News and Notes from the Makers of Nexus | Sonatype Blog

Learn the 2.x REST API: Automating Sonatype Nexus Repository

Written by Peter Lynch | March 08, 2018

Note: Originally published on January 26, 2015.

Like any modern web application, Sonatype Nexus Repository exposes REST based endpoints to exchange information over HTTP. If you see information in the Sonatype Nexus Repository user interface or notice a task performed using one of our Apache Maven plugins or Apache Ant tasks, then repeating the action with an automation tool that you write yourself is possible.

In Product Support, we often get asked about how to quickly get up to speed learning about the REST endpoints that Sonatype Nexus Repository exposes. I'll go over that with you in this article.

The path of least resistance

Sonatype Nexus Repository has endpoints at several root paths.

Assuming the default root webapp context of /nexus, these are:

  • /nexus/service/local/
    Legacy endpoints based on an old version of the Restlet Framework
  • /nexus/internal/
    Metric and monitoring endpoints provided by Dropwizard Metrics
  • /nexus/service/siesta/
    Modern endpoints based on standard JAX-RS

All requests you will need are rooted under these endpoints.

Request espionage

The best way to learn what requests are being made is to spy on what the Sonatype Nexus Repository user interface is doing. Luckily it is not difficult with freely available tools.

For actions performed in the web browser, you can use browser developer tools to watch the HTTP requests being made. Then, simply replicate these with the programming tool of your choice.

Using browser developer tools

For spying on the Nexus user interface requests in your browser, we recommend using the Google Chrome Dev Tools Network Panel or Mozilla Firefox Network Monitor.

Here's a video that demonstrates how to use Google Chrome to spy on Sonatype Nexus Repository.

 

Using a transparent proxy

Some of you wish to replicate requests sent by our Nexus Maven Plugins or Nexus Ant Tasks. Spying on those requests is possible using a transparent proxy tool. Two of these we recommend are the free OWASP Zed Attack Proxy (ZAP) and the commercial Charles Proxy. Windows users may prefer Fiddler. Each of these tool websites have plenty of documentation to get you set up.

We'll assume you have installed and are running one of the above tools at localhost:8888.

Configuring Apache Maven with a transparent proxy

Simply edit your Maven settings.xml file to include a proxy section like the following:

<proxies>
<proxy>
<id>transparent-proxy</id>
<active>true</active>
<protocol>http</protocol>
<host>localhost</host>
<port>8888</port>
<nonProxyHosts>disable-default-exclusion-of-localhost</nonProxyHosts>
</proxy>
</proxies>

After saving this change, when you run your Maven build and it makes HTTP requests to Sonatype Nexus Repository, you should see each request in your transparent proxy. You can select the request and examine the payload included to learn the details about what requests our plugins make.

Configuring Apache Ant with a transparent proxy

Our Staging Ant tasks have a special configuration for configuring proxy servers. Here is an example of what your configuration may look like.

<staging:nexusStagingInfo id="target-nexus" stagingDirectory="target/ant-staging-repo">
<staging:projectInfo groupId="com.example" artifactId="staging-test-project" version="1.0" />
<staging:connectionInfo baseUrl="http://localhost:8081/nexus">
<staging:authentication username="admin" password="admin123" />
<staging:proxy host="localhost" port="8888">
</staging:proxy>
</staging:connectionInfo>
</staging:nexusStagingInfo>

Legacy endpoint documentation

Sonatype Nexus Repository ships with some generated REST API documentation. The documentation only applies to the legacy resources mounted under /nexus/service/local/.

Sonatype Nexus Repository has used many of these endpoints since the very beginning. To allow improving our technology stack but maintain backwards compatibility, we have started to add endpoints mapped under different paths, like /nexus/service/siesta/. Unfortunately, there are no generated docs for these resources.

Source code sleuthing

One of the advantages Sonatype Nexus Repository has is that a large portion of our codebase is open source software. You can checkout nexus-oss from GitHub, open the project in an IDE and find out how the endpoints are defined, including what arguments and payloads are accepted. Be sure to use the branch or tag matching your version of Sonatype Nexus Repository.

This is the end(point)

/nexus/service/local/* -  Classes which implement org.sonatype.plexus.rest.resource.PlexusResource are located under the org.sonatype.nexus.rest package inside the nexus-restlet1x-plugin.

/nexus/service/siesta/* - Classes which implement org.sonatype.sisu.siesta.common.Resource and use standard JAX-RS annotations to define endpoints.

/nexus/internal/* - Special Metrics related endpoints useful for devops. These are registered by the MetricsModule and are borrowed from the Dropwizard Metrics project.

Nexus 3 will not REST on its laurels

We've got some big improvements planned as we build out Sonatype Nexus Repository 3 to make the overall automation experience better.

The Sonatype Nexus Repository 3 user interface is driven by the efficient Sencha ExtDirect protocol instead of typical REST endpoints. This means spying on the Sonatype Nexus Repository user interface will no longer be one of the methods of learning how to automate it.

Sonatype Nexus Repository 3 will eventually include a fully supported REST API that expects your automation needs to be the first-class consumer. It will be fully documented with modern developer-centric documentation. We are well into capturing and analyzing your common use cases. The anonymous analytics data submitted from Sonatype Nexus Repository instances around the world are also contributing to the design.

Have you done something cool automating Sonatype Nexus Repository 2? Do you have a wish list for Sonatype Nexus Repository 3? Let us know.