# Chainguard Events

URL: https://edu.chainguard.dev/chainguard/administration/cloudevents/events-reference.md
Last Modified: April 20, 2026
Tags: Platform, Reference, Product

Chainguard Events

Chainguard generates and emits CloudEvents based on actions that occur within a Chainguard account, such as registering a Kubernetes cluster or creating an IAM invitation. Chainguard also emits events when workloads or policies are changed in a cluster.
Check out this GitHub repository for some sample applications that demonstrate how to use events to create Slack notifications, open GitHub issues, and mirror images.
To subscribe to Chainguard events for your account, use the chainctl command like this:
chainctl events subscriptions create –parent $YOUR_ORGANIZATION_OR_FOLDER https://<Your webhook URL>Once you are subscribed to Chainguard events, you will start receiving HTTP POST requests. Each request has a common set of CloudEvent header fields, denoted by the Ce- prefix. The event body is encoded using JSON and will have two top-level keys, actor and body.
The actor field is the identity of the actor in your Chainguard account that triggered the event, such as a team member or a Kubernetes cluster. The body field contains the specific data about the event, for example the response status for an invite creation request, or a cluster delete request.
UIDP Identifiers Each Chainguard event includes a Ce-Subject header that contains a UIDP (UID Path) identifier. Identifiers follow POSIX directory semantics and components are separated by / delimiters. A UIDP is comprised of:
A globally unique identifier (UID), consisting of 20 bytes, that are URL safe hex encoded. For example, account identities like 0475f6baca584a8964a6bce6b74dbe78dd8805b6.
One, or multiple / separated, scoped unique identifiers (SUID). An SUID is 8 bytes that are unique within a scope (like a group), and are URL safe hex encoded. The following is an example SUID: b74ce966caf448d1. SUIDs are used to identify every entity in Chainguard, from groups, policies, Kubernetes cluster IDs, event subscriptions, to IAM invitations, roles and role-bindings.
Since Chainguard groups can contain child groups, events in a child group will propagate to the parent and thus the UIDP will contain multiple group SUIDs, along with the entity SUID itself. For example, assuming the following components:
An account UID of 0475f6baca584a8964a6bce6b74dbe78dd8805b6 A group SUID of b74ce966caf448d1 A child of group b74ce966caf448d1 with its own SUID of dda9aab2d2d90f9e The complete UIDP in the event’s Ce-Subject header would be:
0475f6baca584a8964a6bce6b74dbe78dd8805b6/b74ce966caf448d1/dda9aab2d2d90f9e/1a4b29ca6df80013 Authorization Header Every Chainguard event has a JWT formatted OIDC ID token in its Authorization header. For authorization purposes, there are two important fields to validate:
Use the iss field to ensure that the issuer is Chainguard, specifically https://issuer.enforce.dev. Use the sub field to check that the event matches your configured Chainguard identity. For example, assuming a UIDP ID of 0475f6baca584a8964a6bce6b74dbe78dd8805b6, the value will resemble the following: webhook:0475f6baca584a8964a6bce6b74dbe78dd8805b6. If the subscription is in a sub-group, then the value will have the corresponding group SUID appended to the path. Validating these fields before processing the JWT token using a verification library can save resources, as well as alert about suspicious traffic, or misconfigured Chainguard group settings.
CloudEvents Sources Chainguard CloudEvents can come from one of three IP addresses:
34.132.193.40 35.237.242.37 35.230.121.20 Events Reference The following list of services and methods show example HTTP headers and bodies for public facing Chainguard events.
Service: Registry - Pull Method: Pulled Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: cgr.dev
Ce-Specversion: 1.0
Ce-Subject: The identifier of the repository being pulled from
Ce-Time: 2026-04-20T19:01:57.791218236Z
Ce-Type: dev.chainguard.registry.pull.v1
Content-Length: 777
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "digest": "The digest of the image being pulled", "error": { "code": "The OCI distribution-spec error code", "message": "The error message", "status": 0 }, "location": "Location holds the detected approximate location of the client who pulled. For example, \"ColumbusOHUS\" or \"Minato City13JP", "method": "The method used to pull the image. One of: HEAD or GET", "remote_address": "", "repo_id": "The identifier of the repository being pulled from", "repository": "The identifier of the repository being pulled from", "tag": "The tag of the image being pulled", "type": "Type determines whether the object being pulled is a manifest or blob", "user_agent": "The user-agent of the client who pulled", "when": "2026-04-20T19:01:57.790086" } } Service: Registry - Push Method: Pushed Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: cgr.dev
Ce-Specversion: 1.0
Ce-Subject: The identifier of the repository being pushed to
Ce-Time: 2026-04-20T19:01:57.790294339Z
Ce-Type: dev.chainguard.registry.push.v1
Content-Length: 707
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "digest": "The digest of the image being pushed", "error": { "code": "The OCI distribution-spec error code", "message": "The error message", "status": 0 }, "location": "Location holds the detected approximate location of the client who pushed. For example, \"ColumbusOHUS\" or \"Minato City13JP", "remote_address": "", "repo_id": "The identifier of the repository being pushed to", "repository": "The identifier of the repository being pushed to", "tag": "The tag of the image being pushed", "type": "Type determines whether the object being pushed is a manifest or blob", "user_agent": "The user-agent of the client who pushed", "when": "2026-04-20T19:01:57.790066" } } Service: auth - Auth Method: Register Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/auth/v1/register
Ce-Specversion: 1.0
Ce-Subject: Chainguard UIDP
Ce-Time: 2026-04-20T19:01:57.795815812Z
Ce-Type: dev.chainguard.api.auth.registered.v1
Content-Length: 154
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "group": "the group this identity has joined by invitation", "identity": "Chainguard UIDP" } } Service: events - Subscriptions Method: Create Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/events/v1/subscriptions
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier of the subscription
Ce-Time: 2026-04-20T19:01:57.801147219Z
Ce-Type: dev.chainguard.api.events.subscription.created.v1
Content-Length: 152
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "id": "UIDP identifier of the subscription", "sink": "Webhook endpoint (http/https URL)" } } Method: Delete Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/events/v1/subscriptions
Ce-Specversion: 1.0
Ce-Subject: UIDP identifier of the subscription to delete
Ce-Time: 2026-04-20T19:01:57.801449394Z
Ce-Type: dev.chainguard.api.events.subscription.deleted.v1
Content-Length: 119
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "id": "UIDP identifier of the subscription to delete" } } Service: iam - GroupAccountAssociations Method: Create Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/account_associations
Ce-Specversion: 1.0
Ce-Subject: UIDP with which this account information is associated
Ce-Time: 2026-04-20T19:01:57.791799964Z
Ce-Type: dev.chainguard.api.iam.account_associations.created.v1
Content-Length: 385
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "amazon": { "account": "Amazon account ID (if applicable)" }, "description": "description of this association", "google": { "project_id": "Google Cloud Project ID (if applicable)", "project_number": "Google Cloud Project Number (if applicable)" }, "group": "UIDP with which this account information is associated", "name": "group name" } } Method: Update Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/account_associations
Ce-Specversion: 1.0
Ce-Subject: UIDP with which this account information is associated
Ce-Time: 2026-04-20T19:01:57.793788311Z
Ce-Type: dev.chainguard.api.iam.account_associations.updated.v1
Content-Length: 336
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "amazon": { "account": "amazon account if applicable" }, "description": "group description", "google": { "project_id": "project id if applicable", "project_number": "project number if applicable" }, "group": "UIDP with which this account information is associated", "name": "group name" } } Method: Delete Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/account_associations
Ce-Specversion: 1.0
Ce-Subject: UIDP of the group whose associations will be deleted
Ce-Time: 2026-04-20T19:01:57.794079536Z
Ce-Type: dev.chainguard.api.iam.account_associations.deleted.v1
Content-Length: 129
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "group": "UIDP of the group whose associations will be deleted" } } Service: iam - GroupInvites Method: Create Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/group_invites
Ce-Specversion: 1.0
Ce-Subject: group UIDP under which this invite resides
Ce-Time: 2026-04-20T19:01:57.794367474Z
Ce-Type: dev.chainguard.api.iam.group_invite.created.v1
Content-Length: 145
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "expiration": { "seconds": 100 }, "id": "group UIDP under which this invite resides" } } Method: Delete Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/group_invites
Ce-Specversion: 1.0
Ce-Subject: UIDP of the record
Ce-Time: 2026-04-20T19:01:57.794667435Z
Ce-Type: dev.chainguard.api.iam.group_invite.deleted.v1
Content-Length: 92
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "id": "UIDP of the record" } } Service: iam - Groups Method: Create Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/groups
Ce-Specversion: 1.0
Ce-Subject: group UIDP under which this group resides
Ce-Time: 2026-04-20T19:01:57.796739298Z
Ce-Type: dev.chainguard.api.iam.group.created.v1
Content-Length: 169
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "description": "group description", "id": "group UIDP under which this group resides", "name": "group name" } } Method: Update Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/groups
Ce-Specversion: 1.0
Ce-Subject: group UIDP under which this group resides
Ce-Time: 2026-04-20T19:01:57.797035652Z
Ce-Type: dev.chainguard.api.iam.group.updated.v1
Content-Length: 169
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "description": "group description", "id": "group UIDP under which this group resides", "name": "group name" } } Method: Delete Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/groups
Ce-Specversion: 1.0
Ce-Subject: UIDP of the record
Ce-Time: 2026-04-20T19:01:57.797256585Z
Ce-Type: dev.chainguard.api.iam.group.deleted.v1
Content-Length: 92
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "id": "UIDP of the record" } } Service: iam - Identities Method: Create Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/identities
Ce-Specversion: 1.0
Ce-Subject: UIDP of identity
Ce-Time: 2026-04-20T19:01:57.80174696Z
Ce-Type: dev.chainguard.api.iam.identity.created.v1
Content-Length: 329
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "identity": { "Relationship": null, "description": "The human readable description of identity", "id": "The unique identifier of this specific identity", "name": "The human readable name of identity" }, "parent_id": "The Group UIDP path under which the new Identity resides" } } Method: Update Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/identities
Ce-Specversion: 1.0
Ce-Subject: The unique identifier of this specific identity
Ce-Time: 2026-04-20T19:01:57.802096845Z
Ce-Type: dev.chainguard.api.iam.identity.updated.v1
Content-Length: 245
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "Relationship": null, "description": "The human readable description of identity", "id": "The unique identifier of this specific identity", "name": "The human readable name of identity" } } Method: Delete Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/identities
Ce-Specversion: 1.0
Ce-Subject: UIDP of the record
Ce-Time: 2026-04-20T19:01:57.802368893Z
Ce-Type: dev.chainguard.api.iam.identity.deleted.v1
Content-Length: 92
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "id": "UIDP of the record" } } Service: iam - IdentityProviders Method: Create Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/identityProviders
Ce-Specversion: 1.0
Ce-Subject: UIDP of identity provider
Ce-Time: 2026-04-20T19:01:57.794979278Z
Ce-Type: dev.chainguard.api.iam.identity_providers.created.v1
Content-Length: 378
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "identity_provider": { "Configuration": null, "description": "The human readable description of identity provider", "id": "The UIDP of the IAM group to nest this identity provider under", "name": "The human readable name of identity provider" }, "parent_id": "The UIDP of the IAM group to nest this identity provider under" } } Method: Update Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/identityProviders
Ce-Specversion: 1.0
Ce-Subject: The UIDP of the IAM group to nest this identity provider under
Ce-Time: 2026-04-20T19:01:57.795279519Z
Ce-Type: dev.chainguard.api.iam.identity_providers.updated.v1
Content-Length: 279
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "Configuration": null, "description": "The human readable description of identity provider", "id": "The UIDP of the IAM group to nest this identity provider under", "name": "The human readable name of identity provider" } } Method: Delete Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/identityProviders
Ce-Specversion: 1.0
Ce-Subject: UIDP of the IdP
Ce-Time: 2026-04-20T19:01:57.795516272Z
Ce-Type: dev.chainguard.api.iam.identity_providers.deleted.v1
Content-Length: 89
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "id": "UIDP of the IdP" } } Service: iam - RoleBindings Method: Create Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/rolebindings
Ce-Specversion: 1.0
Ce-Subject: UIDP of the Role to bind
Ce-Time: 2026-04-20T19:01:57.797698371Z
Ce-Type: dev.chainguard.api.iam.rolebindings.created.v1
Content-Length: 261
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "parent": "The Group UIDP path under which the new RoleBinding resides", "role_binding": { "id": "UID of this role binding", "identity": "UID of the Identity to bind", "role": "UIDP of the Role to bind" } } } Method: CreateBatch Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/rolebindings/batch
Ce-Specversion: 1.0
Ce-Subject: UID of this role binding, under a parent group UIDP
Ce-Time: 2026-04-20T19:01:57.798758994Z
Ce-Type: dev.chainguard.api.iam.rolebindings.created.batch.v1
Content-Length: 220
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "role_bindings": [ { "id": "UID of this role binding, under a parent group UIDP", "identity": "UID of the Identity to bind", "role": "UIDP of the Role to bind" } ] } } Method: Update Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/rolebindings
Ce-Specversion: 1.0
Ce-Subject: UID of this role binding
Ce-Time: 2026-04-20T19:01:57.798992401Z
Ce-Type: dev.chainguard.api.iam.rolebindings.updated.v1
Content-Length: 173
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "id": "UID of this role binding", "identity": "UID of the Identity to bind", "role": "UIDP of the Role to bind" } } Method: Delete Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/iam/v1/rolebindings
Ce-Specversion: 1.0
Ce-Subject: UID of the record
Ce-Time: 2026-04-20T19:01:57.799152039Z
Ce-Type: dev.chainguard.api.iam.rolebindings.deleted.v1
Content-Length: 91
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "id": "UID of the record" } } Service: registry - Registry Method: CreateRepo Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/registry/v1/repos
Ce-Specversion: 1.0
Ce-Subject: The identifier of this specific repository
Ce-Time: 2026-04-20T19:01:57.79963411Z
Ce-Type: dev.chainguard.api.platform.registry.repo.created.v1
Content-Length: 243
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "id": "The identifier of this specific repository", "name": "The name is the human-readable name of the repository", "sync_config": { "expiration": {}, "source": "Repo ID to sync from" } } } Method: UpdateRepo Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/registry/v1/repos
Ce-Specversion: 1.0
Ce-Subject: The identifier of this specific repository
Ce-Time: 2026-04-20T19:01:57.800006577Z
Ce-Type: dev.chainguard.api.platform.registry.repo.updated.v1
Content-Length: 243
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "id": "The identifier of this specific repository", "name": "The name is the human-readable name of the repository", "sync_config": { "expiration": {}, "source": "Repo ID to sync from" } } } Method: DeleteRepo Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/registry/v1/repos
Ce-Specversion: 1.0
Ce-Subject: The identifier of this specific repository
Ce-Time: 2026-04-20T19:01:57.800198115Z
Ce-Type: dev.chainguard.api.platform.registry.repo.deleted.v1
Content-Length: 116
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "id": "The identifier of this specific repository" } } Method: CreateTag Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/registry/v1/tags
Ce-Specversion: 1.0
Ce-Subject: The identifier of this specific tag
Ce-Time: 2026-04-20T19:01:57.800367031Z
Ce-Type: dev.chainguard.api.platform.registry.tag.created.v1
Content-Length: 197
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "digest": "The digest of the manifest with this tag", "id": "The identifier of this specific tag", "name": "The unique name of the tag" } } Method: UpdateTag Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/registry/v1/tags
Ce-Specversion: 1.0
Ce-Subject: The identifier of this specific tag
Ce-Time: 2026-04-20T19:01:57.800540836Z
Ce-Type: dev.chainguard.api.platform.registry.tag.updated.v1
Content-Length: 197
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "digest": "The digest of the manifest with this tag", "id": "The identifier of this specific tag", "name": "The unique name of the tag" } } Method: DeleteTag Example HTTP Headers POST / HTTP/1.1
Host: console-api.enforce.dev
Accept-Encoding: gzip
Authorization: Bearer oidctoken
Ce-Audience: customer
Ce-Group: UID of parent group
Ce-Id: cloudevent generated UUID
Ce-Source: https://console-api.enforce.dev/registry/v1/tags
Ce-Specversion: 1.0
Ce-Subject: The identifier of this specific tag
Ce-Time: 2026-04-20T19:01:57.800721253Z
Ce-Type: dev.chainguard.api.platform.registry.tag.deleted.v1
Content-Length: 109
Content-Type: application/json
User-Agent: Chainguard Enforce Example HTTP Body { "actor": { "subject": "identity that triggered the event" }, "body": { "id": "The identifier of this specific tag" } }