---
title: GitLab API Client
---

# Specification: GitLab API Client

## Purpose

Provides network access to GitLab's REST API and exposes high-level operations consumed by the data-collection layer (see [Data Collector](./spec_data_collector.md)).

---

## 1. Endpoint Responsibilities

| Operation | HTTP method & path | Successful response type | Notes |
|-----------|-------------------|--------------------------|-------|
| List groups | `GET /api/v4/groups` | JSON array of group objects | Supports pagination via default GitLab parameters; client must collate all pages and return a complete list. |
| List projects for group | `GET /api/v4/groups/{groupId}/projects` | JSON array of project objects | Same pagination handling as above. |
| Fetch project file (raw) | `GET /api/v4/projects/{projectId}/repository/files/{encodedPath}/raw?ref={branch}` | Raw text | `branch` is caller-supplied; defaults to repository's default branch when unknown. |
| List issues for project | `GET /api/v4/projects/{projectId}/issues` | JSON array of issue objects | User must provide key with auth scope capable of reading issues. |

> *Encoded path* = URL-encoded full file path (e.g. `README.md`).

---

## 2. Configuration / Authentication

* On construction the Client takes a `gitlab_host` and `group_api_key` as configuration.
* Calls go to `{gitlab_host}{path from 1.}`.
* Authentication is done via the `Bearer {group_api_key}` header

---

## 3. Error-to-Exception Mapping

| HTTP status | Raised exception |
|-------------|-----------------|
| 401 / 403 | Authentication error |
| 404 | Not-found error |
| 429 | Rate-limit error |
| Any other 4xx/5xx | Generic GitLab API error |

All exceptions propagate *as-is* to callers; the client must not swallow them.

---

## 4. Retry Strategy

* Retries are governed by two numeric settings: *max attempts* and *exponential back-off (seconds)*.
* Non-idempotent requests are not retried.
* Only retry on network errors or status codes 429 and ≥ 500.

---

## 5. Resource Management

* Provides an explicit `close()` (or context-manager support) that disposes the underlying HTTP connection pool.
* Callers must close the client after use to avoid open sockets.

---

## 6. Thread-Safety

No thread-safety guarantees are required; concurrent usage is caller's responsibility.

---

## 7. Non-Goals

* Does not perform business logic such as filtering inactive projects – that is handled by higher layers.
