You can interact with the Depot API only through the following Connect RPC-based SDKs:
depot/sdk-node)depot/depot-go)Both SDKs provide access to the Project, Build, Registry, and Usage services. The Go SDK additionally provides lower-level BuildKit APIs for direct interaction with build infrastructure.
The Depot API includes the following services. Access each service through the SDKs using the methods listed below:
ListProjects - List all projects for an organizationGetProject - Get details for a specific projectCreateProject - Create a new projectUpdateProject - Update a project's configurationDeleteProject - Delete a projectResetProject - Reset a project (terminates all machines and deletes all cached data)ListTrustPolicies - List trust policies for a projectAddTrustPolicy - Add a trust policy to a projectRemoveTrustPolicy - Remove a trust policy from a projectListTokens - List all tokens for a projectCreateToken - Create a new project tokenUpdateToken - Update a project tokenDeleteToken - Delete a project tokenCreateBuild - Create a new buildFinishBuild - Mark a build as finishedGetBuildSteps - Get the steps for a buildGetBuildStepLogs - Get logs for a specific build stepdepot.build.v1.RegistryService
ListImages - List all images in a project's registryDeleteImages - Delete images from a project's registrydepot.buildkit.v1.BuildKitService
GetEndpoint - Get a BuildKit endpoint for a buildReportHealth - Report the health status of a buildReleaseEndpoint - Release a BuildKit endpointListProjectUsage - List usage data for projectsGetProjectUsage - Get usage data for a specific projectGetUsage - Get detailed usage data over a specified periodDocs: depot.core.v1.ProjectService
A project is an isolated cache. Projects belong to a single organization and are never shared. They represent the layer cache associated with the images built inside of it; you can build multiple images for different platforms with a single project. Or you can choose to have one project per image built.
When you want to segregate your customer builds from one another, we recommend one project per customer.
You can list all of the projects for your org with an empty request payload.
const headers = {Authorization: `Bearer ${process.env.DEPOT_TOKEN}`}
const result = await depot.core.v1.ProjectService.listProjects({}, {headers})
console.log(result.projects)To create a project, you need to pass a request that contains the name of the project, the id of your organization, the region you want to create the project in, and the cache volume size you want to use with the project.
Supported regions:
us-east-1eu-central-1const headers = {Authorization: `Bearer ${process.env.DEPOT_TOKEN}`}
const result = await depot.core.v1.ProjectService.createProject(
{
name: 'my-project',
organizationId: 'org-id',
regionId: 'us-east-1',
cachePolicy: {keepBytes: 50 * 1024 * 1024 * 1024, keepDays: 14},
},
{headers},
)
console.log(result.project)To get a project, you need to pass the ID of the project you want to get.
const headers = {Authorization: `Bearer ${process.env.DEPOT_TOKEN}`}
const result = await depot.core.v1.ProjectService.getProject({projectId: 'project-id'}, {headers})
console.log(result.project)To update a project, you can pass the ID of the project you want to update and the fields you want to update.
const headers = {Authorization: `Bearer ${process.env.DEPOT_TOKEN}`}
const result = await depot.core.v1.ProjectService.updateProject(
{
projectId: 'project-id',
name: 'my-project',
regionId: 'us-east-1',
cachePolicy: {keepBytes: 50 * 1024 * 1024 * 1024, keepDays: 14},
hardware: Hardware.HARDWARE_32X64,
},
{headers},
)
console.log(result.project)You can delete a project by ID. This will destroy any underlying volumes associated with the project.
await depot.core.v1.ProjectService.deleteProject({projectId: 'project-id'}, {headers})You can list the tokens for a project by ID.
const headers = {Authorization: `Bearer ${process.env.DEPOT_TOKEN}`}
const result = await depot.core.v1.ProjectService.listTokens({projectId: 'project-id'}, {headers})You can create a token for a given project ID.
const headers = {Authorization: `Bearer ${process.env.DEPOT_TOKEN}`}
const result = await depot.core.v1.ProjectService.createToken(
{
projectId: 'project-id',
description: 'my-token',
},
{headers},
)You can update a project token by ID.
const headers = {Authorization: `Bearer ${process.env.DEPOT_TOKEN}`}
const result = await depot.core.v1.ProjectService.updateToken(
{
tokenId: 'token-id',
description: 'new-description',
},
{headers},
)You can delete a project token by ID.
const headers = {Authorization: `Bearer ${process.env.DEPOT_TOKEN}`}
const result = await depot.core.v1.ProjectService.deleteToken({tokenId: 'token-id'}, {headers})const policies = await depot.core.v1.ProjectService.listTrustPolicies({projectId: 'project-id'}, {headers})// GitHub
await depot.core.v1.ProjectService.addTrustPolicy(
{
projectId: 'project-id',
provider: {
case: 'github',
value: {
repositoryOwner: 'org',
repository: 'repo',
},
},
},
{headers},
)// BuildKite
await depot.core.v1.ProjectService.addTrustPolicy(
{
projectId: 'project-id',
provider: {
case: 'buildkite',
value: {
organizationSlug: 'org',
pipelineSlug: 'pipeline',
},
},
},
{headers},
)// CircleCI
await depot.core.v1.ProjectService.addTrustPolicy(
{
projectId: 'project-id',
provider: {
case: 'circleci',
value: {
organizationUuid: 'uuid',
projectUuid: 'uuid',
},
},
},
{headers},
)const headers = {Authorization: `Bearer ${process.env.DEPOT_TOKEN}`}
await depot.core.v1.ProjectService.removeTrustPolicy(
{projectId: 'project-id', trustPolicyId: 'policy-id'},
{headers},
)Docs: depot.build.v1.BuildService
A build is a single image build within a given project. Once you create a build for a project, you get back an ID to reference it and a token for authentication.
To create a build, you need to pass a request that contains the ID of the project you want to build in.
const headers = {Authorization: `Bearer ${process.env.DEPOT_TOKEN}`}
const result = await depot.build.v1.BuildService.createBuild({projectId: 'project-id'}, {headers})
console.log(result.buildId)
console.log(result.buildToken)If you're not managing the build context yourself in code via buildx, you can use the Depot CLI to build a given Dockerfile as we wrap buildx inside our CLI. With a build created via our API, you pass along the project, build ID, and token as environment variables:
DEPOT_BUILD_ID=<build-id>
DEPOT_TOKEN=<build-token>
DEPOT_PROJECT_ID=<project-id>
depot build -f DockerfileNote: Build IDs are unique identifiers generated by Depot when creating a build via the API. When you set the DEPOT_BUILD_ID environment variable, depot build uses the existing build instead of creating a new one. If a build with that ID doesn't exist, the command will error.
Note: You only need to do this if you're managing the build context yourself in code via buildx.
To mark a build as finished and clean up the underlying BuildKit endpoint, you need to pass the ID of the build you want to finish and the error result if there was one.
const headers = {Authorization: `Bearer ${process.env.DEPOT_TOKEN}`}
await depot.build.v1.BuildService.finishBuild(
{buildId: 'build-id', result: {error: 'error message'}},
{headers},
)To list the steps for a build, you need to pass the build ID, the project ID, the number of steps to page, and an optional page token returned from a previous API call.
const headers = {Authorization: `Bearer ${process.env.DEPOT_TOKEN}`}
const result = await depot.build.v1.BuildService.getBuildSteps(
{
buildId: 'build-id',
projectId: 'project-id',
pageSize: 100,
pageToken: 'page-token',
},
{headers},
)To get the logs for a build step, you need to pass the build ID, the project ID, and the build step's digest. You can also pass the number of lines to page and an optional page token returned from a previous API call.
const headers = {Authorization: `Bearer ${process.env.DEPOT_TOKEN}`}
const result = await depot.build.v1.BuildService.getBuildStepLogs(
{
buildId: 'build-id',
projectId: 'project-id',
buildStepDigest: 'step-digest',
pageSize: 100,
pageToken: 'page-token',
},
{headers},
)Docs: depot.build.v1.RegistryService
The Registry service provides access to the underlying registry that stores the images built by Depot. You can use this service to list and delete images.
To list the images for a project, you need to pass the ID of the project you want to list the images for. When listing more than 100 images, you can use the pageSize and pageToken fields to paginate the results.
const headers = {Authorization: `Bearer ${process.env.DEPOT_TOKEN}`}
const result = await depot.build.v1.RegistryService.listImages(
{
projectId: 'project-id',
pageSize: 100,
pageToken: undefined,
},
{headers},
)
console.log(result.images)
console.log(result.nextPageToken)The images returned will consist of an image tag, digest, a pushedAt timestamp, and the size of the image in bytes.
To delete images, you need to pass the ID of the project and the list of image tags you want to remove.
const headers = {Authorization: `Bearer ${process.env.DEPOT_TOKEN}`}
await depot.build.v1.RegistryService.deleteImage(
{
projectId: 'project-id',
imageTags: ['image-tag-1', 'image-tag-2'],
},
{headers},
)Docs: depot.buildkit.v1.BuildKitService
The BuildKit service provides lower level access to the underlying BuildKit endpoints that power the image builds. They give you the ability to interact with the underlying builders without needing the Depot CLI as a dependency. For example, you can use the buildx Go library with the given BuildKit endpoint to build images from your own code via Depot.
To get a BuildKit endpoint, you need to pass the ID of the build you want to get the endpoint for and the platform you want to build.
Supported platforms:
PLATFORM_AMD64 for linux/amd64 buildsPLATFORM_ARM64 for linux/arm64 buildsNote: The BuildKit service requires the buildx Go library. While the Node.js SDK includes these methods, you can only use buildx with Go.
import (
"github.com/depot/depot-go/build"
"github.com/depot/depot-go/machine"
cliv1 "github.com/depot/depot-go/proto/depot/cli/v1"
)
token := os.Getenv("DEPOT_TOKEN")
projectID := os.Getenv("DEPOT_PROJECT_ID")
// Create a build
build, err := build.NewBuild(ctx, &cliv1.CreateBuildRequest{
ProjectId: projectID,
}, token)
if err != nil {
log.Fatal(err)
}
// Acquire a BuildKit machine
buildkit, err := machine.Acquire(ctx, build.ID, build.Token, "amd64")
if err != nil {
log.Fatal(err)
}
defer buildkit.Release()
// Connect to BuildKit
buildkitClient, err := buildkit.Connect(ctx)
if err != nil {
log.Fatal(err)
}When a connection is active and ready to be used, you can use the buildkitClient to execute builds using the BuildKit API.
To report the health of a build, you need to pass the ID of the build you want to report and the platform.
Once you acquire a BuildKit endpoint, you must report the health of the build to Depot or the underlying resources will be removed after 5 minutes of inactivity.
import (
"net/http"
buildkitv1 "buf.build/gen/go/depot/api/protocolbuffers/go/depot/buildkit/v1"
"buf.build/gen/go/depot/api/connectrpc/go/depot/buildkit/v1/buildkitv1connect"
"connectrpc.com/connect"
)
buildToken := os.Getenv("BUILD_TOKEN")
client := buildkitv1connect.NewBuildKitServiceClient(
http.DefaultClient,
"https://api.depot.dev",
)
req := connect.NewRequest(&buildkitv1.ReportHealthRequest{
BuildId: "build-id",
Platform: buildkitv1.Platform_PLATFORM_AMD64,
})
req.Header().Set("Authorization", fmt.Sprintf("Bearer %s", buildToken))
_, err := client.ReportHealth(ctx, req)
if err != nil {
log.Fatal(err)
}To release the endpoint for a build, you need to pass the ID of the build you want to release and the platform.
This endpoint tells Depot you're done using that endpoint and we can schedule it for removal.
import (
"github.com/depot/depot-go/machine"
)
// The buildkit.Release() method handles releasing the endpoint
defer buildkit.Release()Docs: depot.core.v1.UsageService
The UsageService service enables consuming resource utilization data via API.
To get usage for a given project, you need to pass a project id, and the starting and ending timestamp of the desired period. All three parameters are mandatory.
import {depot, wkt} from '@depot/sdk-node'
const {timestampFromDate} = wkt
const headers = {
Authorization: `Bearer ${process.env.DEPOT_TOKEN}`,
}
const request = {
projectId: 'myprojectid',
startAt: timestampFromDate(new Date('2025-09-01T00:00:00Z')),
endAt: timestampFromDate(new Date('2025-09-30T23:59:59Z')),
}
const result = await depot.core.v1.UsageService.getProjectUsage(request, {headers})
console.log(result.usage)To get usage data for your organization for a specific period of time, you need to pass the starting and ending timestamp of the period. Both startAt and endAt are mandatory parameters.
getUsage returns the same data as the CSV generated via Settings > Usage > Usage History.
import {depot, wkt} from '@depot/sdk-node'
const {timestampFromDate} = wkt
const headers = {
Authorization: `Bearer ${process.env.DEPOT_TOKEN}`,
}
const request = {
startAt: timestampFromDate(new Date('2025-09-01T00:00:00Z')),
endAt: timestampFromDate(new Date('2025-09-30T23:59:59Z')),
}
const result = await depot.core.v1.UsageService.getUsage(request, {headers})
console.log(result.containerBuild)
console.log(result.githubActionsJobs)
console.log(result.storage)
console.log(result.agentSandbox)