title": "string"
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Retrieves a single validation set by its account ID and name.
| account-id required | string Example: ABCDEF12345678900987654321FEDCBA The developer account ID for the validation set. |
| name required | string Example: myset1 The name of the validation set. |
{- "account-id": "string",
- "name": "string",
- "mode": "monitor",
- "pinned-at": 0,
- "sequence": 0,
- "valid": true
}Apply or forget a specific validation set.
| account-id required | string Example: ABCDEF12345678900987654321FEDCBA The developer account ID for the validation set. |
| name required | string Example: myset1 The name of the validation set. |
| action required | string Enum: "apply" "forget" The operation to perform on the validation set. |
| mode | string Enum: "monitor" "enforce" The mode to enable for the validation set. Required when action is 'apply'. |
| sequence | integer When using 'apply': an optional sequence number to pin. When using 'forget': an optional sequence number to match before forgetting. |
{- "action": "apply",
- "mode": "monitor",
- "sequence": 1
}{- "account-id": "ABCDEF12345678900987654321FEDCBA",
- "mode": "monitor",
- "name": "myset1",
- "pinned-at": 1,
- "sequence": 1,
- "valid": true
}Warnings can only be acknowledged to clear them, but they may reoccur Acknowledging warnings does not fix the underlying cause.
| action required | string Value: "okay" |
| timestamp required | string <date-time> Time to clear warnings before (RFC3339 UTC format). |
{- "action": "okay",
- "timestamp": "2025-09-08T17:29:40.829324752Z"
}{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": 0
}Retrieves a list of all changes in progress or completed on the system.
| select | string Default: "in-progress" Enum: "all" "in-progress" "ready" Limit which changes are returned. |
| for | string Optional snap name to limit results to. |
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": [
- {
- "id": "73",
- "kind": "auto-refresh",
- "summary": "Auto-refresh snaps \"core22\", \"firefox\"",
- "status": "Abort",
- "tasks": [
- {
- "id": "1502",
- "kind": "check-rerefresh",
- "summary": "Download snap 'core22' (2133) from channel 'latest/stable'",
- "status": "Abort",
- "progress": {
- "done": 1,
- "label": "core22 (delta)",
- "total": 3
}, - "spawn-time": "2024-03-28T13:00:35.505604296Z",
- "ready-time": "2024-03-28T13:00:35.547274976Z",
- "data": {
- "affected-snaps": [
- "firefox",
- "gnome-42-2204",
- "lxd"
]
}, - "log": [
- "2025-09-18T08:43:59-02:30 INFO No re-refreshes found."
]
}
], - "ready": true,
- "spawn-time": "2019-08-24T14:15:22Z",
- "ready-time": "2019-08-24T14:15:22Z",
- "err": "string",
- "data": { },
- "log": [
- "string"
]
}
]
}Retrieves the current status of a specific background change by its ID.
| id required | string The ID of the change to retrieve. |
{- "id": "73",
- "kind": "auto-refresh",
- "summary": "Auto-refresh snaps \"core22\", \"firefox\"",
- "status": "Abort",
- "tasks": [
- {
- "id": "1502",
- "kind": "check-rerefresh",
- "summary": "Download snap 'core22' (2133) from channel 'latest/stable'",
- "status": "Abort",
- "progress": {
- "done": 1,
- "label": "core22 (delta)",
- "total": 3
}, - "spawn-time": "2024-03-28T13:00:35.505604296Z",
- "ready-time": "2024-03-28T13:00:35.547274976Z",
- "data": {
- "affected-snaps": [
- "firefox",
- "gnome-42-2204",
- "lxd"
]
}, - "log": [
- "2025-09-18T08:43:59-02:30 INFO No re-refreshes found."
]
}
], - "ready": true,
- "spawn-time": "2019-08-24T14:15:22Z",
- "ready-time": "2019-08-24T14:15:22Z",
- "err": "string",
- "data": { },
- "log": [
- "string"
]
}Aborts a change that is currently in progress.
| id required | string The ID of the change to retrieve. |
| action required | string Value: "abort" |
{- "action": "abort"
}{- "id": "73",
- "kind": "auto-refresh",
- "summary": "Auto-refresh snaps \"core22\", \"firefox\"",
- "status": "Abort",
- "tasks": [
- {
- "id": "1502",
- "kind": "check-rerefresh",
- "summary": "Download snap 'core22' (2133) from channel 'latest/stable'",
- "status": "Abort",
- "progress": {
- "done": 1,
- "label": "core22 (delta)",
- "total": 3
}, - "spawn-time": "2024-03-28T13:00:35.505604296Z",
- "ready-time": "2024-03-28T13:00:35.547274976Z",
- "data": {
- "affected-snaps": [
- "firefox",
- "gnome-42-2204",
- "lxd"
]
}, - "log": [
- "2025-09-18T08:43:59-02:30 INFO No re-refreshes found."
]
}
], - "ready": true,
- "spawn-time": "2019-08-24T14:15:22Z",
- "ready-time": "2019-08-24T14:15:22Z",
- "err": "string",
- "data": { },
- "log": [
- "string"
]
}Retrieves configuration values from confdb.
| account required | string |
| confdb-schema required | string |
| view required | string |
| keys | string A comma-separated list of configuration paths to read from. These paths refer to rules defined in the view specified in the URL. If no list is provided, the GET will match with all readable view rules and return any stored values for those. If there are no stored configuration values for a subset of the fields, those fields will be omitted from the result object. |
{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Sets configuration values in confdb.
| account required | string |
| confdb-schema required | string |
| view required | string |
| property name* additional property | any |
{- "office.ssid": "foo",
- "password": null
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Retrieves a list of all outstanding access request prompts.
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
[- {
- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "snap": "string",
- "interface": "home",
- "constraints": {
- "requested-permissions": [
- "access"
], - "available-permissions": [
- "access"
]
}
}
]Retrieves the details of a single prompt specified by its unique ID.
| id required | string The unique identifier of the prompt to retrieve. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
{- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "snap": "string",
- "interface": "home",
- "constraints": {
- "requested-permissions": [
- "access"
], - "available-permissions": [
- "access"
]
}
}Submit a reply (allow or deny) to an outstanding prompt, potentially creating a new rule.
| id required | string The unique identifier of the prompt to which to reply. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
| action required | string Enum: "allow" "deny" | ||
| lifespan required | string Enum: "single" "timespan" "session" "forever" The lifespan for which the decision applies. single: the decision only applies to the prompt with the given ID timespan: the decision creates a rule which applies for the duration specified by the duration field or until it is deleted session: the decision creates a rule which applies until the user logs out (specifically, until the systemd user session ends) forever: the decision creates a rule which applies until it is deleted | ||
| duration | string <Go duration> The duration for which the decision applies. Required if lifespan is timespan, otherwise must be omitted. | ||
required | PromptingReplyConstraintsCamera (object) or PromptingReplyConstraintsHome (object) | ||
One of
| |||
{- "action": "allow",
- "lifespan": "single",
- "duration": "7h30m",
- "constraints": {
- "permissions": [
- "access"
]
}
}[- "string"
]Retrieves a list of all prompting rules, with optional filtering.
| snap | string Only retrieve rules which apply to the given snap. |
| interface | string Only retrieve rules which apply to the given interface. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
[- {
- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "user": 0,
- "snap": "string",
- "interface": "camera",
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}
}
}
}
]Create a new access rule or remove a set of existing rules based on a selector.
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
| action required | string Value: "add" The action to perform on the rules endpoint. | ||||||||||
required | object | ||||||||||
| |||||||||||
{- "action": "add",
- "rule": {
- "snap": "string",
- "interface": "string",
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "duration": "7h30m"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "duration": "7h30m"
}
}
}
}
}[ ]Retrieves the details of a single rule specified by its unique ID.
| id required | string The unique identifier of the rule to retrieve. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
{- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "user": 0,
- "snap": "string",
- "interface": "camera",
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}
}
}
}Update or remove an existing rule specified by its unique ID.
| id required | string The unique identifier of the rule to patch or remove. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
| action required | string Value: "patch" The action to perform on the rule with the given ID. | ||||||
required | object | ||||||
| |||||||
{- "action": "patch",
- "rule": {
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "duration": "7h30m"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "duration": "7h30m"
}
}
}
}
}{- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "user": 0,
- "snap": "string",
- "interface": "camera",
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}
}
}
}Retrieves the connection status of all plugs and slots on the system.
| snap | string Limit results to a given snap name. |
| select | string Enum: "" "all" When set to 'all', unconnected slots and plugs are included. When unset or empty, the results include only those plugs and slots that are connected. |
| interface | string Limit results to a specific interface name. |
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "established": [
- {
- "slot": {
- "snap": "string",
- "slot": "string"
}, - "plug": {
- "snap": "string",
- "plug": "string"
}, - "interface": "string",
- "manual": true,
- "gadget": true,
- "slot-attrs": { },
- "plug-attrs": { }
}
], - "undesired": [
- {
- "slot": {
- "snap": "string",
- "slot": "string"
}, - "plug": {
- "snap": "string",
- "plug": "string"
}, - "interface": "string",
- "manual": true,
- "gadget": true,
- "slot-attrs": { },
- "plug-attrs": { }
}
], - "plugs": [
- {
- "snap": "string",
- "plug": "string",
- "interface": "string",
- "attrs": { },
- "apps": [
- "string"
], - "label": "string",
- "connections": [
- {
- "snap": "string",
- "slot": "string"
}
]
}
], - "slots": [
- {
- "snap": "string",
- "slot": "string",
- "interface": "string",
- "attrs": { },
- "apps": [
- "string"
], - "label": "string",
- "connections": [
- {
- "snap": "string",
- "plug": "string"
}
]
}
]
}
}Retrieves the available interfaces and their associated metadata.
| select | string Enum: "all" "connected" Set to 'all' to retrieve all interfaces, or 'connected' to only return connected interfaces (if this parameter is omitted then the call returns the legacy format that should be no longer used). |
| slots | boolean If set to true, slot information will be returned. |
| plugs | boolean If set to true, plug information will be returned. |
| doc | boolean If set to true, interface documentation will be returned. |
| names | string Example: names=content Interfaces that match the list of comma-separated names will be returned. The parameter matches against the name of the interface, not the name of snaps, plugs, or slots. |
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "plugs": [
- {
- "snap": "string",
- "plug": "string",
- "interface": "string",
- "attrs": { },
- "apps": [
- "string"
], - "label": "string",
- "connections": [
- {
- "snap": "string",
- "slot": "string"
}
]
}
], - "slots": [
- {
- "snap": "string",
- "slot": "string",
- "interface": "string",
- "attrs": { },
- "apps": [
- "string"
], - "label": "string",
- "connections": [
- {
- "snap": "string",
- "plug": "string"
}
]
}
]
}
}Used to connect and disconnect interfaces. Issues a command to the interface system to operate on the specified plug and slot.
Parameters for the interface action.
| action | string Enum: "connect" "disconnect" Action to perform. | ||||||||||||||
| forget | boolean Used with the 'disconnect' action. Ensures the system does not reestablish the connection going forward. | ||||||||||||||
Array of objects (Slot) = 1 items | |||||||||||||||
Array (= 1 items)
| |||||||||||||||
Array of objects (Plug) = 1 items | |||||||||||||||
Array (= 1 items)
| |||||||||||||||
{- "action": "connect",
- "forget": true,
- "slots": [
- {
- "snap": "string",
- "slot": "string",
- "interface": "string",
- "attrs": { },
- "apps": [
- "string"
], - "label": "string",
- "connections": [
- {
- "snap": "string",
- "plug": "string"
}
]
}
], - "plugs": [
- {
- "snap": "string",
- "plug": "string",
- "interface": "string",
- "attrs": { },
- "apps": [
- "string"
], - "label": "string",
- "connections": [
- {
- "snap": "string",
- "slot": "string"
}
]
}
]
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Retrieves a list of all outstanding access request prompts.
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
[- {
- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "snap": "string",
- "interface": "home",
- "constraints": {
- "requested-permissions": [
- "access"
], - "available-permissions": [
- "access"
]
}
}
]Retrieves the details of a single prompt specified by its unique ID.
| id required | string The unique identifier of the prompt to retrieve. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
{- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "snap": "string",
- "interface": "home",
- "constraints": {
- "requested-permissions": [
- "access"
], - "available-permissions": [
- "access"
]
}
}Submit a reply (allow or deny) to an outstanding prompt, potentially creating a new rule.
| id required | string The unique identifier of the prompt to which to reply. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
| action required | string Enum: "allow" "deny" | ||
| lifespan required | string Enum: "single" "timespan" "session" "forever" The lifespan for which the decision applies. single: the decision only applies to the prompt with the given ID timespan: the decision creates a rule which applies for the duration specified by the duration field or until it is deleted session: the decision creates a rule which applies until the user logs out (specifically, until the systemd user session ends) forever: the decision creates a rule which applies until it is deleted | ||
| duration | string <Go duration> The duration for which the decision applies. Required if lifespan is timespan, otherwise must be omitted. | ||
required | PromptingReplyConstraintsCamera (object) or PromptingReplyConstraintsHome (object) | ||
One of
| |||
{- "action": "allow",
- "lifespan": "single",
- "duration": "7h30m",
- "constraints": {
- "permissions": [
- "access"
]
}
}[- "string"
]Retrieves a list of all prompting rules, with optional filtering.
| snap | string Only retrieve rules which apply to the given snap. |
| interface | string Only retrieve rules which apply to the given interface. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
[- {
- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "user": 0,
- "snap": "string",
- "interface": "camera",
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}
}
}
}
]Create a new access rule or remove a set of existing rules based on a selector.
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
| action required | string Value: "add" The action to perform on the rules endpoint. | ||||||||||
required | object | ||||||||||
| |||||||||||
{- "action": "add",
- "rule": {
- "snap": "string",
- "interface": "string",
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "duration": "7h30m"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "duration": "7h30m"
}
}
}
}
}[ ]Retrieves the details of a single rule specified by its unique ID.
| id required | string The unique identifier of the rule to retrieve. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
{- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "user": 0,
- "snap": "string",
- "interface": "camera",
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}
}
}
}Update or remove an existing rule specified by its unique ID.
| id required | string The unique identifier of the rule to patch or remove. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
| action required | string Value: "patch" The action to perform on the rule with the given ID. | ||||||
required | object | ||||||
| |||||||
{- "action": "patch",
- "rule": {
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "duration": "7h30m"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "duration": "7h30m"
}
}
}
}
}{- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "user": 0,
- "snap": "string",
- "interface": "camera",
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}
}
}
}Retrieves notices for the current user and any public notices, with optional filtering.
| types | Array of strings (NoticeType) Items Enum: "change-update" "warning" "refresh-inhibit" "snap-run-inhibit" "interfaces-requests-prompt" "interfaces-requests-rule-update" If types is specified, only return notices with types matching the given types. The types parameter can include multiple types, notices matching any of the types are returned. |
| keys | Array of strings Example: keys=- If specified, only return notices with one of the given keys. |
| after | string <date-time> Example: after=2025-09-08T17:29:40.829324752Z If specified, only return notices with a 'last-repeated' field greater than the specified time, in RFC3339 UTC format. |
| timeout | string Example: timeout=7m30s If there are notices matching the filter which have already been recorded, these notices are returned immediately. Otherwise, if timeout is specified, wait up to the given duration for any new notices matching the filter to be recorded. This allows the user to use long-polling to be notified immediately when a new notice is recorded. |
| user-id | integer Example: user-id=1000 Admin only. Instead of returning notices associated with the user who initiated the API request, return notices associated with the given UID. Public notices are still returned, as before. Cannot be used with the 'users' parameter. |
| users | string Value: "all" Admin only. Value must be 'all'. Return notices associated with all users, instead of just the user which initiated the API request. Cannot be used with the 'user-id' parameter. |
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": [
- {
- "id": "67",
- "user-id": 4293792034,
- "type": "change-update",
- "key": "ABCDABCDABCDABCD",
- "first-occurred": "2025-09-08T17:29:40.829324752Z",
- "last-occurred": "2025-09-10T14:30:23.055109521Z",
- "last-repeated": "2025-09-10T14:30:23.055109521Z",
- "occurrences": 4,
- "last-data": {
- "kind": "alias"
}, - "repeat-after": "1h30m",
- "expire-after": "168h0m0s"
}
]
}Create a notice. Currently, this can only be used to create notices of type 'snap-run-inhibit'. Only the 'snap' command is allowed to create notices of that type.
| action required | string Value: "add" The action to perform. |
| key required | string The key of the notice to add. |
| type required | string Value: "snap-run-inhibit" The type of the notice to add. |
{- "action": "add",
- "key": "string",
- "type": "snap-run-inhibit"
}{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "id": "74"
}
}Retrieves a single notice by its unique ID.
| id required | string Example: 74 The unique ID of the notice to retrieve. |
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "id": "67",
- "user-id": 4293792034,
- "type": "change-update",
- "key": "ABCDABCDABCDABCD",
- "first-occurred": "2025-09-08T17:29:40.829324752Z",
- "last-occurred": "2025-09-10T14:30:23.055109521Z",
- "last-repeated": "2025-09-10T14:30:23.055109521Z",
- "occurrences": 4,
- "last-data": {
- "kind": "alias"
}, - "repeat-after": "1h30m",
- "expire-after": "168h0m0s"
}
}{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "property1": {
- "property1": {
- "command": "string",
- "status": "auto",
- "auto": "string",
- "manual": "string"
}, - "property2": {
- "command": "string",
- "status": "auto",
- "auto": "string",
- "manual": "string"
}
}, - "property2": {
- "property1": {
- "command": "string",
- "status": "auto",
- "auto": "string",
- "manual": "string"
}, - "property2": {
- "command": "string",
- "status": "auto",
- "auto": "string",
- "manual": "string"
}
}
}
}Lists applications available from installed snaps. Can be filtered by services or snap names.
| global | boolean Defaults to true for the root user to preserve normal behavior and match snapctl functionality. |
| select | string Value: "service" Example: select=service Limit which apps are returned. |
| names | string Example: names=spotify, lxd Comma-separated list of snap names to get apps for. |
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "snap": "lxd",
- "name": "daemon",
- "daemon": "simple",
- "enabled": true,
- "activators": [
- {
- "name": "unix",
- "type": "socket",
- "active": true,
- "enabled": true
}
]
}
}Get all the assertions in the system assertion database of the given type.
Assertions can be filtered by providing assertion header keys as query
parameters (e.g., ?username=canonical). The response is a stream of
assertions separated by double newlines. An assertion type of
snap-declaration can also be used to retrieve a remote snap-declaration
assertion for a given snap-id. This can also be accomplished from within the
snap environment.
| assertion-type required | string Example: account The type of assertion to retrieve. |
| remote | boolean Default: false When using remote, a primary key must be associated with the request assertion type. These mappings are as below account -> account-id account-key -> public-key-sha3-384 base-declaration -> series confdb-schema -> account-id AND name model -> series AND brand-id AND model preseed -> series AND brand-id AND model AND system_label repair -> brand-id AND repair-id serial -> brand-id AND model AND serial snap-build -> snap-sha3-384 snap-declaration -> series AND snap-id snap-developer -> snap-id AND publisher-id snap-resource-revision -> snap-id AND resource-name AND resource-sha3-384 AND provenance snap-resource-pair -> snap-id AND resource-name AND resource-revision AND snap-revision AND provenance snap-revision -> snap-sha3-384 AND provenance store -> store system-user -> brand-id AND email validation -> series AND snap-id AND approved-snap-id AND approved-snap-revision validation-set -> series AND account-id AND name AND sequence Some assertion types do not have a definite authority set account-key-request -> public-key-sha3-384 confdb-control -> brand-id AND model AND serial device-session-request -> brand_id AND model AND serial serial-request - N/A |
| json | boolean Default: false If true, the response is formatted as a JSON object containing the headers of the assertions instead of the default signed assertion stream format. |
Retrieves the connection status of all plugs and slots on the system.
| snap | string Limit results to a given snap name. |
| select | string Enum: "" "all" When set to 'all', unconnected slots and plugs are included. When unset or empty, the results include only those plugs and slots that are connected. |
| interface | string Limit results to a specific interface name. |
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "established": [
- {
- "slot": {
- "snap": "string",
- "slot": "string"
}, - "plug": {
- "snap": "string",
- "plug": "string"
}, - "interface": "string",
- "manual": true,
- "gadget": true,
- "slot-attrs": { },
- "plug-attrs": { }
}
], - "undesired": [
- {
- "slot": {
- "snap": "string",
- "slot": "string"
}, - "plug": {
- "snap": "string",
- "plug": "string"
}, - "interface": "string",
- "manual": true,
- "gadget": true,
- "slot-attrs": { },
- "plug-attrs": { }
}
], - "plugs": [
- {
- "snap": "string",
- "plug": "string",
- "interface": "string",
- "attrs": { },
- "apps": [
- "string"
], - "label": "string",
- "connections": [
- {
- "snap": "string",
- "slot": "string"
}
]
}
], - "slots": [
- {
- "snap": "string",
- "slot": "string",
- "interface": "string",
- "attrs": { },
- "apps": [
- "string"
], - "label": "string",
- "connections": [
- {
- "snap": "string",
- "plug": "string"
}
]
}
]
}
}Finds snaps or components in the store that match the search criteria and are compatible with the host system. In order for the user to be authorized to use this route, they must be logged in via 'snap-login', hence being tagged as both OpenAccess and AuthenticationRequired. PeerAuth is not listed here as sudo is not required to interact with the route.
| q | string Search for packages that match the given string. Spaces between words are treated as logical AND operators. This is a weighted broad search, meant as the main interface to searching for packages. |
| name | string An exact name to search for. Supports '*' as a wildcard at the end. Cannot be used together with q. This is meant for things like auto-completion. |
| scope | string Value: "wide" If set to 'wide', broadens the search to include non-stable packages. |
| section | string The name of a store section to search within. Use GET /v2/sections to get the names of the sections. |
| select | string Enum: "refresh" "private" Alter the collection searched. refresh - search refreshable snaps. Cannot be used with q, nor name. private - search private snaps (by default, find only searches public snaps). Cannot be used with name, only q (for now at least). |
| common-id | string Example: common-id=org.videolan.vlc Search for packages using the common-id attribute. This is often the application name used by other packaging formats. |
[- {
- "id": "string",
- "name": "string",
- "base": "core20",
- "channel": "string",
- "common-ids": [
- "code.desktop"
], - "confinement": "classic",
- "contact": "string",
- "description": "string",
- "developer": "string",
- "devmode": true,
- "download-size": 0,
- "license": "string",
- "private": true,
- "revision": "string",
- "status": "available",
- "summary": "string",
- "title": "string",
- "type": "app",
- "version": "string",
- "categories": [
- {
- "featured": true,
- "name": "string"
}
], - "links": {
}, - "publisher": {
- "display-name": "string",
- "id": "string",
- "username": "string",
- "validation": "verified"
}
}
]Retrieves the icon for a snap that is installed on the system. The response is the raw content of the icon file. The Content-Disposition header will specify the filename.
| name required | string The name of the snap to get the icon for. |
{- "status-code": 404,
- "status": "Not Found",
- "type": "error",
- "result": {
- "kind": "assertion-not-found",
- "message": "no model assertion yet",
- "value": "model"
}
}Retrieves the available interfaces and their associated metadata.
| select | string Enum: "all" "connected" Set to 'all' to retrieve all interfaces, or 'connected' to only return connected interfaces (if this parameter is omitted then the call returns the legacy format that should be no longer used). |
| slots | boolean If set to true, slot information will be returned. |
| plugs | boolean If set to true, plug information will be returned. |
| doc | boolean If set to true, interface documentation will be returned. |
| names | string Example: names=content Interfaces that match the list of comma-separated names will be returned. The parameter matches against the name of the interface, not the name of snaps, plugs, or slots. |
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "plugs": [
- {
- "snap": "string",
- "plug": "string",
- "interface": "string",
- "attrs": { },
- "apps": [
- "string"
], - "label": "string",
- "connections": [
- {
- "snap": "string",
- "slot": "string"
}
]
}
], - "slots": [
- {
- "snap": "string",
- "slot": "string",
- "interface": "string",
- "attrs": { },
- "apps": [
- "string"
], - "label": "string",
- "connections": [
- {
- "snap": "string",
- "plug": "string"
}
]
}
]
}
}Retrieves a list of all outstanding access request prompts.
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
[- {
- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "snap": "string",
- "interface": "home",
- "constraints": {
- "requested-permissions": [
- "access"
], - "available-permissions": [
- "access"
]
}
}
]Retrieves the details of a single prompt specified by its unique ID.
| id required | string The unique identifier of the prompt to retrieve. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
{- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "snap": "string",
- "interface": "home",
- "constraints": {
- "requested-permissions": [
- "access"
], - "available-permissions": [
- "access"
]
}
}Submit a reply (allow or deny) to an outstanding prompt, potentially creating a new rule.
| id required | string The unique identifier of the prompt to which to reply. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
| action required | string Enum: "allow" "deny" | ||
| lifespan required | string Enum: "single" "timespan" "session" "forever" The lifespan for which the decision applies. single: the decision only applies to the prompt with the given ID timespan: the decision creates a rule which applies for the duration specified by the duration field or until it is deleted session: the decision creates a rule which applies until the user logs out (specifically, until the systemd user session ends) forever: the decision creates a rule which applies until it is deleted | ||
| duration | string <Go duration> The duration for which the decision applies. Required if lifespan is timespan, otherwise must be omitted. | ||
required | PromptingReplyConstraintsCamera (object) or PromptingReplyConstraintsHome (object) | ||
One of
| |||
{- "action": "allow",
- "lifespan": "single",
- "duration": "7h30m",
- "constraints": {
- "permissions": [
- "access"
]
}
}[- "string"
]Retrieves a list of all prompting rules, with optional filtering.
| snap | string Only retrieve rules which apply to the given snap. |
| interface | string Only retrieve rules which apply to the given interface. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
[- {
- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "user": 0,
- "snap": "string",
- "interface": "camera",
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}
}
}
}
]Create a new access rule or remove a set of existing rules based on a selector.
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
| action required | string Value: "add" The action to perform on the rules endpoint. | ||||||||||
required | object | ||||||||||
| |||||||||||
{- "action": "add",
- "rule": {
- "snap": "string",
- "interface": "string",
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "duration": "7h30m"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "duration": "7h30m"
}
}
}
}
}[ ]Retrieves the details of a single rule specified by its unique ID.
| id required | string The unique identifier of the rule to retrieve. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
{- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "user": 0,
- "snap": "string",
- "interface": "camera",
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}
}
}
}Update or remove an existing rule specified by its unique ID.
| id required | string The unique identifier of the rule to patch or remove. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
| action required | string Value: "patch" The action to perform on the rule with the given ID. | ||||||
required | object | ||||||
| |||||||
{- "action": "patch",
- "rule": {
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "duration": "7h30m"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "duration": "7h30m"
}
}
}
}
}{- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "user": 0,
- "snap": "string",
- "interface": "camera",
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}
}
}
}Retrieves the active model assertion for the system. The model assertion describes a snap-based device.
{- "status-code": 404,
- "status": "Not Found",
- "type": "error",
- "result": {
- "kind": "assertion-not-found",
- "message": "no model assertion yet",
- "value": "model"
}
}Retrieves the current serial assertion for the system. The serial assertion is a statement used to bind a device identity to it's public key, provided by the store.
{- "status-code": 404,
- "status": "Not Found",
- "type": "error",
- "result": {
- "kind": "assertion-not-found",
- "message": "no model assertion yet",
- "value": "model"
}
}Retrieves notices for the current user and any public notices, with optional filtering.
| types | Array of strings (NoticeType) Items Enum: "change-update" "warning" "refresh-inhibit" "snap-run-inhibit" "interfaces-requests-prompt" "interfaces-requests-rule-update" If types is specified, only return notices with types matching the given types. The types parameter can include multiple types, notices matching any of the types are returned. |
| keys | Array of strings Example: keys=- If specified, only return notices with one of the given keys. |
| after | string <date-time> Example: after=2025-09-08T17:29:40.829324752Z If specified, only return notices with a 'last-repeated' field greater than the specified time, in RFC3339 UTC format. |
| timeout | string Example: timeout=7m30s If there are notices matching the filter which have already been recorded, these notices are returned immediately. Otherwise, if timeout is specified, wait up to the given duration for any new notices matching the filter to be recorded. This allows the user to use long-polling to be notified immediately when a new notice is recorded. |
| user-id | integer Example: user-id=1000 Admin only. Instead of returning notices associated with the user who initiated the API request, return notices associated with the given UID. Public notices are still returned, as before. Cannot be used with the 'users' parameter. |
| users | string Value: "all" Admin only. Value must be 'all'. Return notices associated with all users, instead of just the user which initiated the API request. Cannot be used with the 'user-id' parameter. |
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": [
- {
- "id": "67",
- "user-id": 4293792034,
- "type": "change-update",
- "key": "ABCDABCDABCDABCD",
- "first-occurred": "2025-09-08T17:29:40.829324752Z",
- "last-occurred": "2025-09-10T14:30:23.055109521Z",
- "last-repeated": "2025-09-10T14:30:23.055109521Z",
- "occurrences": 4,
- "last-data": {
- "kind": "alias"
}, - "repeat-after": "1h30m",
- "expire-after": "168h0m0s"
}
]
}Create a notice. Currently, this can only be used to create notices of type 'snap-run-inhibit'. Only the 'snap' command is allowed to create notices of that type.
| action required | string Value: "add" The action to perform. |
| key required | string The key of the notice to add. |
| type required | string Value: "snap-run-inhibit" The type of the notice to add. |
{- "action": "add",
- "key": "string",
- "type": "snap-run-inhibit"
}{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "id": "74"
}
}Retrieves a single notice by its unique ID.
| id required | string Example: 74 The unique ID of the notice to retrieve. |
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "id": "67",
- "user-id": 4293792034,
- "type": "change-update",
- "key": "ABCDABCDABCDABCD",
- "first-occurred": "2025-09-08T17:29:40.829324752Z",
- "last-occurred": "2025-09-10T14:30:23.055109521Z",
- "last-repeated": "2025-09-10T14:30:23.055109521Z",
- "occurrences": 4,
- "last-data": {
- "kind": "alias"
}, - "repeat-after": "1h30m",
- "expire-after": "168h0m0s"
}
}[- {
- "group-name": "logmem",
- "subgroups": [
- "string"
], - "parent": "string",
- "snaps": [
- "string"
], - "services": "string",
- "constraints": {
- "memory": 32768,
- "cpu": "string",
- "cpu-set": "string",
- "threads": 2,
- "journal": {
- "size": 0,
- "rate-count": 0,
- "rate-period": 0
}
}, - "current": { }
}
]Retrieves the details for a single quota group by its name, or returns an error.
| group-name required | string The name of the quota group. |
{- "group-name": "logmem",
- "subgroups": [
- "string"
], - "parent": "string",
- "snaps": [
- "string"
], - "services": "string",
- "constraints": {
- "memory": 32768,
- "cpu": "string",
- "cpu-set": "string",
- "threads": 2,
- "journal": {
- "size": 0,
- "rate-count": 0,
- "rate-period": 0
}
}, - "current": { }
}Lists snaps installed on the system, including their components.
| select | string Default: "enabled" Enum: "all" "enabled" "refresh-inhibited" Filter which revisions of snaps are returned. |
| snaps | string A comma-separated list of snap names to filter by. |
[- {
- "id": "string",
- "name": "string",
- "base": "core20",
- "channel": "string",
- "common-ids": [
- "code.desktop"
], - "confinement": "classic",
- "contact": "string",
- "description": "string",
- "developer": "string",
- "devmode": true,
- "download-size": 0,
- "license": "string",
- "private": true,
- "revision": "string",
- "status": "active",
- "summary": "string",
- "title": "string",
- "type": "app",
- "version": "string",
- "categories": [
- {
- "featured": true,
- "name": "string"
}
], - "links": {
}, - "publisher": {
- "display-name": "string",
- "id": "string",
- "username": "string",
- "validation": "verified"
}, - "apps": [
- {
- "snap": "lxd",
- "name": "daemon",
- "daemon": "simple",
- "enabled": true,
- "activators": [
- {
- "name": "unix",
- "type": "socket",
- "active": true,
- "enabled": true
}
]
}
], - "install-date": "string",
- "installed-size": 0,
- "trymode": true,
- "jailmode": true,
- "tracking-channel": "stable",
- "refresh-inhibit": {
- "proceed-time": "string"
}, - "refresh-failures": {
- "revision": 0,
- "failure-count": 0,
- "last-failure-time": "string",
- "last-failure-severity": "after-reboot"
}, - "components": [
- {
- "name": "string",
- "type": "string",
- "version": "string",
- "summary": "string",
- "description": "string",
- "revision": "string",
- "install-date": "string",
- "installed-size": 0
}
]
}
]Retrieves details for a specific snap installed on the system.
| name required | string The name of the snap. |
{- "id": "string",
- "name": "string",
- "base": "core20",
- "channel": "string",
- "common-ids": [
- "code.desktop"
], - "confinement": "classic",
- "contact": "string",
- "description": "string",
- "developer": "string",
- "devmode": true,
- "download-size": 0,
- "license": "string",
- "private": true,
- "revision": "string",
- "status": "active",
- "summary": "string",
- "title": "string",
- "type": "app",
- "version": "string",
- "categories": [
- {
- "featured": true,
- "name": "string"
}
], - "links": {
}, - "publisher": {
- "display-name": "string",
- "id": "string",
- "username": "string",
- "validation": "verified"
}, - "apps": [
- {
- "snap": "lxd",
- "name": "daemon",
- "daemon": "simple",
- "enabled": true,
- "activators": [
- {
- "name": "unix",
- "type": "socket",
- "active": true,
- "enabled": true
}
]
}
], - "install-date": "string",
- "installed-size": 0,
- "trymode": true,
- "jailmode": true,
- "tracking-channel": "stable",
- "refresh-inhibit": {
- "proceed-time": "string"
}, - "refresh-failures": {
- "revision": 0,
- "failure-count": 0,
- "last-failure-time": "string",
- "last-failure-severity": "after-reboot"
}, - "components": [
- {
- "name": "string",
- "type": "string",
- "version": "string",
- "summary": "string",
- "description": "string",
- "revision": "string",
- "install-date": "string",
- "installed-size": 0
}
]
}Retrieves a list containing metadata for all snapshot sets stored on the system.
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": [
- {
- "id": 1,
- "snapshots": [
- {
- "id": 2,
- "set": 1,
- "time": "2025-08-18T14:30:38.226662804-02:30",
- "snap": "libreoffice",
- "snap-id": "CpUkI0qPIIBVRsjy49adNq4D6Ra72y4v",
- "revision": "355",
- "version": "25.2.5.2",
- "size": 1286593,
- "auto": true,
- "epoch": {
- "read": [
- 0
], - "write": [
- 0
]
}, - "sha3-384": {
- "archive.tgz": "fb8e887e47b1e8763d82ee5ddc8da8ad4601824d3154381a5d3b5bbe4125ded31fcc7b701a8318fbe3ea21213f333c8b",
- "user/$USER.tgz": "00cd2cf11d3c5731129dd11f8f82b0f13e807f6d839fd79afe052e301e43ee32ecdd217059cae0c400ff9c49e6dbaff6"
}, - "summary": "string"
}
]
}
]
}Retrieves a list of all available recovery systems on the device.
{- "systems": [
- {
- "actions": [
- {
- "mode": "install",
- "title": "Reinstall"
}
], - "brand": {
- "display-name": "Canonical",
- "id": "canonical",
- "username": "canonical",
- "validation": "starred"
}, - "current": true,
- "default-recovery-system": true,
- "label": "20240603",
- "model": {
- "brand-id": "canonical",
- "display-name": "ubuntu-core-24-amd64",
- "model": "ubuntu-core-24-amd64"
}
}
]
}Retrieves a dictionary of server configuration and environment information.
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "architecture": "amd64",
- "build-id": "3672763544646f6c...",
- "confinement": "partial",
- "features": {
- "property1": {
- "supported": true,
- "unsupported-reason": "string",
- "enabled": true
}, - "property2": {
- "supported": true,
- "unsupported-reason": "string",
- "enabled": true
}
}, - "kernel-version": "6.14.0-29-generic",
- "locations": {
- "snap-bin-dir": "/snap/bin",
- "snap-mount-dir": "/snap"
}, - "managed": true,
- "on-classic": true,
- "os-release": {
- "id": "ubuntu",
- "variant-id": "desktop",
- "version-id": "24.04"
}, - "refresh": {
- "timer": "mon-wed,fri,9:00-11:00/2",
- "last": "2025-09-11T13:18:00-02:30",
- "next": "2025-09-11T22:37:00-02:30"
}, - "sandbox-features": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}, - "series": "16",
- "system-mode": "install",
- "version": "2.72"
}
}Retrieves the current warnings in snapd.
| select | string Default: "pending" Enum: "" "all" "pending" Retrieve specific warnings. The default only shows pending warnings. All shows warnings that haven't expired or been cleaned. |
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": [
- {
- "message": "string",
- "first-added": "2025-09-08T17:29:40.829324752Z",
- "last-added": "2025-09-08T17:34:40.829324752Z",
- "last-shown": "2025-09-08T17:34:40.829324752Z",
- "delete-after": "1h30m",
- "repeat-after": "30m"
}
]
}Retrieves a list of all outstanding access request prompts.
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
[- {
- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "snap": "string",
- "interface": "home",
- "constraints": {
- "requested-permissions": [
- "access"
], - "available-permissions": [
- "access"
]
}
}
]Retrieves the details of a single prompt specified by its unique ID.
| id required | string The unique identifier of the prompt to retrieve. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
{- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "snap": "string",
- "interface": "home",
- "constraints": {
- "requested-permissions": [
- "access"
], - "available-permissions": [
- "access"
]
}
}Submit a reply (allow or deny) to an outstanding prompt, potentially creating a new rule.
| id required | string The unique identifier of the prompt to which to reply. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
| action required | string Enum: "allow" "deny" | ||
| lifespan required | string Enum: "single" "timespan" "session" "forever" The lifespan for which the decision applies. single: the decision only applies to the prompt with the given ID timespan: the decision creates a rule which applies for the duration specified by the duration field or until it is deleted session: the decision creates a rule which applies until the user logs out (specifically, until the systemd user session ends) forever: the decision creates a rule which applies until it is deleted | ||
| duration | string <Go duration> The duration for which the decision applies. Required if lifespan is timespan, otherwise must be omitted. | ||
required | PromptingReplyConstraintsCamera (object) or PromptingReplyConstraintsHome (object) | ||
One of
| |||
{- "action": "allow",
- "lifespan": "single",
- "duration": "7h30m",
- "constraints": {
- "permissions": [
- "access"
]
}
}[- "string"
]Retrieves a list of all prompting rules, with optional filtering.
| snap | string Only retrieve rules which apply to the given snap. |
| interface | string Only retrieve rules which apply to the given interface. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
[- {
- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "user": 0,
- "snap": "string",
- "interface": "camera",
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}
}
}
}
]Create a new access rule or remove a set of existing rules based on a selector.
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
| action required | string Value: "add" The action to perform on the rules endpoint. | ||||||||||
required | object | ||||||||||
| |||||||||||
{- "action": "add",
- "rule": {
- "snap": "string",
- "interface": "string",
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "duration": "7h30m"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "duration": "7h30m"
}
}
}
}
}[ ]Retrieves the details of a single rule specified by its unique ID.
| id required | string The unique identifier of the rule to retrieve. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
{- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "user": 0,
- "snap": "string",
- "interface": "camera",
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}
}
}
}Update or remove an existing rule specified by its unique ID.
| id required | string The unique identifier of the rule to patch or remove. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
| action required | string Value: "patch" The action to perform on the rule with the given ID. | ||||||
required | object | ||||||
| |||||||
{- "action": "patch",
- "rule": {
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "duration": "7h30m"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "duration": "7h30m"
}
}
}
}
}{- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "user": 0,
- "snap": "string",
- "interface": "camera",
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}
}
}
}Create or remove local users on the system.
| action required | string Enum: "create" "remove" |
string <email> | |
| username | string |
| sudoer | boolean Default: false Whether the user can escalate to root privileges or not. |
| known | boolean Default: false |
{- "action": "create",
- "email": "user@example.com",
- "username": "string",
- "sudoer": false,
- "known": false
}[- {
- "username": "string",
- "ssh-keys": [
- "string"
]
}
]Retrieves the icon for a snap that is installed on the system. The response is the raw content of the icon file. The Content-Disposition header will specify the filename.
| name required | string The name of the snap to get the icon for. |
{- "status-code": 404,
- "status": "Not Found",
- "type": "error",
- "result": {
- "kind": "assertion-not-found",
- "message": "no model assertion yet",
- "value": "model"
}
}Executes a 'snapctl' command within a given context. This route uses the socket /run/snapd-snap.socket. This is intended to be used only from within a snap itself.
The context and arguments for the snapctl command.
| context-id required | string The context ID for this call. The context ID is passed to hooks through the $SNAP_COOKIE environment variable. The 'snapctl' command passes this automatically. For hooks that are calling the endpoint manually, the responsibility falls on the binary to retrieve the context ID itself. |
| args required | Array of strings A list of arguments to pass to snapctl. |
| stdin | string If args is fde-setup-result, provides stdin to the context. |
{- "context-id": "ABCDEF",
- "args": [
- "get",
- "username"
], - "stdin": "string"
}{- "stdout": "string",
- "stderr": "string"
}Lists snaps installed on the system, including their components.
| select | string Default: "enabled" Enum: "all" "enabled" "refresh-inhibited" Filter which revisions of snaps are returned. |
| snaps | string A comma-separated list of snap names to filter by. |
[- {
- "id": "string",
- "name": "string",
- "base": "core20",
- "channel": "string",
- "common-ids": [
- "code.desktop"
], - "confinement": "classic",
- "contact": "string",
- "description": "string",
- "developer": "string",
- "devmode": true,
- "download-size": 0,
- "license": "string",
- "private": true,
- "revision": "string",
- "status": "active",
- "summary": "string",
- "title": "string",
- "type": "app",
- "version": "string",
- "categories": [
- {
- "featured": true,
- "name": "string"
}
], - "links": {
}, - "publisher": {
- "display-name": "string",
- "id": "string",
- "username": "string",
- "validation": "verified"
}, - "apps": [
- {
- "snap": "lxd",
- "name": "daemon",
- "daemon": "simple",
- "enabled": true,
- "activators": [
- {
- "name": "unix",
- "type": "socket",
- "active": true,
- "enabled": true
}
]
}
], - "install-date": "string",
- "installed-size": 0,
- "trymode": true,
- "jailmode": true,
- "tracking-channel": "stable",
- "refresh-inhibit": {
- "proceed-time": "string"
}, - "refresh-failures": {
- "revision": 0,
- "failure-count": 0,
- "last-failure-time": "string",
- "last-failure-severity": "after-reboot"
}, - "components": [
- {
- "name": "string",
- "type": "string",
- "version": "string",
- "summary": "string",
- "description": "string",
- "revision": "string",
- "install-date": "string",
- "installed-size": 0
}
]
}
]Install, refresh, revert, remove, enable, disable, or perform other actions on snaps. This endpoint supports both standard JSON requests for store operations and multipart/form-data for sideloading snaps.
The body of the JSON request.
| action required | string Enum: "install" "refresh" "remove" "revert" "hold" "unhold" "enable" "disable" "switch" "snapshot" |
| snaps | Array of strings |
| quota-group | string The quota group the snap belongs to. |
| unaliased | boolean |
| prefer | boolean Cannot be used with 'unaliased' |
| classic | boolean Whether the snap uses classic confinement or not. |
| devmode | boolean Whether the snap should be installed in developer mode or not. |
| jailmode | boolean Set to true to install the snap in jail mode. Only non-classic snaps can be placed in jail mode. |
| ignore-running | boolean |
| components | string <map[string][]string> This parameter is a mapping of a string to a string array. If a snap is installed, it will install the requested components for it. If the snap is not installed, the snap will be installed along with requested components. |
| transaction | string Enum: "per-snap" "all-snaps" |
{- "action": "install",
- "snaps": [
- "string"
], - "quota-group": "string",
- "unaliased": true,
- "prefer": true,
- "classic": true,
- "devmode": true,
- "jailmode": true,
- "ignore-running": true,
- "components": "{ \"firefox\": [\"firefox+comp\"]}",
- "transaction": "per-snap"
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Retrieves details for a specific snap installed on the system.
| name required | string The name of the snap. |
{- "id": "string",
- "name": "string",
- "base": "core20",
- "channel": "string",
- "common-ids": [
- "code.desktop"
], - "confinement": "classic",
- "contact": "string",
- "description": "string",
- "developer": "string",
- "devmode": true,
- "download-size": 0,
- "license": "string",
- "private": true,
- "revision": "string",
- "status": "active",
- "summary": "string",
- "title": "string",
- "type": "app",
- "version": "string",
- "categories": [
- {
- "featured": true,
- "name": "string"
}
], - "links": {
}, - "publisher": {
- "display-name": "string",
- "id": "string",
- "username": "string",
- "validation": "verified"
}, - "apps": [
- {
- "snap": "lxd",
- "name": "daemon",
- "daemon": "simple",
- "enabled": true,
- "activators": [
- {
- "name": "unix",
- "type": "socket",
- "active": true,
- "enabled": true
}
]
}
], - "install-date": "string",
- "installed-size": 0,
- "trymode": true,
- "jailmode": true,
- "tracking-channel": "stable",
- "refresh-inhibit": {
- "proceed-time": "string"
}, - "refresh-failures": {
- "revision": 0,
- "failure-count": 0,
- "last-failure-time": "string",
- "last-failure-severity": "after-reboot"
}, - "components": [
- {
- "name": "string",
- "type": "string",
- "version": "string",
- "summary": "string",
- "description": "string",
- "revision": "string",
- "install-date": "string",
- "installed-size": 0
}
]
}Perform an action (install, refresh, remove, etc.) on a single, specific snap.
| name required | string The name of the snap. |
The action and options for the snap.
| action required | string Enum: "install" "refresh" "remove" "revert" "enable" "disable" "switch" "hold" "unhold" |
| channel | string The channel to use for the action. |
| revision | string A specific revision to install or revert to. |
| classic | boolean |
| devmode | boolean |
| purge | boolean If true, don't save a snapshot of data on removal. |
| terminate | boolean If true, kill running processes before removal. |
| components | Array of strings |
{- "action": "install",
- "channel": "beta",
- "revision": "string",
- "classic": true,
- "devmode": true,
- "purge": true,
- "terminate": true,
- "components": [
- "string"
]
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Retrieve configuration details for an installed snap. Use 'system' as the name to get system options.
| name required | string The name of the snap or the reserved name 'system'. |
| keys | string A comma-separated list of keys to retrieve. Dotted keys can be used for nested values. |
{ }Set the configuration details for an installed snap. Use 'system' as the name to set system options.
| name required | string The name of the snap or the reserved name 'system'. |
A JSON map of configuration keys and values. Dotted keys can be used. Use a null value to unset an option.
| property name* additional property | any |
{- "conf-key1": "conf-value1",
- "dotted.key": "conf-value2",
- "key-to-unset": null
}{- "status-code": 400,
- "status": "Bad Request",
- "type": "error",
- "result": {
- "kind": "option-not-available",
- "message": "cannot get 'ssid' through canonical/network/wifi-setup: no data"
}
}Finds snaps or components in the store that match the search criteria and are compatible with the host system. In order for the user to be authorized to use this route, they must be logged in via 'snap-login', hence being tagged as both OpenAccess and AuthenticationRequired. PeerAuth is not listed here as sudo is not required to interact with the route.
| q | string Search for packages that match the given string. Spaces between words are treated as logical AND operators. This is a weighted broad search, meant as the main interface to searching for packages. |
| name | string An exact name to search for. Supports '*' as a wildcard at the end. Cannot be used together with q. This is meant for things like auto-completion. |
| scope | string Value: "wide" If set to 'wide', broadens the search to include non-stable packages. |
| section | string The name of a store section to search within. Use GET /v2/sections to get the names of the sections. |
| select | string Enum: "refresh" "private" Alter the collection searched. refresh - search refreshable snaps. Cannot be used with q, nor name. private - search private snaps (by default, find only searches public snaps). Cannot be used with name, only q (for now at least). |
| common-id | string Example: common-id=org.videolan.vlc Search for packages using the common-id attribute. This is often the application name used by other packaging formats. |
[- {
- "id": "string",
- "name": "string",
- "base": "core20",
- "channel": "string",
- "common-ids": [
- "code.desktop"
], - "confinement": "classic",
- "contact": "string",
- "description": "string",
- "developer": "string",
- "devmode": true,
- "download-size": 0,
- "license": "string",
- "private": true,
- "revision": "string",
- "status": "available",
- "summary": "string",
- "title": "string",
- "type": "app",
- "version": "string",
- "categories": [
- {
- "featured": true,
- "name": "string"
}
], - "links": {
}, - "publisher": {
- "display-name": "string",
- "id": "string",
- "username": "string",
- "validation": "verified"
}
}
]Authenticates a user with Snapd and the store using their credentials. Credentials are saved to the ~/.snap/auth.json file and further communication is made with these credentials.
| email required | string <email> .@.*\.. The email associated with the desired account. |
| password required | string <password> The password associated with the email address. |
| otp | string A one-time password for two-factor authentication. |
{- "email": "random.user@emailaddr.com",
- "password": "password1234!",
- "otp": "123456"
}{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "id": 0,
- "email": "user@example.com",
- "macaroon": "string",
- "discharges": [
- "discharge-for-macaroon-authentication"
], - "username": "user-name"
}
}Logs the currently authenticated user out of snapd and the store.
| Authorization | string <Authorization: Macaroon <the-macaroon>> The authorization to remove from the system. |
{- "status-code": 400,
- "status": "Bad Request",
- "type": "error",
- "result": {
- "kind": "option-not-available",
- "message": "cannot get 'ssid' through canonical/network/wifi-setup: no data"
}
}{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "property1": {
- "property1": {
- "command": "string",
- "status": "auto",
- "auto": "string",
- "manual": "string"
}, - "property2": {
- "command": "string",
- "status": "auto",
- "auto": "string",
- "manual": "string"
}
}, - "property2": {
- "property1": {
- "command": "string",
- "status": "auto",
- "auto": "string",
- "manual": "string"
}, - "property2": {
- "command": "string",
- "status": "auto",
- "auto": "string",
- "manual": "string"
}
}
}
}Lists applications available from installed snaps. Can be filtered by services or snap names.
| global | boolean Defaults to true for the root user to preserve normal behavior and match snapctl functionality. |
| select | string Value: "service" Example: select=service Limit which apps are returned. |
| names | string Example: names=spotify, lxd Comma-separated list of snap names to get apps for. |
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "snap": "lxd",
- "name": "daemon",
- "daemon": "simple",
- "enabled": true,
- "activators": [
- {
- "name": "unix",
- "type": "socket",
- "active": true,
- "enabled": true
}
]
}
}Requires a valid assertion with a signature signed by a verifiable public key. The body of the request provides the assertion to add. If replacing an existing assertion the new must be consistent with and its prerequisite.
The raw assertion text to add to the database.
A raw assertion string.
{- "status-code": 400,
- "status": "Bad Request",
- "type": "error",
- "result": {
- "kind": "option-not-available",
- "message": "cannot get 'ssid' through canonical/network/wifi-setup: no data"
}
}Get all the assertions in the system assertion database of the given type.
Assertions can be filtered by providing assertion header keys as query
parameters (e.g., ?username=canonical). The response is a stream of
assertions separated by double newlines. An assertion type of
snap-declaration can also be used to retrieve a remote snap-declaration
assertion for a given snap-id. This can also be accomplished from within the
snap environment.
| assertion-type required | string Example: account The type of assertion to retrieve. |
| remote | boolean Default: false When using remote, a primary key must be associated with the request assertion type. These mappings are as below account -> account-id account-key -> public-key-sha3-384 base-declaration -> series confdb-schema -> account-id AND name model -> series AND brand-id AND model preseed -> series AND brand-id AND model AND system_label repair -> brand-id AND repair-id serial -> brand-id AND model AND serial snap-build -> snap-sha3-384 snap-declaration -> series AND snap-id snap-developer -> snap-id AND publisher-id snap-resource-revision -> snap-id AND resource-name AND resource-sha3-384 AND provenance snap-resource-pair -> snap-id AND resource-name AND resource-revision AND snap-revision AND provenance snap-revision -> snap-sha3-384 AND provenance store -> store system-user -> brand-id AND email validation -> series AND snap-id AND approved-snap-id AND approved-snap-revision validation-set -> series AND account-id AND name AND sequence Some assertion types do not have a definite authority set account-key-request -> public-key-sha3-384 confdb-control -> brand-id AND model AND serial device-session-request -> brand_id AND model AND serial serial-request - N/A |
| json | boolean Default: false If true, the response is formatted as a JSON object containing the headers of the assertions instead of the default signed assertion stream format. |
Retrieves a list of all changes in progress or completed on the system.
| select | string Default: "in-progress" Enum: "all" "in-progress" "ready" Limit which changes are returned. |
| for | string Optional snap name to limit results to. |
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": [
- {
- "id": "73",
- "kind": "auto-refresh",
- "summary": "Auto-refresh snaps \"core22\", \"firefox\"",
- "status": "Abort",
- "tasks": [
- {
- "id": "1502",
- "kind": "check-rerefresh",
- "summary": "Download snap 'core22' (2133) from channel 'latest/stable'",
- "status": "Abort",
- "progress": {
- "done": 1,
- "label": "core22 (delta)",
- "total": 3
}, - "spawn-time": "2024-03-28T13:00:35.505604296Z",
- "ready-time": "2024-03-28T13:00:35.547274976Z",
- "data": {
- "affected-snaps": [
- "firefox",
- "gnome-42-2204",
- "lxd"
]
}, - "log": [
- "2025-09-18T08:43:59-02:30 INFO No re-refreshes found."
]
}
], - "ready": true,
- "spawn-time": "2019-08-24T14:15:22Z",
- "ready-time": "2019-08-24T14:15:22Z",
- "err": "string",
- "data": { },
- "log": [
- "string"
]
}
]
}Retrieves the current status of a specific background change by its ID.
| id required | string The ID of the change to retrieve. |
{- "id": "73",
- "kind": "auto-refresh",
- "summary": "Auto-refresh snaps \"core22\", \"firefox\"",
- "status": "Abort",
- "tasks": [
- {
- "id": "1502",
- "kind": "check-rerefresh",
- "summary": "Download snap 'core22' (2133) from channel 'latest/stable'",
- "status": "Abort",
- "progress": {
- "done": 1,
- "label": "core22 (delta)",
- "total": 3
}, - "spawn-time": "2024-03-28T13:00:35.505604296Z",
- "ready-time": "2024-03-28T13:00:35.547274976Z",
- "data": {
- "affected-snaps": [
- "firefox",
- "gnome-42-2204",
- "lxd"
]
}, - "log": [
- "2025-09-18T08:43:59-02:30 INFO No re-refreshes found."
]
}
], - "ready": true,
- "spawn-time": "2019-08-24T14:15:22Z",
- "ready-time": "2019-08-24T14:15:22Z",
- "err": "string",
- "data": { },
- "log": [
- "string"
]
}Aborts a change that is currently in progress.
| id required | string The ID of the change to retrieve. |
| action required | string Value: "abort" |
{- "action": "abort"
}{- "id": "73",
- "kind": "auto-refresh",
- "summary": "Auto-refresh snaps \"core22\", \"firefox\"",
- "status": "Abort",
- "tasks": [
- {
- "id": "1502",
- "kind": "check-rerefresh",
- "summary": "Download snap 'core22' (2133) from channel 'latest/stable'",
- "status": "Abort",
- "progress": {
- "done": 1,
- "label": "core22 (delta)",
- "total": 3
}, - "spawn-time": "2024-03-28T13:00:35.505604296Z",
- "ready-time": "2024-03-28T13:00:35.547274976Z",
- "data": {
- "affected-snaps": [
- "firefox",
- "gnome-42-2204",
- "lxd"
]
}, - "log": [
- "2025-09-18T08:43:59-02:30 INFO No re-refreshes found."
]
}
], - "ready": true,
- "spawn-time": "2019-08-24T14:15:22Z",
- "ready-time": "2019-08-24T14:15:22Z",
- "err": "string",
- "data": { },
- "log": [
- "string"
]
}Creates a set of cohort keys for a given set of snaps.
| action required | string Value: "create" |
| snaps required | Array of strings An array of snap names to create cohorts for. |
{- "action": "create",
- "snaps": [
- "libreoffice",
- "lxd",
- "multipass"
]
}{- "cohorts": {
- "core24": "MSBkd1RBaDdNWlowMXp5cmlPWkVycWQxSnluUUxpT0d2TSAxNzU5NDIxNjg0IDc3Yzk1ODllNDYxNzEwNDUwZWZiNjE5YjMwNmJiMzJlMmJiZTlkMzNmOGRlMmIwYmQzNmQ4ZWEyYjcwNGNmZmI=",
- "snapd": "MSBQTXJyVjRtbDh1V3VFVURCVDhkU0duS1VZYmV2VmhjNCAxNzU5NDIxNjg0IDU1YzdjZWRkZWJhNjFkNjIxMjU3ZTAwMDYxMjllZWJkYjE4N2Y3YTE0MTc0NmM2NjAyM2IyYWY4ZDY2MzRlZDU="
}
}Retrieves the connection status of all plugs and slots on the system.
| snap | string Limit results to a given snap name. |
| select | string Enum: "" "all" When set to 'all', unconnected slots and plugs are included. When unset or empty, the results include only those plugs and slots that are connected. |
| interface | string Limit results to a specific interface name. |
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "established": [
- {
- "slot": {
- "snap": "string",
- "slot": "string"
}, - "plug": {
- "snap": "string",
- "plug": "string"
}, - "interface": "string",
- "manual": true,
- "gadget": true,
- "slot-attrs": { },
- "plug-attrs": { }
}
], - "undesired": [
- {
- "slot": {
- "snap": "string",
- "slot": "string"
}, - "plug": {
- "snap": "string",
- "plug": "string"
}, - "interface": "string",
- "manual": true,
- "gadget": true,
- "slot-attrs": { },
- "plug-attrs": { }
}
], - "plugs": [
- {
- "snap": "string",
- "plug": "string",
- "interface": "string",
- "attrs": { },
- "apps": [
- "string"
], - "label": "string",
- "connections": [
- {
- "snap": "string",
- "slot": "string"
}
]
}
], - "slots": [
- {
- "snap": "string",
- "slot": "string",
- "interface": "string",
- "attrs": { },
- "apps": [
- "string"
], - "label": "string",
- "connections": [
- {
- "snap": "string",
- "plug": "string"
}
]
}
]
}
}Finds snaps or components in the store that match the search criteria and are compatible with the host system. In order for the user to be authorized to use this route, they must be logged in via 'snap-login', hence being tagged as both OpenAccess and AuthenticationRequired. PeerAuth is not listed here as sudo is not required to interact with the route.
| q | string Search for packages that match the given string. Spaces between words are treated as logical AND operators. This is a weighted broad search, meant as the main interface to searching for packages. |
| name | string An exact name to search for. Supports '*' as a wildcard at the end. Cannot be used together with q. This is meant for things like auto-completion. |
| scope | string Value: "wide" If set to 'wide', broadens the search to include non-stable packages. |
| section | string The name of a store section to search within. Use GET /v2/sections to get the names of the sections. |
| select | string Enum: "refresh" "private" Alter the collection searched. refresh - search refreshable snaps. Cannot be used with q, nor name. private - search private snaps (by default, find only searches public snaps). Cannot be used with name, only q (for now at least). |
| common-id | string Example: common-id=org.videolan.vlc Search for packages using the common-id attribute. This is often the application name used by other packaging formats. |
[- {
- "id": "string",
- "name": "string",
- "base": "core20",
- "channel": "string",
- "common-ids": [
- "code.desktop"
], - "confinement": "classic",
- "contact": "string",
- "description": "string",
- "developer": "string",
- "devmode": true,
- "download-size": 0,
- "license": "string",
- "private": true,
- "revision": "string",
- "status": "available",
- "summary": "string",
- "title": "string",
- "type": "app",
- "version": "string",
- "categories": [
- {
- "featured": true,
- "name": "string"
}
], - "links": {
}, - "publisher": {
- "display-name": "string",
- "id": "string",
- "username": "string",
- "validation": "verified"
}
}
]Retrieves the icon for a snap that is installed on the system. The response is the raw content of the icon file. The Content-Disposition header will specify the filename.
| name required | string The name of the snap to get the icon for. |
{- "status-code": 404,
- "status": "Not Found",
- "type": "error",
- "result": {
- "kind": "assertion-not-found",
- "message": "no model assertion yet",
- "value": "model"
}
}Retrieves the available interfaces and their associated metadata.
| select | string Enum: "all" "connected" Set to 'all' to retrieve all interfaces, or 'connected' to only return connected interfaces (if this parameter is omitted then the call returns the legacy format that should be no longer used). |
| slots | boolean If set to true, slot information will be returned. |
| plugs | boolean If set to true, plug information will be returned. |
| doc | boolean If set to true, interface documentation will be returned. |
| names | string Example: names=content Interfaces that match the list of comma-separated names will be returned. The parameter matches against the name of the interface, not the name of snaps, plugs, or slots. |
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "plugs": [
- {
- "snap": "string",
- "plug": "string",
- "interface": "string",
- "attrs": { },
- "apps": [
- "string"
], - "label": "string",
- "connections": [
- {
- "snap": "string",
- "slot": "string"
}
]
}
], - "slots": [
- {
- "snap": "string",
- "slot": "string",
- "interface": "string",
- "attrs": { },
- "apps": [
- "string"
], - "label": "string",
- "connections": [
- {
- "snap": "string",
- "plug": "string"
}
]
}
]
}
}Retrieves the details of a single prompt specified by its unique ID.
| id required | string The unique identifier of the prompt to retrieve. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
{- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "snap": "string",
- "interface": "home",
- "constraints": {
- "requested-permissions": [
- "access"
], - "available-permissions": [
- "access"
]
}
}Submit a reply (allow or deny) to an outstanding prompt, potentially creating a new rule.
| id required | string The unique identifier of the prompt to which to reply. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
| action required | string Enum: "allow" "deny" | ||
| lifespan required | string Enum: "single" "timespan" "session" "forever" The lifespan for which the decision applies. single: the decision only applies to the prompt with the given ID timespan: the decision creates a rule which applies for the duration specified by the duration field or until it is deleted session: the decision creates a rule which applies until the user logs out (specifically, until the systemd user session ends) forever: the decision creates a rule which applies until it is deleted | ||
| duration | string <Go duration> The duration for which the decision applies. Required if lifespan is timespan, otherwise must be omitted. | ||
required | PromptingReplyConstraintsCamera (object) or PromptingReplyConstraintsHome (object) | ||
One of
| |||
{- "action": "allow",
- "lifespan": "single",
- "duration": "7h30m",
- "constraints": {
- "permissions": [
- "access"
]
}
}[- "string"
]Retrieves a list of all prompting rules, with optional filtering.
| snap | string Only retrieve rules which apply to the given snap. |
| interface | string Only retrieve rules which apply to the given interface. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
[- {
- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "user": 0,
- "snap": "string",
- "interface": "camera",
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}
}
}
}
]Create a new access rule or remove a set of existing rules based on a selector.
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
| action required | string Value: "add" The action to perform on the rules endpoint. | ||||||||||
required | object | ||||||||||
| |||||||||||
{- "action": "add",
- "rule": {
- "snap": "string",
- "interface": "string",
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "duration": "7h30m"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "duration": "7h30m"
}
}
}
}
}[ ]Retrieves the details of a single rule specified by its unique ID.
| id required | string The unique identifier of the rule to retrieve. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
{- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "user": 0,
- "snap": "string",
- "interface": "camera",
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}
}
}
}Update or remove an existing rule specified by its unique ID.
| id required | string The unique identifier of the rule to patch or remove. |
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
| action required | string Value: "patch" The action to perform on the rule with the given ID. | ||||||
required | object | ||||||
| |||||||
{- "action": "patch",
- "rule": {
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "duration": "7h30m"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "duration": "7h30m"
}
}
}
}
}{- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "user": 0,
- "snap": "string",
- "interface": "camera",
- "constraints": {
- "permissions": {
- "property1": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}, - "property2": {
- "outcome": "allow",
- "lifespan": "timespan",
- "expiration": "2019-08-24T14:15:22Z",
- "session-id": "string"
}
}
}
}Authenticates a user with Snapd and the store using their credentials. Credentials are saved to the ~/.snap/auth.json file and further communication is made with these credentials.
| email required | string <email> .@.*\.. The email associated with the desired account. |
| password required | string <password> The password associated with the email address. |
| otp | string A one-time password for two-factor authentication. |
{- "email": "random.user@emailaddr.com",
- "password": "password1234!",
- "otp": "123456"
}{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "id": 0,
- "email": "user@example.com",
- "macaroon": "string",
- "discharges": [
- "discharge-for-macaroon-authentication"
], - "username": "user-name"
}
}Logs the currently authenticated user out of snapd and the store.
| Authorization | string <Authorization: Macaroon <the-macaroon>> The authorization to remove from the system. |
{- "status-code": 400,
- "status": "Bad Request",
- "type": "error",
- "result": {
- "kind": "option-not-available",
- "message": "cannot get 'ssid' through canonical/network/wifi-setup: no data"
}
}Retrieves log contents from the snapd daemon. The response is a stream of newline-delimited JSON objects.
| follow | boolean Default: false If set, returns log entries as they occur, streaming the response. |
| n | integer Default: 10 Number of log entries to return. |
| names | string Example: names=multipass,lxd Comma-separated list of snap names to filter by. |
{- "timestamp": "2025-09-11T15:10:22.264675Z",
- "message": "Failed to get https://cloud-images.ubuntu.com/releases/streams/v1/index.json",
- "sid": "multipassd",
- "pid": "2062"
}Retrieves the active model assertion for the system. The model assertion describes a snap-based device.
{- "status-code": 404,
- "status": "Not Found",
- "type": "error",
- "result": {
- "kind": "assertion-not-found",
- "message": "no model assertion yet",
- "value": "model"
}
}Retrieves the current serial assertion for the system. The serial assertion is a statement used to bind a device identity to it's public key, provided by the store.
{- "status-code": 404,
- "status": "Not Found",
- "type": "error",
- "result": {
- "kind": "assertion-not-found",
- "message": "no model assertion yet",
- "value": "model"
}
}Retrieves notices for the current user and any public notices, with optional filtering.
| types | Array of strings (NoticeType) Items Enum: "change-update" "warning" "refresh-inhibit" "snap-run-inhibit" "interfaces-requests-prompt" "interfaces-requests-rule-update" If types is specified, only return notices with types matching the given types. The types parameter can include multiple types, notices matching any of the types are returned. |
| keys | Array of strings Example: keys=- If specified, only return notices with one of the given keys. |
| after | string <date-time> Example: after=2025-09-08T17:29:40.829324752Z If specified, only return notices with a 'last-repeated' field greater than the specified time, in RFC3339 UTC format. |
| timeout | string Example: timeout=7m30s If there are notices matching the filter which have already been recorded, these notices are returned immediately. Otherwise, if timeout is specified, wait up to the given duration for any new notices matching the filter to be recorded. This allows the user to use long-polling to be notified immediately when a new notice is recorded. |
| user-id | integer Example: user-id=1000 Admin only. Instead of returning notices associated with the user who initiated the API request, return notices associated with the given UID. Public notices are still returned, as before. Cannot be used with the 'users' parameter. |
| users | string Value: "all" Admin only. Value must be 'all'. Return notices associated with all users, instead of just the user which initiated the API request. Cannot be used with the 'user-id' parameter. |
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": [
- {
- "id": "67",
- "user-id": 4293792034,
- "type": "change-update",
- "key": "ABCDABCDABCDABCD",
- "first-occurred": "2025-09-08T17:29:40.829324752Z",
- "last-occurred": "2025-09-10T14:30:23.055109521Z",
- "last-repeated": "2025-09-10T14:30:23.055109521Z",
- "occurrences": 4,
- "last-data": {
- "kind": "alias"
}, - "repeat-after": "1h30m",
- "expire-after": "168h0m0s"
}
]
}Create a notice. Currently, this can only be used to create notices of type 'snap-run-inhibit'. Only the 'snap' command is allowed to create notices of that type.
| action required | string Value: "add" The action to perform. |
| key required | string The key of the notice to add. |
| type required | string Value: "snap-run-inhibit" The type of the notice to add. |
{- "action": "add",
- "key": "string",
- "type": "snap-run-inhibit"
}{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "id": "74"
}
}Retrieves a single notice by its unique ID.
| id required | string Example: 74 The unique ID of the notice to retrieve. |
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "id": "67",
- "user-id": 4293792034,
- "type": "change-update",
- "key": "ABCDABCDABCDABCD",
- "first-occurred": "2025-09-08T17:29:40.829324752Z",
- "last-occurred": "2025-09-10T14:30:23.055109521Z",
- "last-repeated": "2025-09-10T14:30:23.055109521Z",
- "occurrences": 4,
- "last-data": {
- "kind": "alias"
}, - "repeat-after": "1h30m",
- "expire-after": "168h0m0s"
}
}[- {
- "group-name": "logmem",
- "subgroups": [
- "string"
], - "parent": "string",
- "snaps": [
- "string"
], - "services": "string",
- "constraints": {
- "memory": 32768,
- "cpu": "string",
- "cpu-set": "string",
- "threads": 2,
- "journal": {
- "size": 0,
- "rate-count": 0,
- "rate-period": 0
}
}, - "current": { }
}
]Retrieves the details for a single quota group by its name, or returns an error.
| group-name required | string The name of the quota group. |
{- "group-name": "logmem",
- "subgroups": [
- "string"
], - "parent": "string",
- "snaps": [
- "string"
], - "services": "string",
- "constraints": {
- "memory": 32768,
- "cpu": "string",
- "cpu-set": "string",
- "threads": 2,
- "journal": {
- "size": 0,
- "rate-count": 0,
- "rate-period": 0
}
}, - "current": { }
}Executes a 'snapctl' command within a given context. This route uses the socket /run/snapd-snap.socket. This is intended to be used only from within a snap itself.
The context and arguments for the snapctl command.
| context-id required | string The context ID for this call. The context ID is passed to hooks through the $SNAP_COOKIE environment variable. The 'snapctl' command passes this automatically. For hooks that are calling the endpoint manually, the responsibility falls on the binary to retrieve the context ID itself. |
| args required | Array of strings A list of arguments to pass to snapctl. |
| stdin | string If args is fde-setup-result, provides stdin to the context. |
{- "context-id": "ABCDEF",
- "args": [
- "get",
- "username"
], - "stdin": "string"
}{- "stdout": "string",
- "stderr": "string"
}Lists snaps installed on the system, including their components.
| select | string Default: "enabled" Enum: "all" "enabled" "refresh-inhibited" Filter which revisions of snaps are returned. |
| snaps | string A comma-separated list of snap names to filter by. |
[- {
- "id": "string",
- "name": "string",
- "base": "core20",
- "channel": "string",
- "common-ids": [
- "code.desktop"
], - "confinement": "classic",
- "contact": "string",
- "description": "string",
- "developer": "string",
- "devmode": true,
- "download-size": 0,
- "license": "string",
- "private": true,
- "revision": "string",
- "status": "active",
- "summary": "string",
- "title": "string",
- "type": "app",
- "version": "string",
- "categories": [
- {
- "featured": true,
- "name": "string"
}
], - "links": {
}, - "publisher": {
- "display-name": "string",
- "id": "string",
- "username": "string",
- "validation": "verified"
}, - "apps": [
- {
- "snap": "lxd",
- "name": "daemon",
- "daemon": "simple",
- "enabled": true,
- "activators": [
- {
- "name": "unix",
- "type": "socket",
- "active": true,
- "enabled": true
}
]
}
], - "install-date": "string",
- "installed-size": 0,
- "trymode": true,
- "jailmode": true,
- "tracking-channel": "stable",
- "refresh-inhibit": {
- "proceed-time": "string"
}, - "refresh-failures": {
- "revision": 0,
- "failure-count": 0,
- "last-failure-time": "string",
- "last-failure-severity": "after-reboot"
}, - "components": [
- {
- "name": "string",
- "type": "string",
- "version": "string",
- "summary": "string",
- "description": "string",
- "revision": "string",
- "install-date": "string",
- "installed-size": 0
}
]
}
]Retrieves details for a specific snap installed on the system.
| name required | string The name of the snap. |
{- "id": "string",
- "name": "string",
- "base": "core20",
- "channel": "string",
- "common-ids": [
- "code.desktop"
], - "confinement": "classic",
- "contact": "string",
- "description": "string",
- "developer": "string",
- "devmode": true,
- "download-size": 0,
- "license": "string",
- "private": true,
- "revision": "string",
- "status": "active",
- "summary": "string",
- "title": "string",
- "type": "app",
- "version": "string",
- "categories": [
- {
- "featured": true,
- "name": "string"
}
], - "links": {
}, - "publisher": {
- "display-name": "string",
- "id": "string",
- "username": "string",
- "validation": "verified"
}, - "apps": [
- {
- "snap": "lxd",
- "name": "daemon",
- "daemon": "simple",
- "enabled": true,
- "activators": [
- {
- "name": "unix",
- "type": "socket",
- "active": true,
- "enabled": true
}
]
}
], - "install-date": "string",
- "installed-size": 0,
- "trymode": true,
- "jailmode": true,
- "tracking-channel": "stable",
- "refresh-inhibit": {
- "proceed-time": "string"
}, - "refresh-failures": {
- "revision": 0,
- "failure-count": 0,
- "last-failure-time": "string",
- "last-failure-severity": "after-reboot"
}, - "components": [
- {
- "name": "string",
- "type": "string",
- "version": "string",
- "summary": "string",
- "description": "string",
- "revision": "string",
- "install-date": "string",
- "installed-size": 0
}
]
}Retrieve configuration details for an installed snap. Use 'system' as the name to get system options.
| name required | string The name of the snap or the reserved name 'system'. |
| keys | string A comma-separated list of keys to retrieve. Dotted keys can be used for nested values. |
{ }Retrieves a list containing metadata for all snapshot sets stored on the system.
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": [
- {
- "id": 1,
- "snapshots": [
- {
- "id": 2,
- "set": 1,
- "time": "2025-08-18T14:30:38.226662804-02:30",
- "snap": "libreoffice",
- "snap-id": "CpUkI0qPIIBVRsjy49adNq4D6Ra72y4v",
- "revision": "355",
- "version": "25.2.5.2",
- "size": 1286593,
- "auto": true,
- "epoch": {
- "read": [
- 0
], - "write": [
- 0
]
}, - "sha3-384": {
- "archive.tgz": "fb8e887e47b1e8763d82ee5ddc8da8ad4601824d3154381a5d3b5bbe4125ded31fcc7b701a8318fbe3ea21213f333c8b",
- "user/$USER.tgz": "00cd2cf11d3c5731129dd11f8f82b0f13e807f6d839fd79afe052e301e43ee32ecdd217059cae0c400ff9c49e6dbaff6"
}, - "summary": "string"
}
]
}
]
}Retrieves a snapshot set as a downloadable tar archive (.tgz).
The response body is a binary stream.
| set-id required | integer Example: 2 The ID of the snapshot set to export. |
{- "status-code": 400,
- "status": "Bad Request",
- "type": "error",
- "result": {
- "kind": "option-not-available",
- "message": "cannot get 'ssid' through canonical/network/wifi-setup: no data"
}
}Removes and resets LUKS encryption keys when using full disk encryption on Ubuntu Core devices.
| action required | string Value: "remove" The only supported action is 'remove'. |
{- "action": "remove"
}{- "status-code": 400,
- "status": "Bad Request",
- "type": "error",
- "result": {
- "kind": "option-not-available",
- "message": "cannot get 'ssid' through canonical/network/wifi-setup: no data"
}
}Retrieves a list of all available recovery systems on the device.
{- "systems": [
- {
- "actions": [
- {
- "mode": "install",
- "title": "Reinstall"
}
], - "brand": {
- "display-name": "Canonical",
- "id": "canonical",
- "username": "canonical",
- "validation": "starred"
}, - "current": true,
- "default-recovery-system": true,
- "label": "20240603",
- "model": {
- "brand-id": "canonical",
- "display-name": "ubuntu-core-24-amd64",
- "model": "ubuntu-core-24-amd64"
}
}
]
}Perform an action such as 'reboot', 'install' on the current active recovery system, or 'create' a new recovery system.
| action required | string Value: "create" |
| label required | string A unique label for the new recovery system. |
| validation-sets | Array of strings A list of validation set strings to use for creating the system. |
| test-system | boolean Default: false If true, creates the system as a test system. |
| mark-default | boolean Default: false If true, marks the new system as the default recovery system. |
| offline | boolean Default: false If true, performs the creation in offline mode. |
{- "action": "create",
- "label": "string",
- "validation-sets": [
- "string"
], - "test-system": false,
- "mark-default": false,
- "offline": false
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Retrieves detailed information for a single recovery system, including storage encryption status and available actions.
| label required | string The label of the recovery system. |
{- "current": true,
- "label": "string",
- "brand": {
- "id": "string",
- "username": "string",
- "display-name": "string",
- "validation": "string"
}, - "model": { },
- "actions": [
- {
- "title": "string",
- "mode": "string"
}
], - "available-optional": {
- "snaps": [
- "string"
], - "components": [
- "string"
]
}, - "volumes": [
- {
- "name": "string",
- "type": "string",
- "size": "string"
}
], - "storage-encryption": {
- "support": "disabled",
- "storage-safety": "string",
- "type": "string",
- "unavailable-reason": "string",
- "availability-check-errors": [
- "string"
], - "features": [
- "passphrase-auth"
]
}
}Retrieves a dictionary of server configuration and environment information.
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "architecture": "amd64",
- "build-id": "3672763544646f6c...",
- "confinement": "partial",
- "features": {
- "property1": {
- "supported": true,
- "unsupported-reason": "string",
- "enabled": true
}, - "property2": {
- "supported": true,
- "unsupported-reason": "string",
- "enabled": true
}
}, - "kernel-version": "6.14.0-29-generic",
- "locations": {
- "snap-bin-dir": "/snap/bin",
- "snap-mount-dir": "/snap"
}, - "managed": true,
- "on-classic": true,
- "os-release": {
- "id": "ubuntu",
- "variant-id": "desktop",
- "version-id": "24.04"
}, - "refresh": {
- "timer": "mon-wed,fri,9:00-11:00/2",
- "last": "2025-09-11T13:18:00-02:30",
- "next": "2025-09-11T22:37:00-02:30"
}, - "sandbox-features": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}, - "series": "16",
- "system-mode": "install",
- "version": "2.72"
}
}Create or remove local users on the system.
| action required | string Enum: "create" "remove" |
string <email> | |
| username | string |
| sudoer | boolean Default: false Whether the user can escalate to root privileges or not. |
| known | boolean Default: false |
{- "action": "create",
- "email": "user@example.com",
- "username": "string",
- "sudoer": false,
- "known": false
}[- {
- "username": "string",
- "ssh-keys": [
- "string"
]
}
]Retrieves a single validation set by its account ID and name.
| account-id required | string Example: ABCDEF12345678900987654321FEDCBA The developer account ID for the validation set. |
| name required | string Example: myset1 The name of the validation set. |
{- "account-id": "string",
- "name": "string",
- "mode": "monitor",
- "pinned-at": 0,
- "sequence": 0,
- "valid": true
}Apply or forget a specific validation set.
| account-id required | string Example: ABCDEF12345678900987654321FEDCBA The developer account ID for the validation set. |
| name required | string Example: myset1 The name of the validation set. |
| action required | string Enum: "apply" "forget" The operation to perform on the validation set. |
| mode | string Enum: "monitor" "enforce" The mode to enable for the validation set. Required when action is 'apply'. |
| sequence | integer When using 'apply': an optional sequence number to pin. When using 'forget': an optional sequence number to match before forgetting. |
{- "action": "apply",
- "mode": "monitor",
- "sequence": 1
}{- "account-id": "ABCDEF12345678900987654321FEDCBA",
- "mode": "monitor",
- "name": "myset1",
- "pinned-at": 1,
- "sequence": 1,
- "valid": true
}Retrieves the current warnings in snapd.
| select | string Default: "pending" Enum: "" "all" "pending" Retrieve specific warnings. The default only shows pending warnings. All shows warnings that haven't expired or been cleaned. |
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": [
- {
- "message": "string",
- "first-added": "2025-09-08T17:29:40.829324752Z",
- "last-added": "2025-09-08T17:34:40.829324752Z",
- "last-shown": "2025-09-08T17:34:40.829324752Z",
- "delete-after": "1h30m",
- "repeat-after": "30m"
}
]
}Warnings can only be acknowledged to clear them, but they may reoccur Acknowledging warnings does not fix the underlying cause.
| action required | string Value: "okay" |
| timestamp required | string <date-time> Time to clear warnings before (RFC3339 UTC format). |
{- "action": "okay",
- "timestamp": "2025-09-08T17:29:40.829324752Z"
}{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": 0
}Retrieves a list of all available recovery systems on the device.
{- "systems": [
- {
- "actions": [
- {
- "mode": "install",
- "title": "Reinstall"
}
], - "brand": {
- "display-name": "Canonical",
- "id": "canonical",
- "username": "canonical",
- "validation": "starred"
}, - "current": true,
- "default-recovery-system": true,
- "label": "20240603",
- "model": {
- "brand-id": "canonical",
- "display-name": "ubuntu-core-24-amd64",
- "model": "ubuntu-core-24-amd64"
}
}
]
}Perform an action such as 'reboot', 'install' on the current active recovery system, or 'create' a new recovery system.
| action required | string Value: "create" |
| label required | string A unique label for the new recovery system. |
| validation-sets | Array of strings A list of validation set strings to use for creating the system. |
| test-system | boolean Default: false If true, creates the system as a test system. |
| mark-default | boolean Default: false If true, marks the new system as the default recovery system. |
| offline | boolean Default: false If true, performs the creation in offline mode. |
{- "action": "create",
- "label": "string",
- "validation-sets": [
- "string"
], - "test-system": false,
- "mark-default": false,
- "offline": false
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Retrieves detailed information for a single recovery system, including storage encryption status and available actions.
| label required | string The label of the recovery system. |
{- "current": true,
- "label": "string",
- "brand": {
- "id": "string",
- "username": "string",
- "display-name": "string",
- "validation": "string"
}, - "model": { },
- "actions": [
- {
- "title": "string",
- "mode": "string"
}
], - "available-optional": {
- "snaps": [
- "string"
], - "components": [
- "string"
]
}, - "volumes": [
- {
- "name": "string",
- "type": "string",
- "size": "string"
}
], - "storage-encryption": {
- "support": "disabled",
- "storage-safety": "string",
- "type": "string",
- "unavailable-reason": "string",
- "availability-check-errors": [
- "string"
], - "features": [
- "passphrase-auth"
]
}
}Perform an action on the recovery system identified by its label. The required parameters in the request body depend on the specified action.
| label required | string The label of the recovery system. |
| action required | string Value: "do" |
| mode required | string The mode of the action to perform (e.g., 'recover', 'run'). |
| title | string The title of the custom action to perform. |
{- "action": "do",
- "mode": "string",
- "title": "string"
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Retrieves a dictionary of server configuration and environment information.
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "architecture": "amd64",
- "build-id": "3672763544646f6c...",
- "confinement": "partial",
- "features": {
- "property1": {
- "supported": true,
- "unsupported-reason": "string",
- "enabled": true
}, - "property2": {
- "supported": true,
- "unsupported-reason": "string",
- "enabled": true
}
}, - "kernel-version": "6.14.0-29-generic",
- "locations": {
- "snap-bin-dir": "/snap/bin",
- "snap-mount-dir": "/snap"
}, - "managed": true,
- "on-classic": true,
- "os-release": {
- "id": "ubuntu",
- "variant-id": "desktop",
- "version-id": "24.04"
}, - "refresh": {
- "timer": "mon-wed,fri,9:00-11:00/2",
- "last": "2025-09-11T13:18:00-02:30",
- "next": "2025-09-11T22:37:00-02:30"
}, - "sandbox-features": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}, - "series": "16",
- "system-mode": "install",
- "version": "2.72"
}
}Create or remove local users on the system.
| action required | string Enum: "create" "remove" |
string <email> | |
| username | string |
| sudoer | boolean Default: false Whether the user can escalate to root privileges or not. |
| known | boolean Default: false |
{- "action": "create",
- "email": "user@example.com",
- "username": "string",
- "sudoer": false,
- "known": false
}[- {
- "username": "string",
- "ssh-keys": [
- "string"
]
}
]Retrieves a single validation set by its account ID and name.
| account-id required | string Example: ABCDEF12345678900987654321FEDCBA The developer account ID for the validation set. |
| name required | string Example: myset1 The name of the validation set. |
{- "account-id": "string",
- "name": "string",
- "mode": "monitor",
- "pinned-at": 0,
- "sequence": 0,
- "valid": true
}Apply or forget a specific validation set.
| account-id required | string Example: ABCDEF12345678900987654321FEDCBA The developer account ID for the validation set. |
| name required | string Example: myset1 The name of the validation set. |
| action required | string Enum: "apply" "forget" The operation to perform on the validation set. |
| mode | string Enum: "monitor" "enforce" The mode to enable for the validation set. Required when action is 'apply'. |
| sequence | integer When using 'apply': an optional sequence number to pin. When using 'forget': an optional sequence number to match before forgetting. |
{- "action": "apply",
- "mode": "monitor",
- "sequence": 1
}{- "account-id": "ABCDEF12345678900987654321FEDCBA",
- "mode": "monitor",
- "name": "myset1",
- "pinned-at": 1,
- "sequence": 1,
- "valid": true
}Retrieves the current warnings in snapd.
| select | string Default: "pending" Enum: "" "all" "pending" Retrieve specific warnings. The default only shows pending warnings. All shows warnings that haven't expired or been cleaned. |
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": [
- {
- "message": "string",
- "first-added": "2025-09-08T17:29:40.829324752Z",
- "last-added": "2025-09-08T17:34:40.829324752Z",
- "last-shown": "2025-09-08T17:34:40.829324752Z",
- "delete-after": "1h30m",
- "repeat-after": "30m"
}
]
}Warnings can only be acknowledged to clear them, but they may reoccur Acknowledging warnings does not fix the underlying cause.
| action required | string Value: "okay" |
| timestamp required | string <date-time> Time to clear warnings before (RFC3339 UTC format). |
{- "action": "okay",
- "timestamp": "2025-09-08T17:29:40.829324752Z"
}{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": 0
}{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "property1": {
- "property1": {
- "command": "string",
- "status": "auto",
- "auto": "string",
- "manual": "string"
}, - "property2": {
- "command": "string",
- "status": "auto",
- "auto": "string",
- "manual": "string"
}
}, - "property2": {
- "property1": {
- "command": "string",
- "status": "auto",
- "auto": "string",
- "manual": "string"
}, - "property2": {
- "command": "string",
- "status": "auto",
- "auto": "string",
- "manual": "string"
}
}
}
}Modify aliases by performing an 'alias', 'unalias', or 'prefer' action.
The action to perform on an alias.
| action required | string Enum: "alias" "unalias" "prefer" The action to perform on the alias. |
| snap | string The snap name to modify (optional for unalias). |
| app | string The app to modify (optional). |
| alias required | string The alias to modify. |
{- "action": "alias",
- "snap": "moon-buggy",
- "app": "string",
- "alias": "foo"
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Lists applications available from installed snaps. Can be filtered by services or snap names.
| global | boolean Defaults to true for the root user to preserve normal behavior and match snapctl functionality. |
| select | string Value: "service" Example: select=service Limit which apps are returned. |
| names | string Example: names=spotify, lxd Comma-separated list of snap names to get apps for. |
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": {
- "snap": "lxd",
- "name": "daemon",
- "daemon": "simple",
- "enabled": true,
- "activators": [
- {
- "name": "unix",
- "type": "socket",
- "active": true,
- "enabled": true
}
]
}
}Perform actions like start, stop, or restart on snap applications, typically services.
The action to perform on one or more applications.
| action required | string The action to perform. | ||||
| names required | Array of strings A list of names of snaps (e.g. "lxd") or specific apps (e.g. "lxd.daemon") to operate on. | ||||
| scope | Array of strings | ||||
object | |||||
| |||||
| enable | boolean Default: false Arranges to have the service start at system boot. | ||||
{- "action": "start",
- "names": [
- "lxd"
], - "enable": true
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Retrieves a list of all outstanding access request prompts.
| user-id | integer Admin only: Specify a particular UID with which to identify when acting on the API, rather than the default, which is the UID of the client. |
[- {
- "id": "string",
- "timestamp": "2019-08-24T14:15:22Z",
- "snap": "string",
- "interface": "home",
- "constraints": {
- "requested-permissions": [
- "access"
], - "available-permissions": [
- "access"
]
}
}
][- {
- "group-name": "logmem",
- "subgroups": [
- "string"
], - "parent": "string",
- "snaps": [
- "string"
], - "services": "string",
- "constraints": {
- "memory": 32768,
- "cpu": "string",
- "cpu-set": "string",
- "threads": 2,
- "journal": {
- "size": 0,
- "rate-count": 0,
- "rate-period": 0
}
}, - "current": { }
}
]Create, modify, or remove a quota group.
| action required | string Enum: "ensure" "remove" | ||||||||||||||||||||||||||||||
required | object (QuotaGroup) Defines a quota group for one or more snaps. | ||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||
{- "action": "ensure",
- "quota-group": {
- "group-name": "logmem",
- "subgroups": [
- "string"
], - "parent": "string",
- "snaps": [
- "string"
], - "services": "string",
- "constraints": {
- "memory": 32768,
- "cpu": "string",
- "cpu-set": "string",
- "threads": 2,
- "journal": {
- "size": 0,
- "rate-count": 0,
- "rate-period": 0
}
}, - "current": { }
}
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Retrieves the details for a single quota group by its name, or returns an error.
| group-name required | string The name of the quota group. |
{- "group-name": "logmem",
- "subgroups": [
- "string"
], - "parent": "string",
- "snaps": [
- "string"
], - "services": "string",
- "constraints": {
- "memory": 32768,
- "cpu": "string",
- "cpu-set": "string",
- "threads": 2,
- "journal": {
- "size": 0,
- "rate-count": 0,
- "rate-period": 0
}
}, - "current": { }
}Retrieves a list containing metadata for all snapshot sets stored on the system.
{- "status-code": 200,
- "status": "OK",
- "type": "sync",
- "result": [
- {
- "id": 1,
- "snapshots": [
- {
- "id": 2,
- "set": 1,
- "time": "2025-08-18T14:30:38.226662804-02:30",
- "snap": "libreoffice",
- "snap-id": "CpUkI0qPIIBVRsjy49adNq4D6Ra72y4v",
- "revision": "355",
- "version": "25.2.5.2",
- "size": 1286593,
- "auto": true,
- "epoch": {
- "read": [
- 0
], - "write": [
- 0
]
}, - "sha3-384": {
- "archive.tgz": "fb8e887e47b1e8763d82ee5ddc8da8ad4601824d3154381a5d3b5bbe4125ded31fcc7b701a8318fbe3ea21213f333c8b",
- "user/$USER.tgz": "00cd2cf11d3c5731129dd11f8f82b0f13e807f6d839fd79afe052e301e43ee32ecdd217059cae0c400ff9c49e6dbaff6"
}, - "summary": "string"
}
]
}
]
}Performs an action on a snapshot set, such as restoring, checking, forgetting, or importing from a data stream.
The action to perform. Can be a JSON object for manipulation or a binary stream for import.
| action required | string Enum: "restore" "check" "forget" |
| set required | integer The ID of the snapshot set to operate on. |
| snaps | Array of strings An array of snap names to restrict the action to. |
| users | Array of strings An array of user names to restrict the action to (disallowed for 'forget'). |
{- "action": "restore",
- "set": 0,
- "snaps": [
- "string"
], - "users": [
- "string"
]
}{- "type": "async",
- "status-code": 202,
- "status": "Accepted",
- "change": "61",
- "result": null
}Retrieves a snapshot set as a downloadable tar archive (.tgz).
The response body is a binary stream.
| set-id required | integer Example: 2 The ID of the snapshot set to export. |
{- "status-code": 400,
- "status": "Bad Request",
- "type": "error",
- "result": {
- "kind": "option-not-available",
- "message": "cannot get 'ssid' through canonical/network/wifi-setup: no data"
}
}Removes and resets LUKS encryption keys when using full disk encryption on Ubuntu Core devices.
| action required | string Value: "remove" The only supported action is 'remove'. |
{- "action": "remove"
}{- "status-code": 400,
- "status": "Bad Request",
- "type": "error",
- "result": {
- "kind": "option-not-available",
- "message": "cannot get 'ssid' through canonical/network/wifi-setup: no data"
}
}