authentication in gitlab api for MR

Question

Context:

as part of some project, i have to fetch all details of a MR (directory structure / +1s / comment resolutions / etc) . This will also have to be merged later based on certain conditions.

All this is done via third party application which would have access to the gitlab's branch in which MR would be raised

Problem area

Going through API documentation i am trying to fetch an MR but every time i am hitting the login authentication page ( even after adding Personal Access Token )

In [14]: url_value
Out[14]: "https://gitlab.our_custom_domain.com/projects/frontend-services/major_repo/merge_requests/11/?private_token='DcpikqosHCyZAstyzXBQ'"

In [15]: requests.get(url_value).text
Out[15]: '<!DOCTYPE html>\n<html class="devise-layout-html">\n<head prefix="og: http://ogp.me/ns#">\n<meta charset="utf-8">\n<meta content="IE=edge" http-equiv="X-UA-Compatible">\n<meta content="object" property="og:type">\n<meta content="GitLab" property="og:site_name">\n<meta content="Sign in" property="og:title">\n<meta content="GitLab Community Edition" property="og:description">\n<meta content="https://gitlab.our_custom_domain.com/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" property="og:image">\n<meta content="64" property="og:image:width">\n<meta content="64" property="og:image:height">\n<meta content="https://gitlab.our_custom_domain.com/users/sign_in" property="og:url">\n<meta content="summary" property="twitter:card">\n<meta content="Sign in" property="twitter:title">\n<meta content="GitLab Community Edition" property="twitter:description">\n<meta content="https://gitlab.our_custom_domain.com/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" property="twitter:image">\n\n<title>Sign in · GitLab</title>\n<meta content="GitLab Community Edition" name="description">\n<link rel="shortcut icon" type="image/png" href="/assets/favicon-7901bd695fb93edb07975966062049829afb56cf11511236e61bcf425070e36e.png" id="favicon" data-original-href="/assets/favicon-7901bd695fb93edb07975966062049829afb56cf11511236e61bcf425070e36e.png" />\n<link rel="stylesheet" media="all" href="/assets/application-3699df5421217cf3678b3fccba46be0eb9ba5f72488c2eece3cf7ee2e8e8b284.css" />\n<link rel="stylesheet" media="print" href="/assets/print-c8ff536271f8974b8a9a5f75c0ca25d2b8c1dceb4cff3c01d1603862a0bdcbfc.css" />\n\n\n<script>\n//<![CDATA[\nwindow.gon={};gon.api_version="v4";gon.default_avatar_url="https://gitlab.our_custom_domain.com/assets/no_avatar-849f9c04a3a0d0cea2424ae97b27447dc64a7dbfae83c036c45b403392f0e8ba.png";gon.max_file_size=10;gon.asset_host=null;gon.webpack_public_path="/assets/webpack/";gon.relative_url_root="";gon.shortcuts_path="/help/shortcuts";gon.user_color_scheme="white";gon.gitlab_url="https://gitlab.our_custom_domain.com";gon.revision="35936b0";gon.gitlab_logo="/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png";gon.sprite_icons="/assets/icons-07542808fffaf82e9b57b144464ea42620b32f65ce441c01528d23d4b96d5f11.svg";gon.sprite_file_icons="/assets/file_icons-7262fc6897e02f1ceaf8de43dc33afa5e4f9a2067f4f68ef77dcc87946575e9e.svg";gon.emoji_sprites_css_path="/assets/emoji_sprites-289eccffb1183c188b630297431be837765d9ff4ae
.....
.....
.....
.....

Question:

How do i authenticate a request when using a gitlab API?

Answer 1

As mentioned in GitLab API

You can use a personal access token to authenticate with the API by passing it in either the private_token parameter or the Private-Token header.

Example of using the personal access token in a parameter:

curl https://gitlab.example.com/api/v4/projects?private_token=<your_access_token>

Example of using the personal access token in a header:

curl --header "Private-Token: <your_access_token>" https://gitlab.example.com/api/v4/projects

In your case:

merge_requests/11/?private_token='DcpikqosHCyZAstyzXBQ'"

Don't use simple quotes around the PAT (Personal Access Token)

merge_requests/11/?private_token=DcpikqosHCyZAstyzXBQ

---

Note that with GitLab 15.3 (August 2022), authentication will also applies to media files:

Enforce authorization checks for all media files

Images attached to issues, merge requests, or comments did not require authentication to be viewed if you knew the direct URL of the attachment. In some cases, this wasn’t enough security for compliance-minded organizations.

Authorization checks are now enabled by default for all newly created projects, and can be configured in the UI for existing projects to meet your organizational needs. Authentication checks may cause issues for email clients, which can’t create a valid GitLab session to authenticate.

See Documentation and Issue.