Resources/The Agent API Atlas/Developer/Docker Hub

Everything an AI agent can do with the Docker Hub API.

A reference guide for building AI agents: every method, how to authenticate, and the permissions each one needs.

Endpoints29

API version2-beta

Last updated23 June 2026

Orientation

How the Docker Hub API works.

The Docker Hub API is how an app or AI agent works with a Docker Hub account: listing and creating repositories, reading the tags published to an image, managing access tokens, and reviewing an organization's members and audit log. Access is granted by exchanging a Docker ID and a personal access token for a short-lived bearer token, and the scopes on that token, such as read-only or read and write, set what each call can reach. Docker ships changes to the API through a dated changelog rather than new version numbers.

29Endpoints

8Capability groups

17Read

12Write

3Permissions

Authentication

Calls authenticate with a bearer token in JWT format, sent as 'Authorization: Bearer '. The token is obtained by posting a Docker ID and a secret, where the secret is a personal access token, an organization access token, or a password. The current route is the create access token method; the older login method still works but is deprecated. If an organization enforces single sign-on, a personal access token is required instead of a password.

Permissions

A personal access token carries one of four scopes that bound everything done with it. repo:public_read reads only public content, repo:read reads every repository the account can reach, repo:write adds creating and updating, and repo:admin adds full administration. The scopes nest, so repo:admin includes repo:write, which includes repo:read, which includes repo:public_read. The scope is fixed when the token is created, not per call.

Versioning

The API specification is labelled 2-beta and answers at a single base URL. Docker does not mint new dated versions; instead it publishes a changelog of added endpoints and deprecations. Recent changes moved repository listing, reading, and creation to namespace-scoped methods and deprecated their legacy equivalents.

Data model

The API is resource-oriented JSON over HTTPS at https://hub.docker.com. Repositories live under a namespace, which is a Docker ID or an organization name, at /v2/namespaces/{namespace}/repositories, and an image's tags hang off each repository. Account-level resources include personal and organization access tokens, organization members and groups, organization settings, and the audit log.

Connect & authenticate

Connection & authentication methods.

How an app or AI agent connects to Docker Hub determines what it can reach. Each route is governed by the token behind it and the scopes that token carries.

Ways to connect

REST API

The Docker Hub API answers at https://hub.docker.com over HTTPS, with resources under the /v2 path. Calls send a bearer token in JWT format, obtained by exchanging a Docker ID and a personal access token.

Best forConnecting an app or AI agent to Docker Hub.

Governed byThe personal or organization access token and the scope it carries.

Docs ↗

MCP server (Model Context Protocol)

Docker's first-party Docker Hub MCP Server lets an agent call Docker Hub through the Model Context Protocol. It runs locally as a Node process and exposes tools such as searching the catalogue, listing repositories by namespace, listing repository tags, and creating a repository. The source is at github.com/docker/hub-mcp, and it authenticates with a Docker ID and a personal access token.

Best forConnecting an AI agent to Docker Hub through MCP.

Governed byThe personal access token supplied to the server and the scope it carries.

Docs ↗

Authentication

Personal access token

A personal access token is exchanged, with a Docker ID, for a bearer token, and its scope, from public read only up to full administration, bounds everything done with it. It is the recommended credential for automation and is required instead of a password when single sign-on is enforced.

TokenPersonal access token (dckr_pat_...)

Best forAutomation acting as a person

Docs ↗

Organization access token

An organization access token authenticates as the organization rather than an individual, so the access does not depend on any one person's account. It is created and revoked through the organization access token methods.

TokenOrganization access token

Best forAutomation acting as an organization

Docs ↗

Password

A Docker ID and account password can be exchanged for a bearer token, but a personal access token is recommended instead, and a password is not accepted when the organization enforces single sign-on.

TokenAccount password

Best forInteractive sign-in without single sign-on

Docs ↗

Capability map

What an AI agent can do in Docker Hub.

The Docker Hub API is split into areas an agent can act on, such as repositories, tags, access tokens, organization members, and audit logs. Each area has its own methods and its own scopes, and some grant access to far more than others.

Authentication

3 endpoints

Exchange a Docker ID and a personal access token for a short-lived bearer token, complete two-factor authentication, and use the older login route.

These methods mint the bearer token that authorizes every other call.

View endpoints →

Repositories

6 endpoints

List the repositories in a namespace, read or check a single repository, create a repository, and manage its immutable-tag rules and group access.

Writes here create real repositories and change their settings.

View endpoints →

Personal access tokens

5 endpoints

List, read, create, update, and delete the personal access tokens on an account.

Writes here mint or revoke credentials that authenticate to the API.

View endpoints →

Organization access tokens

3 endpoints

List, read, create, update, and delete the access tokens that belong to an organization.

Writes here mint or revoke organization-wide credentials.

View endpoints →

Members & teams

5 endpoints

List organization members, change a member's role, remove a member, and manage the groups, called teams, inside an organization.

Writes here change who belongs to an organization and what they can do.

View endpoints →

Organization settings

2 endpoints

Read an organization's settings and update them, including which images members are allowed to use.

Writes here change organization-wide policy.

View endpoints →

Audit logs

2 endpoints

List the audit log events for an account and list the action types available to filter that log.

These methods read a record of account activity.

View endpoints →

Endpoint reference

Every Docker Hub API method.

Filter by method, access, or permission, or search any path. Select a row for version detail, rate limits, the related webhook event, and the source.

Hide deprecated

Method	Endpoint	What it does	Access	Permission	Version
Authentication Exchange a Docker ID and a personal access token for a short-lived bearer token, complete two-factor authentication, and use the older login route.3
POST	`/v2/auth/token`	Exchange a Docker ID and a secret for a short-lived bearer token in JWT format.	read	—	Current
Needs no scope; it authenticates with the identifier and secret in the body. The secret can be a personal access token, an organization access token, or a password. This is the current route, replacing the deprecated login method. Acts ontoken Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/users/login`	Create a bearer token in JWT format from a Docker ID and a secret (deprecated).	read	—	Current
Deprecated in favour of the create access token method, but still functional. As of 16 September 2024 it requires a personal access token instead of a password when the organization enforces single sign-on. Acts ontoken Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/users/2fa-login`	Complete two-factor authentication and return a bearer token after the login method.	read	—	Current
Called after the login method when the account has two-factor authentication enabled, to obtain the usable bearer token. Acts ontoken Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Repositories List the repositories in a namespace, read or check a single repository, create a repository, and manage its immutable-tag rules and group access.6
GET	`/v2/namespaces/{namespace}/repositories`	List the repositories in a namespace, with filtering and ordering.	read	`repo:read`	New
Public repositories are returned anonymously; private ones need at least repo:read. This namespace-scoped method replaced the legacy listing route, deprecated on 27 June 2025. Acts onrepository Permission (capability)`repo:read` VersionIntroduced 2025-06-27 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/namespaces/{namespace}/repositories`	Create a repository in a namespace with its name, description, and privacy.	write	`repo:write`	New
Introduced on 19 September 2025 alongside the namespace-scoped read methods, replacing the legacy create route. Acts onrepository Permission (capability)`repo:write` VersionIntroduced 2025-09-19 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v2/namespaces/{namespace}/repositories/{repository}`	Get a single repository in a namespace.	read	`repo:read`	New
A public repository is returned anonymously; a private one needs at least repo:read. Acts onrepository Permission (capability)`repo:read` VersionIntroduced 2025-09-19 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v2/namespaces/{namespace}/repositories/{repository}`	Check whether a repository exists in a namespace without returning its body.	read	`repo:read`	New
Returns 200 when the repository exists and the token can see it, and 404 otherwise. A public repository can be checked anonymously. Issued as an HTTP HEAD request, so it returns headers only with no response body. Acts onrepository Permission (capability)`repo:read` VersionIntroduced 2025-09-19 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v2/namespaces/{namespace}/repositories/{repository}/immutabletags`	Update the immutable-tag rules for a repository, which prevent matching tags from being overwritten.	write	`repo:admin`	New
Only a user with administrative privileges on the repository can change these settings. Added on 29 July 2025. Acts onrepository Permission (capability)`repo:admin` VersionIntroduced 2025-07-29 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/repositories/{namespace}/{repository}/groups`	Assign a group, called a team, to a repository with a chosen permission.	write	`repo:admin`	Current
Grants a team read or write access to the repository. Request and response formatting on this method was corrected on 25 September 2025. Acts onrepository Permission (capability)`repo:admin` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Tags List the tags published to a repository, read a single tag, and check whether a tag or any tags exist.3
GET	`/v2/namespaces/{namespace}/repositories/{repository}/tags`	List the tags published to a repository.	read	`repo:read`	Current
Paginated through page and page_size, where page_size tops out at 100. Tags on a public repository can be listed anonymously. Acts ontag Permission (capability)`repo:read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v2/namespaces/{namespace}/repositories/{repository}/tags/{tag}`	Read a single tag in a repository.	read	`repo:read`	Current
A tag on a public repository can be read anonymously. Acts ontag Permission (capability)`repo:read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v2/namespaces/{namespace}/repositories/{repository}/tags/{tag}`	Check whether a tag exists in a repository without returning its body.	read	`repo:read`	Current
Returns 200 when the tag exists and the token can see it, and 404 otherwise. Issued as an HTTP HEAD request, so it returns headers only with no response body. Acts ontag Permission (capability)`repo:read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Personal access tokens List, read, create, update, and delete the personal access tokens on an account.5
GET	`/v2/access-tokens`	List the personal access tokens on the authenticated account.	read	`repo:read`	Current
Returns token metadata, not the secret values. Paginated through page and page_size. Acts onaccess token Permission (capability)`repo:read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/access-tokens`	Create a personal access token and return its secret once.	write	`repo:admin`	Current
The new token's secret is returned only in this response and cannot be retrieved later. The token's own scope is chosen at creation. The expires_at field was added on 21 November 2025. Acts onaccess token Permission (capability)`repo:admin` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v2/access-tokens/{uuid}`	Get a single personal access token by its identifier.	read	`repo:read`	Current
Returns metadata without the secret value. Acts onaccess token Permission (capability)`repo:read` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v2/access-tokens/{uuid}`	Update a personal access token's label or enable or disable it.	write	`repo:admin`	Current
Changes the label or active state; it does not change the token's scope. Acts onaccess token Permission (capability)`repo:admin` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/v2/access-tokens/{uuid}`	Delete a personal access token permanently.	write	`repo:admin`	Current
This cannot be undone, and any integration using the token loses access immediately. Acts onaccess token Permission (capability)`repo:admin` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Organization access tokens List, read, create, update, and delete the access tokens that belong to an organization.3
GET	`/v2/orgs/{name}/access-tokens`	List the access tokens that belong to an organization.	read	`repo:admin`	Current
Organization access token management was introduced on 25 March 2025. Reading them needs organization administrative access. Acts onaccess token Permission (capability)`repo:admin` VersionIntroduced 2025-03-25 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/orgs/{name}/access-tokens`	Create an access token for an organization.	write	`repo:admin`	Current
An organization access token authenticates as the organization rather than a person. Its secret is returned only at creation. Acts onaccess token Permission (capability)`repo:admin` VersionIntroduced 2025-03-25 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/v2/orgs/{org_name}/access-tokens/{access_token_id}`	Delete an organization's access token permanently.	write	`repo:admin`	Current
This cannot be undone, and any integration using the token loses access immediately. Acts onaccess token Permission (capability)`repo:admin` VersionIntroduced 2025-03-25 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Members & teams List organization members, change a member's role, remove a member, and manage the groups, called teams, inside an organization.5
GET	`/v2/orgs/{org_name}/members`	List the members of an organization.	read	`repo:admin`	Current
Reading the member roster needs organization administrative access. Acts onmember Permission (capability)`repo:admin` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/v2/orgs/{org_name}/members/{username}`	Update an organization member's role.	write	`repo:admin`	Current
Changes what the member can do across the organization. Needs organization administrative access. Acts onmember Permission (capability)`repo:admin` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/v2/orgs/{org_name}/members/{username}`	Remove a member from an organization.	write	`repo:admin`	Current
The removed member loses access to the organization's repositories. Needs organization administrative access. Acts onmember Permission (capability)`repo:admin` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v2/orgs/{org_name}/groups`	List the groups, called teams, in an organization.	read	`repo:admin`	Current
A group is the unit a repository's access is granted to. Reading them needs organization administrative access. Acts ongroup Permission (capability)`repo:admin` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v2/orgs/{org_name}/groups`	Create a group, called a team, in an organization.	write	`repo:admin`	Current
Members are added to the group separately, and the group is then granted access to repositories. Acts ongroup Permission (capability)`repo:admin` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Organization settings Read an organization's settings and update them, including which images members are allowed to use.2
GET	`/v2/orgs/{name}/settings`	Get an organization's settings.	read	`repo:admin`	Current
Includes which images members are restricted to. Some settings apply only on a business subscription. Acts onorganization Permission (capability)`repo:admin` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/v2/orgs/{name}/settings`	Update an organization's settings, such as which images members may use.	write	`repo:admin`	Current
Only a user with the owner role can modify these settings. The restricted images setting applies only on a business subscription. Acts onorganization Permission (capability)`repo:admin` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Audit logs List the audit log events for an account and list the action types available to filter that log.2
GET	`/v2/auditlogs/{account}`	List the audit log events for an account.	read	`repo:admin`	Current
Records who did what and when across the organization. Access to organization access token events was added on 18 March 2025. Acts onaudit event Permission (capability)`repo:admin` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v2/auditlogs/{account}/actions`	List the audit log action types available to filter the event log.	read	`repo:admin`	Current
Returns the catalogue of action names, such as plan and member actions, used as filters when querying events. Acts onaudit event Permission (capability)`repo:admin` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗

No endpoints match those filters.

Webhooks

Webhook events.

Docker Hub does not document push or autobuild webhooks in its current API reference, so this Atlas does not list webhook events. Repository webhooks are configured in the Docker Hub interface, and the events they send are outside the documented v2 API.

Event	What it signals	Triggered by

No events match that search.

Rate limits & pagination

Rate limits, pagination & request size.

Docker Hub does not publish a per-method rate limit for its management API in the API reference. The well-known Docker Hub pull rate limits apply to the separate image registry, not to the calls listed here.

Request rate

Docker Hub does not state a per-method rate limit for the management API in its API reference, so this Atlas does not attach a numeric limit to each method. The separate image registry has its own well-known pull rate limits, decided by plan and whether the puller is signed in, but those govern pulling images, not the management calls listed here. An agent should still back off and retry when a response signals throttling.

Pagination

List methods use page-number pagination through the page and page_size query parameters. page_size defaults to 10 and tops out at 100 on the repository and tag listings. A list response carries a count of total items along with next and previous URLs, and the next URL should be followed rather than built by hand.

Request size

Requests and responses are JSON. Listings are capped through page_size, which reaches at most 100 items per page on the documented list methods, so large result sets are read across multiple pages.

Errors

Status codes & error handling.

The status codes an agent should handle, and what to do about each.

Status	Code	Meaning	What to do
400	`Bad Request`	The request was malformed or a parameter was invalid, such as an unrecognized ordering value on the repository listing.	Read the error body, correct the named field or parameter, and resend.
401	`Unauthorized`	Authentication is missing or the bearer token is invalid or expired. The bearer token returned by the authentication methods is short-lived.	Obtain a fresh bearer token through the create access token method and resend with a valid Authorization header.
403	`Forbidden`	The token is valid but its scope or the account's role does not permit the action, such as a read-only token attempting a write or a non-owner changing organization settings.	Use a token with a higher scope, such as repo:write or repo:admin, or have an owner perform the action.
404	`Not Found`	The resource does not exist, or the token cannot see a private resource. A private repository a token cannot reach can appear as not found.	Confirm the namespace and name are correct and the token has access to the resource.

Versioning & freshness

Version history.

The Docker Hub API is labelled 2-beta in its specification, and Docker ships dated changes through a published changelog rather than minting new version numbers. The newest dated change is 21 November 2025.

Version history

What changed, and when

Latest version2-beta

2-betaCurrent version

Docker Hub API (current)

The Docker Hub API is labelled 2-beta in its specification and answers at a single base URL. Rather than minting new dated versions, Docker publishes a changelog of added endpoints and deprecations, and the entries below are the notable dated changes from that changelog.

What changed

Single base URL at https://hub.docker.com with resources under the /v2 path
Changes shipped through a dated changelog, not new version numbers
Bearer tokens in JWT format, obtained by exchanging a Docker ID and a personal access token

2025-11-21Feature update

Token expiry field added

The personal access token management methods began returning an expires_at field, so an integration can see when a token will stop working.

What changed

Added the expires_at field to the personal access token methods

2025-09-19Feature update

Namespace-scoped repository methods

New methods to create, read, and check a repository within a namespace were added, and the legacy repository methods were deprecated. The assign repository group method had its request and response formatting corrected on 25 September 2025.

What changed

Added namespace-scoped methods to create, read, and check a repository
Deprecated the legacy repository methods
Corrected formatting on the assign repository group method (25 September 2025)

2025-07-29Feature update

Immutable tag rules

Methods were added to update and verify a repository's immutable-tag rules, which prevent matching tags from being overwritten.

What changed

Added methods to update and verify a repository's immutable-tag rules

2025-06-27Feature update

List repositories in a namespace

The method to list repositories within a namespace was added, and the legacy listing route was deprecated.

What changed

Added the method to list repositories in a namespace
Deprecated the legacy listing route

2025-03-25Feature update

Organization access tokens

Organization access token management methods were introduced, letting automation authenticate as an organization rather than a person. Audit log access was extended to organization access token events on 18 March 2025.

What changed

Introduced organization access token management methods
Extended audit log access to organization access token events (18 March 2025)

An integration calls the same base URL and follows the changelog for added endpoints and deprecations.

Docker Hub API changelog ↗

Questions

Docker Hub API, answered.

How does an agent authenticate to the Docker Hub API?+

An agent posts a Docker ID and a secret to the create access token method and receives a short-lived bearer token in JWT format, which it then sends on every call as 'Authorization: Bearer '. The secret should be a personal access token rather than an account password, and if the organization enforces single sign-on a personal access token is required. The older login method returns the same kind of token but is deprecated in favour of the create access token route.

What scopes can a personal access token have?+

Four scopes exist, and each includes the ones below it. repo:public_read reads only public content, such as Docker Official Images. repo:read reads every repository the account can access, including private ones. repo:write adds creating and updating repositories. repo:admin adds full repository administration. A token to pull images in production typically uses repo:read, while a continuous-integration token that also pushes uses repo:write.

Can the API delete a repository or a tag?+

The current Docker Hub API reference documents listing, reading, creating, and checking repositories, and listing, reading, and checking tags, but it does not document methods to delete a repository or a tag. Repository and tag deletion is handled in the Docker Hub interface. Where this Atlas omits a delete method, it is because the official reference does not document one, not an oversight.

What is a namespace in the Docker Hub API?+

A namespace is the account a repository belongs to, which is either a personal Docker ID or an organization name. Repository methods are namespace-scoped, so a path like /v2/namespaces/{namespace}/repositories/{repository} names the account and the repository together. Listing repositories for a namespace returns the repositories that account owns, subject to the token's scope and visibility.

Are there rate limits on the management API?+

The API reference does not publish a per-method rate limit for the management API. The rate limits people most often mean for Docker Hub are the image pull limits, which apply to the separate registry and depend on the plan and whether the puller is signed in, not to the management calls described here. An agent should still handle throttling responses gracefully and back off before retrying.

Does Docker offer an MCP server for Docker Hub?+

Yes. The Docker Hub MCP Server is a first-party server, published by Docker at github.com/docker/hub-mcp, that exposes Docker Hub API capabilities to an AI agent through the Model Context Protocol. It runs locally and exposes tools such as searching the catalogue, listing repositories by namespace, listing repository tags, and creating a repository. It authenticates with a Docker ID and a personal access token supplied through environment variables.

What is Bollard AI?

Control what every AI agent can do in Docker Hub.

Bollard AI sits between a team's AI agents and Docker Hub. Grant each agent exactly the access it needs, read or write, repository by repository, and every call is checked and logged.

Set read, write, or admin access per agent, never a shared Docker access token.
Denied by default, so an agent reaches only what has been explicitly allowed.
Every call recorded in plain English: who, what, where, and the decision.

Control Docker Hub access in Bollard Browse all APIs →

Docker Hub

Release Agent

Read repositories and tags ResourceOffReadFull use

Create repositories ActionOffReadFull use

Manage access tokens ResourceOffReadFull use

Per-agent access, set in Bollard AI, not in Docker Hub

How the Docker Hub API works.

Connection & authentication methods.

REST API

MCP server (Model Context Protocol)

Personal access token

Organization access token

Password

What an AI agent can do in Docker Hub.

Authentication

Repositories

Tags

Personal access tokens

Organization access tokens

Members & teams

Organization settings

Audit logs

Every Docker Hub API method.

Authentication

Repositories

Tags

Personal access tokens

Organization access tokens

Members & teams

Organization settings

Audit logs

Webhook events.

Rate limits, pagination & request size.

Request rate

Pagination

Request size

Status codes & error handling.

Version history.

What changed, and when

Docker Hub API, answered.

More developer API guides for agents

DigitalOcean

GitHub

Make

Datadog

LaunchDarkly

Gitea

Control what every AI agent can do in Docker Hub.