Authentication
All custom proxy endpoints require a valid Forgejo personal access token. The proxy supports three authentication methods.
Method 1: Authorization Header (Preferred)
Section titled “Method 1: Authorization Header (Preferred)”Pass the token in the Authorization header using the token scheme:
curl -H 'Authorization: token YOUR_FORGEJO_TOKEN' \ 'https://forgejo-proxy.hochguertel.work/api/v1/repos/owner/repo/actions/runs/latest/logs'This is the recommended approach and matches Forgejo’s own API convention.
Method 2: access_token Query Parameter
Section titled “Method 2: access_token Query Parameter”curl 'https://forgejo-proxy.hochguertel.work/api/v1/repos/owner/repo/actions/runs/latest/logs?access_token=YOUR_FORGEJO_TOKEN'Method 3: token Query Parameter
Section titled “Method 3: token Query Parameter”curl 'https://forgejo-proxy.hochguertel.work/api/v1/repos/owner/repo/actions/runs/latest/logs?token=YOUR_FORGEJO_TOKEN'Resource-Level Access Control
Section titled “Resource-Level Access Control”The proxy enforces access control at the resource level. Before executing a custom endpoint, it verifies that the provided token has read access to the target repository or organisation using Forgejo’s standard API.
This means:
- Your token must have at least repository read permission for repo-scoped endpoints
- Your token must have at least organisation read permission for org-scoped endpoints
- Only after this check passes does the proxy use its privileged admin session to scrape data
This ensures that a valid user token cannot access repositories they don’t normally have permission to read, even though the proxy operates with elevated privileges internally.
Generating a Token
Section titled “Generating a Token”- Log in to your Forgejo instance
- Go to Settings → Applications → Manage Access Tokens
- Create a token with at least Repository: Read scope
- Copy the token — it is only shown once